Re: Advice on project logo
Couldn't resist https://twitter.com/alanparsons/status/1178469148751466496?s=19 ...no idea how it appeared in my timeline... - - - Vice President Marketing & Publicity Vice President Sponsor Relations The Apache Software Foundation Tel +1 617 921 8656 | s...@apache.org On Thu, Sep 19, 2019, at 19:10, Sally Khudairi wrote: > Rob: I've had "Eye In The Sky" in my head for the past 5 days ... > > Thanks for the ear worm --it's a sign :^) > > But I concur: no "Project" is needed in the logo here. > > - - - > Vice President Marketing & Publicity > Vice President Sponsor Relations > The Apache Software Foundation > > Tel +1 617 921 8656 | s...@apache.org > > > On Sun, Sep 15, 2019, at 10:47, Rob Tompkins wrote: >> >> >> >> On Sep 15, 2019, at 8:10 AM, Gary Gregory wrote: >>> I do not think we need "Project", we're not a 70s progrock band ;-) >> >> I like the Alan Parsons Project, a little :-P >>> >>> On Sun, Sep 15, 2019, 07:45 Rob Tompkins wrote: >>>> Here’s a potential logo that I mocked up and sent to Kenneth. Does anyone >>>> have any opinions on this? I felt like something similar to the one that >>>> Sally sent across for the HTTP project seemed reasonable. >>>> >>>> Also, I think that it’s not exactly adherent to the style guide and that >>>> Kenneth plans on putting something together that’s analogous and adhere’s >>>> to the style guide. >>>> >>>> Thoughts? -Rob >>>> >>>> >>>> >>>>> On Sep 9, 2019, at 3:17 PM, Gary Gregory wrote: >>>>> >>>>> The KISS solution would be to get "Central" to produce not just the >>>>> Commons >>>>> logo but one for each component and be done. The even simpler path is to >>>>> forgo component specific logos, especially since Commons is just one >>>>> Apache >>>>> project. I like simpler... >>>>> >>>>> Gary >>>>> >>>>> On Mon, Sep 9, 2019, 15:08 Rob Tompkins wrote: >>>>> >>>>>> >>>>>> >>>>>>> On Sep 9, 2019, at 11:31 AM, Gilles Sadowski >>>>>> wrote: >>>>>>> >>>>>>> Hi. >>>>>>> >>>>>>> Le lun. 9 sept. 2019 à 12:35, Sally Khudairi a écrit : >>>>>>>> >>>>>>>> Thank you, Gilles. >>>>>>>> >>>>>>>> I'm copying Kenneth Paskett, creative lead from Central Services. I was >>>>>> talking to him about this opportunity yesterday: we will be happy to >>>>>> explore options for a future design. >>>>>> >>>>>> Just curious, who on this transmission is at ApacheCon this week. Having >>>>>> worked with Sally in the past on an ad-hoc logo for the DC road show >>>>>> earlier this year, I could sit down with her and see if we can get >>>>>> something analogous to what we have in place currently that satisfies >>>>>> everyone (granted my designs tend to be minimalist in nature). >>>>>> >>>>>> Thoughts? >>>>>> >>>>>> -Rob >>>>>> >>>>>>>> >>>>>>>> I'm not saying "don't use anything that remotely looks like the >>>>>> feather". It's important that if we choose to use an ASF-feather-inspired >>>>>> motif that it doesn't look like it's a "broken" version of the original. >>>>>>> >>>>>>> It was certainly not the intention. >>>>>>> It is difficult/impossible to argue on things that boil down >>>>>>> to a matter of taste or arbitrary policy (like the kinds of >>>>>>> reuse that are allowed and not by the rights owner). >>>>>>> >>>>>>>> Ways around that issue could involve the shape or color of the feather, >>>>>> among other adjustments. >>>>>>> >>>>>>> Exactly what I meant: IMHO those changes are more "broken" >>>>>>> than a rotation. ;-) >>>>>>> [But if they are allowed, then fine.] >>>>>>> >>>>>>>> Thank you and the community
Re: Advice on project logo
Rob: I've had "Eye In The Sky" in my head for the past 5 days ... Thanks for the ear worm --it's a sign :^) But I concur: no "Project" is needed in the logo here. - - - Vice President Marketing & Publicity Vice President Sponsor Relations The Apache Software Foundation Tel +1 617 921 8656 | s...@apache.org On Sun, Sep 15, 2019, at 10:47, Rob Tompkins wrote: > > > > On Sep 15, 2019, at 8:10 AM, Gary Gregory wrote: >> I do not think we need "Project", we're not a 70s progrock band ;-) > > I like the Alan Parsons Project, a little :-P >> >> On Sun, Sep 15, 2019, 07:45 Rob Tompkins wrote: >>> Here’s a potential logo that I mocked up and sent to Kenneth. Does anyone >>> have any opinions on this? I felt like something similar to the one that >>> Sally sent across for the HTTP project seemed reasonable. >>> >>> Also, I think that it’s not exactly adherent to the style guide and that >>> Kenneth plans on putting something together that’s analogous and adhere’s >>> to the style guide. >>> >>> Thoughts? -Rob >>> >>> >>> >>>> On Sep 9, 2019, at 3:17 PM, Gary Gregory wrote: >>>> >>>> The KISS solution would be to get "Central" to produce not just the Commons >>>> logo but one for each component and be done. The even simpler path is to >>>> forgo component specific logos, especially since Commons is just one Apache >>>> project. I like simpler... >>>> >>>> Gary >>>> >>>> On Mon, Sep 9, 2019, 15:08 Rob Tompkins wrote: >>>> >>>>> >>>>> >>>>>> On Sep 9, 2019, at 11:31 AM, Gilles Sadowski >>>>> wrote: >>>>>> >>>>>> Hi. >>>>>> >>>>>> Le lun. 9 sept. 2019 à 12:35, Sally Khudairi a écrit : >>>>>>> >>>>>>> Thank you, Gilles. >>>>>>> >>>>>>> I'm copying Kenneth Paskett, creative lead from Central Services. I was >>>>> talking to him about this opportunity yesterday: we will be happy to >>>>> explore options for a future design. >>>>> >>>>> Just curious, who on this transmission is at ApacheCon this week. Having >>>>> worked with Sally in the past on an ad-hoc logo for the DC road show >>>>> earlier this year, I could sit down with her and see if we can get >>>>> something analogous to what we have in place currently that satisfies >>>>> everyone (granted my designs tend to be minimalist in nature). >>>>> >>>>> Thoughts? >>>>> >>>>> -Rob >>>>> >>>>>>> >>>>>>> I'm not saying "don't use anything that remotely looks like the >>>>> feather". It's important that if we choose to use an ASF-feather-inspired >>>>> motif that it doesn't look like it's a "broken" version of the original. >>>>>> >>>>>> It was certainly not the intention. >>>>>> It is difficult/impossible to argue on things that boil down >>>>>> to a matter of taste or arbitrary policy (like the kinds of >>>>>> reuse that are allowed and not by the rights owner). >>>>>> >>>>>>> Ways around that issue could involve the shape or color of the feather, >>>>> among other adjustments. >>>>>> >>>>>> Exactly what I meant: IMHO those changes are more "broken" >>>>>> than a rotation. ;-) >>>>>> [But if they are allowed, then fine.] >>>>>> >>>>>>> Thank you and the community for your trust. We look forward to working >>>>> with you. >>>>>> >>>>>> Hopefully, preferences will be collected in the thread which I >>>>>> mentioned in the previous message, and the community can >>>>>> converge on a few ideas to help with the design. >>>>>> >>>>>> Best regards, >>>>>> Gilles >>>>>> >>>>>>> >>>>>>> Best, >>>>>>> Sally >>>>>>> >>>>>>> - - - >>>>>>> Vice President Marketing & Publicity >>>>>>> Vice President Sponsor Re
