Thursday was a great day, I didn't attend much of the summit talks because the tracks aren't very strong this year. Lots of 'we stood up OpenStack' or 'we sell this talks'. At this point in the game, no-one should be surprised that OpenStack works!

Yesterday's Security Talk was well attended, mine is today!

Food in the hotel is pretty good, this is the seafood buffet!

On my way to the HP party, through the rich parts of HK, I think you could spend a few pennies here, the road was full of designer stores!

Its a tree, in the middle of Hong Kong! 

Crispy Duck! Not had that in a while, nom nom nom!

Drummers! Pretty cool entertainment!

I managed to grab a few little videos of some of the festivities. This one is the dummers, with a little bit of a hello from me and Duncan, Duncan's going to come see us some time in Wales (he studied in Aber)

 

The acrobatic demonstrations were very cool, my phone was playing up so only a few clips I'm afraid!

One of my buddies Eric takes a shot at the blocks, he does a pretty good job too!

A little bit of a dance I saw, the dancer changes masks super quickly, I've not managed to capture much of it so it's here for flavour more than anything else!

Wednesday

Today wasn't bad, not a whole bunch of interesting stuff happened. I met up with some good people at conference and got some agreements on security strategies for the future.

So with nothing amazing to report, no hang overs and no crazy stories, here's a few photos from today

Breakfast, eggs Benedict - they were spicy, that was strange!

I had to walk over to my second hotel today, I'm booked in there tomorrow, I took this photo on the way. I really like it for some odd reason!

A shop that I'm fairly sure I'll loose you in if we ever come to hong kong together!

Traffic in central hong kong! There's light everywhere!

Remember the salt-crusted fish we saw Ramsay make - well that's what Ben ordered, Salt Crusted Sea Bass. The waiter brought it over, cracked it open and then filleted the fish right there, did a great job!

Top Gear! ? !

More Tea!

Wednesday

Today wasn't bad, not a whole bunch of interesting stuff happened. I met up with some good people at conference and got some agreements on security strategies for the future.

So with nothing amazing to report, no hang overs and no crazy stories, here's a few photos from today

Breakfast, eggs Benedict - they were spicy, that was strange!

I had to walk over to my second hotel today, I'm booked in there tomorrow, I took this photo on the way. I really like it for some odd reason!

A shop that I'm fairly sure I'll loose you in if we ever come to hong kong together!

Traffic in central hong kong! There's light everywhere!

Remember the salt-crusted fish we saw Ramsay make - well that's what Ben ordered, Salt Crusted Sea Bass. The waiter brought it over, cracked it open and then filleted the fish right there, did a great job!

Top Gear! ? !

More Tea!

Hi from HK

Hi from HongKong!

This is a majong palace!

Plane Washroom: Can we have this in our house?!

Welcome to HongKong!

Hotel Room is reasonably nice

It has a bathroom, with a shower!

They're building a new island outside my hotel room! Just like Borth!

Went for a walk around the 'night market' in Hong Kong

It was raining, a lot. 

I suspect you'd spend lots of money here!

WHAT THE HELL IS THIS!?!

Real Miso Soup, with Egg and Pork. 

My 'Chinese Breakfast' - I was feeling adventurous this morning!

Worried About OpenStack Security? We literally wrote the book!

The OpenStack Security Group proudly presents the OpenStack Security Guide! Developed using the now legendary book-sprint methodology the whole book was written in a week, with most of the content being written in the first 2-3 days.

For me this was a fascinating opportunity to work with some of the smartest security minds in the OpenStack community. It was fantastic to meet so many security group members in the flesh. Special thanks go to my co-founder in security group - Bryan Payne for all the work he did getting this project off the ground. Special mention should be made of the sponsorship we received from RedHat with the awesome Keith Basil and Shawn Wells who picked up the tab most days, organised the hotel room and were basically super-stars all week!

It was really interesting to work in this collaborative environment with so many ideas and perspectives. I think given the time we had we managed to find a good balance between conceptual overview and specific guidance in this guide - sometimes directing the user to specific security controls (Nova DB MySQL Auth with x.509 client certificates) and other times highlighting pain-points in a "you're going to need to think hard about this" sort of way!

One of the interesting tangential benefits of this work was the vulnerability list, where we documented vulnerabilities or security gaps that the OSSG will now work through and report to the VMT or produce an OSSN for depending on the context.

There's a lot of work to be done on the guide I expect the comments, content and criticisms to start flying thick and fast over the next few weeks and I'm looking forward to seeing how the document evolves over the period between now and the OpenStack Summit in HongKong

I expect that a number of us from the original group will continue to contribute and there's talk of doing a security panel at the summit this year, hopefully such a thing would be interesting to a lot of people!

So all that's left is to thank the guys I worked with last week, I'd love to work with any of you again!

