so, lisa is all over. it was a pretty good one, this year. i hear that that the expanded tutorials program did a good job of helping recoup some funding that’s been lost since attendance has been down after the dot coms bombed. i was sort of bummed about my two-day ‘hacking and securing web applications’ tutorial overlapping the technical programs so i couldn’t go see some talks i wanted to go to, but it’s hard to bitch too much because, frankly, that tutorial rocked my socks. web applications security isn’t my area of specialization, i mostly just took the tutorial to get some more exposure to webby stuff since i feel kinda behind (hello, i was running wwwboard on the soapmaking site until like two years ago, when i finally got sick enough of deleting the spam to take it down), and because i thought it would be neat. and the tutorial was awesome. the instructor, a gentleman named david rhoades from maven security (a consulting company), was obviously very comfortable with the material and the work, and it was all very interesting. and his tutorial materials — seriously, i’ve been to a number of lisa tutorials since ’98, and i have seen very few tutorials as well put-together as this one. first of all, the book was not just printouts of the powerpoint slides — it had a ton of additional text with explanations, anecdotes, how to do things, and stuff like that. second of all, since it was a hands-on tutorial, he’d worked with the guy who forked the auditor security collection/knoppix distro (kinda like STD), and up with a customized distro cd for the class. it was extremely slick. i asked him for a couple of CDs to take back to folks in the office, actually.

anyways, i have about ten million uris to stuff into diu out of my tutorial notes, but i haven’t gotten around to it yet. soon. soon.