Re: Advice on project logo
Thank you, Gilles. I'm copying Kenneth Paskett, creative lead from Central Services. I was talking to him about this opportunity yesterday: we will be happy to explore options for a future design. I'm not saying "don't use anything that remotely looks like the feather". It's important that if we choose to use an ASF-feather-inspired motif that it doesn't look like it's a "broken" version of the original. Ways around that issue could involve the shape or color of the feather, among other adjustments. Thank you and the community for your trust. We look forward to working with you. Best, Sally - - - Vice President Marketing & Publicity Vice President Sponsor Relations The Apache Software Foundation Tel +1 617 921 8656 | s...@apache.org On Mon, Sep 9, 2019, at 03:22, Gilles Sadowski wrote: > Hello. > > Le sam. 7 sept. 2019 à 13:29, Sally Khudairi a écrit : > > > > Thank you, Gilles. I appreciate you reaching out. > > > > Normally I encourage PMCs to not re-orient or "spindle" the feather where > > possible, but I understand that some legacy logos have a bit of a problem > > with positioning. For example, the Apache HTTP Server logo: > > > > - original logo https://twitter.com/apache_httpd/photo > > - interim logo https://britewire.com/apache-http-server/ > > - new logo > > https://svn.apache.org/repos/asf/comdev/project-logos/originals/httpd.svg > > So is the choice between > * use the exact same feather as the foundation's > * not use anything that even remotely looks like feather > ? > > > Whilst I understand the proposed design, I'm not *loving* the look of the > > logo, particularly as Apache Commons has such a massive footprint across so > > many projects. > > > > To that end, may I ask a favor? > > > > Would you and the Apache Commons PMC be amenable to considering having > > Central Services --a somewhat new sub-group of ASF Marketing & Publicity-- > > help you with creating a new logo? > > Help from experts is welcome. > > > If you are not in a rush, we can see how we can help you. > > I don't think we should be in a rush, as the proposal to change the > projects' logo(s) dates back from 3 years ago.[1] > > > ApacheCon North America starts on Monday, and we can start the discussions > > on what your requirements are and the best way to meet your needs. > > I can only speak about of my preferences:[2] > * At most 2 or 3 graphical elements reminiscent of the project > (feather included, if applicable) > * No URL > * Clearly visible at all (reasonable) resolutions [3] > * Combinable with 1 additional grahical element (so that we can > easily create one logo for each of the many components hosted > in "Commons" [4] > > > ApacheCon Europe is taking place in October: I was thinking the timeframe > > between the two events (~6 weeks) would be sufficient for us to have a few > > proposals developed. > > Great. > > > If this works for you, we can get started this week. > > Fine with me. > > > If not, I understand. You may proceed with the proposed logo with the > > intention of revisiting and updating in future. > > Now is a good time. > Indeed, that logo is not favoured by the community (at least the few > who voiced their opinion).[5] And, IMHO, the alternatives are failing > what I consider basic requirements (cf. above).[6] > > > Many kind thanks again for your attention and consideration. > > > > Warm regards, > > Sally > > Thank you very much for the offer, > Gilles > > [1] https://issues.apache.org/jira/browse/COMMONSSITE-86 > [2] Discussion thread: > https://markmail.org/message/twsre7wl6jmue6mp > [3] For example, when I look at the top left of the Apache's JIRA pages: > https://issues.apache.org/jira/secure/Dashboard.jspa > I see either a bad logo, or an inadequate use of it. > [4] See e.g. http://commons.apache.org/proper/commons-rng/ > [5] Lacking feedback, I opted for an upgrade of the feather using > the foundation's new graphics keeping the old (and supposedly > consensual) idea for the feather orientation. > [6] Even though it's great that Loic Guibert was willing to provide > idea and a few examples. > > > > > Tel +1 617 921 8656 | s...@apache.org > > > > On Fri, Sep 6, 2019, at 17:18, Gilles Sadowski wrote: > > > Hello. > > > > > > We, at Apache Commons, would like to know whether an Apache > > > project is authorized to extract graphical elements from the > &g
Re: Advice on project logo
