pre-release: linux.conf.au meeting announcement
Please take a moment to review your details and reply with OK or edits.
Subject and below is what will go out and also will be used to title the videos.
Subject:
ANN: linux.conf.au at Plenary Hall Sun January 15, 4:20p
linux.conf.au
=========================
When: 4:20 PM Sunday January 15, 2017
Where: Plenary Hall
This talk was given at Linux.conf.au 2017 (LCA2017) which was held on 16-20 January 2017 in Hobart, Tasmania.
https://linux.conf.au
Topics
------
1. Slot
(Needs description.)
recording release: no
2. Opening remarks
(Needs description.)
recording release: no
3. Introduction
(Needs description.)
recording release: no
4. Opening remarks
(Needs description.)
recording release: no
5. Decoding Satellites with SatNOGS
Scott Bragg
The past few months at our local amateur radio club we have been experimenting with working Low Earth Orbiting (LEO) satellites using handheld equipment. That's where I stumbled into the SatNOGS project. While my rotator has not finished being built this talk will partly be about building the rotator, how the client and network API fits together and different ways you can get involved in the project.
recording release: yes license: CC BY
6. The Opposite of the Cloud
Tom Eastman
Cloud computing. It's referred to -- humourously, or bitterly depending on whether you're talking to a 'Dev' or an 'Ops' respectively -- as "Somebody Else's Computer".
If "The Cloud" is hosting your infrastructure on "somebody else's computer", then the opposite of the cloud is when you're faced with putting someone else's infrastructure on your own internal network.
And so here I am, tasked with building virtual machine appliance images to safely and securely run behind customer firewalls of unknown configuration.
That... is an exercise in trust. Trust that is getting harder to come by thanks to the embarassing security record of "Internet Of Things" devices.
This is a talk about DevOps practice, infrastructure architecture, command & control, VPNs, Docker, Debian, Saltstack, Packer, Terraform, careful orchestration, and serious paranoia.
recording release: yes license: CC BY
7. WOOTconf Introductory remarks
(Needs description.)
recording release: no
8. Making Night in the Woods Better with Open Source
Jon Manning
No matter what your role, you've almost certainly used open source code in your project. But it's much rarer to see a game release code of it's own, when doing so can be a huge boost to your production. In this session, you'll learn how Night in the Woods open sourced Yarn, the dialogue system managing all of the text in the game, in the middle of production. We'll discuss how the community took it over, made it better, and improved the life of the development team as a result. Come and see how to give back, and get more.
recording release: yes license: CC BY
9. Human-Driven Development
aurynn shaw
Modern software development is a complex process, and a sometimes difficult team sport. In this talk, aurynn covers the failure modes inherent in current software development, the ways these failure modes are endemic within the broader open source and free software community, and how we can start moving ourselves toward a more sustainable, inclusive developmental style.
recording release: yes license: CC BY
10. Advances in CPU Frequency Management
Rafael J. Wysocki
Quite significant and radical changes were made in the kernel's CPU frequency management (CPUFreq) subsystem over the last year. The most significant of them was the switch from using timers to a new control flow based on governor callbacks invoked by the CPU scheduler. That change made it possible to clean up the CPUFreq core quite substantially and to add more functionality on top of it. Among other things, a new CPUFreq governor, called schedutil and making decisions based on the CPU utilization information provided by the CPU scheduler, was introduced. Moreover, the scheduler can pass hints to all of the CPUFreq governors now. That opened up new possibilities and, for instance, work is in progress to implement energy-aware scheduling (EAS) on top of the schedutil governor. Apart from that, improvements are being made in the other parts of the CPUFreq subsystem as well, which leads to an optimistic outlook on its future.
recording release: yes license: CC BY
11. Interface citizen scientists with government.
Johan Codinha
The victorian biodiversity is facing constant danger, from bush fires to pest and weeds just to name few. To protect the different ecosystem from natural and human disaster the government needs data !
I am going to walk you thru the history of biodiversity data collection in Victoria ( it's a young country so it's gonna be a short walk ), from hundreds of government employee surveying the countryside in the 80's to 2016 where we rely almost exclusively on citizen scientists to provide accurate data.
Then we will have a look at tools of the past, present and future for collecting biodiversity data and what is the role of standards and open software.
Government agencies are taking land management decision based on biodiversity databases, we will have a look at how the data is beeing verified and what are the potential security risks.
recording release: yes license: CC BY
12. ScummVM Retrospective - Lessons learnt, from games preserved.
Ender
This talk with provide a retrospective look at the ScummVM project - that (increasingly inaccurately named) project that reimplements a wide variety of adventure game engines across a even wider variety of hardware and OS platforms.
We will briefly cover the projects history, origins and future direction. We'll touch on the projects outreach efforts and negotations, and some noteworthy failures. Lastly, we'll talk about project governence and some of the unique challenges and conflicts that arose.
recording release: yes license: CC BY
13. Lightweight inventory management with Pallet Jack
Karl-Johan Karlsson
Inventory management for systems administrators is crucial for day-to-day operations. When installing a new machine, its MAC address needs to be registered with the DHCP server. While it runs, the configuration management system needs to know what role it has so it can install the correct software. When it breaks, you need to know which rack and switch port to find it in, its serial number and when its service contract expires.
We present [Pallet Jack](https://github.com/saab-simc-admin/palletjack), a systems administrator-friendly inventory database.
Its back-end store consists of a directory tree with YAML fragments, which means you can insert, version and extract information using standard text processing tools. Inheritance and automatic text processing eliminates the need to store duplicated information. Finally, a simple but powerful Ruby library helps with generating configuration files from the database.
recording release: yes license: CC BY
14. Sparse warnings
Daniel Axtens
`sparse` is a semantic parser for C, and is one of the static analysis tools avaliable to kernel devs.
Sparse is a powerful tool with good integration into the kernel build system. However, we suffer from warning overload - there are too many sparse warnings to spot the serious issues amongst the trivial. This makes it difficult to use, both for developers and maintainers.
In hopes of making sparse more useful, I've been slowly chipping away at the sparse warnings in `arch/powerpc` over the last year.
This talk covers:
* my experience doing this - what I've learned about the kernel and sparse
* some stats and pretty pictures about the state of sparse warnings
* where to from here - how to make sparse a useful part of the kernel dev workflow
* tooling to make sparse more useful - assuming I manage to get it written before the talk!
**Are you interested in kernel development and not sure where or how to start? This talk will cover how fixing sparse warnings can be used as a path into kernel development.**
recording release: yes license: CC BY
15. Almost Open - Just close the door behind you
Steven Ellis
We are potentially at an interesting tipping point in the future of Free and Open Source software as more of our interactions are managed by services rather than applications. Does Open Source have a future or are we pivoting towards a services based ecosystem where the best we can hope for is some degree of Open Standards? These open standards have no specific entity tasked with defining each of them, yet every day we hear about Open Hardware, Open Government, Open APIs.
What does Open mean within the ecosystem you operate within, and how can we continue to be a catalyst for the journey and grow the Open Source movement when so many closed outcomes are being produced from the Open Source ecosystem?
This is a collaborative session to look unpack the issue and formulate some actions that can be used by the attendees within their communities, businesses and organisations.
recording release: yes license: CC BY
16. Every Game Should Have An API Like Destiny
Richard Deveraux
As a game developer, you should always be looking for ways to engage your players inside and outside your game. If your game is popular, you might even find you have some players with programming experience and want to do more with your game. Implementing an API is one way you can empower these players to create cool applications that can enhance your game in ways you may not have even thought of or have the resources for and it is one of the more unique aspects of large games such as Destiny where it has allowed the game to evolve well beyond what was possible by Bungie alone. As the lead contributor to the [Unofficial BungieNetPlatform API Documentation](http://destinydevs.github.io/BungieNetPlatform/) I can give you a list of tips and suggestions on ways you can enhance your game through the creation of APIs and show you some of the amazing tools the Destiny Developer Community have been able to create because these APIs exist.
recording release: yes license: CC BY
17. Continuous Dashboarding - your devops airbag
Christopher Biggs
The concept of "Continuous Delivery" has been paraphrased as
"Move fast and break things", that is automate your testing and deployment
to remove as many delays as possible between developer and
production, and be prepared to react rapidly when something goes wrong.
The trick is knowing whether something has gone wrong.
Most businesses have analytics, monitoring and dashboards.
In fact, if you look really hard, most businesses have a dozen or more
different silos of monitoring data. The problem is that it's difficult
to get a business-wide overview of all this data.
Node-RED is a visual data-flow tool that has a rich collection of
interfaces to other services, and is capable of talking to most of these
silos in order to provide synergistic insights, and real time alerts.
In combination with mobile dashboard tools like Blynk, this allows
targeted mobile dashboard applications to be built and deployed in minutes,
for one user or a thousand.
The attendee will learn the capabilities of Node-RED and Blynk,
see some examples of dashboard apps, and receive practical advice on
how to get started with their own data.
With "dashboard driven development" your process becomes first build
a dashboard to monitor some element, second make a change, third
verify that the change had the desired effect.
Every time you make a change to your operating environment, you'll be
able to monitor vital statistics from your pocket, in real time.
The collection of dashboards you've built over time will give you increased
confidence whenever you make a change that your business' key performance
metrics are where you expect them to be.
recording release: yes license: CC BY
18. My adventures building hamlib support for the OpenSDR board
Paul Warren
This talk will explore the path I went on building Hamlib support for the Open Software Defined Radio board, previously built at the LCA2015 OpenRadio MiniConf.
I'll detail my mistakes, where I ended up, and future plans.
Hamlib is an abstraction layer to allow applications to easily talk to various radio hardware, usually over a serial connection.
The Open SDR board is a fully open sourced SDR baord that receives across the HF band (0-30MHz) with the help of a sound card. It can also trasmit PSK31 a text based communication mode.
recording release: yes license: CC BY
19. Seeing the big picture – using open source images
Kate Andrews
The ease of image sharing on the web results in the rapid dilution of the creator's ownership, and it can be really hard to tell whether the image you want to use is open source.
In this presentation, you'll learn some tips and tricks for finding the license on an image, and useful tools for tracking down high-quality, genuinely open source images. Real-life stories from the artist's side of the copyright minefield will give you a new perspective on the importance of getting your image use right first time.
recording release: yes license: CC BY
20. Kernel-bypass networking for fun and profit
Matthew Chapman
In the quest for ever lower networking latencies, there are a growing number of kernel-bypass TCP/IP stacks available from various network card vendors: for example Exablaze's exasock, Solarflare's OpenOnload, Mellanox's VMA, Myricom's DBL and Chelsio's WireDirect. All of these use the LD\_PRELOAD mechanism to hijack AF\_INET socket calls and direct them to a library and ultimately the network adapter. Some are entirely implemented in userspace, while others have in-kernel support components that allow more graceful connection handling across processes. In this talk I will discuss the how and why of these stacks, with a particular focus on the exasock stack developed by my team at Exablaze.
recording release: yes license: CC BY
21. Multiplayer gaming and distributed state
Caskey L. Dickson
The hardest thing about writing games (after gamplay, mechanics, ux, marketing and paying the bills) is managing the game state as viewed by all users. This talk will cover the principles of distributed shared state, strategies such as frequent state regeneration, change validation and how your choice of connectivity and latency profiles change the user experience.
recording release: yes license: CC BY
22. Let's put wifi in everything.
Brenda Wallace (Shiny)
When I was a child, I was told to put on a jersey whenever my parents were cold. Today my child is told when to put on a jersey by a small army of arduinos. This is better, and far more accurate.
Can the oven just tell me when it's hot enough to make cookies? Does the feijoa tree want water? Is there wet laundry left in the machine? Where is the cat? Why? Who unloads the most dishes? Did I leave the garage door open? Is the CO2 level super high in the bus? How do I help the aloevera plant send thoughts to twitter?
It's 2016, and all these things can be fetched, stored, average, and acted on. Not just at $300 a device, but homebrew gadgets for much less. Mostly using the ESP8266, but there's a few other nifty inventions, of varying level of easiness and openness.
This talk will explain how to start covering your life with items that can tell you about themselves, act on your instructions, and be iteratively improved to naturally automate much of your life, and make decisions based on real data.
This talk should be interesting and accessible to novices, but you'll need to know some programming to actually use the info afterwards
recording release: yes license: CC BY
23. The Sound of Silencing
Julien Goodwin
Having automatic monitoring alerting us when there's problems with our systems
is a core part of ensuring reliable systems, however this can lead to alert
fatigue.
This talk will cover using silencing, grouping and ihibition to reduce alert
load, and improve the signal to noise ratio of remaining alerts.
recording release: yes license: CC BY
24. Running production workloads in a programmable infrastructure
Alejandro Tesch
Infrastructure as Code is a hot topic today, however several IT managers and System Administrators often fail to see the benefits that it can provide to their day to day operations.
In this mini-conf session we will go in depth into two use cases that can leverage on OpenStack to address common operation challenges.
1) We will demo how to leverage HEAT and Ansible to automate the deployment of a two-tier load balanced environment within seconds that will host your enterprise applications. We will showcase as well the autoscaling capabilities by overloading our web farm until we hit the CPU threshold that will spawn another tomcat server.
2) "Data Cloning as a Service" will demonstrate how to automate the cloning of a 24 x 7 Mission critical Oracle database without impacting the end users.
Ansible is used to place an enterprise database in backup mode, take a snapshot of the volume containing the Database, clone the cinder volume and get it transferred to a development tenant who will automatically start a clone of the database for testing and QA.
recording release: yes license: CC BY
25. Knit One, Compute One
Kris Howard
Can a programming language describe art? Is knitting Turing complete? And just how many bytes of data does the average knitted scarf hold, anyway?
These are the questions that motivate Kris as both a knitter and a technologist. As an art form, knitting is inherently binary - just knit and purl. That means you can use sticks and string to encode data in a lot of different ways - like recording the day’s weather, noting enemy troop movements, or even knitting a computer virus. But that’s just the start! Through the act of knitting, the crafter becomes a kind of human CPU, utilising objects and data structures (needles) and free memory (ball of wool) to implement instructions (the pattern). Knitting patterns themselves are very similar to computer languages, with new syntax proposals emerging with innovative constructs and even compilers.
If you thought knitting was just an old-fashioned hobby, this talk will open your eyes to the many ways this traditional craft is still relevant in the digital age. (And no, you don’t need to know how to knit!)
recording release: yes license: CC BY
26. Are You Ready for Amateur Radio?
Ben Short
There is a lot of radio spectrum out there, and while some of it is available for use to the public, much of of the spectrum is licensed out to private business, defence and government uses, and is also limited in how you can use what is available. Fortunately you can can access to a significant amount of this RF spectrum by becoming an amateur radio operator!
This session will give a brief introduction to the types of Licenses available and the costs with getting a license before taking a look at what you need to know in order to obtain a license with several sample questions, and finishing up with some Q&A at the end.
If you've had an interest in radio, but always wondered what the next step may be, then this session is for you!
recording release: yes license: CC BY
27. An open programming environment inspired by programming games
Josh Deprez
Go play Zachtronics' SHENZHEN I/O or TIS-100. Don't worry, I'll wait.
Was that good? Was it fun? Is regular programming that fun?
Wouldn't it be fun to see your data literally zipping along wires between the
components of your programs, but with a less puzzle-oriented low-level language?
I set about making such a system.
recording release: yes license: CC BY
28. How govCMS is part of the open government and open data movement in Government
Gavin Tapp
The govCMS distro was officially unveiled by the Australian Government in April 2015. Since then, more than 100 government websites have started using this build of Drupal. This marks a big change for government in its use of open source software, and is supported by a broader set of activities that aim to foster reuse and sharing within government.
In this session, I'll give a quick overview of what govCMS is, and how it works. Then talk about how the codebase is managed to suit the needs of government. I'll also cover some of the other activities that are happening around govCMS to encourage its success in the government sector, and how the broader open source / Drupal community may get involved. Note, this will not be a technical presentation - I will talk more about the aims and activities of the govCMS project.
If you are interested in how governments can run their own open source projects, you should come to this talk.
Note - I work for Acquia, who are a service provider to the Department of Finance (who manage govCMS). This will not be a sales pitch for Acquia :)
recording release: yes license: CC BY
29. Making kernel objects movable: A history and the way forward
Christoph Lameter
A key technology in the kernel is the ability to move objects around. This is essential for proper object locality with NUMA and also important to ensure that the kernel can defragment memory properly so that data can be place closely together and to enable to use of huge or giant pages. Over time most Linux systems today require a reboot because performance will suffer as memory becomes more and more fragmented. Servers and devices need to be periodically rebooted. The more complex our kernels become the more different sizes of objects are needed. Growth of complexity results in more opportunities for fragmentation and thus more issues with slowdowns and sluggish behavior.
