Monday, November 15, 2010

BarCamp CHS


I recently attended my first and surely not to be my last BarCamp in Charleston.   It was everything I hoped it would be and a bit more.  While it was not an uber:geeky low-level coding seminar like I really want to attend, it was something a bit more diverse.  Bar Camp is a loose network of user-generated conferences that allow one to share their most intense technology or other related hobbies and talents with others of like interests...the name itself is a spinoff of the geeky word which developers use frequently in test applications: "foobar".  Since there was already a "Foo Camp", the only logical choice was to use "Bar Camp", right?  (http://en.wikipedia.org/wiki/BarCamp).  


The words of the day were in no particular order: organic, Drupal, cloud, SQL, confidential, Google, beer, Java...did I mention organic?

Upon arrival, I was worried everything that was to be said would have been spam pushed from some major companies wares, but I was slightly wrong.  Yes, there were major influences publicly there such as Google, Yahoo, BlastOff Games, ATDesk, etc...but they were all low-key and very open in their sharing of information...


After registration, I bumped into a few old friends from previous companies I have worked for and we socialized for a few minutes before the sessions got underway.  It was great to see so many local talented technology professionals attending this conference!  


The first thing that happens at BarCamp is the pitch session.  After finding a seat in the auditorium, everyone who wants to hold a seminar goes up before us all and has 30 seconds to lets us know what they are going to be talking about.   There is someone on hand to moderate and holds everyone to their 30 seconds which is great because a few presenters were pushing the 30 second limit...60 presenters went up and 60 presentations were to be voted on.  The vote was, however, skipped after realization that 10 sessions an hour for 6 hours would fill in the timeline perfectly...Thus, BarCamp started and everyone hurried over to the Seminar wall to find out which  seminar to attend during the first hour of BarCamp.  My first hour's choice was a seminar on Cybercrime.  It sounded interesting and I definitely enjoy figuring out how hackers do what they do, so off I went....




  Late for my first seminar was not a good sign...why I was late is a good question...I must have been trying to make sense of the schedule for too long.  I missed his opening case scenario and introduction and wondered if I would even get anything out of this.  After hearing all the regular mundane, do's & don'ts about personal information security, the speaker (from Phishlabs) hit upon a neat little topic which I thought would be great if he intended to followup entirely.  Fortunately, he did followup and described a situation involving the tracking of a generic spam message based on the email address.  The basics of the message were unimportant, but the spam senders email (hotmail) address had an IP embedded in it which revealed its origin.  Upon tracing that IP back to its source, it was found to be based from some PC in Somewhere, USA.  After then being able to contact that actual PC owner directly, it was found out that the PC was in fact infected and was being used as what is sometimes referred to as a Zombie Bot!  So, by being able to, with the owners permission, trace back the directed commands being sent to that ZombiePC to perform, they were able to trace it beyond the reflected source.  The trace resulted in the command coming from some spot in the Netherlands.  After further investigation, it was found to be an IPSec line and not traceable at any point beyond that...Fascinating!  This is an organized endeavour!  After further analysis of it all, it was found that this entire "system" is made up of coordinated efforts... First someone creates software used to initally infect PCs via undisclosed vulnerabilities.  Still another developer writes tools used to "control another persons PC in an efficient and virtually undetectable manner. Then they sell those tools on the blackmarket to someone else needing "infection & control tools".  The buyer then uses those tools to setup "virtual harvests" of compromised PCs out there that obey their every command via those secure connections.  Well, once that was understood, the speaker even described the technique used to be able to obtain over 5 million actual, not stolen "hotmail" addresses.  The buyer basically purchases blocks of valid hotmail address from yet another source which specializes in creating bulk hotmail addresses mappable to the Zombie PCs IPs for tracking purposes.  This "email source" even has a special technique in validating these email address to get by the Captcha system by paying people in third world countries pennies per captcha that they decode for them.  Once decoded, the captcha answers are zapped back to awaiting automatic scripts specialized in creating the hotmail accounts...It was more than enough to make your head spin!  There is a serious game being played out there!

My next seminar goal was to attend my friend Paul Reynold's: Reading Code for the Layperson...it was a really great seminar and started out simple and thorough.  My objective was to see if there were other techniques being implemented out there to write more "readable" code.  Halfway through, I remembered the HFT(High Frequency Trading) seminar was going on, so I promptly exited his talk since most of this was review for me. Since I am a novice day-trader, anything having to do with trading, high speed and awesome technology were really intriguing to me.  I walk in and realize a friend of mine Nathan Smith whom I ride bicycles with is doing the presentation.   They were still going over basics of HFT which I already knew somewhat and made it just in time for the juicy details of what happens during a  live transaction.  That was pretty cool.  Then they explained that there were algorithms (business logic rules) applied to the feed to further analyze and set buy / sell points in a more optimized manner.  Truly cool stuff.  Live trading feed, realtime analysis, semi-artificial intelligence algorithms used to handle decisions...wow.  Then, when I thought I had it all grasped in my head,  they said this stuff happens at the rate of some ridiculous # of transactions every 2 micro seconds...micro seconds is equivalent to one millionth of a second...insane..Needless to say, I really got a lot out of this presentation...



