Monday, March 30, 2009

An update on the ***OSCon name issue

Ok, I've been poking around a lot lately :P

So an update on the trademark stuff in my previous post

So, I've got some clarification from the person in charge in the ***OSCon. Here's a snippet of the mail.

We are talking to O'Rilley for the use of OSCON, if they said no ahead, it will be OSCON, else we will use Conference.

OSDC will not appear as we have drafted - we have initiated and in the process of formalizing OSDC.my chapter - something that OSDC Club has agreed and excited about.


So, if they are going to properly protect the identity of the trademark, great!. Lets hope all the docs/webpages out there are properly updated soon.

From the email it looks like they are also another process of creating an Malaysia Open Source Developer Club for a different, post-event purpose.

Great then :D. Looking forward for more good news to tell, and bad stuff to attack. :P

A positive pessimist

Something away from the usual geek stuff. Let have some philosophy/psychology stuff once a while. (which is one of my less shared stuff which I usually keep to myself).

I'm quite a fan of concepts where both light (good/positive) and darkness (bad/negative/evil) are depending in each other and the existence both create a balance in this universe. I also a fan of the concept "In light there is darkness, and in darkness there is light". In and Yo (Yin and Yang) kindof stuff.

A positive pessimist.

So, what is a positive pessimist?. Here's my definition of it. Btw this is my personal definition, it might or might not be same as the common definition.

In Positive thinking, an individual set his mind to believe a goal can be reached. The opposite of Positive thinking is Negative thinking where the individual sets his mind that a goal cannot be reached.


Another side of Positive/Negative thinking is Optimist/Pessimist thinking.

Optimistic thinking is where and individual set his mind that nothing can go wrong when trying to reach a goal. And the opposite of Optimistic thinking is Pessimistic thinking where an individual set his mind that lots of stuff can go wrong when trying to reach a goal.


So,

A positive pessimist is an individual who set his mind to believe a goal can be reached, however, in the same time, he set his mind to believe that a lot can go wrong in the process.


This thinking style, is defensive in nature. A person who follow this thinking style usually will react to almost anything that he thinks will stop him from reaching the goal. He will expect the worst will happen, and he will expect disasters. But instead of being stopped by the possibilities of disaster, he will keep thinking and taking action to reduce the disaster possibilities.

Unlike an optimist, he will keep on raising whatever he thinks will cause failure when trying to reach a goal. Unlike a negative thinker, he still think the goal can be reached.

He may to some extend view positive optimist thinkers as people who are stuck in an illusion paradise, and negative pessimists as people who are unable to reach any goals.

A positive pessimist manipulates anxiety, fear, and worries as weapons to reach the goals. He uses the negative emotions to draw more energy for himself towards reaching the goals.

Depending on what the level of pessimism he has, his actions might appear as negative thinking to some. However, it is his way of ensuring that proper defence is in place to stop disaster from happening as Murphy's law says that if something can go wrong, it will go wrong, at the worst possible time, even if you have been prepared for it.

Are you a positive pessimist?

Saturday, March 28, 2009

Some trademark lesson to a particular group of people

Update : the organizer have clarified the issue. So they will not use OSDC as the track name. They are also in another process of creating an Open Source Developer Club for a different, post-event purpose. The track placeholders will be renamed to other name. All in all, great!!.

IANAL


A trademark or trade mark, identified by the symbols ™ (not yet registered) and ® (registered), is a distinctive sign or indicator used by an individual, organization or other legal entity to identify that the products and/or services to consumers with which the trademark appears originate from a unique source of origin, and to distinguish its products or services from those of other entities.

http://en.wikipedia.org/wiki/Trademark


OSCon is basically a trademark of O'Reilly OSCon, FOSS.my is a trademark of FOSS.my Events Sdn Bhd, and OSDC is a trademark of OSDC Australia.

All three of the marks, are identities of 3 different full blown conference. Of which OSDC and FOSS.my are community-managed conferences, the former in Australia, and the latter in Malaysia.

Creating an event that is called an ***OSCon, where its tracks are being called as OSDC.my and FOSS.my is an abuse of the latter 2 trademarks.