The first implementation on this level was page migration in 2004 which made pages mapped into a user process movable. Then later CMA added the ability to move larger sets of kernel pages that are not on the LRU used for user space pages. This approach may be extended and the hooks used for also making slab objects movable using some callbacks. This could enable much better defragmentation and avoid the need to have to debug Linux systems regularly.
recording release: yes license: CC BY
30. Sharing the love: making games with PICO-8
John Dalton
PICO-8 is a fantasy console for making, sharing and playing tiny games and other computer programs. It's like an emulator for a 1980s console that never existed, with integrated development tools for building games in this imaginary environment. The harsh restrictions (by modern standards) such as a 128x128 pixel display, 16 colours and 32kb maximum program size encourage creative approaches, while the use of subset of the Lua programming language makes this a very accessible environment for even beginning coders.
PICO-8 itself is not open source, but applications made with it all include source - in fact they are distributed as PNGs with the entire cartridge data embedded inside the image! You can stop somebody's game and then switch to the development view to see how they built it. Around this tiny game engine has grown a community of developers who value sharing and learning from each other, and many of them have gone on to release games and tools under open source or creative commons licenses.
This talk will show what it's like to work with PICO-8, a few of the cool projects people have built with it, and how it's a great tool for explaining the value of sharing. It's also inspired this speaker to start making games again for the first time since he was a teenager, and he wants to share the love.
recording release: yes license: CC BY
31. Mice and Maps
Rhiana Heath
A few years ago my brother gave me a copy of a role playing game called Mouse Guard. The premise being you were little mice in the forest going around fighting the evil weasels and trying not to get trampled by a moose, caught up in a snow storm or eaten by snakes in the mean time. It came with a map with a rich story about each of the locations you could visit and characters you could meet along the way.
Now I wasn't familiar with the setting and wanted to have the information close at hand while we played without having to pause and look up information every few minutes so I decided to turn it into an app.
I had just started learning Ruby on Rails so naturally it is a Rails App. I then decided on using [leaflet](http://leafletjs.com/), an open source javascript library for maps, to program the bulk of the functionality.
The app let's you create markers on the MouseGuard map with leaflet, link them to the Ruby Database and update any information about the location including pictures and what the players got up to whilst there.
Today we'll have a look at the app, how it was built, what challenges came up, how I then added in custom leaflet features and eventually got the behaviours I was aiming for.
recording release: yes license: CC BY
32. Managing performance parameters through systemd
Sander van Vugt
In this talk you¹ll learn how to manage performance
parameters through systemd. You¹ll discover how systemd splits the Linux
operating system into 3 different slices - and how that may lead to
unexpected situations in some cases. You¹ll also learn how to modify a
unit file to ensure that your services will always be sure that the
resources they need will be available.
recording release: yes license: CC BY
33. GPL Compliance/Enforcement session
Karen M. Sandler
As promised on the ksummit-discuss mailing list, this is one of several sessions intended to discuss GPL enforcement and receive feedback from those who would like to do so. It will also be an opportunity to ask questions about Conservancy’s enforcement efforts, as well as those led by other people, to the extent we are aware of them.
recording release: no
34. The Openness of Closed Systems
Richard Jones
Minecraft is popular. It's also a closed-source game. That hasn't stopped a very healthy and enthusiastic community of game modification creators (modders) from building around it.
In this talk I will discuss some of the issues that modding Minecraft raises; this will include a basic discussion of how it's done, how information is disseminated and lead into questions of how FOSS comes into the picture.
recording release: yes license: CC BY
35. Building My Own Little World with Open Data
Steven Pousty
Everybody cares about the place (they live, they grew up in, they had a great vacation, in the news….). With the rise of open data, big data tooling, and new visualisation technology, we can actually now build applications that give people new ways to explore beyond “where is the closest Starbucks”. I have collected Open Data from my home town (Santa Cruz, CA) and compiled it into the beginnings of a visualization and analysis platform. The goal of this talk is to show the process of collecting open data from disparate sources, some of the caveats on being able to put them together, general lessons learned, and some fun visualizations. I want to move past thinking about sources for open data and moving on to tools and lessons so you can get cracking! I want to show how we can enable people to gather open data and turn it to open knowledge. Data sources will be from Government (e.g. United States Geologic Survey) and Non-Government sources (e.g Audubon Society eBird Data) while some of the tools covered will be Apache Spark, PostGIS, Leaflet, and various others.
recording release: yes license: CC BY
36. Imposter Syndrome
Bianca Gibson
Ever thought 'oh no, they are all going to realise that I have absolutely no idea what I'm doing'? If so this talk is for you. I'll cover some of the signs of imposter syndrome, how to minimise it's negative impact and how to reduce those feelings in yourself and others.
recording release: yes license: CC BY
37. Overview of HPSDR
Justin Giles-Clark VK7TW
Justin's presentation will focus on the open source High Performance Software Defined Radio (HPSDR) system, the philosophy, what amateurs do with them along with a summary of SDR history and the role amateur radio has played in this space along with (hopefully) a quick demonstration.
recording release: yes license: CC BY
38. Go for DevOps
Caskey L. Dickson
Go is an excellent open source multiplatform language for doing cross-platform development which is ideal for ops tools. If you target multi-platform, multi-architecture environments, come learn how Go enables you to write once and run anywhere. No more need for kludgy shell scripts!
This talk will cover the built in features of Golang that make it possible to write your code on one platform and seamlessly deliver it to many different operating systems and architectures. As a devops engineer I have tools and services that need to support multiple operating systems running on different CPU architectures.
You will learn the specific ways to generate *bsd-386 binaries on Windows-x64, android-arm binaries on Linux-ppc and all combinations in between. I'll also be covering coding techniques to keep this manageable and libraries that support you in things like file system navigation.
recording release: yes license: CC BY
39. Play Session
(Needs description.)
recording release: no
40. Hannah Gets Go-ing
Hannah Thompson
I've challenged myself to learn Go in two months, with the aim of using the Gobot framework to control an Arduino device.
I'm part of that emerging group of women who have learnt to code in order to career change. But instead of taking the plunge and quitting my job to spend six months at a bootcamp, I harnessed one of strongest skills - learning - and taught myself (I have a PhD, which basically means I'm really good at learning).
This talk will chart my journey of learning a new language - Go. I'll discuss the challenges, successes and failures I experience along the way and finally demonstrate what a new programmer can achieve in two months.
Why did I choose Go? Well, it's open source, there's an active community in my new hometown, there are plenty of resources for new users, and gophers are adorable. Also there are a lot of Go puns.
recording release: yes license: CC BY
41. Building Escape Room Horror Experiences with Arduino and C++
Paul '@pjf' Fenwick
"Hurry with that code, they're on the move!"
"I'm working on it! Where are they headed?"
"The stairs… no… maintenance."
"That's not us! We're safe, right?"
"They're sabotaging us. Room scanner offline. We've lost visual on the corridor."
"Did... Did you just hear that noise?"
"Forget the console; barricade that door... NOW!"
---
"Room Service" is a physically immersive, multi-player, horror escape room created by Pop Up Playground in Melbourne, Australia, and constructed using arduino-compatible processors, C++, and open source software and hardware designs.
We'll examine how to build a physically immersive game, hardware used, embedded testing frameworks, the platformio software development environment, player creations, software challenges, and improvements over time.
recording release: yes license: CC BY
42. Open Source and Radio Panel Discussion
Scott Bragg, Ben Short
Amateur radio and open source software have a long history together but there is plenty of room to bring them closer together. What can (the institutions of amatuer radio) learn from the open source community and development? What can open source groups learn from amateur radio groups?
The panel will also aim to discuss current technologies and the inevitable lag of regulation, as well as roadmaps of your favourite projects. We're not above accidentally inserting an ad-hoc lightning talk in the mix.
Our hosts will put together a panel of amateur radio operators, developers and makers to discuss these but also with some audience participation.
If you would like to appear on the panel, or want a few minutes for a radio related lightning talk, send us an email to [jsbragg@scriptforge.org](mailto:jsbragg@scriptforge.org) and tell us about yourself.
recording release: yes license: CC BY
43. Open Meets Science @ Google
Cat Allman
"Open" is a concept that has spread far beyond software engineering, into government, data, publishing and science. In parallel, the world is embracing "making" as methodology, avocation and profession. Google has had an Open Source Programs Office for more than ten years, but our Making & Science team, an offshoot of the open source team, is just 2 years old. Come hear about what we're up to and why Google has a small (but mighty!) team working to support making and science, inside the company and out. I will also illustrate how the meme is spreading by sharing some of my favorite open science and STEAM ED programs.
recording release: yes license: CC BY
44. Turtles all the way down - Thin LVM + KVM tips and Tricks
Steven Ellis
Tips and tricks for both operators and developers to get the most out of ThinLVM and KVM when building demo environments, or optimising real world business solutions.
Topics covered will include
* Thin LVM
* Thin VMs on Thin LVM
* TRIM for SSDs + Thin VMs on Thin LVM
* TRIM for SSDs + Thin VMs on Thin LVM + Luks Encryption
* KVM performance tips and tricks on ....
Basically "Turtles all the way down.."
recording release: yes license: CC BY
45. Why Twisted Is The Best And How It Will Make Your Application Awesome
Amber Brown
Twisted has been around a long time in the Python world. Pioneering the Deferred abstraction, which later turned into Promises and found their way into JavaScript, it is a fertile ground for asynchronous I/O experimentation. Through its groundbreaking protocol/transport design that some of us might take for granted these days, and a strict adherence to unit testing and representing things through abstract interfaces, it lets you talk a lot of different network protocols without really having to know everything about them.
It can make your application awesome.
recording release: yes license: CC BY
46. Managing Storage with a File System
Keith Packard
Traditional Linux storage is built using several block layers and
adding a file system on top. You can construct a block device out of a
file system using the loop driver, but that interface loses some key
functionality present in the block layer, most importantly the DAX
interfaces.
As an alternative, we can squash some of the the loop driver
functionality into a file system and present both file system
interfaces as well as block device interfaces from the same driver.
This provides a uniform storage management interface where a single
'wholesale' file system aggregates a set of the available storage into
a single logical store which can then be arbitrarily dis-aggregated
into individual storage volumes which can then be used as traditional
block devices for 'retail' file systems within the host OS or
passed to virtual machines for storage in that environment.
This technique is being used within The Machine, a project within
Hewlett Packard Enterprise, to provide convenient management of a pool
of fabric attached memory shared among many Linux instances.
The presentation will show how the wholesale file system is managed
and how the block layer is exported from it. Additional details about
how storage locality is controlled using extended attributes will be
included.
recording release: yes license: CC BY
47. Porting Games To Linux
Cheeseness
What's involved in making a game that doesn't support Linux support
Linux? How can Free/Open Source Software help with this, and how can
F/OSS ecosystems benefit? In this talk, the person behind Day of the
Tentacle Remastered's Linux port will share his experiences and
perspectives on the porting process, and offer thoughts on the broader
implications and outcomes of more games supporting Linux.
Slides can be found here: http://cheesetalks.net/porting-games-to-linux
recording release: yes license: CC BY
48. Open Discussion and Lightning Talks
(Needs description.)
recording release: no
49. Condensed History of Lock Picking
Grace Nolan
In the 1800s Windows 0days were extremely rare, so hackers at the time had to settle for the delicate art of lockpicking. In this short talk, we’ll learn about some of the zany lock mechanisms the aristocracy came up with to secure their valuables. We’ll talk about lock picking bounties and the transient era of perfect security. Yes, that’s right. Perfect Security. These ARE your great-great-great grandparents’ stories, so buckle up kiddo, you’re in for a wild ride.
recording release: yes license: CC BY
50. Samba and the road to 100k users
Andrew Bartlett
Samba4 (our Samba AD DC) is increasingly widly used and is becoming used at scale, and this talk will detail Samba's journey from 'wow, it works' to 'can we have 100,000 users please'.
Samba 4.5 brings significant improvement in our scale, to around 30,000 users, and this talk will look at how we got there, share some war stories along the way, and what we are doing to bring us up to the 100,000 size.
recording release: yes license: CC BY
51. Planning Alerts, State Contracts then The World
Ben Minerds
How does a council scraping initiative started in the UK evolve to influence and inform how the Victorian Government manages its information? Planning Alerts was originally a UK service to allow people to subscribe to be notified when there was a planning application near them regardless of council boundaries. It's success has also been replicated (and improved) in Australia. It seems obvious to many of us that a significant factor is that the initial project and those that followed it were Open Source and open to the Communities they served. How can we better demonstrate to government the value of Open Standards and Open Data than by making it happen?
recording release: yes license: CC BY
52. Demo from Mice and Maps
Rhiana Heath
Abstract coming soon.
recording release: yes license: CC BY
53. Earth Moon Earth (EME) Radio Propagation
Rex Moncur
This talk will focus on the Amateur radio use of PCs to detect signals up to 30 dB below the noise after reflection from the Moon. These techniques have been developed by Nobel Laureate Professor Joe Taylor and Rex has conducted experimental work to support Joe's work. Rex's goal in this work is to reflect signals off the Moon with as small an antenna and as low a power as possible.
The best result to date is the reflection of signals from the Moon and back to stations in Europe with just 5 watts from a small 77 cm dish. For this audience who will be used to data rates of many mega bits/second you are warned in advance that the data rates are the order of only 1 bit/second.
recording release: yes license: CC BY
54. Mamas Don't Let Your Babies Grow Up to Be Rock Star Developers
Rikki Endsley
Are you sick of seeing job listings calling for "rock star developers"? What does that even mean? Developers who get the glory, while the band, agent, road crew, and sound engineers do the work? Instead of being a one-hit wonder who crashes and burns by 27, look to Willie Nelson for inspiration. Willie's 60+ years in the music business offer plenty of lessons developers can apply to their own careers. Attend this fun talk to see how collaborating with a diverse mix of peo ple, learning new skills, choosing the best tool for the job (and then improving on it), contributing to a range of communities, and not being afraid to fail have benefited Willie's career. The talk will be fun, but the lessons are practical for developers--and people who work with them--of all experience levels.
recording release: yes license: CC BY
55. The School for Sysadmins Who Can’t Timesync Good and Wanna Learn To Do Other Stuff Good Too
Paul Gear
Network Time Protocol (NTP) is a widely deployed but oft-misunderstood Internet standard for time synchronisation. This presentation will cover why you should (and probably already do) use NTP, how it works, and an overview of configuration, troubleshooting, and monitoring. The focus will be on practical implementation in enterprise, cloud, and personal environments rather than history, theoretical grounding, or environments requiring extreme precision.
Topics covered will include (time permitting):
* overview of the NTP algorithms, strata
* installation & configuration with ntp.conf
* how to use ntpq for troubleshooting
* overview of monitoring tools
* how to use and participate in [the NTP pool](http://www.pool.ntp.org/) & comments on scale
* common myths & misconceptions, and best practices for avoiding them
* my experiences in building a sub-US$100 stratum 1 server
For more on the history and theoretical background of NTP, see [Julien Goodwin](https://twitter.com/laptop006)'s LCA2011 talk, ["A Brief History of Time Synchronisation"](https://www.youtube.com/watch?v=GhKKWdGn5qg). Overlap with Julien's talk will be kept to an absolute minimum, although I will dispute/update some of his data.
The practical examples & demo will use the NTP reference implementation on Ubuntu 16.04 LTS, but the skills learned will be applicable to all Linux distributions, and the principles will likely apply to other NTP implementations and operating systems as well. The content on which this talk will be based is appearing in a series of blog posts, starting [here](https://libertysys.com.au/2016/09/28/the-school-for-sysadmins-who-cant-timesync-good-and-wanna-learn-to-do-other-stuff-good-too-part-1-the-problem-with-ntp/).
recording release: yes license: CC BY
56. Lightning Talks
(Needs description.)
recording release: no
57. Lightning Talks
(Needs description.)
recording release: no
58. Linux Australia Annual General Meeting
(Needs description.)
recording release: yes license: CC BY
59. Slot
(Needs description.)
recording release: no
60. Choose Your Own Adventure, Please!
Pia Waugh
Where are we going and how do we get there? An optimistic look at our future as a species that shows how our global society is changing, what opportunities lie ahead, and what we need to collectively address if we are to create the kind of life we all want to lead. It will challenge individuals, governments and corporations to critically assess the status quo, to embrace the opportunities of the new world, and to make intelligent choices for a better future.
We have seen a fundamental shift of several paradigms that underpinned the foundations of our society, but now hold us back. Like a rusty anchor that provided some stability in high tide, but now binds us to a dangerous reef as the tide goes out. We have seen a shift from central to distributed systems, from scarcity to surplus and from closed to open systems, wherein the latter of each is proving significantly more successful in the modern context. And yet, many of our assumptions, laws and social rules are based on centricity, scarcity and closed as both the default and desired state.
