Eamonn McManus beat me to blogging about JavaPolis on Artima. I add a little sprinkling of Trust and Sex.
Eamonn McManus beat me to blogging about JavaPolis on Artima. Tim Bray also ran a blog on the conference, elsewhere. As one of the organizers, I am delighted at the event's resonance. Mostly kind words, but, as the security track host, I was not too pleased about Tim saying:
Inevitably, some of the presentations were lame. It would be ungracious to name names, but at the last few conferences Ive attended, the security-track presentations have been generally lacklustre. This is weird; its a hot area, and with lots of technical interest.
Maybe it is because developers find security dull that it is such a hot area.
Of course, I take issue with the statement; I don't think Tim attended more than 2 security talks. In fact, I am sure he did not. His big leather hat is difficult to miss, even in a dimly lit cinema. He certainly did not attend Susan Landau's, which, imo, was a high point of the conference.
As Eamonn pointed out, she took a very courageous and honest stand on the controversial work of the Trusted Computing Group. It is extra-ordinary that so little has been written and said on this given the potential to fundamentally change the way we think about ownership and control of technology. One gets the feeling that this change is creeping up and will take society unawares. While this seems to be an obvious area for public policy, there are surprisingly few initiatives to mitigate the obvious socially undesirable effects 'trusted' platforms may have. Is society missing this because this is also perceived as a boring topic? This is an understandable attitude of the lay politician, even if it is regrettable. It is strange that so little is made of it in the technical community.
At the time of writing, the streaming presentations are not online yet, but I heartily recommend to have a look and listen when they are.
I am not going to run through all the security talks in an attempt to prove Tim wrong. Heck, there surely were one or two that were not as good as the other talks at the conference. I think Tim was unlucky.
One session I do still want to write about, mainly because you will not be able to listen to it since BoF sessions were not recorded, is the panel discussion on "Secure agility/agile security". So far the security community has eschewed agile methods in spite of the evidence that they are improving software quality substantially. I think the time for a rapprochement has come. A fuller report will have to wait until after Christmas.
Let me close for today with a story about the JavaPolis banner. I thought our banner was excellent. A little tongue in cheek, for sure, not stuffy or dull, even a little sexy. Far too so to prudish American tastes, apparently: a cross-bannering agreement with theServerSide nearly foundered on its 'explicit' nature. We had to produce a sanitized version. Needless to say, in the process, it lost all interest. Not that the banner was ever going to be displayed to their American readers, as it was only being served to European IP addresses.