There is no evidence of an exploit being available in the wild for this issue. The PostgreSQL team has not paniced. This is a careful proactive security release for a bug that might be exploited once its source code is released. The bad guys have been given no more information than "there is an exploit possible in this code". If you believe that much information is enough for them to break into your server, and therefore you have to migrate to another system immediately, this is not a technical problem--you are having a panic attack. You can't wait until Monday, please seek medical assistance RIGHT FRAKKIN' NOW!
In fact, they'd probably be wise to make sure major binary repos have a patched copy even before making the changed source available so that sysadmins have a week to do an update from yum/apt-get/$pkgmgr
That is impossible in the general case, and that fact is one reason the somewhat careful plan is executing. Some open source projects require releasing the source code along with the binaries. RedHat for example will always distribute source RPMs at the same time as the binary RPMs. The PostgreSQL license doesn't have such requirements, but the distribution's release policies can't necessarily change just because some packages have less requirements.
Fundamentally, PostgreSQL can't make any downstream packaging demands; those are projects outside of its control. The best they can do is coordinate with as many known, trusted packagers as possible such that binary packages are available at exactly the same time as the source code that discloses the vulnerability. That is what's happening here. The PostgreSQL core team member whose e-mail was referenced is heavily involved in packaging of RedHat and other versions of Linux.
Fundamentally, the whole idea of advance binary releases presumes that you cannot reverse engineer an exploit out of a changed binary, and that is just generally a broken model. If I had a source and binary for an existing PostgreSQL version on a platform, and you also gave me a binary for a modified one, I could reverse engineer what was changed without too much trouble. And that sort of thing is exactly what people developing exploits are usually good at. Your only hope for being safe is if you trust a binary provided by someone, and that sort of idea is exactly what open source distribution is supposed to avoid.
Let's say PostgreSQL released binaries for RedHat RHEL for example a week early, but not associated source code, I'm running Slackware, and Slackware isn't one of the distributions that gets early access to the fix. As a Slackware user I'd be screwed. People who know how to build exploits would have everything they need to target an attack for a week, but I would have no way to defend myself. If source is released at the same time, people always have the option of rebuilding their own packages, even if their packager won't/didn't. A race between "fully informed user with source" and "exploit builder with source" can be won by the user. If you delay source to some time after the binary, it's far more likely the exploit will be built before people know enough to build a fixed package and protect themselves.
When the repos are opened back up, the fix will be ready. It might (probably) even be shared with the major distros, who will simultaneously have an updated package published. This greatly reduces the likelihood and window of a zero-day exploit with no fix.
That is what's happening, and it's the reason for the temporary lockdown. The core team member whose e-mail was linked to here is also one of RedHat's packagers for PostgreSQL as one example distribution. He's helping make sure that updated RHEL RPMs are published at the same time as the details of the vulnerability. Right now the only people who are believed to know about the problem are the project committers and a few equally trusted packagers.
Clonezilla is a bit much for most people to navigate. I have used Acronis True Image for this job successfully, and it's not too expensive. It adds a boot manager with a simple "press F11 to restore" type thing at boot. It only asks a few questions to put the original image back again. You can just click yes/next to take the default on each and off it goes.
If you consider a simple script to copy files from one location to another "arcane", that's a statement on your limited skills more than anything else. I write stuff like that on Linux, on the Mac, and on Windows. It's not a requirement of any platform, but sometimes it's useful. My dad's computer has a script running to copy out his photos and business documents to one of my servers, so I can provide an off-site backup for the files should his PC die. That's on Windows 7, and it took me five minutes to setup. I do not make $5400/hr, so it was worth doing. If that takes you "an afternoon", I wouldn't be bragging about your time being valuable.
If someone wants to manipulate or create media--actually do a lot of processing of their photos or mess with video--I won't hesitate to recommend a Mac. My mom just wanted basic web stuff and document editing, and she has been running Linux Mint for two years now. It was easier to get her up to speed on Mint with OpenOffice, because it runs reliably on Linux and she doesn't get confused by the ribbon. My total time on tech support so far is one hour. I had to show her how to start the machine and shut it down. When that system dies, I'll toss it and replace it with the next cheapest PC I have around again. Actual dollars invested in her computer setup so far is $0.
Evernote makes it easy to synchronize text among all your computers and your phone too. I have things like my shopping list on there, so I can edit on either a desktop or while I'm out with the phone. It also allows some amount of formatting that's a pain get consistent in a simple text editor. I could use Markdown or something like that to do the same thing, but this is easier, and again the formatting also works on the phone.