There are many people that have talked about technology and the impact it has had on our lives, but technology is only part of the story. The immense philosophical shift over the past 250 years has created a modern perspective that enables all people to be influential, successful and mighty, certainly compared to our peasant ancestors who had very little control over their destinies. People -- normal people -- are more individually powerful than ever in the history of our species and this has enormous consequences for where we are heading and the opportunities ahead. This distribution of power started with the novel idea that individuals might have inalienable rights, and has been realised through the dramatic transformation of the Internet and democratisation of modern technologies.
How can we use this power to build a better world? Are we capable of identifying, challenging and ultimately changing the existing ideologies and systems that act to maintain a status quo established in the dark ages? We have come to a fascinating fork in our collective road where we can choose to either maintain a world that relies upon outdated models of scarcity that rely upon inequality, or we can explore new models of surplus and opportunity to see where we go next, together.
recording release: yes license: CC BY
61. Welcome
(Needs description.)
recording release: no
62. securely backing up gpg private keys.. to the cloud‽
Joey Hess
Imagine a world in which gpg was not hard to use, and was used widely. Users exchange encrypted email, gpg sign comments on websites, make encrypted backups, and so on.
What happens, in that world, when a user's gpg private key gets deleted? The only backup is encrypted with the lost private key. Catch 22.
We're not in that world, and so we don't often worry about this problem. Unless we've lost gpg key ourselves. But solving the gpg key backup problem seems a necessary step in the path toward that world.
Most ways to back up gpg private keys require physical security, like a safe to keep the key in, and often cumbersome backup and restore procedures.
Keysafe makes backup and restore easy, by backing the private key up to the cloud. It necessarily trades off some security to do so, but manages to make it very expensive to compromise its backups. I'll explain how Argon2, Shamir Secret Sharing, relatively weak passwords, and AES decryption puzzles are combined in keysafe to accomplish this.
recording release: yes license: CC BY
63. Greetings and Welcome
(Needs description.)
recording release: no
64. QA in the Open
Matthew Treinish
One common misconception about a lot of Open Source projects is that the quality is variable and/or is of a secondary concern. This is supported to a certain degree by a lot of projects which do minimal testing upstream and rely on downstream consumers to do more thorough testing. But, there is no reason that an open project can not also do QA in the open as part of the community. While the term QA will likely evoke a plethora of negative emotions from anyone who has worked in a corporate development environment, there can be real benefits to having a dedicated QA effort on an open source project. It enables transparency in how testing is done, lets anyone contribute and collaborate, and can signal to users the stability of a project. This talk will use OpenStack as an case study to explore how an open source project can do QA in an open manner and the potential benefits it can provide.
recording release: yes license: CC BY
65. Fishbowl discussion - GPL compliance
Karen M. Sandler
An open fishbowl discussion
(https://en.wikipedia.org/wiki/Fishbowl_(conversation))
about GPL compliance, including important questions like:
* Who should be following the Principles (https://sfconservancy.org/copyleft-compliance/principles.html) and are they an adequate metric for compliance activities?
* What are the various initiatives currently being developed to help improve compliance in the industry?
* When is litigation an appropriate outcome?
recording release: no
66. Quiz
(Needs description.)
recording release: no
67. Preventing Deserialization attacks in Java applications
Jason Shepherd
Recent research by [Chris Frohoff and Gabriel Lawrence has exposed gadget chains](https://frohoff.github.io/appseccali-marshalling-pickles/) in various libraries that allow code to be executed during object deserialization in Java. They've done some excellent research, including [publishing some code](https://github.com/frohoff/ysoserial/) that allows anyone to serialize a malicious payload that when deserialized runs the operating system command of their choice, as the user which started the Java Virtual Machine (JVM). The vulnerabilities are not with the gadget chains themselves but with the code that deserializes them.
There are couple of ways in which this type of attack on the JVM can be mitigated:
* not deserializing untrusted objects;
* not having the classes used in the 'gadget chain' in the classpath;
* running the JVM as a non-root operating system user, with reduced privileges;
* egress filtering not allowing any outbound traffic other than that matching a connection for which the firewall already has an existing state table entry.
In this talk we'll explore each of these in detail, using JBoss EAP as a example of how these mitigations can be introduced.
recording release: yes license: CC BY
68. Blue Ocean: a new user experience for Jenkins
James Dumay
The Jenkins project has embarked on an ambitious new project, Blue Ocean, which
is tasked with rethinking the user experience of Jenkins for modern teams with a
focus on improving comperehnsion of DevOps and Continuous Delivery.
It is a direct response to a change in mindest of modern developers where by they
value tools that are not only functional but are designed to fit into their
workflow seamlessly in a way that is a joy to use daily.
James Dumay, Blue Ocean community leader and Product Manager at CloudBees, takes
attendees on a journey on why a better user experience can improve comprehension
of DevOps and Continuous Delivery for software teams, a tour of what's to come
in the 1.0 release, the roadmap beyond and what it means for the future of the
Jenkins project.
recording release: yes license: CC BY
69. U 2 can U2F
Rob N ★
Universal-second factor devices are the new hotness in the two-factor login world. Sleek, sophisticated and secure, they combine high-quality crypto with an even-your-dog-could-use-it one-touch interface to produce a smooth and pleasant login experience.
U2F devices are built on public-key crypto, where the device signs challenges produced by the server. They have many interesting features, including a certificate to identify the device provider, and mechanisms to detect cloned devices and know if the user is actually present when the device is activated. The way they generate key pairs is also quite clever, allowing for devices with no on-board storage at all.
In this talk I'll tell you what U2F is, why it's important, how it works and how to implement it in your service or application. I'll also have some devices to give away to help you get started with this fascinating two-factor technology.
recording release: yes license: CC BY
70. A Beautiful Build: Releasing Linux Source Correctly
Bradley M. Kuhn
Most embedded computing products run Linux. However, obtaining the complete, corresponding source code (CCS), which Linux's license (the GNU GPL) requires, can prove difficult. The license dictates certain technical requirements; verification of a source code release for license compliance therefore requires technical analysis. After years of reviewing many source releases for embedded Linux products, the speaker discovered (finally!) an excellent example of CCS, which not only meets the requirements of the GPL, but also enables and encourages users to take advantage of their rights to modify and install new versions of the software on their device.
This talk briefly discusses the components of the router's source release, and then explains the aspects of the source release that made it particularly outstanding. The talk proposes methods to achieve similar compliance successes on embedded products, suggests procedures for increasing the "tinkerer" userbase by improving beyond even what this excellent example provided, and gives insight into and perspective on compliance engineering analysis that occurs during GPL enforcement work.
recording release: yes license: CC BY
71. Prize Session
(Needs description.)
recording release: no
72. Community Leadership Summit Summary
VM and group leaders
(Needs description.)
recording release: yes license: CC BY-SA
73. Doing 'Blockchain' Things
Adam Poulton
Most systems that are currently used by people involve a central entity that verifies, controls and charges for transactions that are processed by the controlling entity.
This entity can be a bank, a government agency, a market maker or a service provider.
These centralilized institutions, although essencial in the 20th century as they provided security, are an inefficiency that has become an evergrowing and largly avoidable cost as we move further into the cryptocurrency age
Blockchains provide a decentrilized solution to the trusted central authority and provide a platform for untrusting parties to transact with each other in a transparant system that requires zero trust in the other side.
This has implications for almost every facet of life from banking, identity, certification, autherisation and voting.
recording release: yes license: CC BY
74. Pelcgbtencul 101
Thomas Sprinkmeier
Did you know that symmetric ciphers don't produce palindromic ciphertext?
Did you know that "Message Digest" isn't what happens when you eat a secret note?
Did you know that Rainbow Tables can be used on sunny days?
Did you know that "elliptic curves" cannot be straightened by brute force?
Did you know that the birthday paradox has nothing to do with cake?
Did you know that hash collisions don't raise your insurance premiums?
Did you know that a "zero knowledge proof" isn't an entry requirement for the Church of Scientology?
If you answered "Yes" to all of the above then you'll probably want to go to a different talk.
If you answered "wow, really?" at least once then come along and get a brief introduction to cryptography and, time permitting, a quick tutorial that'll teach you just enough to be dangerous and maybe even a flame-war on the politics of cryptography.
recording release: yes license: CC BY
75. Discovering edge cases with property-based testing.
Svetlana Filimonova
Property-based testing is a popular concept in the world of functional programming. QuickCheck in Haskell is an iconic framework supporting this testing approach. Today we can find testing libraries supporting PBT in any main-stream languages, inlcuding Scala, JavaScript, Ruby, Python, Java etc.
Generated input is obviously constrained by the type of parameters accepted as an input for the code. However the range of this input covers large amount of edge cares, the cases you didn't even know existed in your application. Discovering these cases on early stages of your development process brings quite a big support for 'building quality in' instead of ensuring the quality after an application has been created. As any other automated tests, PBT tests are a part of your continuous integration pipeline, which gives quite a big coverage for regression testing as well. It provides essential feeling of confidence in changing the product as much as required.
In this talk I will present pbt concept and my experience of adopting it on a couple of projects I've been engaged too. I will give an introduction into this practice and some pros and cons, so hopefully it will give you a good idea on when and
why would you want to use it.
Target Audience: testers/developers, people ensuring quality.
recording release: yes license: CC BY
76. ESP32 Microcontroller Hardware and Software
Angus Gratton
ESP32 is a microcontroller. It is hardware. It needs software.
recording release: yes license: CC BY
77. Stephen King's practical advice for tech writers
Rikki Endsley
Abstract coming soon.
recording release: yes license: CC BY
78. IoTuz hardware design, manufacturing, working with KiCad
Bob Powers
IoTuz is the OHMC kit this year. It was manufactured.
recording release: yes license: CC BY
79. Apache Metron: Centralised Security Monitoring and Analysis with Big Data Technologies
Nik Lam, Ned Shawa
Apache Metron, formerly OpenSOC, integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat-intelligence information to security telemetry within a single platform.
In this presentation, we'll provide an introduction to key big data elements used in Metron, such as NiFi, Storm, HDFS and HBase. We'll look at each one in the context of its role in Metron, with the goal of providing those who are new to these technologies sufficient background to apply Metron in a POC of their own.
recording release: yes license: CC BY
80. Sorting out the mess: How information architecture can help
Darren Chan
Have you ever felt annoyed looking at a document or website because it was
difficult to find the information you wanted? There’s a good chance that poor
information architecture was to blame.
Information architecture is the art and science of organizing and structuring
content. I will talk about why information architecture is important, factors
that result in bad information architecture, and resources to further understand
and apply information architecture to your content.
recording release: yes license: CC BY
81. Pushing on a Piece of String - OSIAs adventures in influencing governments
Paul Foxworthy
During 2016 Open Source Industry Australia (OSIA) made multiple submissions to Federal and state government inquiries, committees and taskforces.
This talk will look at the issues we raised, the changes we would like to see, what effect we’ve had, and what we’ve learned that might be useful to the open source community and other open source organisations.
recording release: yes license: CC BY
82. Make your testing Groovy
Paul King
We tend to take enormous care these days making sure our production code is highly refactored and easily maintainable but what about our test code?
This talk looks at the benefits of using an open source scripting language and utilising a high degree of automation rather than a vendor tool for unit, functional, acceptance, customer/BDD testing.
The talk uses Apache Groovy as an example testing language but also considers other polyglot options.
Groovy happens to be an excellent choice as a scripting/testing language for JVM users but the techniques described in the talk are applicable to other similar languages.
Similarly, while specific forms of testing will be looked at, the techniques and lessons learned can be applied to other kinds of testing. Drivers and Runners discussed will include a selection from: Native Groovy, HttpBuilder, HtmlUnit, WebTest, Watij, Selenium, WebDriver, Tellurium, JWebUnit, JUnit, TestNG, Spock, EasyB, JBehave, Cucumber, Robot Framework, JMeter, ScalaCheck and FitNesse/Slim.
Some techniques discussed will include all-pairs testing, model-driven testing, data-driven testing, constraint-programming based testing scenarios and code/test coverage.
Participants in this talk should leave with some new insights into possible testing approaches and techniques which they can take back and incorporate in their own projects.
recording release: yes license: CC BY
83. Kernel documentation: what we have and where it's going
Jonathan Corbet
The Linux kernel features an extensive array of, to put it kindly, somewhat disorganized documentation. A significant effort is underway to make things better, though. This talk will review the state of kernel documentation, cover the changes that are being made (including the adoption of a new system for formatted documentation), and discuss how interested developers can help.
recording release: yes license: CC BY
84. IoTuz software design challenges and ESP-IDF (Iot Development Framework)
Mark Wolfe
IO is Tuz. Tuz is IO. Much ESP32. Very ADC. Wow.
recording release: yes license: CC BY
85. Make more Secure Code! - Overview of Security Development Lifecycle and Static Code Analysis
Jason Cohen
It would seem that, despite the exponential growth in security products, security services, security companies, security certifications, and general interest in the security topic; we are still bombarded with a constant parade of security vulnerability disclosures on a seemingly daily basis. It turns out that we in the Open Source community can no longer shake a disapproving finger at the closed-source giants without also pointing to ourselves and asking what we can do better. In this era of increasingly modular code development and reuse of common libraries, we need to be considering the impact of potential flaws in code we assume to be secure due simply to its widespread use and Open Source nature. So, what do we do? Although it’s not a magical solution or panacea to the problem; implementing Security Development Lifecycle best practices and principles for each and every software development endeavor we undertake (whether it is for your job or for an Open Source Project) can go a long way to reducing the potential for common security flaws. In addition, there is no reason that Static Code Analysis should not be part of every development effort. We are still seeing obvious, easy to fix flaws in modern source code. Input sanitization issues, Cross-Site-Scripting, buffer overflows, and many other known issues still represent the bulk of security issues present. Static Code Analysis can help catch many of these unnoticed issues before code makes it out of the developer’s hands. In addition, we can perform our own analysis on libraries that we wish to leverage to help determine risk ourselves. In this talk, we will explore some common best practice Security Development Lifecycle theory and how we can integrate this into modern code development schemes. We will also look at how to integrate Static Code analysis tools into the development process, to include a demo.
recording release: yes license: CC BY
86. the relationship between openness and democracy
Pia Waugh
What makes a strong democracy? There are lessons to learn from open source and open society that are critical to upholding a strong democracy in such changing and volatile times. How do we ensure power is used for the good of the people? How do we deal with diverse perspectives in a rational scientific way? How do we ensure government is what the people needs it to be? This talk will give some history, co ext, theories and discussion around some big questions.
recording release: yes license: CC BY
87. Writing less, saying more: UX lessons from the small screen
Claire Mahoney
It's easy to think of mobile apps as an abbreviation of the full desktop app experience, or as a miniature version of the "real thing". We assume mobile users want a lighter interface, easier interactions, things they can do 'on the go'. But what are the real differences in how we need to communicate in mobile apps and web apps? What are the new expectations placed on us as writers for any device? And what lessons can we take from the small screen to make all product communication better?
This presentation draws on the unique challenges and considerations of writing user interface (UI) copy for mobile apps, and looks at how we can use the magnified - not miniaturised - experience of the mobile user to rethink our approach to the whole product experience. The talk is centred around writing and the role of a writer, but will incorporate aspects of design, research, app development and content strategy to demonstrate the critical intersections of craft that make up great UX.
Ideally, I want people to get a renewed sense of how big (and small) the world of UX writing is and can be, to review and possibly rethink how UI and UX writing could function better in their organisation, and to have a few chuckles at my expense as I talk about my faults and failures.
recording release: yes license: CC BY
88. Panel on The Future of Community Efforts to Protect FOSS using Legal Tools
Donna Benjamin
What will the legal landscape look like for free software over the next few years? What can or should the international free software community do about it? We'll be looking at these questions and taking questions from the audience.
Panel participants: Kate Chapman, Michael Cordover, Deb Nicholson, Richard Fontana
Moderated by Donna Benjamin
recording release: yes license: CC BY
89. microPython for ESP32
Nick Moore
Python is small. Micro even.
recording release: yes license: CC BY
90. CuriosityKilledThe.cat@fastmail.com
Chris Davies
Chris Davies is a Jenkins certified Quality Assurance Engineer with seven years QA experience. Chris is a full time tester at FastMail (https://www.fastmail.com) and will give a 25 minute overview of testing activities at FastMail.
Prior to working at FastMail, Chris worked at Symantec, Sophos and Sonus Networks and has been involved in Performance testing, system testing, integration testing, automated and manual testing.
Chris will introduce FastMail and the Cyrus IMAP project. He will discuss the history of FastMail and explain why testing quickly is important to our company as well as describe our process and the tools we use.
He will describe the company history, culture, the problems we face, our process and the tools we use to test quickly.
Slides and links will be uploaded to www.curiositykilledthe.cat
recording release: yes license: CC BY
91. The Internet of Scary Things - tips to deploy and manage IoT safely
Christopher Biggs
IoT has been in the news for the wrong reasons, with poorly designed
and managed IoT devices being blamed for contribiting to denial of service
attacks.
