OSCON — Day 2
NOTE: I wrote this during the day yesterday, and finish it up last night just before midnight. However, the hotel network was so flooded, that I had to wait until I got to the conference this morning to post. I probably could have waited until after midnight like I did last time, but I needed my sleep.
I had stayed up pretty late last night (got to be a little after midnight,) so I really didn’t want to get up in the morning. I ignored my alarms until about 7:50, and then finally drug myself out of bed. I took my time getting ready, so I didn’t have time for the free breakfast. That was ok. I wasn’t in the mood to eat anything.
I managed to make it to my first tutorial of the day, Learning Ajax, with a few minutes to spare. The speaker was Alex Russell who is one of the main developers for the Dojo JavaScript Toolkit. Dojo is an Ajax, DHTML, XML, etc. toolkit that is similar to YUI, MochiKit, jQuery, and Prototype/script.aculo.us. Dojo is currently on version 0.4.3, but they have version 0.9.0 in the works, and it is almost ready for release. I’ve mainly been working with Prototype because that was the first Ajax/JavaScript library that I learned about. Now that I’ve learned so much more in the past two days, I’m going to download and play with most (if not all) of the ones that I’ve listed here to determine which one is the best to work with.
While Alex is mainly a Dojo guy, 90% of what he taught was about the core of Ajax, the principles behind the technology, when to use it, why to use it, when not to use it, and all of the pitfalls of the user-interface and security when using Ajax. It was a three hour class, but all of it was very high level detail. I came away from the class with 23 bookmarks thrown into a list of stuff to read. That seems to be a common theme for these classes. Learn a taste of what the technology is about, and then go home with a ton of homework to research later. I understand that the format requires this kind of thing, but I was hoping for a little more grit. That’s ok. I’m being pointed in the right direction, and being given enough information to read, understand, and know when something isn’t quite right. It’s all good stuff.
Lunch was another freebie. This time I avoided the chicken, and went with the turkey instead. It was a pretty good lunch, except the cookies today were chocolate cookies with chocolate chips. Ugh. I just don’t like chocolate enough for it to be the main flavor of my snack. I avoided the cookies, but the rest of the lunch was pretty good. There is a large bookstore here in Portland called Powell’s. They apparently have a large tech section, and they brought it with them to the conference. I walked around and looked at all of the books. There was a pretty good selection of book on a wide range of open source topics. The books are all 30% off at the conference. There were a few that caught my eye, but I ended up walking away empty-handed. I just decided that I already had enough books on the topics that I want to know about, and adding to that collection really wouldn’t help me out much. There was a nice book on Nagios, but I don’t think I’ll get it. I really don’t use Nagios enough to make use of the book. I thought about getting it for Shinto, but he already knows it inside and out. He wouldn’t get much from the book, I don’t think.
I thought about picking up some Ruby books, but one thing that I’ve learned in the past couple of days is that I know lots of different technologies, languages, ideas, etc., but I’m really not a master of any of them. I think it’s time for me to sit down and focus on a few key areas of exploration, and do my best to be the best in the world at them. However, my brain just doesn’t work like that. I see too many shiny things in the field of technology, and I just can’t bring myself to stare at only one shiny thing. I’ve got to have them all. I don’t want to stagnate on everything I know, so I may do my best to find focus on three to four things, and learn everything there is to know about them. The list that pops into my head right now is to master: PHP, JavaScript, Perl, and Ajax. Not necessarily in that order, though. I’ll probably work my way through all of them in parallel. Even though those four may be my focus, I’m not going to walk away from my skills in SQL, Linux, networking, system administration, etc. I do feel myself slipping further and further away from C, though. Maybe my C days are behind me? I don’t know. It’s just that most applications that I think of to write these days are all web-oriented, and with the advent and explosion of Ajax, that has just become more and more fun.
My second tutorial of the day was Essential PHP Security. The speaker was Chris Shiflett. Chris really knows his stuff, and he’s the author of Essential PHP Security (hey, I wonder how he named the tutorial session?) Halfway through the tutorial, we had a break, and I was impressed enough with his information that I went back to the Powell’s booth and picked up his book. I also saw two other Ajax books that had been blocked from my view earlier by a woman that insisted on reading a book right in front of the table. I got tired of waiting on her, and walked away. She was gone this time (I guess she had finished the book), so I was able to find two more gems that I flipped through (while standing away from the table so as to not block other people.) They were Securing Ajax Applications and Ajax In Practice. The Ajax In Practice book was full of code, examples, and sites that put Ajax to use. My other books are theory and teaching. This one is about how people use it in real life. Good stuff.
