OSCON

Work: I owe my boss a huge beer (and a document) and an apology when I get back to Australia.

Personal life: in the dog house. I got very little sleep these last few days, and I bet my other half is feeling far worse than me. Hopefully, she can come to Vegas so we can sort things out.

OSCON: Awesome.

My presentations went down well. I’ll upload the new presentations soon, but the Ajax Security demo went off really well. The room was overflowing with folks, so I’m really chuffed that so many of you decided to come.

I’ll put up the Ajax XSS demo I did later, but please be aware that these demos are INSECURE by design, and only to test them on your internal systems. The trick is to:

<img src="kitty.jpg" onLoad="... your javascript attack here ...">

People forget there’s literally hundreds and possibly millions of ways to do XSS. Do NOT look for script or Javascript and think you’re done. That’s stupid. Make the output safe, it’s faster, it’s simpler, and it works.

People

I met so many folks who I had spoken to over the net, or e-mailed. Everyone is so nice and friendly, it’s incredible to meet the greats. I really enjoyed catching up with Chris and Laura, met the Schlossnagles for the first time (cool dudes, cute kids :), and of course, Wez.

Unfortunately, due to the bad things going on in my personal life, I could not bring myself to hang out after hours as I was feeling extremely down, but life goes on. I was hoping to go out to Portland a bit more; maybe next time.

Talks

I went to a fair few webappsec related talks, and it’s truly gratifying to me that the developers had an entire stream dedicated to it. I really enjoyed the PHP Security hoe down – we had a wack job in the back row causing a bit of a stir, but after he left, the hour really flew.

Portland

I’ve never been here before. It’s a very nice city, great public transport. I’ll post some images soon as it’s very pretty this time of the year. It was a bit hot when I got here (about 40C) but it soon cooled down to mid 20’s and I’ve been happy with that. 🙂

A friend through newbeetle.org picked me up from the airport last Sunday, and we went to her place and hung out for a while. She invited over a friend of hers, and I got to see her and her hubbie’s New Beetles (a nice Turbo S and a unired NBC), and her friend’s green Gecko TDI New Beetle. Very nice – I wish we could get that color in Australia. We had breakfast on Friday morning even though I was extremely tired (no sleep) and a bit sad, and she picked me up this morning to take me to the airport. I’m so impressed, I wish I could say I was as good a host when I have folks visiting. Thanks, Debbie – you set the standard!

Next steps

I’m off to SF next. I’m at the airport now. I have to spend a few hours this weekend getting stuff together to meet the CSO of a major partner of work’s, like running through the ESA presentations and ensuring that we have something constructive to talk about. I might need to go to Kinkos tomorrow and print off a few things unless my hotel has a printer I can use.