Cover V13, i09

Article

sep2004.tar

syslog

The USENIX Technical Conference was held in Boston this year on June 27 through July 2. Peter Salus, official USENIX historian and contributor to UnixReview.com, was on hand to record events. Salus attended Bruce Schneier's plenary lecture, among others, and noted the following:

Schneier began by remarking that this was an "interesting time for security." He went on to say that security is always a trade-off, and "there is no such thing as absolute security".

He pointed out that all security tradeoffs are subjective and that there is a difference between actual risk and perceived risk. Where perceived risk is concerned, Schneier said "there are two main culprits: the media and technology." (He feels that "if it's in the news, don't worry about it.")

Such items as ID cards, fingerprinting foreigners, etc., "are just not worth it." People and institutions have an "agenda" and the result is that "people in power ... make security decisions for non-security reasons."

The agenda is changed by government intervention, market forces, and social norms (like advertising or education). To Schneier, the most important element is to "keep trying to educate people."

You can read more of Schneier's views on security at: 

http://www.schneier.com/crypto-gram.html
and more USENIX highlights from Salus at: 

http://www.unixreview.com/documents/s=8989/ur0407m/
Also, don't forget that Sys Admin is sponsoring two tracks at the Software Development Best Practices Conference, which is also in Boston this year, September 20-23, at the Hynes Convention Center.

The Sys Admin tracks offer several courses within the topics of security and scripting. Hal Pomeranz, our technical editor, will teach two half-day courses -- "How They Do It: Unix Hacking 101" and "Simple Unix Tricks: Spotting Break-ins". In the first course, Hal will cover the various ways hackers break into Unix systems and look at the state of the art in the rootkits that attackers use to escape detection and maintain access after a break-in. In the second course, Hal will present a simple set of checks systems administrators can use to monitor the status of their Unix systems.

The Sys Admin scripting track offers basic-to-advanced levels of scripting training. Randal Schwartz will be teaching two all-day tutorials -- "Learning Perl" and "Intermediate Perl". In the first course, Randal will show how to use Perl to accomplish many common tasks and lay the groundwork for more advanced study. In the second course, he will cover advanced data structures in Perl and show how to keep your Perl programs running smoothly.

If you register for a VIP pass to the conference, you can hop tracks and attend Sys Admin courses as well as the Software Development track offerings. This year, the SD Best Practices Conference will provide classes and tutorials in several programming tracks including: Design and Architecture, Requirements and Analysis, Build and Deploy, and Testing and Quality. You can see all the details and register online at: http://www.sdexpo.com. I hope you'll attend.

Sincerely yours,

Amber Ankerholz
Editor in Chief

 
© 2005 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com