I created a Reliable Writes page for PostgreSQL that talks about this and gives some known good and bad examples. Intel's 320 and 710 drives are the only two SATA SSDs still on the market that have survived the tests for clean shutdown I've advocated everyone run. They are units with a supercapacitor to enable power failure cleanup. If a drive doesn't have a battery for that sort of purpose, you will lose data at shutdown one day. And, no, a UPS is no cure, because all it takes to ruin a system on one is someone tripping over a cord at the data center to destroy the whole thing.
If I were being sued by a NPE troll with this sort of protection available, I would run up positively epic legal fees beating them into the ground. Get the right sort of bloodthirsty patent attorney involved, and they'd help--they're the ones getting the money after all. It is surely cheaper to just byy the senators; the ones in the US sell out pretty cheap now.
The novel part is that the very first claim is for "a device for reducing the pain associated with a needle stick" with that construction. There are vibrators with similar design elements, but I can't recall seeing anyone suggest there was a spot you could put one to make needles hurt less before.
Because Zeppelin rules, dude! Didn't you just say that a few replies ago? For every 1969 "Good Times Bad Times", only peaking at #80 on the singles chart, there's a "Sugar, Sugar" at the top of the charts--the original terrible boy band. I'd try to stretch that analogy further, but you've already managed to insult disco with yours, somehow, and I'm not going to try and top that.
The cause/effect for music getting worse over the years is hard to untangle. Musicians are focused less on sound quality now. Video killed the radio star, ugly bastards who could play became less useful. Aiming at studio time as a unique creative process isn't necessary. There is a much larger media machine trying to synchronize listeners to popular acts. The music Disney and Nickelodeon get kids to listen to is terrifying. Songs get popular overnight via TV shows or social media or just general random clustering on what everyone else is doing.
At the same time, I wonder if it's actually less concentration of music fans that's to blame. When everybody gets to listen to their own little genre--I like very specifically new power metal from Finland and Norway for example--you can have a whole lot of talented musicians who are just lost in how much music comes out. The model where artists sell music more directly to their audience doesn't need a giant advertising machine to work, and it can't really afford one either. How do you sync up large numbers of listeners to all be familiar with the same thing then, the way radio used to do? For "classic rock", only the best of that genre keeps going forward. I see plenty of kids with Beatles, Zep, and Floyd shirts on. NCIS can't get enough Who songs. But there's only a handful of bands who have ever had that sort of staying power, and I don't know that there are really less of them now. The current ones who might be considered classics in the future might be buried in a much larger number of bands you could potentially be listening to.
You know, I can't tell if you were trying to spoof as many common digital audio misunderstandings as possible or posting seriously, so if the former well done. I'll just reference CD-ROM Technical Summary as a good outline of how pits in the spiral groove are decoded into bit transitions, then into EFM data, bytes, audio, and then eventually digital data you might store on a computer.
The other underappreciated benefit of sharding is that it brings more caching RAM to bear on the problem. In traditional hardware, and this is even more true of cloud setups like Amazon's EC2, the maximum amount of memory you can configure in an instance isn't that high. This number isn't going up as fast anymore either. You can get 256GB of RAM in a machine, but from the perspective of speed to any one core it will not even be close to 32X as fast as 8GB.
Adding another shard doubles the amount of RAM for caching and the underlying I/O capacity. That it also has more cores for processing is a bonus, but not the primary design reason for sharding as a database scaling operation. The approach outlined here is a slightly more clever than average approach for CPU limited programs that are not quite classic parallel processing workloads. But that doesn't make it suddenly a replacement for sharded databases in general. There are three main ways that splitting work across nodes can help--CPU, memory, and disk--and this helps a bit with one type. It's a pretty narrow use case.
Technical conferences are not the appropriate venue to discuss every problem in life. If I went into one of the database conferences I attend and found out a talk was on molesting cars, I would be offended and raise my issue with the organizer, especially if I were also presenting at the event. No amount of you telling me that my car will be broken into if I don't explore how to molest it myself first would change my mind. Now, if the conference's stated goal was "Expert tips for cornholing your Kia", well people wouldn't have very much right to complain.
There is an implicit social contract for what is and isn't appropriate for any particular venue. You don't seem to think the right call was made on this particular conference, and that's fine. However, I object to your assuming your viewpoint is the only correct one. If the organizer's position is "rape is off limits", and the presenter says there's a little rape...that is a legitimate complaint then, isn't it? It is the sort of thing that should be disclosed with much better notice than it appears to have gotten in this case.
