I made it to India intact. I haven't really slept much in the past 48 hours, so forgive the typos. The FOSS conference is being held outside of the palace of Bangalore. The schedule got kind of messed up and many of the talks were delayed by varying amounts. This made it hard to attend some of the talks since some talks ended up overlapping quite a bit.
I caught the end of Rasmus Lerdofs discussion on Cross Site Scripting. He described a PHP tool to find XSS which he created call Scanmus. The tool is not open sourced because he didn't want it to fall into the hands of wrong doers. He used the tool to find holes in the FOSS website and an Indian Airline.
According to Rasmus, website security is broken (on the server side). He compared it to a firewall. Normally a firewall blocks out everything and you have to punch holes into it to open up necessary ports. He argued the server side programming languages should treat input data in a like manner. (All data should be filtered by default). The "input_get" commands in PHP will do this for you, but you need to apply patches for php version 4.
While he was fielding questions I asked Rasmus, if he felt open source (server side) software was more secure than proprietary. I love loaded questions. I think he wanted to say that they are both bad, but ended up saying that he stopped examining proprietary websites since instead of thanking him for pointing out a flaw in their code, they sent the lawyers after him
Next I attended a talk about the Linux Test Automation Framework. One interesting thing about it is that it is written in Bash.
After that I did some booth duty and ate some pizza. In the afternoon, I couldn't find any talks that I wanted to attend (I'd like to blame it on the talks being off by 45 minutes or more, but it's more likely that my lack of sleep was really catching up on me).
The SpikeSource booth was pretty busy. After a while I went and talked to some other exhibitors. Accross the hallway from us was the Gentoo booth. I was able to talk with Seemant Kulleen a little bit about Gentoo and it's progress. He's a very down to earth, pragmatic guy. I half jokingly asked him what Gentoo was going to do to prevent mass adoption of Ubuntu and he flatout said that he doesn't care. He's not in it for the competition, he's in it for fun. He also said flat out that Gentoo is focused on the developer. He also kind of reprimanded me, since I admitted to being a user and "lurker" since 2001 who also can program in python. I told him that at least I file bugs with Gentoo (that a step closer than just being a casual user).
Well, I think my brain is really shutting down on me now. Good night or morning...