Why I said that? A trademark basically identifies the unique origins of a particular entity. For example, when people says CocaCola, they will know it is the cola drink in the red curved bottle with the CocaCola logo on it and originated from the company who owns the CocaCola trademark, and when people says Pepsi, its the cola drink in the blue bottle with the Pepsi logo on it and produced by the company that owns the Pepsi trademark. And people will expect a particular taste when they buy a CocaCola and a different particular taste when they buy a Pepsi.

So, when one says FOSS.my, they will expect a free flowing, community managed event, filled with FOSS enthusiast , lovers, and contributors, with least formality and control rather than some rigid event. The same goes for the OSDC mark.

In this ***OSCon case, both of the trademarks are being infringed by associating them with something which they are not. Both OSDC and FOSS.my marks are being downplayed to just 2 tracks, of which the main event and the tracks are rigid events, where community are neither involved nor have their voices it.

Why should we care?. A trademark is the identity of a particular entity, and if somebody else, uses the trademark, in a way that differs from the real identity, it will affect the identity of the mark on how the public perceive the mark. It will also creates confusion on what a particular mark is associated with.


One of the main functions of a trademark is to prevent consumer confusion. For example, a consumer knows that he or she can get the same quality food in a McDonald’s in Pennsylvania as he or she can from a McDonald’s in California. Given our global economy, the importance of trademarks cannot be overstated. The law of trademarks is designed to prevent competitors from confusing customers into thinking that they are buying products and services from a trusted, known source when in reality, this is not the case.

http://www.tms.org/pubs/journals/JOM/matters/matters-0212.html


I hope this little rant post will increase awareness of the importance of trademark not only that particular organization, but also to the general Malaysia where it is common to see people genericizing trademarks.

DISCLAIMER: This post is purely my own post, not respresenting any organization stated in this post. Make it the FOSS.my, nor OSDC, nor the comittee of ***OSCon.

Saturday, March 14, 2009

Hack In The Box Dubai 2009

The press release is out!!

http://www.ameinfo.com/188349.html


GCC's premier computer security event coming to Dubai for third time

Leading network security specialists from around the world will be in Dubai next month for the third Hack in The Box Security Conference to take place in the GCC.

HITBSecConf2009 - Dubai, will be held between the 20th and 23rd of April at the Sheraton Dubai Creek in the heart of downtown Dubai.

The 4-day event will kick off with 2 days of hands on technical training sessions covering a range of topics including Web Application Attack and Defense, 802.11 Ninjitsu and The Exploit Laboratory 3.0 - an intensive hands-on course for those wishing to dive into vulnerability analysis and exploit writing.

The conference which takes place on the 22nd and 23rd of April will be run in a dual track format and features two keynote sessions. Mr. Philippe Langois, advisor to Netvibes and a Global partner at Telecom Security Task Force, will deliver the keynote on day 1.

Mr. Langlois is also the Founder of world-leading vulnerability-assessment service provider, Qualys. In addition, he also founded the computer and network security company Intrinsec in 1995 and Worldnet, France's first public Internet service provider, in 1993. Mr Langlois was also lead designer for Payline, the first French e-commerce payment gateway.

His keynote titled 'From Hacking, Startups to HackLabs: Global Perspective and New Fields', will deal with the evolution of network security attacks, the new state of 'counter terrorism', and where the hackers of tomorrow are focusing their attention.

The keynote session on Day 2 titled 'Security Cogs and Levers' will be presented by Mark Curphey, Director at Microsoft's Connected Information Systems Group (CISG).

Mark is also the Founder of the Open Web Application Project (OWASP), which has become the 'go-to' site for developers and system architects and recommended reading by the US Federal Trade Committee.

Mark will discuss key technology trends, how they will be applied to the information security domain in the future and how people, processes and security technology will need to evolve to keep pace.

Other noteworthy presentations lined up include, 'Attacking Windows 7 via Boot Sectors', 'Telecom Infrastructure Security: The SS7 Protocols', 'Pickpocketing mWallets: A Guide to Looting Mobile Financial Services', 'Cross Domain Leakiness and Attacking SSL Sessions' and 'NKill: The Internet Killboard' - a new tool which gives attackers the ability to discover interesting relationships between seemingly unrelated hosts and companies and to pull vulnerable hosts for a specific domain, company or even an entire country.