Thank you, Gilles. I appreciate you reaching out. Normally I encourage PMCs to not re-orient or "spindle" the feather where possible, but I understand that some legacy logos have a bit of a problem with positioning. For example, the Apache HTTP Server logo: - original logo https://twitter.com/apache_httpd/photo - interim logo https://britewire.com/apache-http-server/ - new logo https://svn.apache.org/repos/asf/comdev/project-logos/originals/httpd.svg Whilst I understand the proposed design, I'm not *loving* the look of the logo, particularly as Apache Commons has such a massive footprint across so many projects. To that end, may I ask a favor? Would you and the Apache Commons PMC be amenable to considering having Central Services --a somewhat new sub-group of ASF Marketing & Publicity-- help you with creating a new logo? If you are not in a rush, we can see how we can help you. ApacheCon North America starts on Monday, and we can start the discussions on what your requirements are and the best way to meet your needs. ApacheCon Europe is taking place in October: I was thinking the timeframe between the two events (~6 weeks) would be sufficient for us to have a few proposals developed. If this works for you, we can get started this week. If not, I understand. You may proceed with the proposed logo with the intention of revisiting and updating in future. Many kind thanks again for your attention and consideration. Warm regards, Sally - - - Vice President Marketing & Publicity Vice President Sponsor Relations The Apache Software Foundation Tel +1 617 921 8656 | s...@apache.org On Fri, Sep 6, 2019, at 17:18, Gilles Sadowski wrote: > Hello. > > We, at Apache Commons, would like to know whether an Apache > project is authorized to extract graphical elements from the > foundation's logo, apply some transformation to them, and use > the result in order to compose its own logo. > > Case in point is here: > > https://svn.apache.org/repos/asf/comdev/project-logos/originals/commons.svg > (where the feather has been rotated). > > Does it constitute a breach of the recommendations published in > the "Identity Style Guide"?[1] > > Thank you, > Gilles Sadowski > > [1] https://apache.org/foundation/press/kit/ApacheFoundation_StyleGuide.pdf > - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [SITE] Adopting the new ASF Logo
Hey Gary! Thanks for your note. Alas, I'm unable to do any graphics work at this time, but I'll ping our designers to see if they can provide the design specs. We're working on a style guide that will contain all this information, but that's a long ways out, so hopefully I'll have an answer for you soon :-) Cheers,Sally From: Gary Gregory To: Commons Developers List ; Sally Khudairi Sent: Thursday, January 28, 2016 11:38 AM Subject: Re: [SITE] Adopting the new ASF Logo Sally, Do I recall correctly that you offered assistance a while back to create or update logos? If not, what is the font used in the assets? Thank you,Gary On Thu, Jan 28, 2016 at 4:01 AM, Benedikt Ritter wrote: Hi all, we're still using the "old" Feather logo throughout our websites. Is anybody capable of creating a logo based on the new Feather logo? Regards, Benedikt -- http://home.apache.org/~britter/ http://twitter.com/BenediktRitter http://github.com/britter -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence with Hibernate, Second Edition JUnit in Action, Second Edition Spring Batch in Action Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
Re: Blog post "commons" vulnerability
You're most welcome! Lots of heavy activity on Twitter as well :-) -Sally
From: Gary Gregory
To: Commons Developers List ; Sally Khudairi
Sent: Tuesday, November 10, 2015 10:40 AM
Subject: Re: Blog post "commons" vulnerability
Thank you Sally!GaryOn Nov 10, 2015 2:20 AM, "Sally Khudairi"
wrote:
Hello everyone --we are live:
- ASF "Foundation" blog http://s.apache.org/bsA - @TheASF Twitter feed
https://twitter.com/TheASF/status/664023691051843584
...plus sent to annou...@apache.org and our dedicated media/analyst
distribution list. This will appear on the apache.org homepage during the next
auto-update, which should take place within the hour.
Thanks so much for your help with this. I'm glad we were able to get it out!
Warmly,Sally
+ copying press@ to keep the team in the loop. = = = = = vox +1 617 921 8656
off2 +1 646 583 3362 skype sallykhudairi
From: "Frohoff, Chris"
To: Sally Khudairi ; "e...@zusammenkunft.net"
; Gabriel Lawrence ;
Commons Developers List
Sent: Monday, November 9, 2015 6:42 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5799872531 #yiv5799872531 -- _filtered #yiv5799872531
{font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv5799872531
{panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv5799872531
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv5799872531
{font-family:Consolas;panose-1:2 11 6 9 2 2 4 3 2 4;}#yiv5799872531
#yiv5799872531 p.yiv5799872531MsoNormal, #yiv5799872531
li.yiv5799872531MsoNormal, #yiv5799872531 div.yiv5799872531MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv5799872531 a:link,
#yiv5799872531 span.yiv5799872531MsoHyperlink
{color:blue;text-decoration:underline;}#yiv5799872531 a:visited, #yiv5799872531
span.yiv5799872531MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv5799872531 pre
{margin:0in;margin-bottom:.0001pt;font-size:10.0pt;}#yiv5799872531
span.yiv5799872531HTMLPreformattedChar {font-family:Consolas;}#yiv5799872531
span.yiv5799872531EmailStyle19 {color:#1F497D;}#yiv5799872531
.yiv5799872531MsoChpDefault {font-size:10.0pt;} _filtered #yiv5799872531
{margin:1.0in 1.0in 1.0in 1.0in;}#yiv5799872531 div.yiv5799872531WordSection1
{}#yiv5799872531 All, I just wanted to make sure that this didn’t get missed
in the comments: “I’d suggest doing this for anything Serializable that
performs reflection for completeness.” I think there’s a reasonable chance
another gadget chain could be constructed from one or more of the below
classes. I’d suggest extending your patch similarly to these if it’s not too
difficult. $ grep -ER -e "lang.reflect.(Method|Constructor)" src/main
--include=*.java -l | grep -v InvokerTransformer | xargs -n1 grep -l
Serializable
src/main/java/org/apache/commons/collections4/functors/InstantiateFactory.java
src/main/java/org/apache/commons/collections4/functors/InstantiateTransformer.java
src/main/java/org/apache/commons/collections4/functors/PrototypeFactory.java
Thanks, -Chris
From: Sally Khudairi [mailto:sallykhuda...@yahoo.com]
Sent: Monday, November 09, 2015 3:15 PM
To: Sally Khudairi; e...@zusammenkunft.net; Frohoff, Chris; Gabriel Lawrence;
Commons Developers List
Subject: Re: Blog post "commons" vulnerability Just to clarify re: PMC
affiliation, may I suggest it appear as: > Authors: Bernd Eckenfels and Gary
Gregory, members of the Apache Commons Project Management Committee I'm
happy to proceed tonight if this meets your approval. If you can please give
the go-ahead by 7PM ET (= ~45 minutes from now), that would be great.