The fact that it's possible to build digital transmissions out of analog media is well understood. This is why I have a lot of copper wire in my house for that sole purpose. That doesn't make IP over CAT5 Ethernet a purely digital media though. People like to throw out "digital" as some sort of magic that gets bits from one place to another, but there are potentially lossy, analog encoding mechanisms involved in both transfer and storage all the time. Push deep enough and you'll start asking how bits in a computer are encoded into voltages; push a CPU hard enough and that layer can break down too. I was just pointing out where some of those edges at for the CD as a media.
You should get a colonoscopy done. They give you medicine like Versed, so there's memory of the event itself afterward. Hint: you can still tell someone stuck a tube up your ass.
Tell you what. I have some medicine here that will make you lose your memory for a bit. How about we get together, you pop some, and I'll violate you a bunch when it kicks in. You'll wake up with a sore ass but no other memory of the event, so it's fine, right? Afterward, I'll suggest you browse Slashdot to remember how we met again, and if you say you'd prefer not to I'll suggest you're not man enough to handle your PTSD.
One of the reasons women get so touchy about this subject is the sort of completely insensitive attitude you're presenting here. Also, the idea that you can recover from a mental illness by learning how to cope is rather optimistic. It's like suggesting you can beat cancer by staring at it in disapproval.
You also seem to be confused about sex vs. rape in a way such that you really shouldn't be talking about the two in public. I don't know exactly what the agenda of the people protesting the talk was about. I can see how it could be offensive to a rape survivor though, even as a straight white guy who doesn't worry about that at all for my own sake.
You read "perceive" but turned it into "hear", and then made an argument about hearing. Being able to perceive some aspect of audio playback isn't limited to your ears. That's most obvious at the bottom end, where you can feel things that aren't quite hearing. Audiophiles got a lot of flack for perceiving issues with early digital that turned out to be measurable later, such as playback with a lot of jitter.
Also, an aliasing error can impact frequencies below the Nyquist frequency. Beat frequencies are another way theoretically inaudible things, above your hearing range, can turn into audible ones.
Regardless, you were replying to commentary that mentioned "pre-Discman material", which to me means early and not even theoretically good D/A hardware. Once things moved into digital oversampling rather than analog Nyquist filters, all of this became a lot less likely to turn audible. The way mastered CD quality has gone up even in the last ten years tells me there was a lot of unrealized potential in the CD format, wasted by early mastering efforts. You mentioned dithering and noise shaping, things like better time domain performance (where the jitter issues play out) factor into that too. I am quite happy with well mastered CD audio. One of the reasons I prefer 24/96K recordings is that they have a much wider tolerance for mastering errors. I've found it less likely that such recordings were compressed for CD "punch" via loudness wars techniques for example.
That's right, that computers operate strictly on digital information is also a layering illusion that can break down. I had an intermittent crash this year that turned out to be thermal related. A bit flipped in RAM when the computer was under heavy enough load to mistake a 0 for a 1. The idea that there is any sort of pure analog or digital is a weak argument that gets pulled out regularly. It's not really true if you dig into how digital things really work though.
I bought tickets to four concerts last month. One went through TicketFly. The others were all sold by the venues, as directly as they could manage. All of them had "service charges" that were pretty large, considering all of them involved merely picking up the ticket at the will-call booth--no other way to get them. Ticketmaster is slowly being pushed into irrelevancy, but its replacements aren't that much better.
Somewhere between your straw woman and the other bad summaries floating around is reality. He's the important part from the presenter herself:
"In the talk I do cover ‘date rape’ drugs, and I explain their actions and how they’re dangerous."
Seems like a pretty legitimate way to trigger a rape flashback to me. It's appropriate for an information security conference only in that drugging people is a pretty effective way to get secrets out of them, and one that probably isn't considered as much as it should. If someone isn't sensitive enough to realize that even approaching that discussion is tricky, due to well known concerns over the same drugs being for rape, they really shouldn't be talking about it at all in front of an audience.
Slashdot Mirror
There is no evidence of an exploit being available in the wild for this issue. The PostgreSQL team has not paniced. This is a careful proactive security release for a bug that might be exploited once its source code is released. The bad guys have been given no more information than "there is an exploit possible in this code". If you believe that much information is enough for them to break into your server, and therefore you have to migrate to another system immediately, this is not a technical problem--you are having a panic attack. You can't wait until Monday, please seek medical assistance RIGHT FRAKKIN' NOW!