To find out more about HITBSecConf2009 - Dubai and details on how to register for the event, please visit the event's website.


HackInTheBox Dubai 2009 Site
HackInTheBox Dubai 2009 Conference Kit

Monday, March 09, 2009

Buildout.cfg for ZopeSkel

A little trick to install paster away from your system python.


[buildout]
parts = zopeskel
download-cache = downloads
download-directory = ${buildout:download-cache}
install-from-cache=false

[zopeskel]
recipe = zc.recipe.egg

eggs = ZopeSkel
entry-points = paster=paste.script.command:run

Monday, March 02, 2009

Creating basic Zope2+Plone buildout on Fedora

I've wanted to post this a long time ago, but forgot. I don't really like to use paster as just installing paster for python2.4 introduce large number of external easy_install packages which are not maintained by RPM, and I dont like that as it feels intrusive.

Furthermore, a minimal directory tree with just what needed to generate a buildout is more desirable as its easier to move around across distros and system and store in VCS rather than a big directory with files that hardcodes to system-specific paths generated from paster.

So, this little guide will go through how to create plone buildout without using paster.

Requirements:

* install compat-python24-{setuptools,devel,imaging,elementtree} from rpmfusion

* easy_install-2.4 zc.buildout

Creating the Buildout

Take the sample baseline config from the end of this post. Strip it down or add more stuff to it as you wish and put it in an empty folder. In this case, lets take for example ~/Devel/mybuildout/. So, the file would be ~/Devel/mybuildout/buildout.cfg

Next, create some base directory tree.

cd ~/Devel/mybuildout/
mkdir products src


Finally, init, and run the buildout

buildout init
./bin/buildout -vvvvv


Done. You are good to go. Start zope by ./bin/instance start and if you are following the config below, zope will be listening at http://localhost:8080 and the manager username is admin with password is zopeadmin

Sample buildout.cfg (modified from the one generated by paster)

# buildout.cfg

[buildout]
parts =
plone
zope2
productdistros
instance
zopepy

# Add additional egg download sources here. dist.plone.org contains archives
# of Plone packages.
find-links =
http://dist.plone.org
http://download.zope.org/ppix/
http://download.zope.org/distribution/
http://effbot.org/downloads

# Add additional eggs here
# elementtree is required by Plone
eggs =
elementtree

# Reference any eggs you are developing here, one per line
# e.g.: develop = src/my.package
develop =

[plone]
recipe = plone.recipe.plone>=3.1.7,<3.2dev

[zope2]
recipe = plone.recipe.zope2install
url = ${plone:zope2-url}

# Use this section to download additional old-style products.
# List any number of URLs for product tarballs under URLs (separate
# with whitespace, or break over several lines, with subsequent lines
# indented). If any archives contain several products inside a top-level
# directory, list the archive file name (i.e. the last part of the URL,
# normally with a .tar.gz suffix or similar) under 'nested-packages'.
# If any archives extract to a product directory with a version suffix, list
# the archive name under 'version-suffix-packages'.
[productdistros]
recipe = plone.recipe.distros
urls =
nested-packages =
version-suffix-packages =

[instance]
recipe = plone.recipe.zope2instance
zope2-location = ${zope2:location}
user = root:root
http-address = 8080
#debug-mode = on
#verbose-security = on

# If you want Zope to know about any additional eggs, list them here.
# This should include any development eggs you listed in develop-eggs above,
# e.g. eggs = ${buildout:eggs} ${plone:eggs} my.package
eggs =
${buildout:eggs}
${plone:eggs}

# If you want to register ZCML slugs for any packages, list them here.
# e.g. zcml = my.package my.other.package
zcml =

products =
${buildout:directory}/products
${productdistros:location}
${plone:products}

[zopepy]
recipe = zc.recipe.egg
eggs = ${instance:eggs}
interpreter = zopepy
extra-paths = ${zope2:location}/lib/python
scripts = zopepy