ConFoo 2011
7 - 12 Mar 2011
at Hilton Montreal Bonaventure
Talk comments
Good presentation into a complex and difficult subject. Only suggestion would be to add a practical demonstration showing how to implement OpenID in an application.
Good talk on what we're looking forward to in ZF2.
Fully agree with the comment above: good intro and lots of ideas into what to look for and possible solutions.
Comme d'habitude, toujours un plaisir de venir écouter tes retours d'expérience terrain, même en bossant dans le domaine on prend tout de même quelques surprises et des précisions sur des questions qui étaient restées en suspens, merci!
N'oublie par contre pas de mettre à jour tes éléments du top 10 dans tes slides et si possible, évite le noir sur fond rouge ;)
PS: oui, je confirme le comment au-dessus, ne pas oublier de mentionner les interfaces REST aussi (peut-être donner un exemple ou deux alternés sur ces technos) et mentionner oauth dans tes recos!
Hi Anonymous,
Explaining the top10 is quite challenging for one major reason: as you mentioned, a document is freely available and everyone attending a talk about the Top10 could alternatively just download it and read it.
Unfortunately, as the speaker, I had to chose whether I would introduce the existence of this document and its content to an audience who didn't integrate these sorts of risks, or to an audience who seeks advanced insight on some of the entries. I asked the audience who was technical and almost half of it raised hands, this brought me into taking sides.
I'd typically say that you can either jump over the surface of each risk, or dedicate an entire hour on each item, in particular complex topics such as injection, XSS attacks or authentication/crypto issues. For example back in Geneva next week, I will attend a 60 minutes talk on the A2 "Cross-site scripting" by an expert in this topic, he will deliver insights on advanced XSS attacks and defense techniques. I guess that kind of talk would have been more into your focus but for that, I guess you'd have to attend a conference with a stronger focus on information security.
I received both good and bad critics on this talk. Some saying it wasn't technical enough, others saying it was a very good awareness raising talk. I honestly don't think I could satisfy both sides in less than 50 minutes :)
Regarding my speaking style for that session, I am 100% with you, this wasn't my best day and I found switching to English much harder than I had expected :) I hope you had the opportunity to attend the threat modeling session the next day, I chose a completely different presentation style and I would definitely appreciate having your feedback on that one, too.
Anyway, thank you for attending the talk and for returning me your feedback. I appreciate it and it will help me improve some aspects of the talk. Let's hope there is a better "next time"!
antonio
PS: as you can see, I am giving myself a rate of 3 :)
I would like to have a gulp of the kool aid that the other commenters must have been drinking.
How many more frameworks does the PHP Community need? With Symfony 2 and Zend Framework 2 coming out, I fail to see the need for additional frameworks of loosely coupled components. The community as a whole would be better off to standardize on those two and maybe keep CakePHP as a third option (bei full stack and all). Nobody needs Solar, Lithium, whatever -- apart from their authors to bolster their egos.
Have to agree with the previous commenter. I got the impression that the speaker was either badly hung over or jetlagged, probably both. Very unprofessional.
Have to agree with the previous commenter. I got the impression that the speaker was either badly hung over or jetlagged, probably both. Very unprofessional.
I really enjoyed this talk and peek at what's coming with phpDox. I'm very much looking forward to the 1.0 release and a chance to try it out.