In fact, they'd probably be wise to make sure major binary repos have a patched copy even before making the changed source available so that sysadmins have a week to do an update from yum/apt-get/$pkgmgr
That is impossible in the general case, and that fact is one reason the somewhat careful plan is executing. Some open source projects require releasing the source code along with the binaries. RedHat for example will always distribute source RPMs at the same time as the binary RPMs. The PostgreSQL license doesn't have such requirements, but the distribution's release policies can't necessarily change just because some packages have less requirements.
Fundamentally, PostgreSQL can't make any downstream packaging demands; those are projects outside of its control. The best they can do is coordinate with as many known, trusted packagers as possible such that binary packages are available at exactly the same time as the source code that discloses the vulnerability. That is what's happening here. The PostgreSQL core team member whose e-mail was referenced is heavily involved in packaging of RedHat and other versions of Linux.
Fundamentally, the whole idea of advance binary releases presumes that you cannot reverse engineer an exploit out of a changed binary, and that is just generally a broken model. If I had a source and binary for an existing PostgreSQL version on a platform, and you also gave me a binary for a modified one, I could reverse engineer what was changed without too much trouble. And that sort of thing is exactly what people developing exploits are usually good at. Your only hope for being safe is if you trust a binary provided by someone, and that sort of idea is exactly what open source distribution is supposed to avoid.
Let's say PostgreSQL released binaries for RedHat RHEL for example a week early, but not associated source code, I'm running Slackware, and Slackware isn't one of the distributions that gets early access to the fix. As a Slackware user I'd be screwed. People who know how to build exploits would have everything they need to target an attack for a week, but I would have no way to defend myself. If source is released at the same time, people always have the option of rebuilding their own packages, even if their packager won't/didn't. A race between "fully informed user with source" and "exploit builder with source" can be won by the user. If you delay source to some time after the binary, it's far more likely the exploit will be built before people know enough to build a fixed package and protect themselves.
When the repos are opened back up, the fix will be ready. It might (probably) even be shared with the major distros, who will simultaneously have an updated package published. This greatly reduces the likelihood and window of a zero-day exploit with no fix.
That is what's happening, and it's the reason for the temporary lockdown. The core team member whose e-mail was linked to here is also one of RedHat's packagers for PostgreSQL as one example distribution. He's helping make sure that updated RHEL RPMs are published at the same time as the details of the vulnerability. Right now the only people who are believed to know about the problem are the project committers and a few equally trusted packagers.
Clonezilla is a bit much for most people to navigate. I have used Acronis True Image for this job successfully, and it's not too expensive. It adds a boot manager with a simple "press F11 to restore" type thing at boot. It only asks a few questions to put the original image back again. You can just click yes/next to take the default on each and off it goes.
If you consider a simple script to copy files from one location to another "arcane", that's a statement on your limited skills more than anything else. I write stuff like that on Linux, on the Mac, and on Windows. It's not a requirement of any platform, but sometimes it's useful. My dad's computer has a script running to copy out his photos and business documents to one of my servers, so I can provide an off-site backup for the files should his PC die. That's on Windows 7, and it took me five minutes to setup. I do not make $5400/hr, so it was worth doing. If that takes you "an afternoon", I wouldn't be bragging about your time being valuable.
If someone wants to manipulate or create media--actually do a lot of processing of their photos or mess with video--I won't hesitate to recommend a Mac. My mom just wanted basic web stuff and document editing, and she has been running Linux Mint for two years now. It was easier to get her up to speed on Mint with OpenOffice, because it runs reliably on Linux and she doesn't get confused by the ribbon. My total time on tech support so far is one hour. I had to show her how to start the machine and shut it down. When that system dies, I'll toss it and replace it with the next cheapest PC I have around again. Actual dollars invested in her computer setup so far is $0.
Evernote makes it easy to synchronize text among all your computers and your phone too. I have things like my shopping list on there, so I can edit on either a desktop or while I'm out with the phone. It also allows some amount of formatting that's a pain get consistent in a simple text editor. I could use Markdown or something like that to do the same thing, but this is easier, and again the formatting also works on the phone.
