Related link: http://www.computerworld.com/printthis/2004/0,4814,96948,00.html

This is a pretty insightful piece from Bruce Schneier. It can be summarized as: “We’re not paying to improve the security […] We’re paying to deal with the problem rather than to fix it.”

Basically, the idea is that security will be much improved if vendors are liable for their software insecurities (unlike now). However, some say that it will break the open-source movement. Thoughts?

Related link: http://www.computerworld.com/printthis/2004/0,4814,96587,00.html

Pardon for this shameless piece of blatant self-promotion, but here is an article I wrote on analyzing logs and making mistakes in the process. It summarizes common mistakes commited by organizations while trying to do log analysis for security.

Related link: http://www.nycbug.org/index.php?NAV=Home&SUBM=8

It isn’t every day that those of us outside of California get to rub shoulders with some of the great names in Unix history. Approximately 75 people, including yours truly, had such an opportunity this past Saturday at NYC’s Columbia University.

Details of the event, including Eric Allman’s slides in pdf and both talks in mp3 format are available at:

http://www.nycbug.org/index.php?NAV=Home&SUBM=8

The slides provide some interesting information on the current state of email authentication. And, if you have the time, the mp3 is well worth listening to. Some interesting questions were raised with insightful responses from both Eric and Kirk. If you’ve never heard Kirk’s version of what it was like to be in the Berkeley Computer Science department in the heyday of Unix development, you’re in for a treat.

I wasn’t the only Canadian at the event. Dan Langille of FreshPorts (http://www.freshports.org) and the FreeBSD Diary (http://www.freebsddiary.org), NetBSD Security Officer David Maxwell, and PostgreSQL’s Business Intelligent Analyst Robert Bernier were also in attendance.

George Rosamond of NYC*BUG provided accommodation for the Canadian contingency as well as other attendees who spent the wee hours discussing Unix’ history and future over vodka and the Yankees v.s. Red Sox game.

Related link: http://www.sans.org/top20/

Today is a good day to peruse SANS Institute list of “The Twenty Most Critical Internet Security Vulnerabilities” (just released). Some fun things in this Top 10/10 (Windows/UNIX-Linux) are:

• FTP and plain text passwords are gone from the UNIX list. Has people finally stopped using them? I sure hope so…
• Kernel is on the UNIX list. Are there any kernel remote exploits? Not to the best of my knowledge, but locals in kernel are a popular means of escalating to root.
• Just about every Windows component and application are a threat. Surprising, isn’t it (not)?

Related link: http://www.meyerweb.com/eric/tools/s5/

It’s amazing how things change over the years. If you would have asked me a few years ago, I would have never thought that I would be giving presentations in front of people from time to time. Now I don’t give a ton of talks throughout a year, but when I do give a talk, usually one of the first things I get asked is “is this available on the web?”

I generally use OpenOffice Impress when creating presentations, so usually making a talk available on the web was just a matter of my uploading the .sxi file and passing around the URL. I’m sure this works fine for some people, but I also imagine others would rather not have to fire up OpenOffice to look up something quickly in a presentation.

A few days ago a friend of mine, Jorge, showed me this nifty slide show tool powered by CSS that Eric Meyer was working on. There are a number of different HTML slide show generators out there, and I’m sure they all work great, but when trying out S⁵ a few of the features so impressed me that I immediately started converting all of my .sxi files.

First, S⁵ uses javascript so that all the standard ways you might navigate through a slide show such as hitting the right or left arrows, hitting the spacebar or enter, or clicking the mouse all work as expected. In the middle of a presentation hitting a key or clicking the mouse is definitely a lot less awkward than moving the mouse over to some arrow icon you have on your presentation and clicking.

Second, all the content is in a single XHTML file. The layout for the content is really simple as well. div tags separate slides from each other, and inside the slides you use standard HTML elements to establisher headers, bulleted lists, etc. This means that the resulting file is very small and compresses even smaller, and changing the order of slides is as simple as moving a div around.

Third, because of its use of CSS, your presentation is separated from its actual look. All of the appearance settings are in a few CSS files that you can edit to your liking and then apply to any presentations you might be giving. I’ve already set up a few tweaks for talks on some different subjects.

Finally there are a lot of nice little touches that sold me. First you can click a link on the presentation and see the full presentation in outline form–great for printing out for your own reference during a talk. Also if you hover over the bottom right corner of a page, a drop-down menu appears that lets you move to any other slide in your talk–all labeled by slide title.

Like I said, I’ve already converted a number of my talks to this format, and for the most part it was rather easy–I just copied and pasted the text in, and added formatting with tags where necessary. I’m no CSS guru myself, but I didn’t have too hard of a time tweaking the CSS files to match the look I was going for. You can see a sample of a talk I gave on Knoppix at my local LUG here.

All in all I’m pretty pleased with S⁵ and I’ve only messed with it for a few days. If you haven’t quite settled in to a favorite slideshow tool yet, I recommend giving it a try.

What presentation tools do you use? Is it easy to go from presentation to the web?