Skip to main content

PyCon 2011: Interview with Geremy Condra

by Brian Curtin

Putting together two talks for a conference like PyCon is certainly no easy task, nor is it easy to pile on a lightning talk and the organization of a Birds of a Feather (BoF) session or two. That’s Geremy Condra’s plan for March 11 through March 13 at PyCon.

The security researcher from the University of Washington heads to Atlanta for a second time, looking forward to an even better conference compared to last year’s blast. “My favorite part is definitely the degree of accessibility the conference offers - between the lightning talks, poster sessions, BoF sessions, etc.,” he says.

Although the PyCon talk schedule may have you believe the day is over by dinner time, that’s only half of it. As Geremy mentions, “PyCon's enormous strength is in its ability to connect diverse parts of the Python community.” One of the ways this happens is through the many Open Space and BoF sessions in the evening. Add to that all of the thrown together hallway events, ad hoc sprints, games, and much more, and it quickly becomes a 24-hour gathering.

During the day you’ll have a chance to hear Geremy’s take on TUF, a library for secure software updates in Python. Asked what common security issues developers are facing, Geremy answers, “Most devs make their security mistakes when they try to figure out who the adversary is - misplacing trust, assuming that adversaries are weaker (or just differently capable) than they actually are, that sort of thing. This seems to happen a lot with client side code, especially when it comes to downloading files.” Rollback and mix-and-match attacks like this are some of the topics of this talk, including a demonstration of the vulnerability followed by what TUF can do to protect against it.

“The other big issue is with trusting untrustworthy code,” he claims. “Thinking that
urllib will automatically check certs for you, that your cryptographic routines are secure because you can't figure out what they do,” are some of these issues. Fortunately, these are more easily fixed than others, and also make up a lot of what he plans to speak about at PyCon.

His second talk, Through the Side Channel: Timing and Implementation Attacks in Python dives into some of the great things about Python that can also introduce security risks. Part of the talk is to raise awareness using some Python projects that are in wide use. Additionally, he plans to educate attendees on the methods of defense, leaving them with a better sense of what’s out there and giving them a better chance at spotting and correcting the flaws that leave one’s project open.

I had a chance to ask Geremy about some of his work and his use of Python, and found that almost everything he does uses it. “I build simulations using Fabric, display data using Matplotlib, use Sage to model problems, and of course implement solutions in Python where possible,” he says, also mentioning occasional Haskell use.

Additionally, he’s the creator of several open tools that he uses on the job. The Graphine library, an easy to use graph library for Python 3, is one of his projects. He’s also responsible for EVPy, a set of bindings for OpenSSL’s EVP interface, supporting both Python 2 and 3.

We look forward to the security knowledge Geremy brings to this year’s conference, along with his upcoming book titled “Cryptography and Network Security with Python 3.” If you haven’t bought your tickets yet, get them before all 1,500 are sold out!

Comments

Popular posts from this blog

PyCon 2019 Registration is Open!

It is that time of year! Registration for PyCon 2019 has launched and once again we are selling the first 800 tickets at a discounted rate.
How to register Once you have created an account on us.pycon.org, you can register via the registration tab on the conference website.
Registration costs The early bird pricing is $550 for corporate, $350 for individuals, and $100 for students. Once we sell the first 800 tickets, regular prices will go into effect. Regular pricing will be $700 for corporate, $400 for individuals, and $125 for students.
PyCon will take place May 1-9, 2019 in Cleveland, Ohio. The core of the conference May 3-5, 2019 packs in three days worth of our community’s 95 best talks, amazing keynote speakers, and our famed lightning talks to close out each day, but it is much more than that.
It’s having over 3,000 people in one place to learn from and share with. It’s joining a conversation in the hallway with the creators of open source projects. It’s taking yourself from…

PyCon 2019 proposal submission deadline is fast approaching!

The busy holiday season is upon us and before you know it the new year will be here. January 3rd AoE is the deadline to submit proposals. We've added a draft feature to proposals so you can begin your proposal submission now and come back to make final edits before the January 3rd deadline.
Begin by creating an account on us.pycon.org/2019/dashboard.  Details on submitting a proposal can be found here. January 3, 2019: Deadline to submit a PyCon Talk proposal,Poster proposal,Education Summit proposal, andLas PyCon Charlas proposalFebruary 12, 2019: Deadline to submit applications for Financial aidMarch 3, 2019: Financial Assistance grants awardedMarch 30, 2019: Deadline to respond to offer of Financial AssistanceOur Early Bird tickets are going quickly. If you are hoping to purchase your Student, Individual, or Corporate ticket at our discounted rate, then your time is now — register as soon as you can!
We look forward to seeing you in Cleveland in May 2019!
   [Image…

Pycon 2019 Call for Proposals is Open!

The time is upon us again! PyCon 2019’s Call for Proposals has officially opened for talks, tutorials, posters, education summit presentations, as well as the hatchery program PyCon Charlas. PyCon is made by you, so we need you to share what you’re working on, how you’re working on it, what you’ve learned, what you’re learning, and so much more.

Please make note of important deadlines for submissions:
Tutorial proposals are due November 26, 2018.Talk, Charlas, Poster, and Education Summit proposals are due January 3, 2019.
Who should write a proposal? Everyone! If you’re reading this post, you should write a proposal. PyCon is about uniting and building the Python community, and we won’t advance as an open community if we’re not open with each other about what we’ve learned throughout our time in it. It isn’t about being the smartest one in the room, so we don’t just pick all of the expert talks. It’s about helping everyone move together. “A rising tide lifts all boats,” if you will.

We…