Archive for the 'Conference' Category

BarCampMelbourne2008 was a huge success!

Published
by
Ben Balbo
on March 6, 2008
in BarCamp, Beer, Conference and Extra Curricula
. Comment

The event was brilliant. I loved it. Everyone says they got a lot out of it. The after party drinks were definitely needed, and tasted so much better for being on Microsoft’s tab. I sat down on Sunday afternoon after getting up at 1pm, had a coffee and reflected on the day. It truly was awesome. Lots of organised unorganisation paid off. It worked. The first successful BarCampMelbourne that actually took place in Melbourne!

The best part is that now the ball’s rolling, quite a few people have put their hands up to help unorganise the next one, so I won’t be on my own this time ;-)

Not that I was completely alone - I had a few people point me in the right direction occasionally, keeping me going. But the next will be much easier, and I might actually get to listen to some of the talks!

So, almost two weeks later, I’ve gotten round to rejigging the BarCampMelbourne web site and adding a news section, complete with a press release summarising BarCampMelbourne2008. Check it out, and feel free to distribute or republish verbatim…

BarCamp Melbourne 2008 is go!

Published
by
Ben Balbo
on January 28, 2008
in BarCamp, Conference and Education
. Comment

BarCamp Melbourne 2.0
BarCamp Melbourne is on for the 23rd of February 2008 in Melbourne CBD. This will be the first BarCamp held in Melbourne itself, and hopefully this will make it more accessible than last year’s (there are rumours that two participants got lost and never made the event!!).

While this is a free event, please remember that you must register to attend. Details on the web site.

To remind you, a BarCamp is “an intense event with discussions, demos and interaction from attendees”, anyone is welcome to come along for free. Everyone is asked to participate by giving a presentation or leading or participating in a discussion, essentially forcing the sharing of ideas and knowledge.

Make someone feel good by blowing their trumpet

Published
by
Ben Balbo
on January 10, 2008
in BarCamp, Conference, Extra Curricula, Open Source and Work Life
. Comment

TrumpetThe new year typically spawns lots of “Best of …” and “What happened in …” articles and blog posts. It’s a time of year to reflect on the past 12 months. It’s time to look at the highlights, sometimes the lowlights, and hopefully lock a few of those nuggets away for future use.

What I wasn’t expecting while rapidly devouring the 1000+ items in my RSS reader was one post that contained my name accrediting the initiation of a number of Australian BarCamps to me.

Now before you accuse me of blowing my own trumpet, I write this not because I want you to bow before me, rather because I wanted to share how that made me feel. It was great! By simply including that one paragraph in her post, Janet spurred me to get of my Christmas pudding and get BarCamp Melbourne 2008 back on track.

The truth is 2007 was a busy year for me. Most years are - I’m the type of person that can’t say no. After having co-authored a book, organised BarCamp Melbourne 1.0, bought and moved in to a new house, changed jobs* and possibly more that I can’t remember (now you can accuse me of blowing my own trumpet!), I was seriously considering postponing, or get someone to take over the organisation for, BarCampMelbourne 2.0.

* Truth be told, the job change was more of a relief than a burden. It’s great to leave a company that wants you to feel lucky for working in a chaotic environment under bad management with an internal IT department that has an agenda so huge you could swear it’s trying to bring the company down from the inside - a sad end to what once was, debatably, one of the best places in Melbourne to score a job!

So, the good news is that my flame has been relit. In order to make my life at least that little bit easier, BarCampMelbourne 2.0 will be a one day event so I have more venues to choose from. It has also tentatively been brought forward one week.

Thanks Janet! Apologies for the post title…

Powerful Cross Site Scripting Scanning Tool

Published
by
Ben Balbo
on December 1, 2007
in Conference, Open Source and Security
. Comments

scanEEWeb developers today are increasingly aware of the number of ways that attackers can abuse their site. Not only do we have to worry about someone stealing data directly through our site or from our database, cross site scripting (XSS) attacks provide a mechanism for someone to run arbitrary code on another web site.

During his OSDC 2007 keynote, Rasmus Lerdorf mentioned the scanmus, a cross site scripting scanning tool he’d written. It looks at a page’s source code and identifies potential entry points. In the case where it finds a form, it will submit data in a way to detect a number of XSS vulnerabilities, and report those to the user. Unfortunately, while he plans to make this available to the community, this won’t happen just yet.

Ben Cornwell and I got to chatting during the break and when I suggested we write our own, he didn’t hesitate. I don’t think he quite realised at the time that there wouldn’t be any PHP work involved though.

You see, there’s this tradition at conferences (at least the ones that I’ve attended), that when a discussion or talk at the conference gives you an idea for a product, script or technology, you start on it right away and present it at a lightening talk during the same conference. So we couldn’t just have some lame PHP script parse the resultant HTML and spew it to the browser. That would be too easy. That would be just what they’d be expecting us to do! And you know you can’t take over the world by being predictable.

So we wrote it in HTML and JavaScript. Even the logo! It’s one HTML file.

Now this will work perfectly if the HTML script is placed in the document root of the site you want to test. If you want to test remote web sites though, as we did during the lightening talk, you’ll have an issue with cross domain xmlhttprequests. So for the demo we had a simple proxy helper that would load the remote site. The JavaScript class could then load the remote site’s contents through a local call.

So without further ado, you might all be wondering where you can download this awesome tool. Well, it’s still extremely pre-alpha. It itself has XSS vulnerabilities! It needs to be worked on. But you can still grab the HTML and PHP files if you like.

I’ve already had a fair amount of interest from people who want to help, so if you’d like commit privileges, please let me know. You can check out the trunk in the meanwhile.

BarCamp Melbourne

Published
by
Ben Balbo
on August 24, 2007
in BarCamp, Conference, Education, Open Source and Work Life
. Comments

BarCamp Melbourne 2.0

BarCamp Melbourne 2.0 planning is now well under way, and the event is slated to run on the 1st and 2nd of March 2008. The first BarCamp Melbourne had 10 participants, which isn’t bad considering the venue was over 2 hours from Melbourne! This time, we’re looking for a venue in, or very close to, the centre of Melbourne, and hope to get 50 to 100 participants.

Described as “an intense event with discussions, demos and interaction from attendees”, anyone is welcome to come along for free. Everyone is asked to participate by giving a presentation or leading a discussion, essentially forcing the sharing of ideas and knowledge. You might like to check out the BarCamp web site for more general information. Wikipedia’s entry on BarCamp might also be of interest.

I’ll post more updates as things progress, but in the meanwhile, sign up as a participant if you’d like to come along, spread the word about BarCamp Melbourne 2.0, and if you want to, or know someone that wants to sponsor this event, please check out or point them to the sponsorship page.