114 seagl2017 2017-10-06 2017-10-07 2 00:05 2017-10-06T02:00:00-07:00 09:00 00:30 Expo Hall 30 minute coffee 397-expo-hall-open-coffee-on-friday-morning Brought to you by PogoLinux Brought to you by PogoLinux false Adam Monsen 2017-10-06T03:30:00-07:00 10:30 00:15 Expo Hall 15 minute coffee 398-friday-second-coffee Brought to you by PogoLinux Brought to you by PogoLinux false Adam Monsen 2017-10-06T08:00:00-07:00 15:00 00:30 Expo Hall 30 minute coffee 399-friday-afternoon-coffee Brought to you by PogoLinux Brought to you by PogoLinux false Adam Monsen 2017-10-06T10:30:00-07:00 17:30 00:30 Expo Hall Cleanup 400-friday-cleanup Clean up Clean up false Adam Monsen 2017-10-06T02:30:00-07:00 09:30 01:00 Theatre Keynote 405-keynote-nithya-ruff Nithya has been a passionate advocate and a speaker for opening doors to new people in Open Source for many years. She has also been a promoter of valuing diverse ways of contributing to open source such as in marketing, legal and community. You can often find her on social media promoting dialogue on diversity and open source. She has spoken at multiple conferences such as LinuxCon, OSCON, All Things Open, SCALE, Grace Hopper, OpenStack and Red Hat Summit on the business and community of open source. In recognition of her work in open source both on the business and community side, she was named to CIO magazine’s most influential women in open source list. And most recently, the O’Reilly Conference awarded Nithya the 2017 Open Source award for exceptional contributions to open source software. You can follow her on twitter: @nithyaruff Nithya has been a passionate advocate and a speaker for opening doors to new people in Open Source for many years. She has also been a promoter of valuing diverse ways of contributing to open source such as in marketing, legal and community. You can often find her on social media promoting dialogue on diversity and open source. She has spoken at multiple conferences such as LinuxCon, OSCON, All Things Open, SCALE, Grace Hopper, OpenStack and Red Hat Summit on the business and community of open source. In recognition of her work in open source both on the business and community side, she was named to CIO magazine’s most influential women in open source list. And most recently, the O’Reilly Conference awarded Nithya the 2017 Open Source award for exceptional contributions to open source software. You can follow her on twitter: @nithyaruff false nithyaruff 2017-10-06T03:45:00-07:00 10:45 00:50 Room 3187 Longer Talk 299-passing-the-baton-succession-planning-for-foss-leadership People While sharing of and collaborating on software has been around as long as there's been code, the open source concept and movement only came into being in the late 1990s. There are many who remember a time before open source. Of those, most helped to shape the philosophy, laws, governance, and policies which are the foundation of the free and open source movement we enjoy today. But what happens when these people decide to retire? Who will carry the baton and lead the movement? Thankfully these people are still with us, helping to craft and lead FOSS, but there are very few younger individuals among their ranks. As we look at the next horizon for FOSS, we must consider who will take us there. While we have these founders in our midst, we must take the time to do succession planning for free and open source leadership. This talk will cover: * Succession planning: what it is & why we need it * What new leaders must know & learn * Steps we can take to develop the FOSS leaders of the future While sharing of and collaborating on software has been around as long as there's been code, the open source concept and movement only came into being in the late 1990s. There are many who remember a time before open source. Of those, most helped to shape the philosophy, laws, governance, and policies which are the foundation of the free and open source movement we enjoy today. But what happens when these people decide to retire? Who will carry the baton and lead the movement? Thankfully these people are still with us, helping to craft and lead FOSS, but there are very few younger individuals among their ranks. As we look at the next horizon for FOSS, we must consider who will take us there. While we have these founders in our midst, we must take the time to do succession planning for free and open source leadership. This talk will cover: * Succession planning: what it is & why we need it * What new leaders must know & learn * Steps we can take to develop the FOSS leaders of the future false VM (Vicky) Brasseur 2017-10-06T06:30:00-07:00 13:30 00:20 Room 3187 Shorter Talk 298-programming-in-prison-web-development-behind-bars Education In a plain-looking computer room sits 30+ men wearing khaki-colored shirts and pants, each staring intently at their monitors. Some young, some old, some with tattoos, all with different life stories. These men--many of which have never been on the Internet-- are learning computer programming while serving time at Washington State's second largest