Otherwise, I'm happy to issue tomorrow morning. Thanks,
Sally = = = = = vox +1 617 921 8656 off2 +1 646 583 3362 skype
sallykhudairi From: Sally Khudairi
To: e...@zusammenkunft.net; "Frohoff, Chris" ; Gabriel
Lawrence ; Commons Developers List
Sent: Monday, November 9, 2015 5:29 PM
Subject: Re: Blog post "commons" vulnerability Thanks so much, Bernd.
Personally, I prefer mentioning PMC affiliation, as it adds credibility, but
I'll post it however you'd like. OK re: tweet screenshot; I've included it.
Please let me know when you're ready, and I'll publish. Warmly, Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity] - Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
, "Sally Khudairi"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 17:24
Hello Sally, Yes it is just a screenshot of a tweet, I could not come up
with a useful graohic for the topic and since discussion on Twitter somewhat
powered all the fuzz I figured it would fit. Regarding Phils comment I think
Re: Blog post "commons" vulnerability
Hello everyone --we are live:
- ASF "Foundation" blog http://s.apache.org/bsA - @TheASF Twitter feed
https://twitter.com/TheASF/status/664023691051843584
...plus sent to annou...@apache.org and our dedicated media/analyst
distribution list. This will appear on the apache.org homepage during the next
auto-update, which should take place within the hour.
Thanks so much for your help with this. I'm glad we were able to get it out!
Warmly,Sally
+ copying press@ to keep the team in the loop. = = = = = vox +1 617 921 8656
off2 +1 646 583 3362 skype sallykhudairi
From: "Frohoff, Chris"
To: Sally Khudairi ; "e...@zusammenkunft.net"
; Gabriel Lawrence ;
Commons Developers List
Sent: Monday, November 9, 2015 6:42 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5799872531 #yiv5799872531 -- _filtered #yiv5799872531
{font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv5799872531
{panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv5799872531
{font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv5799872531
{font-family:Consolas;panose-1:2 11 6 9 2 2 4 3 2 4;}#yiv5799872531
#yiv5799872531 p.yiv5799872531MsoNormal, #yiv5799872531
li.yiv5799872531MsoNormal, #yiv5799872531 div.yiv5799872531MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv5799872531 a:link,
#yiv5799872531 span.yiv5799872531MsoHyperlink
{color:blue;text-decoration:underline;}#yiv5799872531 a:visited, #yiv5799872531
span.yiv5799872531MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv5799872531 pre
{margin:0in;margin-bottom:.0001pt;font-size:10.0pt;}#yiv5799872531
span.yiv5799872531HTMLPreformattedChar {font-family:Consolas;}#yiv5799872531
span.yiv5799872531EmailStyle19 {color:#1F497D;}#yiv5799872531
.yiv5799872531MsoChpDefault {font-size:10.0pt;} _filtered #yiv5799872531
{margin:1.0in 1.0in 1.0in 1.0in;}#yiv5799872531 div.yiv5799872531WordSection1
{}#yiv5799872531 All, I just wanted to make sure that this didn’t get missed
in the comments: “I’d suggest doing this for anything Serializable that
performs reflection for completeness.” I think there’s a reasonable chance
another gadget chain could be constructed from one or more of the below
classes. I’d suggest extending your patch similarly to these if it’s not too
difficult. $ grep -ER -e "lang.reflect.(Method|Constructor)" src/main
--include=*.java -l | grep -v InvokerTransformer | xargs -n1 grep -l
Serializable
src/main/java/org/apache/commons/collections4/functors/InstantiateFactory.java
src/main/java/org/apache/commons/collections4/functors/InstantiateTransformer.java
src/main/java/org/apache/commons/collections4/functors/PrototypeFactory.java
Thanks, -Chris
From: Sally Khudairi [mailto:sallykhuda...@yahoo.com]
Sent: Monday, November 09, 2015 3:15 PM
To: Sally Khudairi; e...@zusammenkunft.net; Frohoff, Chris; Gabriel Lawrence;
Commons Developers List
Subject: Re: Blog post "commons" vulnerability Just to clarify re: PMC
affiliation, may I suggest it appear as: > Authors: Bernd Eckenfels and Gary
Gregory, members of the Apache Commons Project Management Committee I'm
happy to proceed tonight if this meets your approval. If you can please give
the go-ahead by 7PM ET (= ~45 minutes from now), that would be great.
Otherwise, I'm happy to issue tomorrow morning. Thanks,
Sally = = = = = vox +1 617 921 8656 off2 +1 646 583 3362 skype
sallykhudairi From: Sally Khudairi
To: e...@zusammenkunft.net; "Frohoff, Chris" ; Gabriel
Lawrence ; Commons Developers List
Sent: Monday, November 9, 2015 5:29 PM
Subject: Re: Blog post "commons" vulnerability Thanks so much, Bernd.
Personally, I prefer mentioning PMC affiliation, as it adds credibility, but
I'll post it however you'd like. OK re: tweet screenshot; I've included it.
Please let me know when you're ready, and I'll publish. Warmly, Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity] - Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
, "Sally Khudairi"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 17:24
Hello Sally, Yes it is just a screenshot of a tweet, I could not come up
with a useful graohic for the topic and since discussion on Twitter somewhat
powered all the fuzz I figured it would fit. Regarding Phils comment I think
having some "apache commons" communication on blogs does help the bonding with
the project, however since the topic is urgend I suggest two minor edits
Authors: Bernd Eckenfels and Gary Gregory (Apache Commons Committers) Title:
Widespread Java Object de-serialisation vulnerabilities (I.e. less formal.
Gary I guess
Re: Blog post "commons" vulnerability
Thanks, Chris.
I read that as an internal comment to the PMC/folks on the list.
I have incorporated all other comments/corrections/additions.
Please let me know if I have misinterpreted this.
Kind regards,
Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity]
- Reply message -
From: "Frohoff, Chris"
To: "Sally Khudairi" , "e...@zusammenkunft.net"
, "Gabriel Lawrence" ,
"Commons Developers List"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 18:42
All,
I just wanted to make sure that this didn’t get missed in the comments:
“I’d suggest doing this for anything Serializable that performs reflection for
completeness.”
I think there’s a reasonable chance another gadget chain could be constructed
from one or more of the below classes. I’d suggest extending your patch
similarly
to these if it’s not too difficult.
