Many applications have reacted to this by offering options to run all traffic through HTTPS. Examples include Gmail, Github, Facebook, and Twitter. Using HTTPS does go a long way in improving web application security. But in most cases HTTPS security is opt-in - probably due to difficulties in rolling out HTTPS on a large scale and added application complexity. This means that only relatively paranoid users benefit. Less fortunate users, like Ashton Kutcher, will often be "left vulnerable":http://techcrunch.com/2011/03/15/twitter-enables-always-use-https-setting/.
CSRF(cross-site request forgery) does not just force complexity though. Its existence actively stifles innovation. The new "cross-origin resource sharing specification":http://www.w3.org/TR/cors/, which allows servers to opt-into cross-origin XHR(XMLHttpRequest) requests, presents many possibilities for rich interaction between web applications. Unfortunately this specification is infrequently used because it opens up XHR(XMLHttpRequest) as another vector for CSRF(cross-site request forgery) attacks in cases where cookie authentication is used. In the eyes of many developers this is just too dangerous to justify exploring a new technology.
All of these problems are products of the fundamental design of cookie authentication: what is essentially a temporary password is transmitted with every web request and that password is easily accessed - directly by eavesdroppers or indirectly by third-party web pages.
Manuals are boring, but learning is necessary.
New contributors often have to figure out how to operate the tools of a project, like IRC, git, or svn, in a highly social environment: public communication between peers. When, for example, you post your first patch to a mailing list, it’s intimidating to know that your mistakes with the tools might reflect poorly on your programming skill.
Some video games have a “training level” where you can get shot without dying. Open source could have a training level where you can learn the skills you need without getting burned.
Our community built one. The OpenHatch training missions are a group of interactive web pages for learning skills you would use when contributing to free software like using diff, patch, tar, version control, IRC, and so on. A training mission shuns “manuals” and long, boring blobs of text, and it protects its users against learning through trial by fire. We say, “Here’s a short, concrete task to perform. Interact with our web-based robot, and it will tell you if you succeeded.” You can build up your comfort in a space without embarrassment.
Project maintainers often end up teaching basic community skills to new contributors. If you can ask them to complete a relevant training mission, you can save time and have a more knowledgeable contributor base.
In this talk, you will learn about the current training missions and discuss as a group how they can be useful to the attendees. We will highlight the training mission for a version control tool in which you are an agent for Mr. Good trying to gain the trust of Mr. Bad. We will discuss the diversity ramifications of learning community skills in a safe environment. After a tour of the OpenHatch community that built them and the Django-based implementation, we will discuss the attendees’ situations with new contributor skill levels and identify the most useful training missions to build next.
Have you ever wanted to automatically turn on your lights when you get home, or turn them back off when you leave? What about controlling your lights by SMS or IRC? Aaron Parecki and Amber Case have been living in a smart home controlled by mobile devices and their locations for the last year. The house is filled with sensors and networks for collecting all sorts of information and automated processes. They'll show you some of the expensive smart homes of the past, and how the same effects can be achieved with microcontrollers, 20-year-old technologies, and the mobile phone you currently have.
This presentation will cover a number of fun DIY elements of home automation using GPS, SMS, location sharing, geotriggers, Geonotes and other mashups that can be done using mobile location, IRC and SMS as control hubs. We'll also cover advanced geolocation triggers and messaging based on the real-time location platform and API we built, and how it can be used to build apps that can notify people automatically when you land at an airport, or automatically text message your kids when you're there to pick them up from school.
by David Brewer
A deployment pipeline combines several development best practices, fully automated and taken to their logical extreme. The result is almost magical: changesets go in one end, and fully-tested software packages come out the other. We'll take a tour of the components of a deployment pipeline, with concrete examples showing how to use Hudson, Rake, and Puppet to deploy PHP projects.
In this session, we will answer the following questions:
* what is a deployment pipeline?
* why do I need one?
* how can I implement one using open source tools?
We will begin with a quick overview of deployment pipelines and their powerful benefits. We will then look in more detail at the components of such a pipeline, and some of the excellent open source tools you can use to implement your own. Along the way we'll look at concrete examples of a specific deployment pipeline implemented at Second Story to deploy PHP-based web applications.
The session's examples will involve these tools:
* continuous integration using Hudson (or its recent fork, Jenkins)
* configuration management using Puppet
* build automation using Rake
This is a high level session meant to introduce concepts and tools; it will be light on code examples or live demonstration of software.
Startups have unique business challenges and goals. It can be a very daunting prospect to try to start one, especially when there isn’t a lot of experience or history of success in your area. Getting something off the ground is just the beginning, though, as you have to start managing growth and success. This talk will navigate common pitfalls of creating a startup outside of the Silicon Valley and include advice on when to seek funding, how to go about it, and, once you’ve done that and have started to see success, how to make sure that your team doesn’t fall apart from the changes and transitions that appear.