prison. Gaining employment upon release from prison is one of the largest indicators of successful re-entry into society. With today’s booming tech market, these currently incarcerated men hope to gain the skills needed to obtain web development jobs upon release. However, learning programming inside a prison isn’t easy. Each student computer is highly locked-down with limited software and absolutely no Internet access. While most programmers enjoy the benefits of Google and StackOverflow, these students must work with what is available on the classroom’s local network and in the outdated computer manuals available in the facility library. My name is Sarabeth Jaffe and I teach computer programming at Monroe Correctional Complex. In this talk, I will discuss the many challenges of teaching web development without the web, the Open Source technology that makes it possible, and the many opportunities we--as technologists--have to spread the benefits of the technical knowledge to disadvantaged populations. In a plain-looking computer room sits 30+ men wearing khaki-colored shirts and pants, each staring intently at their monitors. Some young, some old, some with tattoos, all with different life stories. These men--many of which have never been on the Internet-- are learning computer programming while serving time at Washington State's second largest prison. Gaining employment upon release from prison is one of the largest indicators of successful re-entry into society. With today’s booming tech market, these currently incarcerated men hope to gain the skills needed to obtain web development jobs upon release. However, learning programming inside a prison isn’t easy. Each student computer is highly locked-down with limited software and absolutely no Internet access. While most programmers enjoy the benefits of Google and StackOverflow, these students must work with what is available on the classroom’s local network and in the outdated computer manuals available in the facility library. My name is Sarabeth Jaffe and I teach computer programming at Monroe Correctional Complex. In this talk, I will discuss the many challenges of teaching web development without the web, the Open Source technology that makes it possible, and the many opportunities we--as technologists--have to spread the benefits of the technical knowledge to disadvantaged populations. false Sarabeth Jaffe 2017-10-06T07:00:00-07:00 14:00 00:50 Room 3187 Longer Talk 343-history-of-control The Past and Future of Digital Restrictions Management Education # Abstract The talk will give an overview of the history of Digital Restrictions Management (DRM), from codes and passwords for ancient video games to remote attestation spyware and beyond. It will provide the listener with a perspective on the true purpose of DRM, which throughout its history has always been control over the user. While nominally DRM has something to do with copyright, in each step throughout its story we find again and again that domination of the user is its only 'success' and ultimate goal. This fact becomes glaringly obvious as we move to the era of DRM enforcement of laws, where governments try to control citizens by rewriting digital reality. The talk will conclude with what we are doing at the FSF to fight back, and what you can do to help. # Donald Robertson, III, Licensing & Compliance Manager Donald is an attorney, and speaks on free software legal issues and activism. He handles licensing education & GPL compliance at the FSF. He resides in the Pacific Northwest. Previous speaking engagements: * Respecting Freedom: Free software license compliance for hardware devices, at LinuxfestNW 2017 <https://www.linuxfestnorthwest.org/2017/sessions/respecting-freedom-free-software-license-compliance-hardware-devices> * FSF: Volunteer Empire, Seagl 2016 * From TPP to saving WiFi, the FSF fights for you, at LinuxfestNW 2016 <https://www.linuxfestnorthwest.org/2016/sessions/tpp-saving-wifi-fsf-fights-you> * Trading Freedom: The Threat of International "Trade" Agreements Like TPP, TTIP, and TISA, at SeaGL 2015 <http://seagl.org/schedule/2015.html> * The Free Software Foundation Licensing & Compliance Lab; We Fight for the User, at LinuxFest Northwest 2015 <http://linuxfestnorthwest.org/2015/sessions/free-software-foundation-licensing-compliance-lab-we-fight-user> * From Creation to Compliance: A Free Software Legal Primer at, Linuxfest Northwest 2014 <http://linuxfestnorthwest.org/2014/sessions/creation-compliance-free-software-legal-primer> * Seminar on GPL Enforcement and Legal Ethics 2014 <https://www.fsf.org/events/seminar-on-gpl-enforcement-and-legal-ethics> * Software License Compliance Audits: Establishing Audit Protocol in the Agreement and in Practice at ACI:Software Agreements - Cloud, SaaS, Open Source & Licensing 2013 <http://www.americanconference.com/softwarelic/agenda> * Licensing & compliance: a collective effort, at Libreplanet 2013 <https://libreplanet.org/wiki/LibrePlanet:Conference/2013/Sessions> # Abstract The talk will give an overview of the history of Digital Restrictions