His youtube talk: http://youtu.be/1B4wWQAiDFA
Also found his blog post: http://devblog.arnebrasseur.net/2013-04-plain-text I'll look at this some more. It seems like that there's agreement that you can consider strings "harmful" but coming up with a general purpose replacement is hard. Will. On Fri, Nov 22, 2013 at 12:30 PM, Meredith L. Patterson <[email protected] > wrote: > See also Arne Brasseur's recent talks at various Ruby conferences, e.g. > "Web Linguistics: Towards Higher Fluency" at > http://lanyrd.com/2013/eurucamp/. "Modelling State Machines with Ragel", > by Drew Neil, looks awfully relevant too, in light of Zed Shaw's results > using Ragel for the Mongrel parser ( > http://zedshaw.com/essays/ragel_state_charts.html). > > Cheers, > --mlp > > > On Fri, Nov 22, 2013 at 9:00 PM, Sergey Bratus <[email protected]>wrote: > >> >> We are changing tack to appeal to engineers. Meredith Patterson >> just recorded a set of lectures on using Hammer to build langsec-safe >> parsers in C. They are now in editing. >> >> We are also pulling together notes on designs for hardware parsing. >> The task proved to be harder than we first thought, but I believe >> we are arriving at a viable approach here as well. >> >> It would be create to encourage programmer participation. We need ideas >> and perhaps a set of challenges? >> >> Thank you, >> >> >> --Sergey >> >> On Fri, 22 Nov 2013, Sashank Dara wrote: >> >> Also ,am little disheartened to see not much activity happening on >>> langsec >>> , even after we have break through results . >>> >>> Regards, >>> Sashank >>> http://lnkd.in/88sgfr >>> >>> >>> On Fri, Nov 22, 2013 at 6:22 PM, Grawrock, David >>> <[email protected]>wrote: >>> >>> I'd like to 2nd Sashank's comment. We need to find ways to show HOW you >>>> do >>>> things differently. Suppose I've got a HW input buffer and I normally >>>> send >>>> in a buffer size with a command as the first byte and that determines >>>> what >>>> the rest of the buffer looks like. We know that is not the best, but >>>> what >>>> does the better one look like. To have an impact to engineers we really >>>> need to start showing them what better looks like and how it will help >>>> them. >>>> >>>> David Grawrock >>>> Security Architect >>>> 503 264 3642 >>>> >>>> -----Original Message----- >>>> From: [email protected] [mailto: >>>> [email protected]] On Behalf Of Sergey Bratus >>>> Sent: Friday, November 22, 2013 12:29 AM >>>> To: Sashank Dara >>>> Cc: [email protected] >>>> Subject: Re: [langsec-discuss] LangSec Workshop at IEEE SPW 2014, Sun >>>> May >>>> 18, 2014 >>>> >>>> Hi Sashank, >>>> >>>> Thank you! We'll look for ways to emphasize the practical case study >>>> part. >>>> >>>> Thanks, >>>> >>>> --Sergey >>>> >>>> On Fri, 22 Nov 2013, Sashank Dara wrote: >>>> >>>> just my 2 cents . >>>>> >>>>> Recently i gave a talk on langsec internally for big room of engineers >>>>> . >>>>> frankly teaching science to engineers is difficult . I lost my >>>>> audience the moment i showed them chomsky hierarcy and talking stuff >>>>> >>>> like grammars >>>> >>>>> and rules . they sounded more theoretical . Usually engineers want to >>>>> >>>> see >>>> >>>>> more concrete things , things in action . I did mention libdejector >>>>> and Haskell based IP Stack that comes close to langsec . I did mention >>>>> that fuzzing based testing is not enough. >>>>> >>>>> So if possible some tools developed based on langsec principles to >>>>> hack popular protocols as demos might get more interest . >>>>> making them available as open source might further help to people play >>>>> around with them . >>>>> >>>>> >>>>> >>>>> Regards, >>>>> Sashank >>>>> http://lnkd.in/88sgfr >>>>> >>>>> >>>>> On Fri, Nov 22, 2013 at 8:13 AM, Sergey Bratus < >>>>> [email protected] >>>>> wrote: >>>>> >>>>> Hi Will, >>>>>> >>>>>> We are soliciting papers on research and/or case studies as per >>>>>> the CFP, will have the Program Committee review them, and have the >>>>>> accepted papers presented by the authors at the workshop, with >>>>>> audience participation. We will have an invited keynote or two. We >>>>>> will also hold a discussion on the directions of the field in some >>>>>> form. >>>>>> >>>>>> We are very open to suggestions of how to make it interesting to >>>>>> attend for all researchers, programmers, and hackers interested in the >>>>>> >>>>> topic! >>>> >>>>> >>>>>> Thank you, >>>>>> >>>>>> --Sergey >>>>>> >>>>>> >>>>>> On Thu, 21 Nov 2013, Will Sargent wrote: >>>>>> >>>>>> What happens at the workshop? >>>>>> >>>>>>> >>>>>>> Will. >>>>>>> >>>>>>> >>>>>>> On Wed, Nov 20, 2013 at 8:56 PM, Sergey Bratus >>>>>>> <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Dear All, >>>>>>> >>>>>>>> >>>>>>>> We will hold a LangSec workshop as a part of the IEEE CS >>>>>>>> Security and Privacy Workshops >>>>>>>> (http://www.ieee-security.org/TC/SPW2014/index.html), >>>>>>>> co-located with the Symposium on Security and Privacy at the >>>>>>>> Fairmont San Jose Hotel. Our workshop will be a full-day workshop >>>>>>>> on Sunday May 18, 2014. >>>>>>>> >>>>>>>> The CFP and other info is now posted at >>>>>>>> http://spw14.langsec.org/. >>>>>>>> Please feel free to advertise and suggest it to potential sponsors! >>>>>>>> We would like to work out a way to waive or reduce the registration >>>>>>>> fees for industry programmers, students, hackers and enthusiasts. >>>>>>>> >>>>>>>> Needless to say, please do submit your research or case study >>>>>>>> >>>>>>> papers! >>>> >>>>> >>>>>>>> Thank you very much & hoping to see you at the workshop, >>>>>>>> >>>>>>>> --Sergey >>>>>>>> _______________________________________________ >>>>>>>> langsec-discuss mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>> >>>>>> langsec-discuss mailing list >>>>>> [email protected] >>>>>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >>>>>> >>>>>> >>>>> _______________________________________________ >>>> langsec-discuss mailing list >>>> [email protected] >>>> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >>>> >>>> >>> _______________________________________________ >> langsec-discuss mailing list >> [email protected] >> https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss >> > > > _______________________________________________ > langsec-discuss mailing list > [email protected] > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > >
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