$ grep -ER -e "lang.reflect.(Method|Constructor)" src/main --include=*.java -l
| grep -v InvokerTransformer | xargs -n1 grep -l Serializable
src/main/java/org/apache/commons/collections4/functors/InstantiateFactory.java
src/main/java/org/apache/commons/collections4/functors/InstantiateTransformer.java
src/main/java/org/apache/commons/collections4/functors/PrototypeFactory.java
Thanks,
-Chris
From: Sally Khudairi [mailto:sallykhuda...@yahoo.com]
Sent: Monday, November 09, 2015 3:15 PM
To: Sally Khudairi; e...@zusammenkunft.net; Frohoff, Chris; Gabriel Lawrence;
Commons Developers List
Subject: Re: Blog post "commons" vulnerability
Just to clarify re: PMC affiliation, may I suggest it appear as:
> Authors: Bernd Eckenfels and Gary Gregory, members of the Apache Commons
> Project Management Committee
I'm happy to proceed tonight if this meets your approval. If you can please
give the go-ahead by 7PM ET (= ~45 minutes from now), that
would be great.
Otherwise, I'm happy to issue tomorrow morning.
Thanks,
Sally
= = = = = vox +1 617 921 8656 off2 +1 646 583 3362 skype sallykhudairi
From: Sally Khudairi
To: e...@zusammenkunft.net; "Frohoff, Chris" ; Gabriel
Lawrence ;
Commons Developers List
Sent: Monday, November 9, 2015 5:29 PM
Subject: Re: Blog post "commons" vulnerability
Thanks so much, Bernd.
Personally, I prefer mentioning PMC affiliation, as it adds credibility, but
I'll post it however you'd like.
OK re: tweet screenshot; I've included it.
Please let me know when you're ready, and I'll publish.
Warmly,
Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity]
- Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
,
"Sally Khudairi"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 17:24
Hello Sally,
Yes it is just a screenshot of a tweet, I could not come up with a useful
graohic for the topic and since discussion on Twitter somewhat powered all the
fuzz I figured it would fit.
Regarding Phils comment I think having some "apache commons" communication on
blogs does help the bonding with the project, however since the topic is urgend
I suggest two minor edits
Authors: Bernd Eckenfels and Gary Gregory (Apache Commons Committers)
Title: Widespread Java Object de-serialisation vulnerabilities
(I.e. less formal. Gary I guess you would agree not to mention PMC?)
Gruss
Bernd
--
http://bernd.eckenfels.net
-Original Message-
From: Sally Khudairi
To: "Frohoff, Chris" , Gabriel Lawrence
, Commons Developers List
Sent: Mo., 09 Nov. 2015 22:36
Subject: Re: Blog post "commons" vulnerability
Thanks, Chris. I'll include your edits.
Status-wise, I'm uploading the copy to blogs.apache.org. I noticed that the
"screenshot" referenced at https://twitter.com/gebl/status/662786601425080320
is simply the tweet status. Is that intentional? Do you want me to include a
screenshot of this?
Please forward any additional comments/corrections/additions within the next
hour if possible. I'd like to get this out before close of business Pacific
Time if at all possible.
Thanking you in advance,Sally = = = = = vox +1 617 921 8656 off2 +1 646 583
3362 skype sallykhudairi
From: "Frohoff, Chris"
To: Gabriel Lawrence ; Commons Developers List
Cc: Sally Khudairi
Sent: Monday, November 9, 2015 12:31 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5525942083 #yiv5525942083 -- _filtered #yiv5525942083 {panose-1:2 4 5 3 5 4
6 3 2 4;} _filtered #yiv5525942083 {font-family:Calibri;panose-1:2 15 5 2 2 2 4
3 2 4;}#yiv5525942083 #yiv5525942083 p.yiv5525942083MsoNormal, #yiv5525942083
li.yiv
Re: Blog post "commons" vulnerability
Just to clarify re: PMC affiliation, may I suggest it appear as:
> Authors: Bernd Eckenfels and Gary Gregory, members of the Apache Commons
> Project Management Committee
I'm happy to proceed tonight if this meets your approval. If you can please
give the go-ahead by 7PM ET (= ~45 minutes from now), that would be great.
Otherwise, I'm happy to issue tomorrow morning.
Thanks,
Sally
= = = = = vox +1 617 921 8656 off2 +1 646 583 3362 skype sallykhudairi
From: Sally Khudairi
To: e...@zusammenkunft.net; "Frohoff, Chris" ; Gabriel
Lawrence ; Commons Developers List
Sent: Monday, November 9, 2015 5:29 PM
Subject: Re: Blog post "commons" vulnerability
Thanks so much, Bernd.
Personally, I prefer mentioning PMC affiliation, as it adds credibility, but
I'll post it however you'd like.
OK re: tweet screenshot; I've included it.
Please let me know when you're ready, and I'll publish.
Warmly,Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity]
- Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
, "Sally Khudairi"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 17:24
Hello Sally,
Yes it is just a screenshot of a tweet, I could not come up with a useful
graohic for the topic and since discussion on Twitter somewhat powered all the
fuzz I figured it would fit.
Regarding Phils comment I think having some "apache commons" communication on
blogs does help the bonding with the project, however since the topic is urgend
I suggest two minor edits
Authors: Bernd Eckenfels and Gary Gregory (Apache Commons Committers)
Title: Widespread Java Object de-serialisation vulnerabilities
(I.e. less formal. Gary I guess you would agree not to mention PMC?)
Gruss
Bernd
--
http://bernd.eckenfels.net
-Original Message-
From: Sally Khudairi
To: "Frohoff, Chris" , Gabriel Lawrence
, Commons Developers List
Sent: Mo., 09 Nov. 2015 22:36
Subject: Re: Blog post "commons" vulnerability
Thanks, Chris. I'll include your edits.
Status-wise, I'm uploading the copy to blogs.apache.org. I noticed that the
"screenshot" referenced at https://twitter.com/gebl/status/662786601425080320
is simply the tweet status. Is that intentional? Do you want me to include a
screenshot of this?
Please forward any additional comments/corrections/additions within the next
hour if possible. I'd like to get this out before close of business Pacific
Time if at all possible.