Then off I went to my next seminar: Cracking a Windows accounts...I was curious if other methods existed which were more creative.  After 10 minutes in this seminar, I summarized the methods he was going to use and exited promptly not wanting to waste time as I wanted to get some info from Andre Pope's seminar on "Teacher's Preparation for the upcoming wave of tech-savvy students".  Andre is out in the teaching trenches talking about what he is doing in realtime.  He speaks from the heart as well as his technically enlightened mind on how he is converging his collaborative knowhow with current teaching methodologies in order to better connect with his current students.  As a technical futurist myself, I really can "envision" the realities he is attempting to explain to modern-day teachers.  I also gained a lot from this seminar.

Lunch happened afterwards and I got there a little too late as there wasn't much left to choose from.  I was able to cobble together a ham and cheese sandwich from some scraps and flung some lettuce in there to help ease the hunger pains...chips were also available.  I found myself feeling very much like a kid in high school again not knowing where to sit and overwhelmed by the amount of people already congregated in the eating area...so off I fled to find a nice quiet couch outside the scope of the enormous amount of talking heads...I find a spot near Nathan and continue to pick his brain on the ATD machine itself...not a lot more was gleaned as most of my questions had to do with areas of a confidential nature which he was not at liberty to discuss...I found alot of this door slamming throughout the day with many professionals...regardless, lunch was a good time.




Then off to the History of Hacking seminar I went.  I had high hopes for this seminar, but found it to be stammered and lacking in essential immediate information.  The topic header did not accurately reflect the subject matter and I left early and disappointed.  I slipped into the Yahoo Query Language seminar and found it to be a powerful way to get information from the yahoo databases that they allow you access into.  It's a great second door if Google APIs start to get bogged down from user glut....

At this point, I was getting dizzy from the amount of information being gleaned, but I was determined to make the most of this day.  Thanks to the many BarCamp sponsors, delicious Island Coffee was available everywhere and anywhere.  Tasty cookies and other sweets were also available as well as major label sodas! 
After getting my fix, I went on to my next seminar: the Google Q&A session.  Like the history of hacking, I was also disappointed by this seminar as practically every question you could possibly think to ask was carefully considered, muttered aloud and then redacted as not being able to answer on grounds it could disclose some key piece of the Google Collective.  The head Absorbaluff, er I mean speaker smiled and made lots of clever remarks and was able to hop skip and dance his way through a one hour session with no juicy details of the Google empire described.  Yes he was that good at dodging questions.  

So this was a mjor revelation that at BarCamp, you are just have to realize that you are not going to enjoy everything said, or not said.  Its about what you get out of it that matters most....

My next seminar was userinterface design with emphasis on the button.  Unfortunately, this talk was focused on web design and I absolutely loathe web design, primarily because I suck at it.  I can do the technical stuff all day long, but layout, graphics and visual aspects stop me cold.  So I left early knowing this was over my head, and went onwards to find out about NoSQL.  I had no clue what this was and still don't really have a clue, but from what I determined it is primarily for web-based data management, and allows very loose typing of records...which spells danger in data integrity in my old programmers head, so I get up and leave before I get lazy and adopt this a a new way of programming.  I hop into a few other talks and find nothing being accomplished by doing this, so I wait out the hour in a Java seminar and move onto the last seminar of the day: HomeBrew 101...


Yes beer making is one of my passions and this being a 101 seminar would make it simply a review of the basics, but you don't know what you may have never known, and I knew that much so in I went...It was a good review and I was relieved to see that many of the same difficulties I faced in brewing beer were also challenges faced by others.  The speaker was clear and focused on the basics.  He demonstrated with real equipment and kept it simple and clean the entire time.  He keyed in on sanitation many times throughout and stressed it heavily at the end.  There were even a few homebrews to try out at the end which really peeked interested from more than a few.





Then off to the afterparty!  After being mostly on my own floating from one information session to the next, I was now able to catch up with Mikey, Andre, and Paul to discuss BarCamp at the Mellow Mushroom.  It was a great time and we talked about anything and everything for more than a few hours eventually finding ourselves back on the path to our homes...what a day!

I am really looking forward to the next BarCamp and hope to have something to present next time myself....

1 comment:

  1. Great wrap up post. I hate that had to miss half the day, but I still enjoyed the experience.

    ReplyDelete