This presentation covers
* risks to your own business from IoT takeup and how to avoid them
* how to be a good citizen by ensuring your devices are not a risk to others
* how to run your own IoT control and monitoring hub in the cloud, and
to coerce incompatible devices into working together.
* points to consider when selecting IoT products
IoT is immature - many devices are not as secure as they could be.
I cover how to structure your network in order to reduce the attack
surface presented by your devices.
IoT is faceless, many devices are unobtrusive and you may not notice
if they "go rogue". I offer advice on how to establish a management regime
to limit the damage a misbehaving device can do.
IoT is fragmented, everyone is scrabbling to be the market leader, so
many products do not work well together. This means each device may want
to talk to its own cloud service. I cover how to bridge uncooperative
products to narrow or eliminate need for direct internet access, and offer
advice on strategies to build a cooperating whole.
recording release: yes license: CC BY
92. Rage Against the Ghost in the Machine
Lilly Ryan
People have been using technology to try to contact ghosts for over a hundred years. From ouija boards to EVP to the not-quite-unbelieveable creepypasta you stumble across on a forum at 3am, the spirits of the dead are ever present in our imaginations and (maybe?) our servers.
Some of the recently departed haunt our Facebook advertisements, and many tech companies have had a history of failing to deal well with (or even think about) death. However, very soon, you could deliberately leave a ghost of your own! Researchers are currently working to make our sci-fi dreams a reality, and let us live on digitally after we are gone. Trailing information in our wake every time we touch the Internet, it becomes increasingly possible to create a digital presence that will use these (and future) data points to respond and react to events after our deaths much as we might have in life.
But, as we grow ever-closer to building this reality, how should we think about our ghosts? Are they technically 'us'? Do we own them, or does Google? Could a hacker spin up a doppelganger to plague you in life? Could a corporation do the same?
To explore the answers to these questions and more, light some candles, and follow Lilly into the beyond.
recording release: yes license: CC BY
93. ESP32 development example using IoTuz
Andy Gelme
Developing for IoTuz on ESP32 with an example.
recording release: yes license: CC BY
94. Effective docs writing: Practical writing style explained with computer science.
Joe Robinson
If you've taken a glance at the docs of an opensource project you contribute
to, or something you've worked on either professionally or for a hobby, and
thought "that word doesn't sound right when I read it" or "is there a better
way to write the steps needed to work this project?" this short talk aims to
provide\ practical and effective writing style information for new and
experienced developers. Using basic computer science, this talk describes
and explains writing style points such as how to use definite articles,
active voice, punctuation, and plain language.
recording release: yes license: CC BY
95. Better Testing Through Statistics
Matthew Treinish
The OpenStack Gate operates at a tremendous scale, with on average roughly 12 thousand test jobs launched every day. It's exciting to see testing happen at such a large scale. However there is an issue, it is too difficult for humans to deal with all the data being generated or analyze all the results from the testing. To deal with this the OpenStack community has developed and deployed several tools to help deal with the torrent of data. Using and building off these tools have been invaluable especially as the OpenStack project continues to grow. This talk will explain the basics of OpenStack's CI infra and cover the approach and tooling used by the OpenStack community to interact with the large amount of test result. It will explain the techniques used and the benefits derived from having both open test result data and performing analysis on that data to understand the project.
recording release: yes license: CC BY
96. Helping Caterpillars Fly
Nicola Nye
You need documentation.
No really, you **NEED** documentation. The health, longevity and success of all your favourite FOSS depends on it.
This talk examines the Very Hungry Caterpillar lifecycle of a FOSS project. From the early beginnings as a small egg of an idea, into a hungry caterpillar. And then it reflects on why some projects turn into beautiful butterflies and why some never make it past the stage of the cocoon.
Given we would all rather be surrounded by beautiful butterflies, rather than voracious slugs, I propose that the best way for your favourite FOSS project to grow wings is through documentation contributions and not code.
Through my experience on the Cyrus mail server, I'll then go through some practical ways that technical writers, developers and even users can help a project fly. And provide some danger signs on what documentation is actively counterproductive.
We'll look at processes, _cheese_, templates, _pickles_, tools, _ice cream_, communication, _cake_, style guides and _butterflies_.
recording release: yes license: CC BY
97. Lightning Talks
Andy Gelme
Lightning Talks
recording release: yes license: CC BY
98. A Layperson's Guide for Talking about Free Software Law
Rikki Endsley
Whether you're a layperson talking about free software law, or a lawyer speaking to a layperson, how you deliver your message determines how well your audience understands it. In this talk we'll look at common mistakes laypeople make when interpreting legal issues, and tips for legal experts for condensing and explaining complicated topics to the layperson. We'll also take a quick look at hot free software law and policy topics, the kinds of people writing about them (e.g., lawyers vs. programmers), and what's missing (i.e., the topics community members want to learn more about).
recording release: yes license: CC BY
99. FreeIPA project update (turbo talk)
Fraser Tweedale
FreeIPA is an identity management system providing, identity,
authentication and authorisation in Linux environments, with a focus on
ease of deployment and management. It is built on top of well-known
Open Source technologies including 389 Directory Server, MIT Kerberos
and Dogtag PKI.
This turbo talk will cover advances in FreeIPA over the
past two years that will help organisations secure their
infrastructure, including:
- Lightweight sub-CAs and custom certificate profiles
- Kerberos 2FA advances
- Smart Card-based login and authentication
- Kerberos HTTP proxy
The talk will conclude with a peek into the future at
what's in the pipeline.
recording release: yes license: CC BY
100. Politely socially engineering IRL using sneaky magician techniques
Alexander Hogue
This talk is about using the same techniques a magician or pickpocket would use, but for social engineering and physical security mischief. We’ll exploit the wonky default settings of human brains for the sake of sneaking what you're doing past people. To a magician, your brain is probably running the wetware equivalent of Windows 95, so come along and get patched.
“hey but this has nothing to do with OSX 0days you’re a fraud” yeah well please come anyway it will be fun I promise <3.
Maybe you’re a sneaky red-teamer, and it’s time for you to put your building pass into the returns bin. Everyone is watching. They see you put the pass in the bin, and hear it land. They don’t even know they’re seeing something sneaky! Of course, you’ve somehow got your building pass hidden in your other hand. You put on your 1986 mirror-finish Aviators and walk out of the building just as it explodes in a fireball of best practices.
Let’s learn about:
* How pickpockets do their thing
* Why you don't even need to know pickpocketing and the previous dot point was a waste of your time
* Stealing stuff in plain sight (for example, keys off a table)
* Distracting someone juuuuust right so they leave their computer unlocked
* Manipulating attention, disguising, misleading, implying, and generally being a sneaky person
* Pretending we know psychology to explain how this all works
* How to palm fifteen basketballs
We’ll really be skating on the line of breaking the magician’s code here so buckle up and remember to bring your wallets in your left pockets.
recording release: yes license: CC BY
101. Thanks!
(Needs description.)
recording release: no
102. Slot
(Needs description.)
recording release: no
103. Designing for Failure
Dan Callahan
I joined Mozilla five years ago to work on [Persona](https://login.persona.org/), a decentralized authentication service designed to replace passwords on the Web. Mozilla [cancelled development](http://identity.mozilla.com/post/78873831485/transitioning-persona-to-community-ownership) three years ago, and plans to [turn off the servers](https://groups.google.com/forum/#!msg/mozilla.dev.identity/mibOQrD6K0c/kt0NdMWbEQAJ) one month before LCA.
I'd like to talk about what it means to shut down a project like Persona. What did we learn? Where did our plans fail? Is it even possible to design software that gracefully degrades even beyond the point of its own death?
recording release: yes license: CC BY
104. The kernel report
Jonathan Corbet
A frequent LCA feature for more then ten years, the Kernel Report provides an up-to-the-minute look at what the Linux kernel community is up to and the challenges it faces in the near future. Attendees will come away with a clear picture of what the kernel developers are up to and why it matters.
recording release: yes license: CC BY
105. Enlightenment Foundation Libraries - Case studies of optimizing for wearable devices
Cedric BAIL
Enlightenment Foundation Libraries has been in development for more than a decade. Targeting from day one embedded device, it is now used by Samsung in all its Galaxy Gear smartwatch, a few smartphone and all the new TV. At the forefront of energy consumption constraint, this talk will cover, after a short coverage of what Enlightenment Foundation Libraries are and provide, all the technics used to optimize its CPU, memory and energy efficiency.
Most of this technics will become more and more relevant with the obsolescence of Moore's law and the energy barrier ahead. This talk should be useful to anyone working on getting the most of the hardware they have and be as efficient as possible. For those interested in graphics rendering, we will cover a lot of the technics we use for our software and OpenGL rendering.
recording release: yes license: CC BY
106. Listening to the Needs of Your Global Open Source Community
Elizabeth K. Joseph
When open source projects are small it's easy to work directly with your contributors to make sure that you're serving their needs, but what happens when the project gets larger? It's really easy to assume nothing is wrong when contributors aren't communicating with the project leadership or infrastructure team about what they’re struggling with, but it's rarely the case that contributing is a smooth process.
Drawing from experience in the Ubuntu and OpenStack communities, this talk will explore some of the ways large projects have worked to identify pain points for their contributors and then address them.
Case studies include:
* Institution of regular check-ins with core teams in the Ubuntu project.
* Discussions with the OpenStack QA team about workarounds they were doing to scour job logs, and the subsequent implementation of the ELK (Elasticsearch, Logstash and Kabana) stack.
* Work with the i18n team in OpenStack to provide a new translations platform.
From these case studies and more we'll explore how to get into contact with contributors, reading between the lines in mailing list posts to learn where people are struggling and working to make your project a comfortable place where contributors know they can ask for assistance.
recording release: yes license: CC BY
107. Docker from Scratch
Avishai Ish-Shalom
Docker is very popular these days, how many of us are really familiar with the basic building blocks of Linux containers and their implications? What's missing in the good ol’ chroot jails? What are the available Copy-on-Write options and what are their pros and cons? Which syscalls allow us to manipulate Linux namespaces and what are their limitations? How do resource limits actually work? What different behaviours do containers and VMs have?
In this hands-on workshop, we will build a small Docker like tool from O/S level primitives in order to learn how Docker and containers actually work. Starting from a regular process, we will gradually isolate and constrain it until we have a (nearly) full container solution, pausing after each step to learn how our new constraints behave.
recording release: yes license: CC BY
108. Servo Architecture: Safety and Performance
Jack Moffitt
Servo is a browser engine designed for modern hardware written in
Rust. Current browsers were designed over a decade ago when phones were not
smart, clock speeds were still increasing, and web pages were still static.
Taking advantage of modern amenities requires new approaches.
Servo's architecture is all about doing many things at once. Taking advantage
of multiple cores, GPUs, and SIMD means that Servo can render pages
faster. Servo's design also gives it many safety properties not found in other
browsers and improves some that you've already been enjoying.
I'll discuss how Servo is structured for maximum performance and safety, and
how Rust enables many of the things that Servo does. I'll also compare Servo's
design with that of existing engines.
recording release: yes license: CC BY
109. Future privacy
Michael Cordover
Privacy isn't dead, but sometimes it's not even clear what we mean when we mean by the word "privacy". In this talk we'll take a deep dive into the ways we think about privacy and how technological development has shaped this. In particular, pervasive data collection by government and non-government actors has totally changed the landscape. We live in the future, but we weren't conscious of how we got here.
One conception of privacy is about preventing disclosure of personal information. This model - preferred by lawmakers - says that the most important thing is that your name isn't associated with other information without your consent. Of course, this is meaningless when you have anonymized [aggregation](https://support.google.com/analytics/answer/2790010) and [data matching](http://www.abs.gov.au/websitedbs/D3310114.nsf/Home/Statistical+Data+Integration). Why is protection of your name important when your GUID provides a much better matching key, or two data points can be [correlated with high probability](http://www.tapad.com/)? And what does consent mean when you aren't aware of any of this today, let alone how it could affect you in a year or ten?
Another version of privacy is about solitude: being able to do things without being observed. A hundred years ago, this meant closing the door. These days there are hidden depths to everything we do. Data collection and analytics is probably being performed by your operating system, your keyboard, the application you're using and every service your data passes through at every OSI layer. Even strong encryption doesn't provide protection from metadata analysis, which can reveal enormous amounts you didn't think you were revealing. Even when this data is anonymised (to the extent that is possible) and used in the aggregate, that still doesn't sit well with many people. And that's before we even get to [creepy inference](http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewanted=1&_r=2&hp) or [being an unwitting subject of experimentation](http://www.slate.com/articles/health_and_science/science/2014/06/facebook_unethical_experiment_it_made_news_feeds_happier_or_sadder_to_manipulate.html).
There is a technological response to this changing environment: open, decentralised systems can be incredibly effective for bringing things back into line with user expectations. But in a world increasingly moving to centralised services, where even your open source tools are running in the cloud, how realistic is it to expect this to catch on? Is a legal approach any better in a globalised world where governments are as much a threat to privacy as non-government actors? Or should society just adapt to this kind of more open living?
recording release: yes license: CC BY
110. Engaging with Open Data through Video Games
Paris Buttfield-Addison, Jon Manning, Tim Nugent
Open data, such as that provided by many governments around the world is cool. It’s fantastic to see countries around the world opening as much as they can, allowing citizens and interested parties to build upon and enhance the myriad of interesting information collected by countries. There’s a lot of people doing great work with this sort of data, but they have to be extremely passionate, engaged, and motivated in order to want to get involved.
We found another way. For the last three years we’ve been participating in government-data-focused hackathons, and turning them into game jams.
This session explores why this is a good idea, and how you might want to do it to. We cover:
* conceiving of game ideas based on normally dry open data sets (we once made a Pokemon-style battle game based on the energy efficiency data provided by the government energy regulator, it helped you figure out if your fridge was efficient by letting you battle it against other people’s fridges);
* preserving the spirit and meaning of the data in games you make with it;
tools for parsing and interpreting the data, and making it usable for your games (we’re very good at Perl, Awk, Sed, and R now);
* getting out and engaging people with your data-based games, and making sure people don’t draw the wrong conclusions from what your game shows them (while still having fun – it is a game after all!)
We’ve built games –– often at GovHack in Australia that do everything from turn your local politician’s parliamentary voting history into a party game, to parsing and interpreting a giant database incorporating all the functional roles in a government, and turning it into a SpaceTeam style party game. We’ll tell you how you can do the same thing in your community, how to make it engaging and meaningful, why you might want to do this, and how to get started.
recording release: yes license: CC BY
111. Stranger in a strange land: Breaking language monocultures with open source
Russell Keith-Magee
Despite many differences, the popular platforms that have emerged over the last 10 years have one thing in common: they all promote programming language monocultures. The platform manufacturers provide a single language, and strongly encourage all developers to use that one language for all projects - Javascript for browsers; Objective C (or Swift) for iOS; and Java for Android.
The open source world is populated with a wide range of programming languages. Object oriented and Functional, scripting and compiled, mainstream and experimental - there is an almost endless supply of options, each with their own advantages and disadvantages, strengths and weaknesses. However, they've largely remained tied to traditional server environments.
Is it possible to break the language monoculture, and port existing open source languages to these new hardware platforms platforms? Thankfully, the answer is yes. The BeeWare project has successfully ported Python to browsers, phones, tablets, set top boxes and watches. Although the specific implementations of the BeeWare project are Python specific, the general approaches taken could be applied to any language.
In this presentation, you'll be introduced to the task of porting languages to a new platform, and the various approaches that can be used, depending on the restrictions that a particular platform may impose.
recording release: yes license: CC BY
112. The Future of the Linux Page Cache
Matthew Wilcox
The page cache is one of the most important parts of the Linux kernel. Sitting at the intersection of memory management and filesystems, it is used for all buffered I/O and mmap. Every file is stored in the page cache.
Persistent Memory and Transparent Huge Pages are two recent features that require an enhanced page cache. For Persistent Memory, the page cache needs to be able to store entries which are not actually pages at all, but merely provide information about the underlying Persistent Memory. For Transparent Huge Pages, the page cache needs to understand that one huge page represents a larger chunk of the file than a regular page. On server-class machines, Persistent Memory is available in such large quantities that both Persistent Memory and Transparent Huge Pages must be used to manage memory efficiently.
This talk will show how we are enhancing the page cache (and the radix tree underlying it) to handle new technologies which are almost or already upon us. Attendees will come away with a better understanding of how this vital piece of the kernel works and how they can use it more effectively.
recording release: yes license: CC BY
113. The Internet of Houses: Whare Hauora
Brenda Wallace (Shiny), Amber Craig
New Zealand's housing is cold, damp, mouldy. Lack of heating and insulation means that homes are ill-equipped to deal with winter temperatures. These poor conditions are linked to increased illnesses and infection. Our homes are making us sick.
To fix a problem (and convince people to fix it) you must first measure it.