The second half of my second session of the second day was just as wonderful as the first half of my second session of the second day. (Follow that?) Actually, the entire Essential PHP Security was better than my first three tutorials put together. I learned way more than I thought I would about web security in general and PHP solutions to those problems than I ever thought possible in a mere three hours. After learning what I’ve learned, I’m actually in a horrible state right now. I’m embarrassed about my code. I want to delete everything that I’ve ever done that is associated with the web and write it all over from scratch. I think I’ll get over my my embarrassment before I get a chance to get home and run the infamous ‘sudo rm -rf /’. I have so much work to do when I get back to the office. I can only sum up what I’ve learned there, but it all relates to cross-site scripting (XSS), cross-site forced requests (CSRF), SQL injection, email injection, session fixation, session hijacking, HTTP response splitting, and remote code injection. What a wonderful tutorial. I even got the author to sign my copy of his book, and we exchanged cards because he said that I had asked some of the better questions that had been asked for the past four years that he had been giving the presentation.
After we were done, I headed down to Eduardo’s Mexican Grill for the Zend and MySQL party. There was a mini-buffet that I snacked on, and WAY TOO MANY PEOPLE. I was there for about an hour and a half and only managed to get two free beers out of the thing. I did have a good time talking to people about open source projects, work projects, and general geek stuff.
After the party, I headed back to the conference center for the O’Reilly/Google awards. When I had heard of these, I wondered what it took to get one of those. I had stars in my eyes and dreams in my head of receiving one of these someday. Yeah. Not likely. The inventor of Mozilla, Groklaw, bind, Subversion, and someone else that I didn’t catch were recipients of the awards. Paul Vixie, the head-honcho of bind, received the lifetime achievement award. Screw him. His software is the only reason that I’ve ever had a sever violated from remote…. well… violated period. I didn’t clap for that sorry bastard. Yeah. I’m bitter ever after over 7 years.
One neat thing about the award show was that they had a fairly large number of wicker baskets laid out at the entrance with buttons in them. Each basket had a different button, and there was a large sign that read, “What animal are you?” For those of you that don’t know, O’Reilly has always (until recently with a few select books) put an animal of some sort on their covers. The animals on the pins were associated with their books, and there were a little over a dozen baskets. I looked into the baskets and found many of them that fit me. I asked the woman that was guarding the table if we could take more than one. She told me that we could take as many as we wanted, but only if they applied to us. However, we were required to take at least one, and there was a blank one that we could write into. I ended up not taking a blank one because all of my technologies were covered by the other pins. I ended up taking 10 buttons total. They are (in no particular order): JavaScript, Apache, PHP, C, MySQL, RegEx, PostgreSQL, Linux, Perl, and Firefox. While at the award show, I saw people with quite a few buttons, but none more than me. Yeah. I’m that big of a geek. Yeah. I’m that proud of it.
The awards didn’t last nearly as long as I thought they would, so I was free to mingle with my fellow geeks. I hung out and got to talk Perl with some folks. I met Andy Lester, who is a head honcho with the Perl Foundation. It was nice to talk Perl after being surrounded by PHP for so long. I also got an invite to speak at a Perl session Thursday about my recent Perl work. I’ll probably speak about my most recent Perl creation that generates binomial distribution probabilities for a role playing game. I had other plans to attend a session regarding Prototype, but I’ll probably skip it for the Perl thing. I had forgotten how much I had loved Perl. I miss it.
We ended up talking about Perl stuff until security came through and gently prodded us out of the ballroom. They said that the workers needed to come through and reconfigure the room for the rest of the conference. We took the hint and walked away. I also got an invite to the next YAPC which is amazing cheap from what I hear. I’ll have to check it out.
I ended the night in the hotel bar with only one beer because it was so late. Tomorrow will be even more packed than today was, but it’s going to be lots of little things instead of two big things a few little things. This is where the conference gets fun. I can’t wait until tomorrow starts if any indication of the past two days is what things are like. It’s going to be fun. I also hear that there are a total of a little over 3,000 people for the conference for the rest of the week. That should prove interesting. Especially for the wireless network….
