Skip to main content

PyCon 2011: Interview with Geremy Condra

by Brian Curtin

Putting together two talks for a conference like PyCon is certainly no easy task, nor is it easy to pile on a lightning talk and the organization of a Birds of a Feather (BoF) session or two. That’s Geremy Condra’s plan for March 11 through March 13 at PyCon.

The security researcher from the University of Washington heads to Atlanta for a second time, looking forward to an even better conference compared to last year’s blast. “My favorite part is definitely the degree of accessibility the conference offers - between the lightning talks, poster sessions, BoF sessions, etc.,” he says.

Although the PyCon talk schedule may have you believe the day is over by dinner time, that’s only half of it. As Geremy mentions, “PyCon's enormous strength is in its ability to connect diverse parts of the Python community.” One of the ways this happens is through the many Open Space and BoF sessions in the evening. Add to that all of the thrown together hallway events, ad hoc sprints, games, and much more, and it quickly becomes a 24-hour gathering.

During the day you’ll have a chance to hear Geremy’s take on TUF, a library for secure software updates in Python. Asked what common security issues developers are facing, Geremy answers, “Most devs make their security mistakes when they try to figure out who the adversary is - misplacing trust, assuming that adversaries are weaker (or just differently capable) than they actually are, that sort of thing. This seems to happen a lot with client side code, especially when it comes to downloading files.” Rollback and mix-and-match attacks like this are some of the topics of this talk, including a demonstration of the vulnerability followed by what TUF can do to protect against it.

“The other big issue is with trusting untrustworthy code,” he claims. “Thinking that
urllib will automatically check certs for you, that your cryptographic routines are secure because you can't figure out what they do,” are some of these issues. Fortunately, these are more easily fixed than others, and also make up a lot of what he plans to speak about at PyCon.

His second talk, Through the Side Channel: Timing and Implementation Attacks in Python dives into some of the great things about Python that can also introduce security risks. Part of the talk is to raise awareness using some Python projects that are in wide use. Additionally, he plans to educate attendees on the methods of defense, leaving them with a better sense of what’s out there and giving them a better chance at spotting and correcting the flaws that leave one’s project open.

I had a chance to ask Geremy about some of his work and his use of Python, and found that almost everything he does uses it. “I build simulations using Fabric, display data using Matplotlib, use Sage to model problems, and of course implement solutions in Python where possible,” he says, also mentioning occasional Haskell use.

Additionally, he’s the creator of several open tools that he uses on the job. The Graphine library, an easy to use graph library for Python 3, is one of his projects. He’s also responsible for EVPy, a set of bindings for OpenSSL’s EVP interface, supporting both Python 2 and 3.

We look forward to the security knowledge Geremy brings to this year’s conference, along with his upcoming book titled “Cryptography and Network Security with Python 3.” If you haven’t bought your tickets yet, get them before all 1,500 are sold out!


Popular posts from this blog

Registration is Now Open!

The PyCon 2014 organizers are thrilled to announce the opening of registration for the April 9-17 conference, taking place at the Palais des congrès de Montréal in Montréal, Quebec, Canada. This event represents the first of two annual PyCons to take place in Montréal, following a hugely successful two-year run in Santa Clara, California.

As with years past, ticket prices remain unchanged, and value is ever increasing. At the close of talk and tutorial proposals last week, a record 565 talks were submitted -- over 100 more than for PyCon 2013. Reviewers have been hard at work to begin shaping the 2014 schedule, which is expected in December.

Quantity-based early bird rates are back for 2014, with the cap set at the first 800 tickets receiving the discounted rates. Total sales are initially being kept to 2,000 tickets. For an individual buyer, the regular $350 USD rate is cut 15% for during the early bird period to $300 USD. The $600 USD corporate rate is dropped to $450 USD during early…

Young Coder Tutorial Helps Daughter, Father Get Into Python

PyCon 2013’s “Change the Future” theme was a nod to Python’s growing use in education, and to devices like the Raspberry Pi and their targeted child audience. Before 2,500 attendees descended upon the Friday through Sunday conference, which gave each of them a Raspberry Pi, kids filled a lab for two days of free tutorials on the tiny computer that taught them the basics of Python. They, too, took home a Raspberry Pi.

Not only did the “Young Coder: Let’s Learn Python” tutorials lay the foundation for many children to go on and learn to program, they sent at least one father down that same path.

9-year-old Havana Wilson of Denver, Colo., made the trip to PyCon with her father, Bruce. After she showed interest in building video games, dad looked around the web for how to get her involved. “It was my job to turn her desire into action, so I did research on the most intuitive programming language that has the ability to produce games but also could be a wonderful gateway into programming,” h…

PyCon 2018 Registration is Now Open!

We’re thrilled to announce the opening of registration for PyCon 2018 in Cleveland, Ohio! The prior six PyCons have sold out, so prepare for another one and get your tickets early. The first 800 tickets sold are priced at an early bird discount, saving over 20% on corporate tickets and over 12% on individual tickets. Students save $25 if they purchase early!

To get started, create an account and head to to get your tickets!

You get a package that is hard to beat when you register for PyCon. The conference itself is three days worth of our community’s 95 best talks, amazing keynote speakers each morning, and our famed lightning talks to close out each day, but it’s much more than that. It’s having over 3,000 people in one place to learn from and share with. It’s joining a conversation in the hallway with the creators of open source projects. It’s taking yourself from beginner to intermediate, or intermediate to advanced. For some, it’s getting st…