Whare Hauora trust uses sensors to measure the temperature and humidity of a room. The sensors must be:
* Very low cost
* Respect the privacy of the occupant
* Be, look and feel friendly and safe
For a subset of the deployments, they must work:
* without internet
* without power supply
Whare Hauora is working with residents of social housing, and to empower those who currently have the least power over their living conditions.
This talk is about the journey to create Whare Hauora, the technology we used, and the generosity of the open hackers communities in New Zealand.
recording release: yes license: CC BY
114. In Case of Emergency: Break Glass - BCP, DRP, & Digital Legacy
David Bell
Businesses and households are becoming inextricably attached to their technology, but what happens when the technology isn't available? How do you keep your business churning out widgets and enable your clients to receive their services?
But what about at home? IoT is only growing more and more ingrained into our lives, what happens when your lights don't work due to a firmware bug/internet outage? What do you do when your IoT front door lock doesn't let you in? Or potentially worse, out?
And lastly, in both cases, how do you handle death? We all store countless passwords and access details in our brains, how do our colleagues and family gain access to them when we aren't around to tell them?
In this talk we'll discuss BCP, DRP, Digital Legacy, as well as all these issues, how to begin planning, how to "Break the Glass", how to securely enable your employer and family access to your systems, and how to prepare your digital legacy.
*[BCP]: Business Continutiy Plan: a systematic approach to prevention, increased resiliency, and recovery to threats to a company (or, in this case, an individual)
*[DRP]: Disaster Recovery Plan: a plan for recovery of IT systems following a disaster
*[Digital Legacy]: Digital Legacy refers to a person's digital assets left behind after their death. For example, online accounts.
recording release: yes license: CC BY
115. JavaScript is Awe-ful
Katie McLaughlin
JavaScript is an incredibly powerful language, and thanks to its renaissance, it now has uses that extend beyond the browser.
However, being a language that's extremely accessible, with a shallow learning curve and large userbase, it's the subject of - at times - vitriolic abuse from other language communities.
Yes, JavaScript was created in a very short timeframe, and there are inherent issues with some very early design decisions that can cause some grief to developers. However, as the engine that powers the web, it's able to prove it's versatility and usefulness. So why the hate?
In this talk, we will discuss the history of JavaScript, it's future, and how some it's 'wat's can be avoided in everyday use in other to leverage the power of this universal language. We will also take a short tour through over a dozen other languages and some of their quirks, to prove how no language is without fault.
recording release: yes license: CC BY
116. Why haven't you licensed your project?
Richard Fontana
During the past few years, some have argued that we are living in a "post-open source software" ("POSS") era, characterized by a new generation of developers who work on public software projects without any effort to indicate licensing or any regard to project governance. One view is that this represents an increase in carelessness or legal misunderstanding among developers. However, others have suggested that this behavior may be a deliberate reaction against the "permission culture" inherent in traditional approaches to open source. GitHub has been blamed for this phenomenon and it has taken some measures to address it.
This talk will explore some legal and policy issues surrounding the tendency (real or supposed) for developers to fail to explicitly license their code. We'll address the following questions:
* Is there really more "unlicensed" code now than there was in the past?
* Is it possible to view such code as implicitly licensed under very permissive terms?
* Are those who complain about unlicensed GitHub repositories merely defending a dying legal and political order?
* How can we reform open source legal culture to improve the situation? What about GitHub's efforts, like choosealicense.com?
recording release: yes license: CC BY
117. 400,000 ephemeral containers: testing entire ecosystems with Docker
Daniel Axtens
The value of a high-level language isn't just in the language itself, but rather in the ecosystem surrounding it. Python is hugely enriched by PyPI, Ruby by gems, and Node.js by npm. These ecosystems have hundreds of thousands of packages, evolve rapidly, and vary wildly in quality.
What if you want to test how _all_ the packages work in a given situation? This is the question we set out to answer in this talk.
Previously, testing each and every one of the 458,100+ packages came with an enormous infrastructure cost - for each package you need a VM with a full OS, and the associated memory, CPU and disk requirements. This makes exhaustive testing infeasible for most teams. However, we found that by using Docker, we could test the entire Python, Ruby or Node.js ecosystem over a weekend with a single VM.
In this talk, we look at:
* how we leveraged Docker to rapidly test the entire Python, Ruby and Node.js package sets on OpenPOWER,
* how the characteristics of containers vs VMs made an otherwise infeasible task both feasible and simple,
* how we evolved this into a continuous-integration process,
* other interesting applications of testing at this scale,
* what we found, and some of the interesting quirks and bugs we encountered and lessons we learned.
recording release: yes license: CC BY
118. Are you a bad enough dude to take down your network?
Thomas Cuthbert
Perl and Expect are great tools to destroy automate your network of tens of devices. But what if we wanted to annihilate manage hundreds or even thousands of routers and switches sprawled across slow and lossy WANs or spanning multiple DC fabrics?
In this talk I'm going to arm you with the greatest weapon in the fight against availability network management. This weapon is Trigger.
Trigger is a python API for managing network devices. Trigger is built on top of Twisted which means it nukes moves really fast. Trigger provides easy to use classes and functions to manage Cisco (and many Cisco like devices), Juniper and Arista routers and switches over SSH.
After the session you will be locked and loaded for combat in the fight against network configuration management.
recording release: yes license: CC BY
119. An Introduction to .NET Core on Linux & Docker
Tod Thomson
["Microsoft ♥ Linux"](http://arstechnica.com/information-technology/2014/10/microsoft-loves-linux-as-it-makes-azure-bigger-better/) is not generally something one expects to hear, but we should not be surprised as ["nearly 1 in 3 Azure virtual machines are Linux"](http://news.microsoft.com/bythenumbers/azure-virtual). The Microsoft of old is gone (dead and buried) and "from the ashes" a new Microsoft has emerged, one embracing both FOSS and Linux as first-class citizens. Enter [.NET Core](https://www.microsoft.com/net/core/platform) a "ground up" rewrite of Microsoft .NET which is 100% open source and cross-platform.
In this tutorial we will show you how to get up and running with .NET Core and [ASP.NET Core](https://docs.asp.net/en/latest/) on your Linux distribution of choice. We will introduce you to the [`dotnet`](https://github.com/dotnet/cli) CLI, self-hosting web applications and APIs with the [Kestrel HTTP Server]( https://github.com/aspnet/KestrelHttpServer) (based on [libuv](http://libuv.org)) and then running everything inside OS level virtualisation via [Docker](https://www.docker.com). We will also introduce to you [Visual Studio Code](https://code.visualstudio.com) a new open-source, cross-platform IDE built on top of [Electron](http://electron.atom.io).
By the end of the tutorial you’ll have the tools you need to build your next application with the .NET Core ecosystem.
recording release: yes license: CC BY
120. Slot
(Needs description.)
recording release: no
121. Type driven configuration management with Propellor
Joey Hess
The configuration of Linux hosts has become increasingly declarative, managed by tools like Puppet and Ansible, and by the composition of containers. But if a server is a collection of declarative properties, how do you make sure that changes to that configuration make sense? You can test them, but eventually it's 3 AM and you have an emergency fix that needs to go live immediately.
Data types to the rescue! While data types are usually used to prevent eg, combining an Int and a Bool, they can be used at a much more abstract level, for example to prevent combining a property that needs a Debian system with a property that needs a Red Hat system.
Propellor leverages Haskell's type system to prove the consistency a host's configuration before deploying it. I'll show how Propellor started with a simple type for its properties, and increasingly refined the types as Propellor was developed, with the goal of catching as many configuration problems as possible, before the configuration gets deployed to the hosts. All the way up to type level detection of port conflicts!
Propellor doesn't stop at configuring the top level of a host. It can reach inside containers on the host, and configure them using the same properties that can be used at the top level. It can create and manage chroots, docker containers, and systemd machines. A container defined in Propellor can be added to the multiple hosts, or moved between hosts by cutting and pasting a line in the config file. Propellor applies the same type-level checks to the properties of containers as to the properties of hosts.
Going further, Propellor can create bootable disk images for a host. This unifies initial installation with ongoing configuration of a host. This is particularly useful for managing the configuration of embedded Linux systems, which are often painful to install interactively.
This talk is full of examples of Propellor configuration in Haskell, but no knowledge of Haskell is required.
recording release: yes license: CC BY
122. Organizational Change: Challenges in shipping open source firmware
Stewart Smith
It’s (relatively) easy to ship the first version of a product and publish the source code on Github. What comes next is no less challenging: a service pack needs to be made, you need to start a community, to produce upstream releases, and to transform an organisation into one that breathes openness when a large part of it has not grown up in the free software world.
This is the story of what came after we shipped the first OpenPOWER machine with Free and Open Source firmware, and the associated challenges.
Many unique components go into an OpenPower firmware build. Some of these come from existing open source projects, and some of these come from existing proprietary projects that are now open sourced.
This talk will cover challenges (old and new) and strategies that have worked, haven’t worked, and are in the works.
Challenges include:
* Teams not used to FOSS development
* The mere concept of upstream
* Becoming an upstream project, rather than product
* Releasing downstream
* How we behave in creating official firmware releases and service for our machines in tandem with maintaining upstream code
* Internal bug trackers (plural)
* External bug tracker (singular)
* Documentation
* Specifications
* Conformance
* Testing (internal, external)
* Email
recording release: yes license: CC BY
123. BPF: Tracing and More
Brendan Gregg
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for the Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing t racing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
recording release: yes license: CC BY
124. Ada ❤️ Lace
Nat Dudley
History's first programmer took inspiration from the complexities of weaving fabric on a loom. Why? Because fiber-craft is binary code, built up into complex patterns following complex logic.
Like weaving, knitting is code. From wartime ciphers to modern development, knitted code has many secrets technologists can learn from.
Using the lens of knitting, we'll explore the lessons 1000+ years of practice taught some of our earliest coders about community, design, documentation, choosing your tools, fixing your mistakes, and programming fallacies.
recording release: yes license: CC BY
125. Community Building Beyond the Black Stump
Josh Simmons
User groups are great resources for learning, finding new opportunities, and making friends with like-minded people. But what if you don’t live in Sydney or San Francisco? What if the community ecosystem is sparse where you live and there’s nothing that suits you? Starting a community isn’t hard but there are unique challenges to starting a user group in these circumstances.
There may not be enough JavaScript developers to sustain a JS meetup, there may not even be enough developers to sustain a developer meetup. You may not have startups or tech businesses eager to host events. And how do you program events without a membership and a local network of practiced speakers?
Don’t despair! Whether you’re in a suburban and rural region or the local tech industry just isn’t very big, there’s a solution for all of these challenges. I learned these lessons first-hand when I started a meetup in Northern California where most the tech communities were defunct and I only knew a few other developers. Over the course of 4.5 years we hosted more than 150 events, grew to over 600 members, and eventually I was able to step down and hand it over to the volunteers who run it today.
In this talk we’ll address all the basics of starting and running a user group: setting up an online presence, securing venues, promoting the group to attendees, building an event schedule, booking speakers, and recruiting co-organizers and volunteers. And along the way we’ll zoom in on the issues you may run into building a community outside of metropolis and tech centers.
This session will be useful for anyone interested in bringing people together, especially for folks who want to build critical mass where it seems impossible.
People who are already running user groups are encouraged to attend. They may learn something new and their experience will be handy in the Q&A as we try to mint some new community organizers!
recording release: yes license: CC BY
126. The dangerous, exquisite art of safely handing user-uploaded files
Tom Eastman
Every web application has an attack surface -- the exposed points of interaction where a malicious or mischievous user can commit malice, or mischief (respectively). Possibly nowhere, however, is more vulnerable than places a user is allowed to upload arbitrary files.
The scope for abuse is eye-widening: The contents of the file, the type of the file, the size and encoding of the file, even the *name* of the file can be a potent vector for attacking your system.
The scariest part? Even the best and most secure web-frameworks can't protect you from all of it.
In this talk, I'll show you every scary thing I know about that can be done with a file upload, and how to protect yourself from -- hopefully -- most of them.
recording release: yes license: CC BY
127. Automate your home with MQTT
Alastair D'Silva
Capable embedded electronics are getting cheaper, and most tinkerers have thought at some point about enhancing their lives by automating some aspect of their home.
This workshop will equip the participants with the basic knowledge required to wifi-enable household objects, and respond to sensors such as switches, sound, and light.
Particpants will learn how to script behaviours on the ESP8266 wifi module using the LUA scripting language, communicate to a central server using MQTT (a message passing protocol), and build complex behaviours using the NodeRed drag & drop environment.
No prior development experience is required, as all scripts will be provided and will be explained during the workshop.
No soldering is required, as all electronics are connected via a breadboard.
Links:
recording release: yes license: CC BY
128. Handle Conflict, Like a Boss!
Deb Nicholson
Conflict sucks! The FOSS community is full of passionate people with many, many differing ideas on how to achieve our shared goals. Disagreements seem inevitable, but what if they could be handled rationally, in a way that left everyone feeling at least OK about the outcome? It's possible. You can learn to cut to the heart of the disagreement, mediate and move forward.
Many of us avoid dealing with tricky situations or let conflict avoidance keep us from accomplishing amazing things together. Conflict can be handled -- without flamethrowers -- and the process will often make your community stronger. It just takes time, a slightly relaxed ego and a willingness to see the best outcome for the most people. This talk covers when to handle conflict, strategies for both one-on-one situations and group situations and tips on how to scale your conflict resolution skills, like a boss.
recording release: yes license: CC BY
129. Drink from the firehose: release-monitoring.org
Nick Coghlan
For a long time, the preferred approach to network service security has been
the hardened bunker: define a system, deploy it, and patch it promptly when
security vulnerabilities in the components used are reported and fixed.
However, continuous integration services and automated deployments have
opened up a new model: the moving target that grabs new releases of
dependencies almost as soon as they are available, runs them through the CI
process like any other software change, and then deploys them to production.
Even if a new security flaw slips through testing, that's considered better
than being exposed to the flaws that were classified as normal bug fixes, but
actually represented security issues.
release-monitoring.org is a shared community service born out of the Fedora
Infrastructure team that monitors for new upstream releases, and emits
structured events that can be used to automatically trigger appropriate
follow-on action.
So if you'd like to learn how to drink from the firehose, this talk's for you!
recording release: yes license: CC BY
130. Challenges when Scaling: Continued adventures in Swift's sharding
Matthew Oliver
Background: Swift is an open-source, highly available, distributed, eventually-consistent object storage system. As the project has matured, so has the need to store more and more data. Some sites have moved to using expensive solid state drives (SSDs) for storage, but there has to be a better way we can solve this in software, right?
This presentation continues our Swift sharding adventure from where we left it last year - but now addressing a new set of challenges we've come across in our proof of concept container sharding implementation. During testing of even larger data sets we've come across a number of limitations of the underlying SQLite database, meaning we've had to develop work arounds so that we are able to shard even larger containers. Come and see how we performed large scale testing, how we narrowed down where the limitations were, how we developed our solutions to these problems, all the while trying to maintain backwards comparability.
recording release: yes license: CC BY
131. A tour of the ARM architecture and its Linux support
Thomas Petazzoni
From mobile devices to industrial equipment, and with the rise of IoT, computing systems based on the ARM architecture are already ubiquitous and will become even more so in the future, which means more and more developers will be exposed to ARM systems.
The ARM architecture however has a number of differences compared to x86/x86_64, both in how the hardware is designed, and how it is supported from a low-level software point of view: at the bootloader level and the Linux kernel level.
This talk proposes an introduction to the ARM architecture, to help Linux users and developers understand the huge variety of ARM processors and platforms that are available, and how such a variety of hardware is supported in bootloaders and the kernel.
If you want to migrate your system to an ARM platform, and understand the difference between the Raspberry Pi variants, between ARMv6, ARMv7 and ARMv8, what is the Device Tree, what is this U-Boot thing, and generally get a better understanding of the ARM platform, this talk is for you!
recording release: yes license: CC BY
132. Non-native English speakers in Open Source communities: A True Story
Masayuki Igawa, Dong Ma, Samuel de Medeiros Queiroz
The primary language of most open source projects is English, but open source users and contributors span the globe.
Non-native speakers face many communication challenges when participating in the ecosystem. In this talk, as non-native English speakers and contributors to OpenStack projects and its community, we will share our experiences and some best practices for coping as and including non-native speakers in your project.
This talk will include:
* Common issues for non-native English speakers
* Tips for avoiding and resolving these issues
* Suggestions for effective communication
recording release: yes license: CC BY
133. Open Compute Project down under
Andrew Ruthven
This talk will review the Open Compute Project, where it came from, where
things are now and where things are headed. We will cover benefits that Open
Compute Project provide over the typical server hardware that we're used to.
