Seattle Area System Administrators Guild

The separation between how you manage your infrastructure and how you build your applications is disappearing. Adam Jacob, CTO of Opscode and primary author of Chef, will teach you what this means in practice – through showing how to deploy real-world applications with Chef on EC2.

We’ll talk about:

Deploying Web Applications… * Ruby on Rails * Catalyst * Django * Tomcat * PHP Setting up Database Servers… * MySQL * PostgreSQL Automating Monitoring and Trending… * Nagios * Munin * Ganglia Centrally managing your application configuration Along the way we’ll be talking about best practices in systems automation, quirks about EC2, and talking about how tools like Chef, Nanite, RabbitMQ and CouchDB can make your life easier.

_____

A twelve year system operations veteran, Adam is a Co-Founder and the CTO of Opscode, whose mission is to bring “Infrastructure Automation to the Masses”. He is the primary author of Chef.

Bcfg2 was developed at Argonne National Laboratory to provide system
administrators with a tool to describe their systems and make
consistent, verifiable changes. I’ll be giving a brief introduction to
Bcfg2 and how it can be used to to model and automate system
configuration in your environment.
_____

Ian Dotson has been a Unix system administrator for nine years. He is
currently working for the University of Washington Libraries where
he’s been using Bcfg2 to manage a growing number of Linux systems.
Prior to working at UW, he was a system administrator at RealNetworks.

Discussing how to use Puppet as well as how configuration management can
improve change management.

—–
Garrett Honeycutt is currently a Senior Systems Engineer with Speakeasy.
His interests include configuration management, security, scalability,
and high availability. In the recent past he has built mobile media
distribution platforms and helped design and implement a national
carrier grade VoIP platform. He is currently developing a set of
standards for cataloguing databases and searching the deep web.

Come discuss the legal and technical aspects of sharing, reusing and remixing content online with a focus on Creative Commons licenses, User-Generated Content and the The Digital Millennium Copyright Act’s safe harbor. Bring you questions! There will be time for Q&A.

—–
Brian Rowe is the founder of Freedom for IP, a volunteer organization started in 2005 focusing on the intersection of human rights and intellectual property. He interned at Creative Commons last summer working on public domain and noncommercial use in copyright. Brian serves on the Washington State Bar Association’s Access to Justice Technology Committee and is an active member of Students for Free Culture. Last Fall Brian wrote a mock trial for the Future of the Law Institute that was used by high school students learning about fair use of music and bloggers rights. Most recently Brian helped plan and spoke at the Seattle Law of the Commons Conference held March 13th, 2009 at Seattle University Law.

Brian has a background in information technology. He helped develop the SeattleHumanRightsNetwork.org and ATJWeb.org. Brian holds a BS in Informatics and BA in Political Science both from University of Washington. He is currently a third-year law student at Seattle University and has accepted a Google Public Policy Fellowship to work in Washington DC this summer at Public Knowledge.

I’ll be showing use of a Nokia 810 running linux
on a PDA and doing what Blackberry does and lots
more. All of that, with open source software that any
system administrator can reproduce for his
organization.

—–

As an engineer, Mr. Banan has over 20 years experience. He is a recognized expert in the design and implementation of distributed systems, especially message handling systems and mobile data networks. Mr. Banan has run Neda Communications as a successful and profitable company since 1991.

Mr. Banan has accumulated a large body of publications. Some of his most recent and influential publications include RFC-2524, RFC-2188, Internetwork Mobility (published by Prentice-Hall), and the ground-breaking industry white paper Operation WhiteBerry.

Mr. Banan holds a BS degree in Electrical Engineering (Magna Cum Laude) from Seattle University and an MS degree in Computer Engineering from the University of Washington.

First I will discuss the theory of load balancers and then give a practical demonstration of how they work.

—–

Jeff Silverman is a Network Support Engineer at F5 Networks. He is fully qualified on the Local Traffic Manager, which is F5’s load balancer offering. He is also qualifying on enterprise manager, which is a tool to manage large numbers (>10) local traffic managers. Jeff used to be a Linux system administrator at Real Networks. Prior to that, he was a Java developer and sysadmin at the UW college of Forest Resources (see http://www.fs.fed.us/pnw/fera/fccs/). He was the system administrator for Research Computing Systems at the UW Electrical Engineering department. He was the MS-Windows sysadmin, UNIX sysadmin, and release engineer for Mathsoft (now Insightful). He has patent 5,296,853, for an icing detector for aircraft. His favorite linux distribution is Ubuntu but he uses Red Hat Fedora at work. Jeff is married with 4 children, 3 grandchildren, and 1 more grandchild due in April.

Sure, you’ve heard of bots and botnets. But have you ever actually seen a bot, bot source code, or a bot herder’s Command and Control (C&C) center in action? Now you can.  In this presentation, we uncover what makes bots tick. The talk covers topics both beginning and advanced:

* Three dominant botnet architectures
* What bot source codes looks like and does
* How bot herders control bots via C&C centers
* How a crook might recruit an army of bots
* How to render bots powerless on your network

During the talk, you’ll see the inner workings of some real-world, malicious bots, found in the wild on underground sites. Learn about the latest attacks botnets can launch, and how to defend against them. Since the best way to understand these sophisticated attacks is to see them unfold right before your eyes, we will present video captures of bots in action. Once you understand how these evil botnets get built, you’ll have the power to avoid assimilation. Resistance is not futile.

—–

Scott Pinzon, CISSP and Information Security Analyst for WatchGuard Technologies, has nearly 20 years of experience explaining technology to clients both large (Weyerhaeuser IT) and small (Seattle’s first cash machine network). He has worked in the fields of network security and encryption products for nine years. The security training videos he co-writes and directs with Corey Nachreiner have accumulated more than 100,000 views on YouTube and Google Video, and are used to train the IT staffs of numerous corporate and government organizations. He founded and hosts the popular podcast, Radio Free Security. Scott was the technical editor for Johnny Long’s No-Tech Hacking and the story editor for Stealing the Network: How to Own a Shadow, both from Syngress.

Corey Nachreiner, CISSP, Senior Network Security Analyst for WatchGuard Technologies, has been a security professional for more than ten years. He studied Computer Science at Western Washington University, and ran his own computer consulting business, before arriving at WatchGuard. Currently, he searches the Internet daily for emerging threats, and has written more than a thousand security alerts and educational articles for LiveSecurity subscribers. His security training videos, created with Scott Pinzon, have accumulated more than 100,000 views on YouTube and Google Video. Corey teaches regularly in episodes of the podcast, Radio Free Security, speaks internationally, and blogs frequently. He has been quoted by many online sources, including C|NET, eWeek, and Slashdot.

Come with your questions and problems and the group will help you find solutions and answers.  Bring your interesting new or ongoing work, projects, and ideas to share.

Finding security bugs is often regarded as an activity requiring secret powers or extremely specialized knowledge. Some security bugs are difficult to uncover and require deep knowledge. However, with basic knowledge many areas can be tested without much effort. This presentation shows how identify and limit attack surface (both application and network layer), perform basic security testing using simple tools, and the difference in effort between finding a bug and exploiting it. A live demo will be given on how to identify and exploit a previously unknown security bug across the network.

—–

Tom Gallagher has been intrigued with both physical and computer security from a young age. He is currently the lead of the Microsoft Office Security Test team. This team is primarily focused on penetration testing, writing security testing tools, and educating program managers, developers, and testers about security issues. Tom co-authored the MSPress title “Hunting Security Bugs” and has presented at OWASP (Seattle), Black Hat, and the TechEd conferences.