Management (DRM), from codes and passwords for ancient video games to remote attestation spyware and beyond. It will provide the listener with a perspective on the true purpose of DRM, which throughout its history has always been control over the user. While nominally DRM has something to do with copyright, in each step throughout its story we find again and again that domination of the user is its only 'success' and ultimate goal. This fact becomes glaringly obvious as we move to the era of DRM enforcement of laws, where governments try to control citizens by rewriting digital reality. The talk will conclude with what we are doing at the FSF to fight back, and what you can do to help. # Donald Robertson, III, Licensing & Compliance Manager Donald is an attorney, and speaks on free software legal issues and activism. He handles licensing education & GPL compliance at the FSF. He resides in the Pacific Northwest. Previous speaking engagements: * Respecting Freedom: Free software license compliance for hardware devices, at LinuxfestNW 2017 <https://www.linuxfestnorthwest.org/2017/sessions/respecting-freedom-free-software-license-compliance-hardware-devices> * FSF: Volunteer Empire, Seagl 2016 * From TPP to saving WiFi, the FSF fights for you, at LinuxfestNW 2016 <https://www.linuxfestnorthwest.org/2016/sessions/tpp-saving-wifi-fsf-fights-you> * Trading Freedom: The Threat of International "Trade" Agreements Like TPP, TTIP, and TISA, at SeaGL 2015 <http://seagl.org/schedule/2015.html> * The Free Software Foundation Licensing & Compliance Lab; We Fight for the User, at LinuxFest Northwest 2015 <http://linuxfestnorthwest.org/2015/sessions/free-software-foundation-licensing-compliance-lab-we-fight-user> * From Creation to Compliance: A Free Software Legal Primer at, Linuxfest Northwest 2014 <http://linuxfestnorthwest.org/2014/sessions/creation-compliance-free-software-legal-primer> * Seminar on GPL Enforcement and Legal Ethics 2014 <https://www.fsf.org/events/seminar-on-gpl-enforcement-and-legal-ethics> * Software License Compliance Audits: Establishing Audit Protocol in the Agreement and in Practice at ACI:Software Agreements - Cloud, SaaS, Open Source & Licensing 2013 <http://www.americanconference.com/softwarelic/agenda> * Licensing & compliance: a collective effort, at Libreplanet 2013 <https://libreplanet.org/wiki/LibrePlanet:Conference/2013/Sessions> false Donald R. Robertson 2017-10-06T08:30:00-07:00 15:30 00:50 Room 3187 Longer Talk 389-introduction-to-the-godot-game-engine Something different Ever wanted to learn how to build your own game? There's never been a better time to start. While most of the industry is focused on proprietary engines, there are also a number of free software game engines that don't get nearly as much press. This talk will introduce you to Godot, a capable and fully-featured game engine, 100% free and open source, under active development, with excellent support for the Linux platform. I will introduce you to the game engine's editor, scripting language, and I will guide you through the engine's most important concepts (and around some of its most common pitfalls). Even if you've never used a game engine before, at the end of this talk you'll be armed with enough basic knowledge to write your first game. Ever wanted to learn how to build your own game? There's never been a better time to start. While most of the industry is focused on proprietary engines, there are also a number of free software game engines that don't get nearly as much press. This talk will introduce you to Godot, a capable and fully-featured game engine, 100% free and open source, under active development, with excellent support for the Linux platform. I will introduce you to the game engine's editor, scripting language, and I will guide you through the engine's most important concepts (and around some of its most common pitfalls). Even if you've never used a game engine before, at the end of this talk you'll be armed with enough basic knowledge to write your first game. false Brian Raiter 2017-10-06T09:30:00-07:00 16:30 00:50 Room 3187 Longer Talk 326-uefi-what-is-it-and-how-can-we-exploit-it-for-fun-and-profit How I Made a Bootloader In 300 Lines of Python Something different UEFI carries with it a lot of negative connotations. While it's far from perfect, it's certainly not the overarching evil thing that a lot of us make it out to be. Here we'll discuss the facts and faction surrounding UEFI and the difference between it and other related technologies like Secure Boot, Coreboot, BIOS, and others. After this we'll take a look at a direct comparison between booting a computer using both UEFI and the Legacy BIOS. And we'll have a look at some of the really neat things the UEFI Environment lets us do, such as playing games without an OS, updating system firmware without DOS, and even writing bootloaders in 300 lines of Python. UEFI carries with it a lot of negative connotations. While it's far from perfect, it's certainly not the overarching evil thing that a lot of us make it out to be. Here we'll