Technical debt is something that most project teams or independent developers have to deal with - we take shortcuts to push out releases, deadlines need to be met, quick fixes slowly become the standard. In this talk, we will discuss what technical debt is, when it is acceptable and when it isn't, and strategies for effectively managing it, both on an independent and team level.
by Don Park
Bitcoin is an anonymous, distributed, decentralized, internet-based system for storing and transmitting value in a new e-currency. There is an active marketplace to buy and sell Bitcoin for US dollars. It has a controlled rate of inflation. It automatically rewards people for running the servers that make the network work. Exchanges between any two parties are zero cost and anonymous, yes at the same time the transaction history of the bitcoin system is public.
by Josh Berkus
ETL. OLAP. BIDW. ELT. M/R. MPP. Windowing. Matviews. Data Marts. Column Stores. Are you at sea in a tidal surge of arcane terminology, trying to cope with big data problems?
While big data may be bigger today, and far more common, and while we have a lot of new tools for dealing with it, the essential practices of how to process, store, and visualize large quantities of data haven't changed very much in the last ten years. Data warehousing veteran Josh Berkus will give you a lightning tour of the techniques and tools for dealing with masses of data, including: the data processing pipeline, types of big databases, visualizing and summarizing, and tips on dealing with GB to PB. All in a friendly FAQ format.
This talk will give you everything you never wanted to know about data warehousing but were forced to find out. Or at least enough that you can Google the rest.
by Chris Strahl
Government is helping lead open source adoption. One of the biggest growth areas in the public sector is using web technologies to help build communities. Using technologies like Moses, Drupal, Wordpress, Jabber, and others is helping to connect people in government, and governments to one another. Using open source to enable people to form connections and enhance informal communication is a major area where open source is leading within the public sector.
Building communities with both domestica and international organizations has helped me see some of this contribution first-hand. I would like to share my own experience of building a community for the US Department of Defense and showcase some of the contributions we're making to Drupal and other open source technologies.
by David Percy, Christian Schumann-Curtis and Darrell Fuhriman
Open Source GIS software has proven to be reliable, fast, and cartographically pleasing on the WWW, however it has traditionally lagged behind commercial systems on the desktop.
In this session we will highlight the capabilities of some of the leading, most feature-rich, desktop applications in the open source ecosystem. Each presenter will demonstrate a specific set of tasks from cartography to analysis in a specific software platform. The programs featured are: Quantum GIS, gvSig, OpenJump, and MapWindow.
by Matt Blair
Over the past year, I've been working on three projects that make open datasets available to the public:
Although the public-facing parts of these projects appear similar on the surface -- apps or websites with locations on a map -- the design and development process has been quite different for each.
In this talk, I'll explore the opportunities and challenges I encountered in each, covering factors like:
I'll use this comparison to suggest a re-usable blueprint for analysis and planning of open data projects, including how to match available data to audience interests and expectations, as well as identifying opportunities for community participation.
Now, we know you can do that for scripting languages, but what do we do about Java? With the proper context, it is possible to emulate many of those same capabilities, by applying a simple set of code transformations at runtime. In this session you’ll learn about meta-programming and how it can apply to traditional Java. You’ll learn about the techniques needed to transform classes at runtime, adding new behaviors and addressing cross-cutting concerns. The presentation will discuss a new framework for this specific purpose, but also draw examples from the Apache Tapestry web framework, which itself is rich in meta-programming constructs.
Accessibility is commonly viewed as a dry formal requirement absent of any real beneficiary. It is all too often tacked on as reluctant "polish".
In this talk we will blur the line between people with disabilities and "able-bodied" people and see how everybody benefits from inclusive design, and how good decisions from the start leave us with a more aesthetic product that is usable in more ways than we could have initially imagined.
We will use user interfaces in GNOME as a case study for good and inclusive design.
by l.m. orchard
Open Source projects are most successful when they attract enthusiastic and capable contributors. But, often the first thing a new contributor to a web development project faces is a README file with a long list of instructions needed to even get the thing running.
And that’s if they’re lucky: Just as often, the necessary documentation is incomplete or missing entirely, leaving a new hacker no way to get involved without investing a lot of time up front.
This is no way to treat potential volunteers; they’re doing us favors by spending time with our projects. In return for their time, we should do the best we can to make our projects accessible and rewarding without unreasonable demands.
To that end, we can use modern tools like VirtualBox, Vagrant, and Puppet to turn walls of text into virtual machines. We can offer simple bootstraps and even bootable disk images to can get new developers started quickly, allowing them to explore a running system rather than demand they understand the complete stack before the first page view.
At ISC, we work hard to develop and maintain high quality software
that supports critical internet infrastructure. We have been working
over the last two years to move our managed open source model into
an increasingly open development methodology. We are also doing
collaborating development with organizations around the world and
have embraced agile as a development methodology. Pulling all this
off while developing and supporting critical internet infrastructure
is no easy feat; hopefully some of what we've learned in the effort
would be useful to other open source citizens.
by Melissa Hollingsworth
An experienced DBA who also happens to be a talking lion explains what normalization is, why it's a good idea, and how to do it. When his pupil complains about performance slowdowns, he goes on to explain about when, why, and how we should denormalize. There are slides as well as puppets.
by Chris Smith
Open data, open source code and commodity hardware create the infrastructure to display when the next bus or train is coming at your favorite coffee shop, brew pub or building lobby.
by Kurt Sussman
Neck, shoulders, upper back: conditioning, care, and repair. Diet and exercise: science vs politics. Why cycling is not enough. How to stay fit using your own body weight and an optional gallon milk jug full of water. Why shoulders are unstable, and how extended laptop use makes them easy to injure.
21st–24th June 2011