Skip to main content

PyCon 2011: Interview with Geremy Condra

by Brian Curtin

Putting together two talks for a conference like PyCon is certainly no easy task, nor is it easy to pile on a lightning talk and the organization of a Birds of a Feather (BoF) session or two. That’s Geremy Condra’s plan for March 11 through March 13 at PyCon.

The security researcher from the University of Washington heads to Atlanta for a second time, looking forward to an even better conference compared to last year’s blast. “My favorite part is definitely the degree of accessibility the conference offers - between the lightning talks, poster sessions, BoF sessions, etc.,” he says.

Although the PyCon talk schedule may have you believe the day is over by dinner time, that’s only half of it. As Geremy mentions, “PyCon's enormous strength is in its ability to connect diverse parts of the Python community.” One of the ways this happens is through the many Open Space and BoF sessions in the evening. Add to that all of the thrown together hallway events, ad hoc sprints, games, and much more, and it quickly becomes a 24-hour gathering.

During the day you’ll have a chance to hear Geremy’s take on TUF, a library for secure software updates in Python. Asked what common security issues developers are facing, Geremy answers, “Most devs make their security mistakes when they try to figure out who the adversary is - misplacing trust, assuming that adversaries are weaker (or just differently capable) than they actually are, that sort of thing. This seems to happen a lot with client side code, especially when it comes to downloading files.” Rollback and mix-and-match attacks like this are some of the topics of this talk, including a demonstration of the vulnerability followed by what TUF can do to protect against it.

“The other big issue is with trusting untrustworthy code,” he claims. “Thinking that
urllib will automatically check certs for you, that your cryptographic routines are secure because you can't figure out what they do,” are some of these issues. Fortunately, these are more easily fixed than others, and also make up a lot of what he plans to speak about at PyCon.

His second talk, Through the Side Channel: Timing and Implementation Attacks in Python dives into some of the great things about Python that can also introduce security risks. Part of the talk is to raise awareness using some Python projects that are in wide use. Additionally, he plans to educate attendees on the methods of defense, leaving them with a better sense of what’s out there and giving them a better chance at spotting and correcting the flaws that leave one’s project open.

I had a chance to ask Geremy about some of his work and his use of Python, and found that almost everything he does uses it. “I build simulations using Fabric, display data using Matplotlib, use Sage to model problems, and of course implement solutions in Python where possible,” he says, also mentioning occasional Haskell use.

Additionally, he’s the creator of several open tools that he uses on the job. The Graphine library, an easy to use graph library for Python 3, is one of his projects. He’s also responsible for EVPy, a set of bindings for OpenSSL’s EVP interface, supporting both Python 2 and 3.

We look forward to the security knowledge Geremy brings to this year’s conference, along with his upcoming book titled “Cryptography and Network Security with Python 3.” If you haven’t bought your tickets yet, get them before all 1,500 are sold out!

Comments

Popular posts from this blog

PyCon 2019 Talks, Charlas, Posters, and Education Summit Schedules

With great excitement, we're happy to announce the much anticipated (and admittedly delayed) lineups for PyCon 2019's Talks, Charlas, Posters Session, and Education Summit.
2019 Talks and Charlas Schedule2019 Posters Lineup2019 Education Summit Schedule This is an excellent moment to recognize the volunteer teams that organize the calls for proposal, review all of the submissions, and construct a schedule! Their hard work provides the foundation for a vibrant conference with something for everyone. PyCon Program Committee Chair: Jason Myers Co-Chairs: Lorena Mesa & Jackie Kazil And the 34 volunteer reviewers!
PyCon Charlas Team Chair: Maricela S├ínchez Co-Chairs: Mario Corchero and Naomi Ceder PyCon Posters Committee Chair: Rebecca Bilbro Co-Chairs: Kristen McIntyre, Nathan Danielsen, and Natalie Serebryakova Education Summit Committee Chair: Meenal Pant
Co-Chairs: Jessica Ingrasselino, Chalmer Lowe, Elizabeth Wickes, and Jeff Elkner

PyCon 2020-2021 Location

Now that registration and planning are well underway for PyCon 2019 in Cleveland, the PSF is pleased to announce that the home for PyCon 2020 and 2021 will be Pittsburgh, Pennsylvania!

The conference will be held in the beautiful David L. Lawrence Convention Center on April 15-23, 2020 and May 12-20, 2021.


The Steel City is built around the convergence of the Ohio, Allegheny, and Monongahela rivers and offers an understated mix of arts, culture, and technology. Join the Pittsburgh Python User Group for a meetup, eat dinner in a converted train station at the Grand Concourse, take a century-old cable car up the Duquesne Incline to see stunning views of the city, or visit the Robot Hall of Fame at the Carnegie Science Center's roboworld® exhibit. While you're out and about, see if you can count all 446 bridges in the city (that's more than you'll find in Venice, Italy)!

In Pittsburgh, you'll find that the residents are all neighbors. And with 90 unique neighborhoods tha…

Eighth Annual PyLadies Auction at PyCon 2019

PyLadies is an international mentorship community for women that use Python. Since it’s founding in 2011, PyLadies has continued to bring women into the Python community through a variety of methods, including hosting events in local PyLadies chapters and offering grant opportunities to attend PyCon. Their mission is to promote, educate and advance a diverse Python community through outreach, education, conferences, events, and social gatherings.

The Python Software Foundation (PSF) is proud to announce the Eighth Annual PyCon Charity Auction for 2019.

PyCon 2018’s auction was a huge success raising over $30K! More than 40 items from sponsors and fellow attendees were auctioned. Attendance was overwhelming and, rather than turn more people away for 2019, we have decided to increase capacity this year!

The PSF subsidizes this event each year by covering the cost of the venue, food, and beverages. In addition, the PSF adds a substantial donation to the event after everything is auctioned o…