discuss the facts and faction surrounding UEFI and the difference between it and other related technologies like Secure Boot, Coreboot, BIOS, and others. After this we'll take a look at a direct comparison between booting a computer using both UEFI and the Legacy BIOS. And we'll have a look at some of the really neat things the UEFI Environment lets us do, such as playing games without an OS, updating system firmware without DOS, and even writing bootloaders in 300 lines of Python. false Ian Santopietro 2017-10-06T03:45:00-07:00 10:45 00:50 Room 5104 Longer Talk 294-a-division-of-labor-attempting-to-measure-free-software People We like to think that diversity has increased over time--contributors have stuck around as they age, students are excited to get started, initiatives are making space for people of color, trans* individuals, women, and other groups underrepresented in free software. We like to think we are doing better at recognizing the wide range of contributions and that more people are getting involved from all spheres of skill type, level, and experience. But is this true? Molly de Blanc, a free software activist with a fondness for numbers and data, analyzed the results from four community surveys from 2003, 2013, 2016, and 2017 (as well as other bits of data around the internet). With fourteen (incomplete) years of community data, she'll attempt to quantify the ways the make up of free software has changed, where we're not doing as well as we'd like, and how we can do better. We'll be asking (and answering) questions like: - Is more non-coding work being done by women? - Are people coding and also doing other things? - Who is not coding? Who is doing nothing "technical?" - Are we doing a good job trying to understand our community? We like to think that diversity has increased over time--contributors have stuck around as they age, students are excited to get started, initiatives are making space for people of color, trans* individuals, women, and other groups underrepresented in free software. We like to think we are doing better at recognizing the wide range of contributions and that more people are getting involved from all spheres of skill type, level, and experience. But is this true? Molly de Blanc, a free software activist with a fondness for numbers and data, analyzed the results from four community surveys from 2003, 2013, 2016, and 2017 (as well as other bits of data around the internet). With fourteen (incomplete) years of community data, she'll attempt to quantify the ways the make up of free software has changed, where we're not doing as well as we'd like, and how we can do better. We'll be asking (and answering) questions like: - Is more non-coding work being done by women? - Are people coding and also doing other things? - Who is not coding? Who is doing nothing "technical?" - Are we doing a good job trying to understand our community? false Molly de Blanc 2017-10-06T06:30:00-07:00 13:30 00:20 Room 5104 Shorter Talk 318-you-can-t-launch-a-spaceship-if-all-you-hire-are-astronauts-other-jobs-in-technology People We talk so much about computer science and programming when we talk about tech that we tend to forget other career opportunities. I'll discuss the possibilities for using your computer science degree in other parts of technology as well as opportunities that are available in tech to people without computer science degrees. Let's make more way for people who aren't interested in programming to join this field and ways to retain people who started in development work and burn out or lose interest. We talk so much about computer science and programming when we talk about tech that we tend to forget other career opportunities. I'll discuss the possibilities for using your computer science degree in other parts of technology as well as opportunities that are available in tech to people without computer science degrees. Let's make more way for people who aren't interested in programming to join this field and ways to retain people who started in development work and burn out or lose interest. false Carol Smith 2017-10-06T07:00:00-07:00 14:00 00:50 Room 5104 Longer Talk 372-roi-return-on-inclusion People FLOSS community leaders and participants seeking to promote diversity and inclusion within their community must contend with the collective inertia of the status quo. How much should committed communities be prepared to invest in order to overcome this inertia? And, how can they measure and justify their success? My presentation will examine the social and financial costs FLOSS communities have incurred when promoting diversity and inclusion, and the return on those investments. I will focus on the experiences of a particular FLOSS project, and discuss their challenges and successes. FLOSS community leaders and participants seeking to promote diversity and inclusion within their community must contend with the collective inertia of the status quo. How much should committed communities be prepared to invest in order to overcome this inertia? And, how can they measure and justify their