• Bryan Payne – Nebula
• Robert Clark – HP
• Keith Basil – Red Hat
• Cody Bunch – Rackspace
• Malini Bhandaru – Intel Corp
• Gregg Tally – Johns Hopkins Advanced Physics Laboratory 
• Eric Lopez – Nicera VMWare
• Shawn Wells – Red Hat
• Ben de Bont – HP
• Nathanael (Nate) Burton – NSA
• Vibha Fauver – virtAppSec
• Eric Windisch – Cloudscaling
• Adam Hyde – FOSS Manuals
• Andrew Hay – Cloud Passage

Cheers!

Split up CSV based on field contents

Had a requirement to create lots of little CSV files based on a particular field within one CSV file.

https://github.com/hyakuhei/csv-split

This script allows you to choose a field to pivot on, take this example data:

example.csv
Id, IP, Team, Info
1, 10.1.1.1, Ops, Operations Team
2, 10.1.1.2, Ops, Operations Jump-Off Box
3, 10.1.1.3, Admin, Admin Team
4, 10.1.1.4, Admin, Admin Management Server
5, 192.168.1.1, Web, Load Balancer
6, 192.168.1.2, Web, Load Balancer
7, 172.0.0.1, Wibble, Application Server
8, 172.0.0.1, Wibble, Application Montor

Running the following will create 4 files, Ops.csv, Admin.csv, Web.csv, Wibble.csv
$ python csvsplit.py --infile example.csv --field Team

This is really handy for handling csv output from a bunch of tools, such as Nessus, Nexpose, Nessus and many others.


https://github.com/hyakuhei/csv-split

Mountain Bike First Aid

Finding a decent first aid kit for mountain biking is actually pretty tricky. I want a kit that can cover all eventualities.

Coming off at speed on forest single-track means potential cuts, bruises and breaks. Coming off when there's fresh cut logs and offcuts in your landing zone can mean potential punctures and major trauma.

I've recently got quite excited about first aid after completing the RNLI's casualty care course. That covers first aid with a few things thrown in from field medicine. Taking this into account I started looking for kit I should take on the trails with me, it needs to be relatively light and capable of dealing with the worst possible situations. That being the case I'd rather have fewer items to cover all eventualities.

Similarly I don't want to cock about cutting gauze, and using tape. My kit is designed to be applied very quickly.

So, what do I currently have in my kit?

Note: I'm in no way affiliated with SP Services, I just found that they were the easiest to order from.

Gloves - I have a couple of pairs of latex-free medical grade disposable gloves wrapped up in sandwich bags. So far I've only had to fix strangers I've run into on the trails. It's always a good idea to wear gloves. Not just so you don't catch something. You might not have time to clean _your_ hands. Wearing gloves provides a barrier that protects you both.

Ambulance Dressings - these are wraps of bandage with gauze sown in. The gauze is sown in about 20% of the way around the roll. This means you can very quickly apply the bandage to the wound, wrap it a few times and then tie the working end to the slack 20% on the other side of the dressing. Incredibly quick and effective. They're very light and cheap, costing about £0.40 each, I typically carry 3-4 of varying sizes. They can be used to make slings, treat head wounds or cuts. They can also be soaked in water and used to pack open fractures and large wounds. Inexpensive, light and multi-function - so much more useful than carry rolls of bandage, gauze and scissors. With the extra advantage of being usable when your hands are shaking.

250ml Sterilised Water - useful for irrigating wounds or simply as eye wash. In some situations when help is near you might not choose to irrigate and prioritise getting the casualty to professional medical care but when mountain biking the casualty could be hours away from professional help so it's worth taking the extra few minutes to irrigate a wound.

Triangle Bandage - Very useful for making high or low slings, also foldable into a normal bandage, can be soaked and folded to pack an open fracture. Cheap and light.

Foil Blanket - If the casualty can't get themselves moving then it's time to wrap them up. Dress whatever wounds they have, layer them up with whatever clothing is spare and throw the foil blanket over them. This only works while the casualty is warm, putting foil over someone who's already cold won't make any difference. Cheap and light.

Plasters - Light and cheap, useful for small abrasions and when stuff is rubbing, can also be useful for running bike repairs in a pinch.

Face Shield - For use in CPR. Don't expect to need this but it's light and worth having. If you don't have one in your kit then persist with hands only CPR.

Emergency Care Bandage - Amazing bit of kit, generally only required for large truama wounds. Deep cuts, punctures etc. They can soak up an amazing amount of blood and have a very clever plastic part that allows you to apply direct pressure to the wound. Similarly you can apply a windlass technique to put massive direct pressure onto a wound. These are not cheap at about £5.00 each, I only carry one in my pack and will always look to use an ambulance dressing first if appropriate.

The ECB really is a great bit of kit :


Summary:
2 x Pairs Gloves
3 x Ambulance Dressings
1 x 250ml Sterile Water
1 x Triangle Bandage
1 x Foil Blanket
1 x PackPlasters
1 x Face Shield
1 x Emergency Care Bandage

I bought most of my kit from SP Services which is the only place I could order individual items for my kit. I had to add a second ECB to meet the minimum order price.

I'd love to hear any suggestions for extra kit or swap-outs.

I also carry ibuprofen, aspirin and paracetamol. I use these to treat specific types of injury or illness but don't want to discuss medication here as I'm not a doctor.