Thanking you in advance,Sally = = = = = vox +1 617 921 8656 off2 +1 646 583
3362 skype sallykhudairi
From: "Frohoff, Chris"
To: Gabriel Lawrence ; Commons Developers List
Cc: Sally Khudairi
Sent: Monday, November 9, 2015 12:31 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5525942083 #yiv5525942083 -- _filtered #yiv5525942083 {panose-1:2 4 5 3 5 4
6 3 2 4;} _filtered #yiv5525942083 {font-family:Calibri;panose-1:2 15 5 2 2 2 4
3 2 4;}#yiv5525942083 #yiv5525942083 p.yiv5525942083MsoNormal, #yiv5525942083
li.yiv5525942083MsoNormal, #yiv5525942083 div.yiv5525942083MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv5525942083 a:link,
#yiv5525942083 span.yiv5525942083MsoHyperlink
{color:blue;text-decoration:underline;}#yiv5525942083 a:visited, #yiv5525942083
span.yiv5525942083MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv5525942083
span.yiv5525942083hoenzb {}#yiv5525942083 span.yiv5525942083EmailStyle18
{color:#1F497D;}#yiv5525942083 span.yiv5525942083EmailStyle19
{color:windowtext;}#yiv5525942083 .yiv5525942083MsoChpDefault {} _filtered
#yiv5525942083 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv5525942083
div.yiv5525942083WordSection1 {}#yiv5525942083 Minor grammatical changes and
comments inline. The main thing I’d suggest is expanding your patch to include
any Serializable classes that perform reflection for completeness.---
Apache Commons statement to widespread Java object de-serialisation
vulnerability
Authors: Bernd Eckenfels, Gary Grogory for Apache Commons
In their
[talk](http://frohoff.github.io/appseccali-marshalling-pickles/)
"Marshalling Pickles - how deserializing objects will ruin your day" at
AppSecCali2015 Gabriel Lawrence ([@gebl](https://twitter.com/gebl)) and
Chris Frohoff ([@frohoff](https://twitter.com/frohoff)) presented
various security problems when applications accept serialized objects
from untrusted source. A major finding describes a way to execute
arbitrary Java functions and even inject manipulated bytecode when
using Java Object Serialization (as used in some remote communication
and persistence protocols).
Building on Frohoff's tool ( add “ing”)
[ysoserial](https://github.com/frohoff/ysoserial), Stephen Breen
([@breenmac
Re: Blog post "commons" vulnerability
Thanks so much, Bernd.
Personally, I prefer mentioning PMC affiliation, as it adds credibility, but
I'll post it however you'd like.
OK re: tweet screenshot; I've included it.
Please let me know when you're ready, and I'll publish.
Warmly,
Sally
[From the mobile; please excuse top-posting, spelling/spacing errors, and
brevity]
- Reply message -
From: e...@zusammenkunft.net
To: "Frohoff, Chris" , "Gabriel Lawrence"
, "Commons Developers List"
, "Sally Khudairi"
Subject: Blog post "commons" vulnerability
Date: Mon, Nov 9, 2015 17:24
Hello Sally,
Yes it is just a screenshot of a tweet, I could not come up with a useful
graohic for the topic and since discussion on Twitter somewhat powered all the
fuzz I figured it would fit.
Regarding Phils comment I think having some "apache commons" communication on
blogs does help the bonding with the project, however since the topic is urgend
I suggest two minor edits
Authors: Bernd Eckenfels and Gary Gregory (Apache Commons Committers)
Title: Widespread Java Object de-serialisation vulnerabilities
(I.e. less formal. Gary I guess you would agree not to mention PMC?)
Gruss
Bernd
--
http://bernd.eckenfels.net
-Original Message-
From: Sally Khudairi
To: "Frohoff, Chris" , Gabriel Lawrence
, Commons Developers List
Sent: Mo., 09 Nov. 2015 22:36
Subject: Re: Blog post "commons" vulnerability
Thanks, Chris. I'll include your edits.
Status-wise, I'm uploading the copy to blogs.apache.org. I noticed that the
"screenshot" referenced at https://twitter.com/gebl/status/662786601425080320
is simply the tweet status. Is that intentional? Do you want me to include a
screenshot of this?
Please forward any additional comments/corrections/additions within the next
hour if possible. I'd like to get this out before close of business Pacific
Time if at all possible.
Thanking you in advance,Sally = = = = = vox +1 617 921 8656 off2 +1 646 583
3362 skype sallykhudairi
From: "Frohoff, Chris"
To: Gabriel Lawrence ; Commons Developers List
Cc: Sally Khudairi
Sent: Monday, November 9, 2015 12:31 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5525942083 #yiv5525942083 -- _filtered #yiv5525942083 {panose-1:2 4 5 3 5 4
6 3 2 4;} _filtered #yiv5525942083 {font-family:Calibri;panose-1:2 15 5 2 2 2 4
3 2 4;}#yiv5525942083 #yiv5525942083 p.yiv5525942083MsoNormal, #yiv5525942083
li.yiv5525942083MsoNormal, #yiv5525942083 div.yiv5525942083MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv5525942083 a:link,
#yiv5525942083 span.yiv5525942083MsoHyperlink
{color:blue;text-decoration:underline;}#yiv5525942083 a:visited, #yiv5525942083
span.yiv5525942083MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv5525942083
span.yiv5525942083hoenzb {}#yiv5525942083 span.yiv5525942083EmailStyle18
{color:#1F497D;}#yiv5525942083 span.yiv5525942083EmailStyle19
{color:windowtext;}#yiv5525942083 .yiv5525942083MsoChpDefault {} _filtered
#yiv5525942083 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv5525942083
div.yiv5525942083WordSection1 {}#yiv5525942083 Minor grammatical changes and
comments inline. The main thing I’d suggest is expanding your patch to include
any Serializable classes that perform reflection for completeness.---
Apache Commons statement to widespread Java object de-serialisation
vulnerability
Authors: Bernd Eckenfels, Gary Grogory for Apache Commons
In their
[talk](http://frohoff.github.io/appseccali-marshalling-pickles/)
"Marshalling Pickles - how deserializing objects will ruin your day" at
AppSecCali2015 Gabriel Lawrence ([@gebl](https://twitter.com/gebl)) and
Chris Frohoff ([@frohoff](https://twitter.com/frohoff)) presented
various security problems when applications accept serialized objects
from untrusted source. A major finding describes a way to execute
arbitrary Java functions and even inject manipulated bytecode when
using Java Object Serialization (as used in some remote communication
and persistence protocols).