success? My presentation will examine the social and financial costs FLOSS communities have incurred when promoting diversity and inclusion, and the return on those investments. I will focus on the experiences of a particular FLOSS project, and discuss their challenges and successes. false Tony Sebro 2017-10-06T08:30:00-07:00 15:30 00:50 Room 5104 Longer Talk 266-open-source-worldwide-communities People In this talk I'll tell you my story about contributing to an Open Source community from abroad. Nowadays, communities have a lot of people from all around the world. What's their perspective? How do you deal with timezones? How do you get involved and get others from around the world involved? And how does culture in each area affect the community? Learn this and much more. In this talk I'll tell you my story about contributing to an Open Source community from abroad. Nowadays, communities have a lot of people from all around the world. What's their perspective? How do you deal with timezones? How do you get involved and get others from around the world involved? And how does culture in each area affect the community? Learn this and much more. false Jose Antonio Rey 2017-10-06T09:30:00-07:00 16:30 00:50 Room 5104 Longer Talk 272-hackers-gotta-eat Building a Company Around an Open Source Project People Creating and leading an open source project can be both rewarding and frustrating. It is rewarding to see the project grow and people contribute, but it can become frustrating and burdensome when your side-project comes to dominate your free time. If you're fortunate, you might be employed to work full-time on your open source project or even start a company around the project; then what? What is your new relationship "with the community?" How do you balance the motivations of various contributors, yourself included, within the project? In this talk we'll look at the history of the Jenkins project, from its origins as a side-project at Sun Microsystems to the growth of the project and on to the relationship with CloudBees, Inc. We'll look at what has and, perhaps more importantly, what hasn't worked well as CloudBees has grown in tandem with the Jenkins project. We will examine the evolving cultural dynamics of the project and the challenges of wearing two hats: corporate and open source. Creating and leading an open source project can be both rewarding and frustrating. It is rewarding to see the project grow and people contribute, but it can become frustrating and burdensome when your side-project comes to dominate your free time. If you're fortunate, you might be employed to work full-time on your open source project or even start a company around the project; then what? What is your new relationship "with the community?" How do you balance the motivations of various contributors, yourself included, within the project? In this talk we'll look at the history of the Jenkins project, from its origins as a side-project at Sun Microsystems to the growth of the project and on to the relationship with CloudBees, Inc. We'll look at what has and, perhaps more importantly, what hasn't worked well as CloudBees has grown in tandem with the Jenkins project. We will examine the evolving cultural dynamics of the project and the challenges of wearing two hats: corporate and open source. false Liam Newman 2017-10-06T03:45:00-07:00 10:45 00:50 Room 5102 Longer Talk 340-keepassing-your-credentials-synced-and-under-control Security/InfoSec Do you use the same few passwords over and over? Is there a piece of paper with hard-to-remember ones somewhere? How about a file that lives on five different devices and is never up-to-date? Even the most secure passwords can be broken with a $5 wrench. Long forgotten websites are frequently compromised. Files can be stored in The Cloud, but is that really where such sensitive data should be? By the end of this presentation, you will be able to combine keepassx and git-annex to maintain and synchronize all of your secure credentials. Do you use the same few passwords over and over? Is there a piece of paper with hard-to-remember ones somewhere? How about a file that lives on five different devices and is never up-to-date? Even the most secure passwords can be broken with a $5 wrench. Long forgotten websites are frequently compromised. Files can be stored in The Cloud, but is that really where such sensitive data should be? By the end of this presentation, you will be able to combine keepassx and git-annex to maintain and synchronize all of your secure credentials. false Wm Salt Hale 2017-10-06T06:30:00-07:00 13:30 00:20 Room 5102 Shorter Talk 339-from-al-qaeda-to-shia-labeouf-how-crowdsourced-intelligence-analysis-removed-any-idea-of-privacy Finding What Doesn't Want To Be Found Security/InfoSec Individuals on various online forums have begun to realize that they can find just about anything, just about anywhere in the world using publicly-available tools. With enough digging and research, random strangers sitting in basements around the world have worked together to * Locate terrorist