A Day at the IT Forum in Vancouver - page 3
Breakfast and a Keynote
Once I finished my rounds in the vendor room, I figured I'd catch what remained of the Astaro talk, "Keep it Simple: Perimeter Security Without the Hassle." The room spilled over with people, so I wasn't even able to get into the doors, but what I did hear over the loud talk in the hallway were a ton of well-informed questions regarding Astaro products, mostly.
After that talk finished, I figured I'd better catch a light lunch before heading to the talk that was my main focus for the day, "Open Source - It's more than just Linux." How many conferences offer a free lunch? A few people told me they were just there for the free meals. I think they were joking, but there has been that IT industry downturn. While there, I had the chance to ask for more reasons people had attended. Most of them were things I'd heard that morning, with the addition of wanting to get out of the office and the server room in particular, and curiosity about the security topics in particular.
Then, finally, it was time to listen to Matt Herndon, the Director of Product Development for ActiveState, talk about open source. I was curious to see where he was going with this "more than just Linux" concept, since there are a lot of directions you can take with this topic. I was also, I confess, interested to see whether this was going to be an accurate and informed talk about open source or one where I felt compelled to raise my hand every three seconds. Call me a cynic, but you never know.
The open source talk turned out to cover the various tools, projects, and products out there in open-source land, rather than other open source-related operating systems. Herndon also covered the various ways in which business and open source can meet on common ground, hitting some interesting points. It is possible, for example, that if a company wants to use code that was licensed under the GPL but for whatever reason cannot use the GPL'ed version, to often purchase the same code under a separate license from the person or project responsible for it. He also addressed the myth of there being no support for open source projects, pointing out that you can often purchase support from those who wrote the software, or from any third party that you like.
Herndon also talked about how to play well with the open source community, as a company. That, for example, you can't just take and take from open source for your products without giving back--at least, if you want to have any good feeling with the community. And, at the same time, that giving back to the community is definitely good PR in its own way.
Along with this, he also covered the "why" of open source, since it confuses so many people. Herndon felt that a big driver of open source is that so often in the rest of the software world, programmers are relegated to the back rooms and are fairly anonymous. Open source allowed programmers to step into the spotlight if they want to, and become known for their particular skills. Such visibility adds "street credibility," as it were.
Finally, one of his more interesting observations is that the Python scripting language appears to be gaining momentum after a number of lackluster years. It's even being ported to Nokia cell phones. He cites the fact that as many companies and groups start looking at various languages for their next projects, they end up deciding that Python (www.python.org) is nice and clean and tidy and does exactly what they need.
The next talk I attended was "Internet Security Threats and Managing Your Risk" with Todd Koopman of SonicWALL. Again, since this was a security topic, the room was overflowing. I was stuck out in the hall, and eventually drifted away since the talk in the hallway started to drown out the speaker for me. However, what I was able to hear was a good talk, basically giving a strong grounding in the basics of Internet threat assessment.
Last was "The Security Implications of the Spam-Virus Convergence," by Jesse Dougherty of Sophos--another standing room only affair even though, by now, many people have left. Since I live with a spam fighter, I hear about this topic all of the time, but thought that it would be interesting to get a different perspective. Dougherty focused on the fact that spam and viruses are no longer separate problems. Many new viruses create spam server zombies, and an increasing amount of spam contains links pointing to viruses and worms. Speaking of this topic, he recommends that you watch for lots of traffic on port 81 in your network. If you see this, you likely have a compromised machine.
The folks at Sophos keep honeypots running in order to attract all of this nastiness, and follow the trends over time. For one thing, they have found that since October 2003, the spam load has doubled. He also spoke about the latest viruses and the trends there, and asked a number of questions of the audience, such as whether you're running virus scanners and whether they automatically update themselves.
After this, he got into the various solutions under discussion. Sophos is a backer of the Sender Policy Framework (SPF) standard, which allows creation of an SPF text record in your DNS records, specifying which host(s) in your domain are allowed to send mail. Mail servers that understand SPF can then refuse email from any sender that isn't designated an SPF host.
AOL and others are already testing this particular solution as a way to cut down on the spam coming out of their systems, and Sophos says since this has started, they haven't seen a single piece of spam originating from AOL on their own test machines.