Building on Frohoff's tool ( add “ing”)
[ysoserial](https://github.com/frohoff/ysoserial), Stephen Breen
([@breenmachine](https://twitter.com/breenmachine)) of Foxglove
Security inspected various products like WebSphere, JBoss, Jenkins,
WebLogic, and OpenNMS and describes
(http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/)
for each of them various attack scenarios.
Both research works show[s] that developers put too much trust in Java (
remove plural)
Object Serialization. Some even de-serialize objects
pre-authentication. When deserializing an Object in Java you typically
cast it to an expected type, and therefore Java's strict type system
will ensure you only get valid object trees. Unfortunately, by the
Re: Blog post "commons" vulnerability
Thanks, Chris. I'll include your edits.
Status-wise, I'm uploading the copy to blogs.apache.org. I noticed that the
"screenshot" referenced at https://twitter.com/gebl/status/662786601425080320
is simply the tweet status. Is that intentional? Do you want me to include a
screenshot of this?
Please forward any additional comments/corrections/additions within the next
hour if possible. I'd like to get this out before close of business Pacific
Time if at all possible.
Thanking you in advance,Sally = = = = = vox +1 617 921 8656 off2 +1 646 583
3362 skype sallykhudairi
From: "Frohoff, Chris"
To: Gabriel Lawrence ; Commons Developers List
Cc: Sally Khudairi
Sent: Monday, November 9, 2015 12:31 PM
Subject: RE: Blog post "commons" vulnerability
#yiv5525942083 #yiv5525942083 -- _filtered #yiv5525942083 {panose-1:2 4 5 3 5 4
6 3 2 4;} _filtered #yiv5525942083 {font-family:Calibri;panose-1:2 15 5 2 2 2 4
3 2 4;}#yiv5525942083 #yiv5525942083 p.yiv5525942083MsoNormal, #yiv5525942083
li.yiv5525942083MsoNormal, #yiv5525942083 div.yiv5525942083MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv5525942083 a:link,
#yiv5525942083 span.yiv5525942083MsoHyperlink
{color:blue;text-decoration:underline;}#yiv5525942083 a:visited, #yiv5525942083
span.yiv5525942083MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv5525942083
span.yiv5525942083hoenzb {}#yiv5525942083 span.yiv5525942083EmailStyle18
{color:#1F497D;}#yiv5525942083 span.yiv5525942083EmailStyle19
{color:windowtext;}#yiv5525942083 .yiv5525942083MsoChpDefault {} _filtered
#yiv5525942083 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv5525942083
div.yiv5525942083WordSection1 {}#yiv5525942083 Minor grammatical changes and
comments inline. The main thing I’d suggest is expanding your patch to include
any Serializable classes that perform reflection for completeness. ---
Apache Commons statement to widespread Java object de-serialisation
vulnerability
Authors: Bernd Eckenfels, Gary Grogory for Apache Commons
In their
[talk](http://frohoff.github.io/appseccali-marshalling-pickles/)
"Marshalling Pickles - how deserializing objects will ruin your day" at
AppSecCali2015 Gabriel Lawrence ([@gebl](https://twitter.com/gebl)) and
Chris Frohoff ([@frohoff](https://twitter.com/frohoff)) presented
various security problems when applications accept serialized objects
from untrusted source. A major finding describes a way to execute
arbitrary Java functions and even inject manipulated bytecode when
using Java Object Serialization (as used in some remote communication
and persistence protocols).
Building on Frohoff's tool ( add “ing”)
[ysoserial](https://github.com/frohoff/ysoserial), Stephen Breen
([@breenmachine](https://twitter.com/breenmachine)) of Foxglove
Security inspected various products like WebSphere, JBoss, Jenkins,
WebLogic, and OpenNMS and describes
(http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/)
for each of them various attack scenarios.
Both research works show[s] that developers put too much trust in Java (
remove plural)
Object Serialization. Some even de-serialize objects
pre-authentication. When deserializing an Object in Java you typically
cast it to an expected type, and therefore Java's strict type system
will ensure you only get valid object trees. Unfortunately, by the time
the type checking happens, platform code has already created and
executed significant logic. So, before the final type is checked, a lot
of code is executed from the readObject() methods of various objects,
all of which is out of the developer's control. By combining the
readObject() methods of various classes which are available on the
classpath of the vulnerable application an attacker can execute
functions (including calling Runtime.exec() to execute local OS
commands).
The best protection against this, is to avoid using a complex
serialization protocol with untrusted peers. It is possible to limit
the impact when using a custom ObjectInputStream which overrides (*** replace
“overwrites” with “overrides”)
[resolveClass()](http://docs.oracle.com/javase/7/docs/api/java/io/ObjectInputStream.html#resolveClass%28java.io.ObjectStreamClass%29)
to implement a whitelist approach ( link to
http://www.ibm.com/developerworks/library/se-lookahead/?). This might, however,
not always be
possible, such as when a framework or application server provides the endpoint.
( add “such as”)
This is rather bad news, as there is no easy fix and applications need
to revisit their client-server protocols and overall architecture.
