[nSLUG] I would like to do a talk

zak martell zak.martell at gmail.com
Mon Sep 12 23:43:42 ADT 2016


Hi Oliver,

I was hoping to see you at the meetup today to further defend myself.

I have no intention to promote another http engine, nor do i want the web
to be shut down - it is my livelihood. I use apache for all sorts of
projects, and while it does have its strengths it like all software has its
pitfalls, and i wanted to do a talk to show it.

I also plan to attack apache in a apache-only use case. Also just because
something is most commonly used, doesnt mean it is all pros. I plan to
attack web servers in general, we all know DOS attacks exist, i am just
showing one example of how its done, from both the user perspective as well
as how sysadmins deal with it and provide a little lesson in the process. I
have no intention to show any security loophole or "hack" or anything like
that.

in summary:
Simple lesson of how web requests work  - from DNS and TCP connection to
how apache responds and assigns a worker process to serve the request.
How to exploit the use of apache workers, overloading the server.
Explaining certain parts of the apache config and why based on the
description it seems like it will help you but they wont
lack of insight when things dont work regardless of debug level or use of
apache server-status page, along with how generic linux tools like netstat
and lsof will seem useless
Mistakes webadmins make when troubleshooting, and decisions you can trick
them into making.





On Mon, Sep 12, 2016 at 9:06 PM, Oliver Doepner <odoepner at gmail.com> wrote:

> Well, I am of the old-fashioned kind who takes a title for a more or less
> accurate summary of what the talk is about.
> A talk that says "Apache - why you should never use it" about the most
> commonly used web server strikes me as odd and would not catch my interest.
>
> It would rather make me think that the speaker
> - does not know what they are talking about
> - is some sort of religious nutcase who wants to promote their pet http
> engine instead
> - wants the web to be shut down for good
>
> So no offense, but if you want to attract serious old men like me (which
> you probably don't) then change the misleading title.
>
> Cheers :)
> Oliver
>
>
> On Mon, Sep 12, 2016 at 11:01 AM, zak martell <zak.martell at gmail.com>
> wrote:
>
>> Hi Baha,
>>
>> I worked in web hosting for the past six years working in a 24/7/365 team
>> in the operations team. I am very used to web servers going down or someone
>> or group attacking one of the 100,000s of websites hosted and especially in
>> a shared hosting platform.
>>
>> Apache is very important. When I called it "why you should never use it"
>> I don't mean to insult it just point out a lot of its flaws and how a
>> simple script kiddie could overload it and stop requests to other
>> visitors(dos). It was also just to make an interesting title. To add to it,
>> go more in depth into ways Apache believes you can stop it but it can't,
>> mostly in http design flaw. Other web servers suffer in the same way, but
>> Apache definitely puts a big name to it and later discussion into Apache
>> config might be more familiar to listeners.
>>
>> I really wish to eventually become a school teacher so I want to do some
>> public speaking. I think something like security or pen testing or things
>> like DoS might interest people more than a talk on how to tune Apache. I am
>> also open to doing a docker one as I have mentioned or anything else I may
>> be capable of.
>>
>> Anyways I hope to see you all this evening at the meet up. Perhaps I can
>> better explain or defend in person.
>> On Mon, Sep 12, 2016 at 10:45 AM Baha Baydar <bbaydar at gmail.com> wrote:
>>
>>> I think the "a DoS story." part that Oliver chopped off becomes very
>>> important when talking about one of the most widely used pieces of FOSS.
>>>
>>> I'd like to hear about that for sure.
>>>
>>> On Mon, Sep 12, 2016 at 10:36 AM, zak martell <zak.martell at gmail.com>
>>> wrote:
>>>
>>>> A joke? I was being serious.
>>>>
>>>> I read some article on nslug page saying talks can be on like pen
>>>> testing and security and such. It said to email the mailing list requesting
>>>> for a slot.
>>>> On Mon, Sep 12, 2016 at 10:00 AM Oliver Doepner <odoepner at gmail.com>
>>>> wrote:
>>>>
>>>>> > Apache, why you should never use it
>>>>>
>>>>> Is this a joke?
>>>>>
>>>>> On Sun, Sep 11, 2016 at 5:14 PM, zak martell <zak.martell at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I was hoping to request a slot to do a talk at either the next tech
>>>>>> talk next month or one in three months time.
>>>>>>
>>>>>> I am not sure yet as ive never attended one what people interests are
>>>>>> but i come from a Webhosting/Cloud background myself so i came up with the
>>>>>> following three topic ideas so far:
>>>>>>
>>>>>> 1. Apache, why you should never use it - a DoS story.
>>>>>> 2. Docker - how, why, basic introduction kind of thing. how to build
>>>>>> a docker container/swarm.
>>>>>> 3. Reverse engineering the web and mobile for personal gain.
>>>>>>
>>>>>> Anything else someone may recommend.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> nSLUG mailing list
>>>>>> nSLUG at nslug.ns.ca
>>>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> 🐭 🐮 🐱 🐵
>>>>> Oliver Doepner
>>>>> http://oliver.doepner.net/
>>>>>
>>>>> _______________________________________________
>>>>> nSLUG mailing list
>>>>> nSLUG at nslug.ns.ca
>>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>>
>>>>
>>>> _______________________________________________
>>>> nSLUG mailing list
>>>> nSLUG at nslug.ns.ca
>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>
>>>>
>>>
>>>
>>> --
>>> Baha Baydar
>>> bbaydar at gmail.com
>>>
>>> _______________________________________________
>>> nSLUG mailing list
>>> nSLUG at nslug.ns.ca
>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
>>
>>
>
>
> --
> 🐭 🐮 🐱 🐵
> Oliver Doepner
> http://oliver.doepner.net/
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20160912/ba5afc6d/attachment-0001.html>


More information about the nSLUG mailing list