[nSLUG] I would like to do a talk

Oliver Doepner odoepner at gmail.com
Tue Sep 13 00:02:10 ADT 2016


Hi Zac,

This all sounds fine and good. I hope it was well attended. I could not
make it today.

I just would have called it "Apache - Its pitfalls and how not to use it"
and not "Apache - why you should never use it".

Case closed, points made. :)

Cheers
Oliver


On Mon, Sep 12, 2016 at 11:43 PM, zak martell <zak.martell at gmail.com> wrote:

> Hi Oliver,
>
> I was hoping to see you at the meetup today to further defend myself.
>
> I have no intention to promote another http engine, nor do i want the web
> to be shut down - it is my livelihood. I use apache for all sorts of
> projects, and while it does have its strengths it like all software has its
> pitfalls, and i wanted to do a talk to show it.
>
> I also plan to attack apache in a apache-only use case. Also just because
> something is most commonly used, doesnt mean it is all pros. I plan to
> attack web servers in general, we all know DOS attacks exist, i am just
> showing one example of how its done, from both the user perspective as well
> as how sysadmins deal with it and provide a little lesson in the process. I
> have no intention to show any security loophole or "hack" or anything like
> that.
>
> in summary:
> Simple lesson of how web requests work  - from DNS and TCP connection to
> how apache responds and assigns a worker process to serve the request.
> How to exploit the use of apache workers, overloading the server.
> Explaining certain parts of the apache config and why based on the
> description it seems like it will help you but they wont
> lack of insight when things dont work regardless of debug level or use of
> apache server-status page, along with how generic linux tools like netstat
> and lsof will seem useless
> Mistakes webadmins make when troubleshooting, and decisions you can trick
> them into making.
>
>
>
>
>
> On Mon, Sep 12, 2016 at 9:06 PM, Oliver Doepner <odoepner at gmail.com>
> wrote:
>
>> Well, I am of the old-fashioned kind who takes a title for a more or less
>> accurate summary of what the talk is about.
>> A talk that says "Apache - why you should never use it" about the most
>> commonly used web server strikes me as odd and would not catch my interest.
>>
>> It would rather make me think that the speaker
>> - does not know what they are talking about
>> - is some sort of religious nutcase who wants to promote their pet http
>> engine instead
>> - wants the web to be shut down for good
>>
>> So no offense, but if you want to attract serious old men like me (which
>> you probably don't) then change the misleading title.
>>
>> Cheers :)
>> Oliver
>>
>>
>> On Mon, Sep 12, 2016 at 11:01 AM, zak martell <zak.martell at gmail.com>
>> wrote:
>>
>>> Hi Baha,
>>>
>>> I worked in web hosting for the past six years working in a 24/7/365
>>> team in the operations team. I am very used to web servers going down or
>>> someone or group attacking one of the 100,000s of websites hosted and
>>> especially in a shared hosting platform.
>>>
>>> Apache is very important. When I called it "why you should never use it"
>>> I don't mean to insult it just point out a lot of its flaws and how a
>>> simple script kiddie could overload it and stop requests to other
>>> visitors(dos). It was also just to make an interesting title. To add to it,
>>> go more in depth into ways Apache believes you can stop it but it can't,
>>> mostly in http design flaw. Other web servers suffer in the same way, but
>>> Apache definitely puts a big name to it and later discussion into Apache
>>> config might be more familiar to listeners.
>>>
>>> I really wish to eventually become a school teacher so I want to do some
>>> public speaking. I think something like security or pen testing or things
>>> like DoS might interest people more than a talk on how to tune Apache. I am
>>> also open to doing a docker one as I have mentioned or anything else I may
>>> be capable of.
>>>
>>> Anyways I hope to see you all this evening at the meet up. Perhaps I can
>>> better explain or defend in person.
>>> On Mon, Sep 12, 2016 at 10:45 AM Baha Baydar <bbaydar at gmail.com> wrote:
>>>
>>>> I think the "a DoS story." part that Oliver chopped off becomes very
>>>> important when talking about one of the most widely used pieces of FOSS.
>>>>
>>>> I'd like to hear about that for sure.
>>>>
>>>> On Mon, Sep 12, 2016 at 10:36 AM, zak martell <zak.martell at gmail.com>
>>>> wrote:
>>>>
>>>>> A joke? I was being serious.
>>>>>
>>>>> I read some article on nslug page saying talks can be on like pen
>>>>> testing and security and such. It said to email the mailing list requesting
>>>>> for a slot.
>>>>> On Mon, Sep 12, 2016 at 10:00 AM Oliver Doepner <odoepner at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> > Apache, why you should never use it
>>>>>>
>>>>>> Is this a joke?
>>>>>>
>>>>>> On Sun, Sep 11, 2016 at 5:14 PM, zak martell <zak.martell at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I was hoping to request a slot to do a talk at either the next tech
>>>>>>> talk next month or one in three months time.
>>>>>>>
>>>>>>> I am not sure yet as ive never attended one what people interests
>>>>>>> are but i come from a Webhosting/Cloud background myself so i came up with
>>>>>>> the following three topic ideas so far:
>>>>>>>
>>>>>>> 1. Apache, why you should never use it - a DoS story.
>>>>>>> 2. Docker - how, why, basic introduction kind of thing. how to build
>>>>>>> a docker container/swarm.
>>>>>>> 3. Reverse engineering the web and mobile for personal gain.
>>>>>>>
>>>>>>> Anything else someone may recommend.
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> nSLUG mailing list
>>>>>>> nSLUG at nslug.ns.ca
>>>>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> 🐭 🐮 🐱 🐵
>>>>>> Oliver Doepner
>>>>>> http://oliver.doepner.net/
>>>>>>
>>>>>> _______________________________________________
>>>>>> nSLUG mailing list
>>>>>> nSLUG at nslug.ns.ca
>>>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> nSLUG mailing list
>>>>> nSLUG at nslug.ns.ca
>>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Baha Baydar
>>>> bbaydar at gmail.com
>>>>
>>>> _______________________________________________
>>>> nSLUG mailing list
>>>> nSLUG at nslug.ns.ca
>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>>
>>>
>>> _______________________________________________
>>> nSLUG mailing list
>>> nSLUG at nslug.ns.ca
>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>>
>>
>>
>> --
>> 🐭 🐮 🐱 🐵
>> Oliver Doepner
>> http://oliver.doepner.net/
>>
>>
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
>>
>>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>
>


-- 
🐭 🐮 🐱 🐵
Oliver Doepner
http://oliver.doepner.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20160913/8c2cd47b/attachment.html>


More information about the nSLUG mailing list