We will discuss how it works for the large scale operators, and the issues
that affect the small scale operators from the perspective of a small scale
operator.
recording release: yes license: CC BY
134. Slot
(Needs description.)
recording release: no
135. Progress in the Alliance for Open Media
Timothy B. Terriberry
Last year, various disparate open-source efforts to produce a royalty-free, next-generation video codec united to form the Alliance for Open Media. It boasts contributions from [Google's VP10](https://chromium.googlesource.com/webm/libvpx/+/nextgenv2), [Cisco's Thor project](https://github.com/cisco/thor), and [Xiph and Mozilla's Daala project](https://xiph.org/daala/), and industry partners such as Adobe, Amazon, Microsoft, and Netflix, with hardware partners including AMD, ARM, Intel, and NVIDIA. We think this is our best chance yet to create a successful video codec that achieves wide deployment.
This talk will explain the directions the codec is taking, what we learned in the Daala project that we feel we can contribute, where we think we can improve over prior generations, and how far we've come to date. It is intended for an audience with a technical background who does not already have significant signal processing experience.
recording release: yes license: CC BY
136. ChaosKey To Production
Keith Packard
ChaosKey is a true random number generator. It contains a noise source
and an ARM SoC with a USB interface and provides about 1MB/s of random
bits, suitable for replenishing the meager supply available in a
typical Linux machine. All of the hardware designs, firmware, linux
drivers and other software are available under share-alike
licenses. The hardware and software development tools are also free
software.
Development of ChaosKey started almost three years ago, and the first
batch of 1000 that we've built was received in August and made
available for sale.
This presentation will describe the hardware and software design
process, including the many dead ends and hardware iterations
symptomatic of a software engineer's approach to hardware
design. Portions of the hardware were adapted from other free hardware
projects showing how ideas from share-alike software licenses can be
successful in the world of hardware too.
recording release: yes license: CC BY
137. Slot
(Needs description.)
recording release: no
138. Consider the Maintainer
Nadia Eghbal
Does Open Source have a sustainable future? One of linux.conf.au
2017’s four keynote speakers, Nadia Eghbal will help you find out!
linux.conf.au’s focus in 2017 is The Future of Open Source, so we’re
delighted to welcome Nadia, a noted researcher on sustainability in
Open Source.
Nadia's talk examines the inherent tension
between keeping code free, and better supporting the people who
maintain that code. She'll focus on why the future of Open Source requires turning our attention from freedom of the user to freedom of the maintainer.
Originally from a venture capital background, in January 2016, Nadia
started investigating Open Source as the “digital infrastructure” upon
which the tech industry is built.
Her initial reports painted a worrying view of the sustainability of
Open Source software: Many Open Source projects – ones that form the
digital infrastructure that many big organisations in tech and
government rely upon – aren’t in very good shape. Most of Open Source
is not well-funded, and depends heavily on the contribution of free
time on the part of a small pool of maintainers.
She also highlighted that despite building their success on this
infrastructure, much of the leadership in the tech industry was
largely unaware of these issues.
This research culminated in Roads and Bridges: The Unseen Labor Behind
Our Digital Infrastructure, a 142-page report published by the Ford
Foundation, that highlights the scale of the problem:
> Everybody relies on shared code to write software, including
Fortune 500 companies, government, major software companies and
startups. In a world driven by technology, we are putting increased
demand on those who maintain our digital infrastructure. Yet because
these communities are not highly visible, the rest of the world has
been slow to notice.
> In the face of unprecedented demand, the costs of not supporting our
digital infrastructure are numerous. No individual company or
organisation is incentivised to address the public good problem alone.
'''
More recently, Nadia has joined GitHub, focusing on finding ways that
GitHub can empower open source maintainers to create and nurture
thriving, healthy open source projects.
recording release: yes license: CC BY
139. The Vulkan Graphics API - what it means for Linux
David Airlie
OpenGL has long been the 3D API used on the Linux platform. However recently the Khronos group released the Vulkan 1.0 standard which covers a new closer to the metal API for 3D graphics programming across multiple operating systems. This talk will provide a brief introduction to the API and how supported the API is under Linux. The speaker will also discuss possible future uses for this new API and the advantages it brings.
recording release: yes license: CC BY
140. Land Matters: Creating Open Technology for Land Rights
Kate Chapman
The Cadasta Foundation create tech to allow communities to document their land rights. We are modivated by the fact that must of the world does not have legal rights to the land on which they live. Technology is only a small part of this larger social issue, but our hope is that tools can be part of the solution. By documenting evidence of indiviudal and community land rights it a piece of a process help groups obtain some level of legal recognition. The talk will go over:
- Why land rights are important and the ways they improve the lives of marginalized people
- The technology be used as part of this process (Python, Django, Postgres, Leaflet, Field Papers, OpenDataKit)
- Pieces of code we are building that you might want to use in your applications
- How Cadasta is gathering user feedback from users all over the world
- What methods are being used to build a community around the open-source tools we are developing and how this is different from other land rights initiatives
- How people can get involved with Cadasta as users, contributors or otherwise
recording release: yes license: CC BY
141. Lobbing cats into the walled garden - a beginners guide to reverse engineering IM protocols
Eion Robb
Sending pictures of our feline overlords is an important part of the social internet. Unfortunately, large companies want to make this harder by keeping us out of their networks unless our cats fit their ideals. To make a better future for ourselves (and our cats), we need to be empowered so we are able to take arms and fight back. This talk aims to share the knowledge, history, legalities and tools at our disposal to reverse engineer IM protocols and, most importantly, send cat pics.
recording release: yes license: CC BY
142. Reusable R for automation, small area estimation and legacy systems
Rhydwyn
In order to safely share open public health data for small areas, health researchers employ complex spatial adjustment models called generalised additive models. We need to run these models hundreds of times, with inbuilt checking and debugging.
Proprietary statistical programs are designed for run-once analyses. They did not meet our needs. We need something better: we need well-engineered R.
We need to make it easy for analysts to use. We wanted to use the tools of software engineering and reusable research to allow statisticians and epidemiologists to be more efficient - but statisticians and epidemiologists are not computer scientists, and a lot of this world is new to them.
Therefore, we had to develop not only for good software practice, but to ensure that others could use our tools - even when the tool comes with a very different focus from what users are used to.
Using the example of batch small area estimation using generalized additive models, I will talk about the project, the tools we used and how to integrate R into a legacy SAS environment with a minimum of pain: allowing for uptake of the strengths of R without exposing new users to its complexity.
This case will show how open source scientists and statisticians can benefit from open source, and how open source and openness in general can make science better.
recording release: yes license: CC BY
143. Linux-Kernel Memory Ordering: Help Arrives At Last!
Paul E. McKenney
It has been said that Documentation/memory-barriers.txt can be used to [frighten small children][1], and perhaps this is true. However, it is woefully inefficient. After all, there are a very large number of children in this world, and it would take a huge amount of time and effort to read it to all of them.
This situation clearly calls out for automation, which has been developed over the past two years. An automated tool takes short fragments of C code as input, along with an assertion, and carries out the axiomatic equivalent of a full state-space search to determine whether the assertion always, sometimes, or never triggers. This talk will describe this tool and give a short demonstration of its capabilities.
[1] http://lwn.net/Articles/575835/
recording release: yes license: CC BY
144. Rust 101
E. Dunham
Rust is a systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety. If you ask users "what's the catch",
they'll tell you about the challenging learning curve that this powerful new
tool requires.
Presented by a Mozilla Research team member who works with the Rust language
and with Servo (a browser engine written in Rust), this tutorial assumes
familiarity with basic programming concepts (loops, conditionals, functions)
but will require no prior experience with strongly typed languages, Rust, or
systems programming. You'll learn the key concepts necessary for successful
Rust programming, as well as how to continue exploring the language after LCA.
recording release: yes license: CC BY
145. Rewriting MMU for fun and profit
Aneesh Kumar K.V
Memory management is a core subsystem of Linux kernel which provides generic interfaces built on top of architectural implementations. Adding new memory model requires large changes to kernel code. This becomes more challenging when the architecture supports multiple memory models. In this talk, we will look at the challenges involved in adding Linux kernel support for the new POWER ISA 3.0 memory model. We will also summarize kernel specific abstractions we added to efficiently support multiple memory models in a single kernel.
recording release: yes license: CC BY
146. Reproducible Builds for a Better Future
Valerie Young
Many free software projects (Tor, Debian, Fedora and more) have dedicated a great deal of time and effort toward the reproducible builds goal: anyone can download the source code and generate identical binaries. This technical goal has a massive impact on delivering free software's promised freedoms. Our vision:
1. Anyone can verify that the binary program they are running came from the source code they separately downloaded.
2. Anyone can reliably modify their software without fear it will not build on their system.
This talk will begin with the story of the Tor browser bundle becoming entirely reproducible. You will learn how the technical success of Tor inspired the Debian project's ongoing efforts, resulting in an 85% reproducible operating system so far, and other parallel efforts. After laying down this technical and historical background, the talk will focus on concrete ways that achieving reproducible builds will change our relationship with software in the future.
The intended audience is anyone who cares about free software, no matter your technical experience.
recording release: yes license: CC BY
147. Network Protocol Analysis for IoT Devices
Jonathan Oxer
Learn about practical network protocol analysis techniques, and take control of the devices that surround you!
Our homes are filled with devices that communicate over both wired and wireless networks, pushing data to each other to make our lives easier.
Many of these devices started out as simple 2-node pairs: some kind of sensor in one place, and a display in another. The sensor is installed in a useful location and periodically communicates with the display that is sitting on your kitchen counter, and your life is improved somehow. Think of home weather stations, HVAC thermostats, and power usage monitors as common examples.
These devices are designed to be cheap, simple, and reliable. What they are NOT designed to be is secure. They commonly blast their data out using transmitters operating in the unlicensed ISM (Industrial, Scientific, Medical) bands without any regard for whether third parties can intercept that data.
Now stop to think about how many other devices in your house may be using wireless communication. Security cameras, bathroom scales, motion detectors, water tank sensors, car alarms, remote control power strips, flood detection alarms, door locks, electric curtains and blinds, humidity sensors, heart rate sensors. And yes, as Karen Sandler showed us at a previous LCA, even implanted medical devices such as pacemakers!
This provides us with both opportunities and threats.
The opportunity is to make these devices do far more than their maker intended. Many of them were designed to be nothing more than point-to-point systems, but by using some basic tools such as an Arduino we can eavesdrop on their conversations and even imitate them. This talk will demonstrate how to start with an unknown communications method between a pair of devices, and methodically pick it apart until we can see how it works. It will begin with a simple ultrasonic water tank depth sensor that sends a periodic signal to a display in your house, and show how to intercept the signal for your own purposes such as integrating it with a home automation system.
Which leads us to the threat. Having analysed the network protocol so that we can read it, we can now also spoof that same protocol to inject false data into the system. With the same skills and tools required to intercept common ISM band signals, we can simply pull up in a car outside a house and cause havoc by manipulating the trivial wireless data packets flying around it.
Finally, learn which techniques you can use with your own IoT projects to reduce the risk of becoming a victim yourself.
recording release: yes license: CC BY
148. Slot
(Needs description.)
recording release: no
149. Building reliable Ceph clusters
Lars Marowsky-Brée
Ceph is the most popular Software-Defined-Storage technology today, and extremely widespread in the OpenStack world.
It enables a multitude of block, object, and file storage use cases, and its flexibility allows it to be configured as required for many different scenarios. The hardware environment can be similarly tailored. This is a sizable decision matrix, but leads to an environment optimally tuned for the required balance between performance, functionality, and cost. Dependability aspects - availability and reliability in particular - are often overlooked.
Based on twenty years of development and hands-on experience with designing dependable distributed systems and supporting them in production, the goal of this presentation is to make you confident in your choice of Ceph for your use case, and to build an architecture you can trust.
Beginning with choosing the appropriate access method for your workload, we then continue to introduce the algorithms and technologies in Ceph as they relate to resilience and High-Availability. We will discuss the considerations involved in optimizing a distributed storage system for reliability, availability, and durability of data and fault tolerance. We will look at the performance of Ceph in degraded and recovery scenarios, and how to reduce exposure. This affects the choice of hardware, the approach to feature selection, and system architecture.
We will also talk about operational procedures to reduce unplanned downtime, speed-up recovery, and improve supportability.
recording release: yes license: CC BY
150. The Trouble with FreeBSD
Benno Rice
An open source project’s community is what makes it a living thing. Without its community the project is a static lump of code. FreeBSD is one of the largest and longest continuously running open source projects around. Not only that, it comes from an even longer lineage before it via the original BSD work at the University of California, Berkeley. That doesn’t necessarily mean that it is without its problems.
While FreeBSD isn’t in any danger of disappearing any time soon, it does have issues with attracting new contributors, keeping its existing contributors and keeping its community healthy. These issues are not always unique to FreeBSD but FreeBSD provides an interesting case study.
This presentation will cover:
* How FreeBSD’s community and its processes have evolved over the years and how this compares to other, often newer, projects.
* What FreeBSD could learn from other projects.
* How this all fits into broader issues around open source development communities and things that do and don’t work.
recording release: yes license: CC BY
151. Content as a driver of change: then and now
Lana Brindley
Since the earliest people wandered the Earth, we have shared stories and fables
designed to teach, entertain, and inform those who came after us. The only
difference between technical communicators and the Brothers Grimm, is the
sophistication of the tools we use.
Technical communication used to be about determining what content people needed,
researching, and writing it. As the world has changed, and as content has become
free, democratised, and much more readily available (Google, anyone?) the
problem space has moved from "what do we document?" to "how do we organise all
this?".
The content generation model has been turned on its head.
In this presentation, Lana will explore how content has changed through history,
explain some of the newest content curation models, how they are applied to
modern technical writing teams, and go through some of the challenges in
changing your documentation curation model.
recording release: yes license: CC BY
152. A Practical Guide to Compliance with the GNU GPL
Bradley M. Kuhn, Karen M. Sandler
Co-presented by an instructor who has done more GPL compliance work (and taught more courses on it) than anyone, and one of the most experienced lawyers in FOSS licensing, this tutorial, teaches the practical details that developers, business managers and lawyers must know to ensure their company's proper compliance with the GNU GPL and related licenses.
The tutorial first explains the key provisions of GPL for those who wish to redistribute modified versions of GPL software, including handling binaries found in consumer devices. Thereafter, the tutorial explains in plain and straightforward langauge the most challenging concept in GPL: complete, corresponding source code (CCS), its preparation, and its procurement.
Finally, the tutorial explains what companies can expect if, despite their best efforts, they fail to comply with GPL, and furthermore outlines the necessary remedies to receive restoration of GPL's permissions.
Both the written and spoken portions of this tutorial have been carefully honed and crafted over a decade to yield material that is useful to all three constituencies interested in GPL compliance: developers, business managers, and lawyers. All three groups will learn important information that relates to their role in the process of effective GPL compliance.
This tutorial does not provide rote procedures for compliance; rather, the tutorial focuses on the policy goals that GPL seeks to achieve, and helps developers, lawyers and managers understand how to design processes that both fit their own work-flow and focus on the oft-ignored but most important aspects of the GPL.
Attendees should already know the very basic concepts of Open Source and Free Software licensing, but the tutorial should be accessible to anyone who has spent at least some time in the Open Source industry.
recording release: yes license: CC BY
153. Slot
(Needs description.)
recording release: no
154. Optimizing a new processor architecture
Rob Landley
When the last patents on the SuperH architecture started expiring in 2014, the http://j-core.org project released a new BSD-licensed clean room VHDL implementation of an SOC compatible with the sh2 instruction set already capable of booting Linux to a shell prompt on a $50 FPGA board. Linux Weekly news covered this at https://lwn.net/Articles/647636/
Now we'd like to talk about the things we've done to speed up linux, gcc, musl-libc, and the VHDL itself since we first got Linux booted on the thing ~3 years ago. We've doubled the MHZ, added SMP support, implemented futexes, ported everything to device tree, tracked down kernel and toolchain bugs of the "how did this ever work" variety (spoiler: it didn't), and even have a native compiler working on the board. We'll explain why we selected this architecture instead of i386/sparc/m68k (whose patents have had just as long to expire), scaling the processor design up to 64 bit and down to Arduino country at the same time, when the best way to go isn't clear because of tradeoffs (with a "prefetch vs cache" example), decisions about compatibility (sh2 vs sh3 system call numbers, should 64 bit mode have branch delay slots), issues with interrupts and clocks and futexes we hit modernizing an older architecture, and so on.
recording release: yes license: CC BY
155. ODF: Great standard, but what works?
Ben Martin
ODF is an open standard for storing office documents like
text, spreadsheets, drawings, and presentations.While ODF1.2
has been a standard for years, most tools do not fully
implement the entire specification. See how many current
generation office suites implement and or ignore the features
of the ODF specification. I'll also cover some open source
tools which you can use to check how well your own documents
are preserved across many different office suites. Some
results are available at
http://autotests.opendocumentformat.org/
I have been working on tools to help you work out what is
supported by each office application and see how a document
is presented on a platform that you do not have access to.
odfautotests runs hundreds of tests that have been derived
from the ODF standard, with each test aimed at showing how well each office application preserves a specific attribute or element of the ODF standard.