I created a Reliable Writes page for PostgreSQL that talks about this and gives some known good and bad examples. Intel's 320 and 710 drives are the only two SATA SSDs still on the market that have survived the tests for clean shutdown I've advocated everyone run. They are units with a supercapacitor to enable power failure cleanup. If a drive doesn't have a battery for that sort of purpose, you will lose data at shutdown one day. And, no, a UPS is no cure, because all it takes to ruin a system on one is someone tripping over a cord at the data center to destroy the whole thing.
If I were being sued by a NPE troll with this sort of protection available, I would run up positively epic legal fees beating them into the ground. Get the right sort of bloodthirsty patent attorney involved, and they'd help--they're the ones getting the money after all. It is surely cheaper to just byy the senators; the ones in the US sell out pretty cheap now.
The novel part is that the very first claim is for "a device for reducing the pain associated with a needle stick" with that construction. There are vibrators with similar design elements, but I can't recall seeing anyone suggest there was a spot you could put one to make needles hurt less before.
Because Zeppelin rules, dude! Didn't you just say that a few replies ago? For every 1969 "Good Times Bad Times", only peaking at #80 on the singles chart, there's a "Sugar, Sugar" at the top of the charts--the original terrible boy band. I'd try to stretch that analogy further, but you've already managed to insult disco with yours, somehow, and I'm not going to try and top that.
The cause/effect for music getting worse over the years is hard to untangle. Musicians are focused less on sound quality now. Video killed the radio star, ugly bastards who could play became less useful. Aiming at studio time as a unique creative process isn't necessary. There is a much larger media machine trying to synchronize listeners to popular acts. The music Disney and Nickelodeon get kids to listen to is terrifying. Songs get popular overnight via TV shows or social media or just general random clustering on what everyone else is doing.
At the same time, I wonder if it's actually less concentration of music fans that's to blame. When everybody gets to listen to their own little genre--I like very specifically new power metal from Finland and Norway for example--you can have a whole lot of talented musicians who are just lost in how much music comes out. The model where artists sell music more directly to their audience doesn't need a giant advertising machine to work, and it can't really afford one either. How do you sync up large numbers of listeners to all be familiar with the same thing then, the way radio used to do? For "classic rock", only the best of that genre keeps going forward. I see plenty of kids with Beatles, Zep, and Floyd shirts on. NCIS can't get enough Who songs. But there's only a handful of bands who have ever had that sort of staying power, and I don't know that there are really less of them now. The current ones who might be considered classics in the future might be buried in a much larger number of bands you could potentially be listening to.
30 inches or GTFO!
You know, I can't tell if you were trying to spoof as many common digital audio misunderstandings as possible or posting seriously, so if the former well done. I'll just reference CD-ROM Technical Summary as a good outline of how pits in the spiral groove are decoded into bit transitions, then into EFM data, bytes, audio, and then eventually digital data you might store on a computer.
The other underappreciated benefit of sharding is that it brings more caching RAM to bear on the problem. In traditional hardware, and this is even more true of cloud setups like Amazon's EC2, the maximum amount of memory you can configure in an instance isn't that high. This number isn't going up as fast anymore either. You can get 256GB of RAM in a machine, but from the perspective of speed to any one core it will not even be close to 32X as fast as 8GB.
Adding another shard doubles the amount of RAM for caching and the underlying I/O capacity. That it also has more cores for processing is a bonus, but not the primary design reason for sharding as a database scaling operation. The approach outlined here is a slightly more clever than average approach for CPU limited programs that are not quite classic parallel processing workloads. But that doesn't make it suddenly a replacement for sharded databases in general. There are three main ways that splitting work across nodes can help--CPU, memory, and disk--and this helps a bit with one type. It's a pretty narrow use case.
Technical conferences are not the appropriate venue to discuss every problem in life. If I went into one of the database conferences I attend and found out a talk was on molesting cars, I would be offended and raise my issue with the organizer, especially if I were also presenting at the event. No amount of you telling me that my car will be broken into if I don't explore how to molest it myself first would change my mind. Now, if the conference's stated goal was "Expert tips for cornholing your Kia", well people wouldn't have very much right to complain.
There is an implicit social contract for what is and isn't appropriate for any particular venue. You don't seem to think the right call was made on this particular conference, and that's fine. However, I object to your assuming your viewpoint is the only correct one. If the organizer's position is "rape is off limits", and the presenter says there's a little rape...that is a legitimate complaint then, isn't it? It is the sort of thing that should be disclosed with much better notice than it appears to have gotten in this case.
Ooh, you left out avian carriers.