In these rather unfortunate situations, people have looked at the
sample exploits. Frohoff provided "gadget chains" in sample payloads
which combine classes from the Groovy runtime, Spring framework or Apache (
add “the”, rep
Re: Blog post "commons" vulnerability
Thanks, Bernd. Thanks, Gary. I'm happy to publish for you when I'm back at the office later today. To confirm, is there consensus on the content? Thanks again, Sally [From the mobile; please excuse top-posting, spelling/spacing errors, and brevity] - Reply message - From: "Gary Gregory" To: "Commons Developers List" Cc: , "Benedikt Ritter" , "Sally Khudairi" Subject: Blog post "commons" vulnerability Date: Mon, Nov 9, 2015 07:50 My name is spelled Gary Gregory BTW ;-) Gary On Nov 9, 2015 2:45 AM, "Bernd Eckenfels" wrote:Hello Sally, currently there is a security vulnerability doing the rounds which uses as an example Apache Commons Collection. It is not really a bug in Commons Collection, but there is a lot of fuzz. So since we are doing somethign in the Apache Commons team against the problem we wanted to make a public statement. Here is a blog post, which was discussed on the developer mailinglist. What is needed to get it published via ASF blogs? (i.e. do you need a PMC vote or similiar?) The syntax for links is markdown, you might have to replace them (so the links are hidden). Let me know if you have some suggestions for improvement. Greetings Bernd (e...@apache.org) --- Apache Commons statement to widespread Java object de-serialisation vulnerability Authors: Bernd Eckenfels, Gary Grogory for Apache Commons In their [talk](http://frohoff.github.io/appseccali-marshalling-pickles/) "Marshalling Pickles - how deserializing objects will ruin your day" at AppSecCali2015 Gabriel Lawrence ([@gebl](https://twitter.com/gebl)) and Chris Frohoff ([@frohoff](https://twitter.com/frohoff)) presented various security problems when applications accept serialized objects from untrusted source. A major finding describes a way to execute arbitrary Java functions and even inject manipulated bytecode when using Java Object Serialization (as used in some remote communication and persistence protocols). Build on Frohoff's tool [ysoserial](https://github.com/frohoff/ysoserial), Stephen Breen ([@breenmachine](https://twitter.com/breenmachine)) of Foxglove Security inspected various products like WebSphere, JBoss, Jenkins, WebLogic, and OpenNMS and describes (http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) for each of them various attack scenarios. Both research works shows that developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands). The best protection against this, is to avoid using a complex serialization protocol with untrusted peers. It is possible to limit the impact when using a custom ObjectInputStream which overwrites [resolveClass()](http://docs.oracle.com/javase/7/docs/api/java/io/ObjectInputStream.html#resolveClass%28java.io.ObjectStreamClass%29) to implement a whitelist approach. This might however not always be possible, when a framework or application server provides the endpoint. This is rather bad news, as there is no easy fix and applications need to revisit their client-server protocols and overall architecture. In these rather unfortunate situations, people have looked at the sample exploits. Frohoff provided "gadget chains" in sample payloads which combine classes from Groovy runtime, Sprint framework or Apache Commons Collection. It is quite certain that you can combine more classes to exploit this weakness, but those are the chains readily available to attackers today. https://twitter.com/gebl/status/662786601425080320> Even when the classes implementing a certain functionality cannot be blamed for this vulnerability, and fixing the known cases will also not make the usage of serialization in an untrusted context safe, there is still demand to fix at least the known cases, even when this will only start a Whack-a-Mole game. In fact, it is for this reason the original team did not think it is necessary to alert the Apache Commons team, hence work has begun relatively late. The Apache Commons team is using the ticket [COLLECTION-580](https://issues.apache.org/jira/browse/CO
Re: Call for Participation: Technical Talks -- ApacheCon North America 2010
Thanks, Siefried. Thanks, Phil. I believe we're fully booked for additional tracks. I'll double-check with the Planning team and will get back to you. Cheers, Sally --- On Sat, 5/1/10, Phil Steitz wrote: > From: Phil Steitz > Subject: Re: Call for Participation: Technical Talks -- ApacheCon North > America 2010 > To: "Commons Developers List" > Cc: s...@apache.org > Date: Saturday, May 1, 2010, 7:35 PM > Siegfried Goeschl wrote: > > Hi folks, > > > > quite frankly I would love to give a presentation at > ApacheCon but it > > should be something that > > > > +) is of general interest > > +) and I have good knowledge about > > +) and I also should actively contribute to the topic > > > > which rules out pretty much everything ... :-) > > > > Having said that I would like to pick up Rahoul's idea > of doing a joint > > presentation of Apache Commons (Rahoul organized a > small scale one for > > ApacheCon Europe 2007) > > > > "Would it be a good idea to organize a Apache Commons > track covering 2-3 > > regular speaking slots where we can present various > Apache Commons > > components?" > > > > The point is that a Commons component presentation is > probably be > > smaller than a regular speaking slot but we have > interesting stuff. > > > > Feedback appreciated, > > > > Siegfried Goeschl > > We may be a little late to the party on this, but if there > is still > time / room to set up another track, I am +1. > > I thought about suggesting a pool/dbcp talk for the tomcat > track, > but it would probably be better to do this as part of a > commons > track, if we can get that organized in time. > > I could also do something on math if we have critical mass > to do > some other talks and can still get this in. > > Sally - is is possible to still add a track? > > All - any other volunteers / ideas? > > Phil > > > > > > On 28.04.10 19:48, Sally Khudairi wrote: > >> ApacheCon North America 2010 > >> 1-5 November 2010 -- Westin Peachtree in Atlanta > >> > >> Technical Tracks: Call For Participation > >> All submissions must be received by Friday, 28 May > 2010 at midnight > >> Pacific Time. > >> The official conference, trainings, and expo of > The Apache Software > >> Foundation (ASF) returns to Atlanta this November, > with dozens of > >> technical, business, and community-focused > sessions at the beginner, > >> intermediate, and advanced levels. > >> > >> Over the past decade, the ASF has gone from > strength to strength, > >> developing and shepherding nearly 150 Top-Level > Projects and new > >> initiatives in the Apache Incubator and Labs. This > year's ApacheCon > >> celebrates how Apache technologies have sparked > creativity, challenged > >> processes, streamlined development, improved > collaboration, launched > >> businesses, bolstered economies, and improved > lives. > >> > >> We are proud of our achievements and recognize > that the global Apache > >> community --both developers and users-- are > responsible for the > >> success and popularity of our products. > >> > >> The ApacheCon Planning Team are soliciting > 50-minute technical > >> presentations for the next conference, which will > focus on the theme > >> “Servers, the Cloud, and Innovation”. > >> > >> We are particularly interested in > highly-relevant, > >> professionally-directed presentations that > demonstrate specific > >> probrlems and real-world solutions. Part of the > technical program has > >> already been planned; we welcome proposals based > on the following > >> Apache Projects and related technical areas: > >> > >> - Cassandra/NoSQL > >> - Content Technologies > >> - (Java) Enterprise Development > >> - Felix/OSGi > >> - Geronimo > >> - Hadoop + friends/Cloud Computing > >> - Lucene, Mahout + friends/Search > >> - Tomcat > >> - Tuscany > >> Submissions are open to anyone with relevant > expertise: ASF > >> affiliation is not required to present at, attend, > or otherwise > >> participate in ApacheCon. > >> > >> Please keep in mind that whilst we encourage > submissions that the > >> highlight the use of specific Apache solutions, we > are unable to > >> accept marketing/commercially-oriented > presentatio