So for example you can see at a glance what
office application will throw away ruby text, and also see
how the ruby text is presented. While you might not care
about ruby text, returning an updated document to a Japanese
client with it stripped out will likely lead to tension.
odfserver is a new tool created this year to allow files to
be uploaded to a central server and have numerous office
applications load and save each file to test compatibility.
These testing tools are useful for a few groups of people. End users looking to use ODF and knowing what is properly perserved in their document. Small tests showing failing attributes are gold for developers who can then formulate plans as to which parts of the specification should be supported by their project next.
recording release: yes license: CC BY
156. Python Profiling and Performance Tuning in Production
Joe Gordon
Pinterest decreased latency and shrunk their front-end fleet by over 40% with less than 100 lines of python. This was done by understanding how a significant amount of latency and consumed resources were the result of gevent’s cooperative multitasking. 3 different open source python profilers, were then used together to identify and fix bottlenecks and inefficiencies in the code base. Most profilers are too slow to use in production, so profiling of web servers often occurs in synthetic environments. But to get an accurate picture of what is happening you need production profiling data, so a production ready Linux signal (SIGVTALRM) based python profiler was used. This talk will cover how Pinterest shrunk their front-end fleet, the techniques and tooling used to improve performance and how they can be applied elsewhere.
recording release: yes license: CC BY
157. The journey of a word: how text ends up on a page
Simon Cozens
What really happens when you type characters into a word processor, typesetter or desktop publishing system, and press print? For the past few years I've been writing software which lays out characters into documents. It's had to deal with OpenType fonts, Unicode texts and PDF documents, and each of these have turned out to be really cool pieces of technology. We'll be breaking apart fonts to see what's inside, opening up PDF files in a text editor, and following the path of a word as it makes its way from your keyboard to the printed page.
recording release: yes license: CC BY
158. The Future of Power Management in Linux
Rafael J. Wysocki
Power management has been an important part of Linux kernel development for the last several years. Support for many important power management features, such as system suspend and hibernation, CPU idle states management, CPU frequency management, runtime power management of I/O devices and more, has been added to the kernel during that time. However, there still are challenges facing the Linux power management developers.
The first challenge is that the majority of power management features available in the kernel today were developed in isolation and while they work reasonably well individually, they may not play so well with each other. At the same time, hardware design trends lead to more and more integration and there is a clear need for the Linux power management features to work more closely together too. For this reason, there have been efforts to integrate runtime PM of I/O devices with system suspend and hibernation for some time. There also is work in progress on integrating CPU power management with the CPU scheduler. All of that work will likely continue into the future.
Further challenges are related to new types of hardware that become available, like persistent memory. Traditional power management features, like system suspend and hibernation, will have to be rethought and modified in response to that and some other changes will likely become necessary in the power management area.
There also are challenges coming from new display technologies and networking that require relatively high power to be allocated to the transmission of data alone putting the other components of the system under power pressure and causing them to be effectively underutilized. Similar problems appear when system are thermally challenged or when their power supplies are not capable of supporting all of the system components at full capacity at the same time.
All of this means that the future of power management in Linux will certainly be interesting. We have many interesting problems to solve and quite a lot of work to do, but hopefully power management in Linux will work really well going forward.
recording release: yes license: CC BY
159. I am your user. Why do you hate me?
Donna Benjamin
Open source software projects can be prickly toward their users. Poor documentation, a steep learning curve, and a finely tuned focus on excellence and quality can make a project community seem hostile. As users of many different open source projects over the years, Donna Benjamin and Leslie Hawthorn have often wondered about this problem and contemplated what to do about it. This session takes their long-standing private rant public in the hopes that it will help us all be better developers, collaborators and community members.
recording release: yes license: CC BY
160. Phase 4 - Status update on the AMSAT Geosynchronous satellite effort
Steve Conklin
Phase 4 is the designation for Geosynchronous Amateur Satellites. AMSAT US is working to design, fund, build, and launch a geosynchronous satellite. This satellite will provide voice and data connections to amateur radio operators within the satellite ground 'footprint', and may have a large impact in enabling disaster communications from areas with no intact telecommunications infrastructure.
The initial effort is for a single satellite which will be stationed over the Northern Hemisphere, but if the project is successful it could expand to more satellites.
Steve Conklin is a member of the ground station engineering team. The goal is to design a complete ground station that is very portable and can be carried and set up by a single person, for under $1000 USD. The ground station is open hardware and software.
This talk will present project goals, current status, and projected schedule.
recording release: yes license: CC BY
161. /sys/class/gpio/Parking Brake: Hacking my car
Joel Stanley
Modern cars come complete with an in vehicle entertainment system, which is a car sales speak for embedded Linux computer with a touch screen.
These Linux machines are typical of the rising trend of the Internet of Things; poorly maintained, out of date, insecure and tied in to the critical functioning of your purchase.
Come with me on an adventure through my car, as we pull apart the installed system, examine the security issues, extend the functionality, all the while trying really hard to not create a new-car priced brick.
recording release: yes license: CC BY
162. Intro to SaltStack
aurynn shaw
In this tutorial, aurynn will walk attendees through their firsts steps in managing systems and deploying software using the SaltStack configuration management system.
We will specifically cover how Salt works, pros and cons versus other configuration management systems, and work together to create a basic Salt deployment in virtual machines.
recording release: yes license: CC BY
163. GPU Accelerated JPEG Rendering
Nathan Egge
GPU Accelerated JPEG Rendering
JPEG is the de facto standard for natural image compression on the web. Most
web browsers use the open source libjpeg-turbo for decoding JPEG files because
a) it is libre software and b) there has been significant investment in SIMD
optimization. However, in applications where the resulting image is immediately
uploaded to the GPU for compositing (like in modern web browsers) this approach
has two drawbacks:
1. The full uncompressed image must be uploaded to the GPU
2. Time spent decoding on the CPU robs computation from other tasks
These issues are exacerbated as more content is provided in high definition.
The jpeg_gpu project aims to solve both these problems by shifting the decode
computation as early as possible to the GPU. Partially decoded JPEG data is
uploaded as soon as the entropy coded symbols are read, and a set of pre-defined
shaders complete the rest of the decode into a GPU texture. Depending on the
resolution of the image and how much it is compressed, the speed-up can be
significant.
This talk will cover how the jpeg_gpu library is designed to take maximum
advantage of GPU parallelism. I will include a brief discussion of some
trade-offs made when designing the shader routines based on experimentation.
The real world performance of this approach will be discussed based on the
integration of jpeg_gpu into the WebRenderer compositing engine in Servo.
recording release: yes license: CC BY
164. Open Source Accelerating Innovation
Allison Randal
The early days of the Open Source movement were all about creating an approachable on-ramp to software freedom. We focused strongly on the practical benefits of free software, and refined the message hoping to help the business sector better understand what we'd been saying since 1983. We succeeded to such an extent that modern Open Source is characterized by active use, participation, and contribution from the largest Fortune 50 tech giants to the smallest Silicon Valley startups, and everything in between. Success at our first goal doesn't mean we're done, it only means we're due to define the next phase of Open Source. The potential of what we might accomplish, using the resources of the entire tech industry, is both inspiring and daunting. Will we live up to that potential? This talk explores the past, present, and future of Open Source, and its impact on technology innovation in the industry today.
recording release: yes license: CC BY
165. Life in the Armoury
Peter Chubb
Our group does seL4, eChronos and Linux kernel development across many different embedded platforms, including various ARM, aarch64, PPC, and Intel.
Even though the core of the released seL4 kernel is formally verified, the experimental versions are not, and need to be tested on all these platforms. In addition only one of the platforms corresponds to the verified kernel.
We have a very limited budget, so often have only one of a platform.
This talk explains how we do continuous integration and continued development without going mad,
We have developed custom hardware (the switcheroo) that is essentially an arduino-controlled multi-output high current power supply, use commercial-off-the-shelf telnet to serial gadgets, use a Cubietruck running Debian to boot some things via fastboot, but everything we can we boot via TFTP.
Clever python scripts talk to everything as glue.
Interesting problems include hard-wired fastboot identifiers (what do you do when three of your development boards identify as 123456789abcdef as a fastboot ID?), multiplexing between different users (the obvious solutions have problems, and we still don't have a good way to do this), and the need for custom u-boot that means that sometimes the things we test don't match what's available to the average punter.
recording release: yes license: CC BY
166. Package Managers all the way down
Kristoffer Grönlund
Increasingly, programming languages come with their own built-in package managers. In early scripting langugages like Perl and Python, these systems were ad-hoc and mainly focused on making it easy for developers to find modules to use on sites like CPAN and PyPI. More recent languages come with complete toolchains for managing the development and distribution of both libraries and applications.
At the same time, Linux distributions have been centered around package management for a long time. Most if not all distributions have their own package management system, designed to make it possible for the distribution developers to package, maintain and curate libraries and applications, delivering software updates and security patches and ensuring that the overall system is consistent and works well.
This talk focuses on the intersection of these two package management philosophies. I have been involved in the process of making software written in the rust programming language available through the openSUSE package management system, and will describe the challenges we have faced and the challenges that still remain for Linux distributions as developers get more and more used to working with language-specific package management systems.
recording release: yes license: CC BY
167. Slot
(Needs description.)
recording release: no
168. At-rest Encryption in OpenStack Swift
John Dickinson
Recently, the OpenStack Swift project released a feature that implements server-side encryption. The feature is designed to protect user data from being exposed if drives were to leave the cluster, something that can happen intentionally through an RMA process or unintentionally from mistakes or malicious intent. If drives leave the cluster, we want to be sure that the users' data is protected and impossible to recover. Swift's at-rest encryption feature encrypts user data and metadata with AES using a unique key for every object stored.
In this talk, we will cover the details of how the server-side encryption works, including the on-disk format, and we'll dig into the key-management used. Also, we'll discuss the ways in which this feature can be improved to support more advanced functionality and more robust key management.
recording release: yes license: CC BY
169. Surviving the Next 30 Years of Free Software
Karen M. Sandler
Let's face it, GNU/Linux is no youngster! Many developers are aging and as with
any large group of people, we must plan for the sad but inevitable loss of
contributors. We have already lost a number of extremely important people in our
community. In this talk, Karen will discuss the legal and social implications of
this transition, like:
* What will happen to my copyrights when I die?
* What if I don't have a will?
* What if I do?
* What are my options?
* What are the challenges my free software project will face as contributors die?
* How do we keep track of everything as time passes?
After many years of struggling with the legal solutions to these problems, Karen
will propose possible mechanisms we can put in place (with suprising ancillary
advantages) and discuss pragmatic next stesp.
recording release: yes license: CC BY
170. Using Python for creating hardware to record FOSS conferences!
Tim 'mithro' Ansell
Python is generally considered a high level language a long way from hardware, this very fact actually makes it an awesome tool for helping out with the design and creation of hardware!
Python was essential in developing the HDMI2USB.tv open source firmware and hardware for video capture. The system has been in use since late 2015 and used at numerous conferences such as Linux.conf.au, DebConf and numerous PyCon conferences around the world.
This talk will hopefully cover;
* Python hardware description languages (HDLs) for creating "gateware" for FPGA chips or even real IC design.
* Python scripting for hardware schematic layout and design rule checking.
* Python tools for deploying, programming and debugging embedded systems.
* Some cool projects like HDMI2USB.tv project.
This talk will focus on open source tools.
recording release: yes license: CC BY
171. Rootless Containers with runC
Aleksa Sarai
Essentially all popular container runtimes require some form of root privileges
in order to create and manage containers. This becomes a problem for certain
systems, where administrators are hesitant to install any software, let alone a
container runtime -- many of which allow for privileged containers without
authentication.
In this talk, Aleksa Sarai will describe recent work done within runC by himself
and other maintainers to allow people to use rootless containers with a
well-supported container runtime, as well as discussing challenges discovered by
this work and kernel work which is being done to alleviate these challenges and
bring a new form of containers to users and developers. In addition, he will
briefly talk about image formats and the management of images without privileges
as well.
recording release: yes license: CC BY
172. Slot
(Needs description.)
recording release: no
173. Keeping Linux Great
Robert M. "r0ml" Lefkowitz
Linux is Great. And part of that greatness was, at one time, attributable to the ascendency of Free Software. Now that Free Software is in decline, it behooves us to reflect upon how to keep Linux great *despite* the fact that it is Free Software.
The underlying motivation for Linux and Free Software was (and is) to democratize software -- making it more accessible to all. Free Software used to be the best strategy for doing so. Now that the challenges for democratization have mutated, we must figure out new strategies for democratizing software, and keeping Linux great.
This talk will review the changes in the technology environment that have led to the decline of free software, and the emerging opportunities for democratizing the software of the future.
recording release: yes license: CC BY
174. Adventures in laptop battery hacking
Matthew Chapman
When I bought a replacement battery for my laptop, little did I know that I was going to be up for an adventure just to get it to charge. Join me on a dive into the innards of laptops and laptop batteries, BIOS, ACPI, embedded controllers, vendor authentication schemes, and the remarkable way in which people come together on the Internet to solve problems.
recording release: yes license: CC BY
175. Data Structures and Algorithms in the 21st Century
Jacinta Catherine Richardson
Data structures and algorithms are essential tools in the developer's toolkit, yet it is an area that is too easy to get behind in. The essential algorithms you learned whenever you did Computer Science probably included:
1. Shortest path and tree (and graph) traversals - depth-first, breadth first, cycle management
2. Sorting - quick sort, bubble sort, merge sort, binary sort
3. Searching - binary trees, B-trees, B+trees, red-black trees
4. Specific problems - knapsack problem, painters algorithm, decision trees
5. Algorithm tecniques - divide and conquer, backtracking, creating NFAs
You might also have learned the Fast Fourier Transform (FFT) and the Convolution theorem.
For data structures you might have learned:
1. Matrices
2. Linked lists
3. Hashing
4. Singular Value Decomposition (SVD) from Linear Algebra
This talk will overview some of the more interesting parts of the above (such as the FFT, convolution theorem, and SVD) before providing an overview of some of the more interesting algorithms developed in the last 16 years.
recording release: yes license: CC BY
176. Reproducible builds: Two years in the trenches…
Chris Lamb
Whilst anyone can inspect the source code of free software for malicious flaws, most Linux distributions provide binary (or "compiled") packages to end users.
The motivation behind "reproducible" builds is to allow verification that no flaws have been introduced during this compilation process by promising identical binary packages are always generated from a given source.
This prevents against the installation of backdoor-introducing malware on developers' machines - an attacker would need to simultaneously infect or blackmail all developers attempting to reproduce the build.
This talk will focus heavily on how exactly software can fail to be reproducible, the tools, tests & specifications we have written to fix & diagnose issues, as well as the many amusing "fails" in upstream's code that have been unearthed by this process. In addition, you will learn what to avoid in your own software as well as the future efforts in the Reproducible Builds arena.
recording release: yes license: CC BY
177. Production high-performance networking with Snabb and LuaJIT
Andy Wingo
It used to be that to set up a serious network, you needed to stock racks and racks with specialized proprietary single-purpose boxes. This was because only specialized hardware could handle the hundreds of gigabits per second that might flow through any given box.
Things have changed. With the rise of cheap commodity Xeon-based servers and widespread availability of 10 gigabit network cards, an off-the-shelf server with a few NICs can now handle the workload. The age of open source software-driven routers is fully here -- but it doesn't look like what we thought it would, 10 years ago.
We thought it would be Linux everywhere, but it turns out that Linux's networking stack is just too slow. To get around this problem, modern high-speed software switches bypass the kernel entirely, instead booting network cards and handling traffic entirely from user-space. The up-side of this is that now we have the possibility of using pleasant, hackable, open source, standalone software stacks to deliver network applications that are tailored to specific needs.
This talk presents Snabb, a toolkit for building user-space network functions. Snabb is entirely written in the expressive Lua language, minimizing the amount of code that you have to write to get stuff done. Snabb specifically uses the LuaJIT implementation of Lua, giving us excellent code generation as well as efficient access to low-level binary data and AVX2 assembly generation.
Snabb's goal is to be "rewritable software": software that's so simple that you could explain it to someone and they could write their own. By the end of the presentation, you too should have this feeling.
We will also describe how Snabb is used in practice in major telecoms and ISPs to provide IPv6 transition technologies to entire countries. Using Snabb allowed a small team of open-source hackers to ship a product that competed favorably against offerings from traditional network vendors.
recording release: yes license: CC BY
178. Publicly Releasing Government Models
Audrey Lobo-Pulo
“The bird that would soar above the plain of tradition and prejudice must have strong wings” – Douglas Adams, The Hitchhiker’s guide to the Galaxy
Governments across the world are becoming increasingly focused on ‘open government’ and sharing information, thereby improving transparency and accountability. Among the more recent developments in the open government space is the idea that government models that are used to design and evaluate policy are freely available to the public to use, distribute and modify without restriction.