The fact that it's possible to build digital transmissions out of analog media is well understood. This is why I have a lot of copper wire in my house for that sole purpose. That doesn't make IP over CAT5 Ethernet a purely digital media though. People like to throw out "digital" as some sort of magic that gets bits from one place to another, but there are potentially lossy, analog encoding mechanisms involved in both transfer and storage all the time. Push deep enough and you'll start asking how bits in a computer are encoded into voltages; push a CPU hard enough and that layer can break down too. I was just pointing out where some of those edges at for the CD as a media.
You should get a colonoscopy done. They give you medicine like Versed, so there's memory of the event itself afterward. Hint: you can still tell someone stuck a tube up your ass.
Tell you what. I have some medicine here that will make you lose your memory for a bit. How about we get together, you pop some, and I'll violate you a bunch when it kicks in. You'll wake up with a sore ass but no other memory of the event, so it's fine, right? Afterward, I'll suggest you browse Slashdot to remember how we met again, and if you say you'd prefer not to I'll suggest you're not man enough to handle your PTSD.
One of the reasons women get so touchy about this subject is the sort of completely insensitive attitude you're presenting here. Also, the idea that you can recover from a mental illness by learning how to cope is rather optimistic. It's like suggesting you can beat cancer by staring at it in disapproval.
Each BSides is a community-driven framework for building events for and by information security community members.. That's where I pulled that it should be considered "an information security conference". Regardless of what you think the events are about, I was responding to how they market themselves. Please do assume some people might actually RTFA.
You also seem to be confused about sex vs. rape in a way such that you really shouldn't be talking about the two in public. I don't know exactly what the agenda of the people protesting the talk was about. I can see how it could be offensive to a rape survivor though, even as a straight white guy who doesn't worry about that at all for my own sake.
You read "perceive" but turned it into "hear", and then made an argument about hearing. Being able to perceive some aspect of audio playback isn't limited to your ears. That's most obvious at the bottom end, where you can feel things that aren't quite hearing. Audiophiles got a lot of flack for perceiving issues with early digital that turned out to be measurable later, such as playback with a lot of jitter.
Also, an aliasing error can impact frequencies below the Nyquist frequency. Beat frequencies are another way theoretically inaudible things, above your hearing range, can turn into audible ones.
Regardless, you were replying to commentary that mentioned "pre-Discman material", which to me means early and not even theoretically good D/A hardware. Once things moved into digital oversampling rather than analog Nyquist filters, all of this became a lot less likely to turn audible. The way mastered CD quality has gone up even in the last ten years tells me there was a lot of unrealized potential in the CD format, wasted by early mastering efforts. You mentioned dithering and noise shaping, things like better time domain performance (where the jitter issues play out) factor into that too. I am quite happy with well mastered CD audio. One of the reasons I prefer 24/96K recordings is that they have a much wider tolerance for mastering errors. I've found it less likely that such recordings were compressed for CD "punch" via loudness wars techniques for example.
You're saying "Crapple" while describing your Technics speakers as nice? How is life in the 80's right now?
That's right, that computers operate strictly on digital information is also a layering illusion that can break down. I had an intermittent crash this year that turned out to be thermal related. A bit flipped in RAM when the computer was under heavy enough load to mistake a 0 for a 1. The idea that there is any sort of pure analog or digital is a weak argument that gets pulled out regularly. It's not really true if you dig into how digital things really work though.
I bought tickets to four concerts last month. One went through TicketFly. The others were all sold by the venues, as directly as they could manage. All of them had "service charges" that were pretty large, considering all of them involved merely picking up the ticket at the will-call booth--no other way to get them. Ticketmaster is slowly being pushed into irrelevancy, but its replacements aren't that much better.
It has come to our attention that you are illegally using our proprietary air products.
I liked this joke better when it was in Spaceballs.
Somewhere between your straw woman and the other bad summaries floating around is reality. He's the important part from the presenter herself:
"In the talk I do cover ‘date rape’ drugs, and I explain their actions and how they’re dangerous."
Seems like a pretty legitimate way to trigger a rape flashback to me. It's appropriate for an information security conference only in that drugging people is a pretty effective way to get secrets out of them, and one that probably isn't considered as much as it should. If someone isn't sensitive enough to realize that even approaching that discussion is tricky, due to well known concerns over the same drugs being for rape, they really shouldn't be talking about it at all in front of an audience.
Luckily I have a car analogy for you. First question: do you know what a tail pipe is?