training camps inside of ISIS-controlled areas in the Syrian Civil War by making diagrams and maps based off of released training videos, and using various online, public mapping systems to pinpoint the locations. * Find and steal a livestreamed art installation using weather patterns, star maps, and rumors. * Locate and report a woman who threw puppies into a river to drown. * And many more such instances. This talk will go into detail about some of the techniques used, some of the individuals doing it, and, most importantly, what this means for personal privacy. With this sort of intelligence analysis weapon in public hands, anybody can have their privacy completely compromised by a few nerds on the Internet. Is there a picture of you on at a rooftop party? Is there a photograph of your back yard? Did you post a meme about one of your teachers to an obscure website a few years ago? Any one of these could be the single weak link that leads to the rest of your private life being open to the entire public to read. This talk is a talk about how total privacy is really just a pipe dream, and there is no real way to ensure that you have covered every base. A recording of this talk is available here: https://archive.org/details/crowdsourced-intel-analysis-seagl-2017 Individuals on various online forums have begun to realize that they can find just about anything, just about anywhere in the world using publicly-available tools. With enough digging and research, random strangers sitting in basements around the world have worked together to * Locate terrorist training camps inside of ISIS-controlled areas in the Syrian Civil War by making diagrams and maps based off of released training videos, and using various online, public mapping systems to pinpoint the locations. * Find and steal a livestreamed art installation using weather patterns, star maps, and rumors. * Locate and report a woman who threw puppies into a river to drown. * And many more such instances. This talk will go into detail about some of the techniques used, some of the individuals doing it, and, most importantly, what this means for personal privacy. With this sort of intelligence analysis weapon in public hands, anybody can have their privacy completely compromised by a few nerds on the Internet. Is there a picture of you on at a rooftop party? Is there a photograph of your back yard? Did you post a meme about one of your teachers to an obscure website a few years ago? Any one of these could be the single weak link that leads to the rest of your private life being open to the entire public to read. This talk is a talk about how total privacy is really just a pipe dream, and there is no real way to ensure that you have covered every base. A recording of this talk is available here: https://archive.org/details/crowdsourced-intel-analysis-seagl-2017 false Omar Ravenhurst 2017-10-06T07:00:00-07:00 14:00 00:50 Room 5102 Longer Talk 300-bowerbirds-of-technology Architecture and Operations at Less-Than-Google Scale People Facebook, Google, Uber, LinkedIn, and friends are the rarefied heights of software engineering. They encounter and solve problems at scales shared by few others, and as a result, their priorities in production engineering and architecture are just a bit different from the rest of us down here in the other 99% of services. Even as a lead engineer for Twilio, I rarely dealt with the same uncharted territories of scale explored by these truly massive systems. Through deconstructing a few blog posts from these giants, we’ll evaluate just what is it that they’re thinking about when they build systems, why they make the choices they do, and whether any of those choices are relevant to those of us operating at high scale yet still something less than millions of requests per second. This talk will go into depth on how to evaluate, choose, and deploy technology to meet your customers’ requirements without requiring a small army of engineers to answer 2 AM pages. We’ll go through what you should think about when picking open-source systems (as well as hosted PaaS/IaaS/SaaS providers) to meet your needs: maintainership, extensibility, security, stability, and more. We’ll also talk about how to pick realistic goals for your project and business: what are the implications of claiming five nines for the person carrying the pager? How will you communicate with your customers when you’re throwing errors and breaking SLAs? What does disaster recovery mean for your systems, and how much effort will it require to implement and test your DR plan (ahead of time!)