Government Open Source Models (GOSMs) have the potential to play an important role in public debate by engaging the community and other stakeholders in policy analysis. The new generation of information sharing, GOSMs are the future of effective open governments and embody the principles and philosophy of Open Source.
This presentation discusses the issues around ‘how’ GOSMs may be released and puts forward the concept of a ‘models.gov’ platform which may be integrated with government data platforms available today.
The practical implications of how the Open Source Software (OSS) licensing of GOSMs could shift the balance of power in public debate between government and external stakeholders are discussed. Moreover the choice of OSS licensing is also likely to affect vendor lock-in and government software procurement.
With countries such as the U.S, U.K and NZ currently looking at issues around releasing and reusing government developed software, the Open Source community has an opportunity to contribute to discussions on how this might best be achieved and what this would mean for future open source contributions to public policy.
Disclaimer: The views presented belong to Audrey Lobo-Pulo and are not necessarily those of the Australian Government.
recording release: yes license: CC BY
179. Managing internal PKI system at scale with Anchor
Stan Pitucha
Managing Public Key Infrastructure for internal systems is hard. Manual approvals, revocation lists, renewals are all more complicated than they should be.
I'd like to show the Anchor project created by HPE security to simplify the process for issuing certificates to services and systems. It's very different from the usual enterprise solutions and close to what Let's Encrypt has started recently. The main reasons behind creating Anchor were:
- revocation as it exists on the internet today doesn't really work
- certificate expiry / renewal is hard to manage and often forgotten
- existing PKI systems are huge and complicated
- OpenStack deployments needed TLS on every service without depending on big PKI system
- it provides configurable validation/authentication of requests without involving users
I'll explain how Anchor solves those and other issues.
Anchor is currently used in HP's Helion OpenStack project and is one of the official OpenStack security projects. It supports standard X509 and simple CMC requests. It also integrates easily with common authentication backends (local, keystone, ldap) and can sign certificates either locally or via PKCS11 interface (this includes keyrings, hardware security modules, etc.)
recording release: yes license: CC BY
180. Maintainers Don't Scale
Daniel Vetter
A tale from one of the busier places (by patch churn at least) in the kernel, and how to make it all work well. Since about one year the drm/i915 kernel driver is maintained by two maintainers and a team of roughly 15 people who can apply patches directly to the main driver branch – fairly normal in open source, but rather unheard of in the Linux kernel. It all started as an experiment, with the expectation that worst case I’ll burry it quietly again. Which hasn’t happened, at least yet.
I’ll talk about why I considered trying this out, what I feared could happen, what’s actually happened and what I think, with a bit of hindsight, are the key ingredients to make this work, and where it could be useful model in other places.
recording release: yes license: CC BY
181. My personal fight against the modern laptop
Hamish Coleman
In this talk, I will take you through the tools and techniques
I used to reverse engineer the keyboard controller in my Thinkpad
laptop and re-flash it with custom firmware. This will cover how the
Thinkpad range of laptops have tried to secure their firmware from
unauthorised changes. Finally, I will present my ongoing work to
reverse engineer the protocol used between the BIOS and the vendor's
flash update tool (which included writing a custom virtual machine
to emulate a minimal laptop).
I was driven to start this project when I realised that the laptops
currently on sale just did not meet my requirements. Even the durable
Thinkpad laptops I have preferred in the past are being dumbed down.
Eventually, I will need a new laptop - and with the current offerings,
I just do not want anything I can purchase off the shelf. I knew
I was not going to be able to build my own laptop from scratch
(and having discounted all the current free/open laptop offerings)
so I started looking at what I could hack together.
To keep the project achievable, I reduced my laptop gripes as far
as I could and focused on just the keyboard - asking the question:
"Can I shoehorn an older keyboard in a modern laptop?" Eventually
answering it with "yes, sometimes."
It turned out to be easily possible to physically replace the
keyboard on any of the Thinkpads in the xx30 series with one from the
xx20 series. I was stalled with a half-working keyboard until early
2016 when Zmatt published how he unlocked his laptop. The firmware
changes needed were bundled up into a complete build system which
others have used to replicate the keyboard replacement. However,
with both these laptop series' being several years old now, I am
still looking at forward porting this to a newer laptop - which has
led me to research the hardware and firmware design there.
I will also take the audience through my current knowledge of how
the vendor's protocol to tell the BIOS to write a new image to
flash works. Now that it is possible to write new code for the
embedded controller and to install it and run it - I wanted to
know how secure this was (or wasn't) separate to simply "fixing"
the keyboard. I have written a custom virtualisation tool to host
the vendors "dosflash" program and capture the protocol it uses to
request that the BIOS write a new image to flash.
It is my hope that others will be inspired to look closer at their
hardware and to give them both some tools and the confidence that
it is possible to "fix" the way that consumer hardware works.
recording release: yes license: CC BY
182. Election Software
Vanessa Teague
Australian elections rely increasingly on software to compute outcomes and even to record and transfer votes. Like any other software, election software can be buggy, insecure, mistakenly configured, or running on a platform not controlled by those who think they control it.
So how do Australian voters and scrutineers get evidence of the accuracy of our election results? What's the role of open source software? Should we be voting over the Internet?
Victoria has an open-source end-to-end verifiable pollsite e-voting system. NSW has a closed-source not-verifiable Internet voting system. Other states and territories have a variety of approaches. Don't even ask for the Senate counting code.
Where are our elections headed? And how can people who understand computers try to help?
recording release: yes license: CC BY
183. Preparing For The Next Generation of Contributors
Grace Nolan
With more and more students learning computer science in schools, how can we encourage participation in OSS projects?
This talk is adapted from a research project Grace completed while at University investigating gender parity in Computer Science. Grace will share her findings on the student environment at university and how it relates to open source projects. She will then open the conversation up to discuss ideas on how to create a rich petri dish for prospective contributors from diverse backgrounds.
She will present to you a vision of the future; a reality check; and finally, a discussion of ideas to help us make that vision a reality.
recording release: yes license: CC BY
184. Hacking democracy and playing the long game
Luke Bacon
Imagine the future you want for our societies and democracy. You can start building the tools and services of that future today.
For 8 years the [OpenAustralia Foundation](https://www.openaustraliafoundation.org.au/) has run open source projects to transform democracy. We’re a tiny team but millions of people have used our services to learn about and impact what happens in their society. At the core of our practice is collaboration, sharing and openness.
In day-to-day development we determinedly focus on the immediate, practical benefits to people who use our work—but, there are specific long-term hacks underlying each of our projects: futures we imagine and hope to step our way towards. We create services with immediate practical use, but that change the way you see yourself and your role in our democracy.
In this presentation we’ll look at the long-term hacks that underlie our project *[Right To Know](https://www.righttoknow.org.au/)*. *Right To Know* makes it much easier to use your Freedom of Information rights to access any document held by Australian government bodies—you’re right to know about the projects and policies that impact your life. Right To Know makes simple changes to the way you access government information, but aims to support a transformation in how we all are involved in organising our society.
By looking at how Right To Know works to push us towards certain futures, you’ll see how our approach works in practice and, most importantly, how you can start civic hacking towards the future you want.
recording release: yes license: CC BY
185. The Business of Community
VM (Vicky) Brasseur
While community management and developer relations are gaining acceptance, many companies still don't know how these efforts can benefit not only the communities of the open source projects on which their business relies but also their productivity and profitability.
In this talk, I'll look at community from a business perspective, including the effect community can have on an organization's bottom line. Although there are communities everywhere, I'll approach the topic—meaning, communities, their members, and their contributors—from a free/open source perspective.
In this talk I'll cover:
* Business reasons for supporting a community
* Metrics for gauging community management success from the business' perspective
* Getting started in community management
* Risks of community management
The audience will learn:
* Business reasons for supporting a community
* Metrics for gauging community management success from the business' perspective
* Getting started in community management
* Risks of community management
recording release: yes license: CC BY
186. libtls: Rethinking the TLS/SSL API
Joel Sing
As anyone who has written code that implements a TLS client or server will know,
many of the existing APIs (namely OpenSSL) are confusing, difficult to use and
full of pitfalls for the unwary. Many security issues (and less serious bugs)
are due to the mistakes made by human developers, while trying to navigate their
way through the various function calls, return codes and missing functionality.
libtls is a component of the [LibreSSL project](http://www.libressl.org/); a
project that started as a fork of OpenSSL following the infamous
[heartbleed](http://www.heartbleed.com/) incident. While the general goals for
LibreSSL are to modernise the codebase, improve security, and apply best practice
development processes, libtls aims to completely rethink the TLS API.
This talk will cover some of the many issues with existing TLS/SSL APIs, prior
to looking at how libtls has been designed to be different. The history of libtls
will be discussed, before detailing the API development process that has been
used, which has allowed the library to morph and improve over time. The set of
rules that have been put in place to ensure that the API is as developer friendly
as possible will be explained, followed by a discussion of the overall litmus
test and proving ground that has been used during its design and development.
recording release: yes license: CC BY
187. Getting into the Rusty Bucket: Lessons from Integrating Rust with Existing C
William Brown
Rust is a modern language developed by Mozilla pursuing the trifecta: Safety, Speed, and Concurrency. With such promise for the future, how can we use this now? We are not always in the beautiful open green fields; we must contend with our existing grunty applications!
389 Directory Server is based on code now more than 20 years old. We cannot throw this out and replace it, but we want the benefits Rust gives us - especially for authentication and security critical code.
We will explore the challenges of security in engineering, and behaviours of the modern programmer. I will discuss why we have spiraled down a mountain of failure as an engineering discipline - and why we need tools like Rust to validate our work. I will explore the Directory Server plugin interface, where we have the ability to provide pure Rust plugins, allowing safe, fast extensibility to a core piece of systems authentication. This will explore the challenges to build it, and the design patterns needed in C, to make sure that the integration between Rust and C is possible today, leading towards a future rewrite.
recording release: yes license: CC BY
188. A guide to selecting FOSS licences for programmers and open culture enthusiasts
James Scheibner
This paper provides some insight for programmers on way that copyright and patent law in Australia affects free and open source software (FOSS) licences. Without a shadow of doubt the greatest area of legal debate amongst FOSS programmers surrounds the choice of FOSS licence. Many FOSS and Creative Commons style licences are designed to provide developers with a standardised licence which sets the terms for the release and public use of work. Crucially, many of these licences are designed so that developers do not have to seek legal advice for the release of their source code.
However, the complexity and uncertainty regarding the scope of copyright and patents with respect to software can be discouraging for many FOSS programmers. This confusion and uncertainty may lead to FOSS programmers choosing conflicting licences or choosing to not licence their code at all, which can lead to uncertainty as to who actually owns the software. These issues are important irrespective of whether the software is open source or proprietary, or developed as part of commercial work or on a gratis basis.
Nevertheless, a number of recent decisions in the United States have clarified both the scope of copyright and patent protection for software, fair use under copyright law and the conditions that are enforceable under both proprietary and open source software licences. Given the increasingly internationally standardised nature of patent and copyright law, these decisions are likely to have a considerable impact on the way that law affects software in Australia.
Accordingly, this paper is intended to provide a guide for FOSS programmers on how recent case law has impacted on open source licence enforceability, and the implications of releasing under certain FOSS licences. In particular, this paper provides advice on how open source developers should release their software depending on how they wish their software to be used or distributed. Specifically, this paper will attempt to provide some examples on where particular FOSS licences may or may not be appropriate depending on both the type of software and work licensed and the intent of the developer. Finally, this paper will also provide some tips on steps that FOSS developers or open culture enthusiasts can take to maximise downstream use or sharing of their work.
recording release: yes license: CC BY
189. The proper care and feeding of communities and carnivorous plants
Rikki Endsley
In 2016, I adopted my first carnivorous plant, a Venus Fly Trap, which I named Gordon. I quickly discovered that, in addition to his ability to catch the occasional bug and get energy from the sun, Gordon's health was closely connected to the environment and care I provided. In this talk, I'll draw from more than a decade of experience working with open source communities (and a few months of experience keeping Gordon alive) to explain how caring for a Venus Fly Trap is much like caring for a community. Like carnivorous plants, communities can't be left alone to fend for themselves, and they won't explicitly tell you when there is a problem. Communities and carnivorous plants need an energy source, healthy environments, pest control, and occasional maintenance. Whether you're a seasoned community gardener, or just starting to develop your carnivorous plant green thumb, you'll learn practical tips for nurturing healthy roots that grow thriving communities (... or Venus Fly Traps).
recording release: yes license: CC BY
190. Integrating high speed fabrics into the Linux network stack
Christoph Lameter
The interface to High Performance network fabrics such as Infiniband and Omnipath has traditionally been like a side car in the kernel. Software was developed in a separate section from the kernel netowrk stack. This talk is about how to integrate the fabrics properly into the network stack so that standard things like ethtool or netstat and the commonly availabe /proc/net/... things will work. This is work on progress so at this early point is it not clear how far the work will have progressed until the presentation.
recording release: yes license: CC BY
191. Defending the Security and Integrity of the 'Net - is Open Source helping?
George Fong
With the onslaught of mass electronic surveillence across the world and with the rise of criminal activity threatening the growtht of online business and commerce, where are the tools and defences that allow users of the ‘Net to traverse the same safely, and how is the Open Source contributing towards making the ‘Net a place of integrity and trust?
In this presentation, George Fong explores the open source ecosystem and open source tools in relation to security and defence of ‘Net activity ranging from encrypting email to anonimisning access. He also assesses the effectiveness and utility of the same in relation to assisting Internet users of all walks of life in protecting themselves and their personal information. The presentation also explores the threats, both physical and political, to the integreity of the ‘Net as a trusted communications medium.
recording release: yes license: CC BY
192. Designing a Race Car with Open Source Tools
Dave Chinner
After I ran out of talent and had a high speed encounter with an immovable object in May 2016, I needed to build a new race car. The car I crashed is
somewhat unique for many reasons - it's a Locost Clubman. The car has a space frame chassis, based on the original 1957 Lotus 7 designed by Colin Chapman. In the early 1990s, Ron Champion published a Haynes manual titled "Build your own sports car for as little as £250" which was a step by step guide to fabricating and building the entire car. Essentially, it was the source code for the car.
To Locost enthusiasts, this is known as the "book chassis". It is simple, and very similar to design of the original Lotus 7. Over the past 20 years, many people have built, broken, analysed and improved on the chassis design. Mechanical engineers have published PhDs using finite element analysis to identify weak points and model stronger chassis designs. There are interweb forums full of people who have built these cars and they share mods, designs, fabrication techniques, etc. In the car world, it's a microcosm of open development and improvement.
In analysing the corpse of my car - mostly based on the book chassis - I realised that I needed to make something far stronger. Not just for safety reasons, but also to handle the suspension loads generated by modern race tyres and ludicrous power and torque of my race spec engine. The challenge I face is whether I can design a chassis with open source tools on my laptop and then build it in my workshop.
Are the open source 3D cad tools capable of building a complex space frame
chassis? Can I get an open source finite element analysis software to perform strength and failure analysis and get sane results? Can I design all the parts I need and send them to 3rd parties to get them laser cut, bent, fabricated and delivered to my door? Can I integrate my little CNC milling machine into these tools (i.e. CAM) so I can rapidly fabricate prototypes and iterate designs? If the open source tools exist, is it even possible to make them work together in a sane way? What tools have I had to write myself? What landmines will I step on?
I really don't know - by the time January and LCA rolls around I might have a car built, or I might have a pile of scrap metal and broken, twisted dreams. All I know is that I'm going on an adventure in open source land and I will have fun finding out where it takes me. Maybe you will, too.
recording release: yes license: CC BY
193. Continuously Delivering Security in the Cloud
Casey West
What does it really mean to keep systems secure on the cloud? When software workloads are distributed across elastic clusters, scaling automatically, and changing rapidly the notions of what it means to be secure shift. In this talk I’ll show concrete patterns for continuously delivering security based on Justin Smith’s excellent ["Rotate, Repave, and Repair"](https://medium.com/built-to-adapt/the-three-r-s-of-enterprise-security-rotate-repave-and-repair-f64f6d6ba29d) pattern.
I’ll dive into using common open source tools and up-to-date organizational and cultural practices while exploring the philosophy of this modern approach to security.
You’ll leave this talk understanding the importance of automation, secrets management, immutable infrastructure, and continuous delivery all from a security perspective. More importantly, you’ll gain a deeper understanding of practical use cases for tools designed specifically to address these concerns.
Your CISO has never been this happy.
recording release: yes license: CC BY
194. Lightning Talks and Conference Closing
(Needs description.)
recording release: yes license: CC BY
Location
--------
Plenary Hall
About the group
---------------
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/