? With these guidelines in mind, you should be better equipped to say no (or yes!) the next time your team’s software hipster proposes moving everything to the Next Big Thing. Facebook, Google, Uber, LinkedIn, and friends are the rarefied heights of software engineering. They encounter and solve problems at scales shared by few others, and as a result, their priorities in production engineering and architecture are just a bit different from the rest of us down here in the other 99% of services. Even as a lead engineer for Twilio, I rarely dealt with the same uncharted territories of scale explored by these truly massive systems. Through deconstructing a few blog posts from these giants, we’ll evaluate just what is it that they’re thinking about when they build systems, why they make the choices they do, and whether any of those choices are relevant to those of us operating at high scale yet still something less than millions of requests per second. This talk will go into depth on how to evaluate, choose, and deploy technology to meet your customers’ requirements without requiring a small army of engineers to answer 2 AM pages. We’ll go through what you should think about when picking open-source systems (as well as hosted PaaS/IaaS/SaaS providers) to meet your needs: maintainership, extensibility, security, stability, and more. We’ll also talk about how to pick realistic goals for your project and business: what are the implications of claiming five nines for the person carrying the pager? How will you communicate with your customers when you’re throwing errors and breaking SLAs? What does disaster recovery mean for your systems, and how much effort will it require to implement and test your DR plan (ahead of time!)? With these guidelines in mind, you should be better equipped to say no (or yes!) the next time your team’s software hipster proposes moving everything to the Next Big Thing. false Sam Kitajima-Kimbrel 2017-10-06T08:30:00-07:00 15:30 00:50 Room 5102 Longer Talk 374-detecting-badbios-evil-maids-bootkits-and-other-firmware-malware Systems/Ops, Hardware/IoT, Security/InfoSec Security/InfoSec For attackers, platform firmware is the new Software. Most systems include hundreds of firmwares - UEFI or BIOS, PCIe expansion ROMs, USB controller drivers, storage controller host and disk/SSD drivers. Firmware-level hosted malware, bare-metal or virtualized, is nearly invisible to normal security detection tools, has full control of your system, and can often continue running even when the system is "powered off". Security Firms (eg, "Hacking Team" sell UEFI 0days to the highest bidder), and government agencies include firmware-level malware (eg, Wikileak'ed Vault7 CIA EFI malware). Defenders need to catch-up, and learn to defend their systems against firmware-level malware. In this presentation, we'll cover the NIST SP (147,147b,155,193) secure firmware guidance, for citizens, rather than vendors/enterprises. We'll discuss the problem of firmware-level malware, and cover some open source tools (FlashROM, CHIPSEC, etc.) to help detect malware on your system. We'll be discussing a new open source tool we've just released to help make it easier for you to do this check. You'll also get a nice paper tri-fold copy of our CHIPSEC Quick Reference for Sysadmins [note: we're all sysadmins for our own personal systems(!)], and some scary looking BadBIOS stickers for your laptop. For attackers, platform firmware is the new Software. Most systems include hundreds of firmwares - UEFI or BIOS, PCIe expansion ROMs, USB controller drivers, storage controller host and disk/SSD drivers. Firmware-level hosted malware, bare-metal or virtualized, is nearly invisible to normal security detection tools, has full control of your system, and can often continue running even when the system is "powered off". Security Firms (eg, "Hacking Team" sell UEFI 0days to the highest bidder), and government agencies include firmware-level malware (eg, Wikileak'ed Vault7 CIA EFI malware). Defenders need to catch-up, and learn to defend their systems against firmware-level malware. In this presentation, we'll cover the NIST SP (147,147b,155,193) secure firmware guidance, for citizens, rather than vendors/enterprises. We'll discuss the problem of firmware-level malware, and cover some open source tools (FlashROM, CHIPSEC, etc.) to help detect malware on your system. We'll be discussing a new open source tool we've just released to help make it easier for you to do this check. You'll also get a nice paper tri-fold copy of our CHIPSEC Quick Reference for Sysadmins [note: we're all sysadmins for our own personal systems(!)], and some scary looking BadBIOS stickers for your laptop. false Paul English 2017-10-06T09:30:00-07:00 16:30 00:50 Room 5102 Longer Talk 285-ransomware-history-analysis-mitigation This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves. Security/InfoSec Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion. This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves. Just as the title says, we go over the humble origins, touch on the notable variants of yesteryear, the big hitters of today, and discuss the future of ransomware. It's no longer just for windows anymore. Linux, Mac and Mobile platforms are all ripe for extortion. This humorous and entertaining talk teaches everyone, from Mom and Pops to large enterprise organizations what's really happening and how to protect themselves. false Andy Thompson 2017-10-06T03:45:00-07:00 10:45 00:50 Room 1113 Longer Talk 354-ssh-and-the-shell-go-forth-securely Systems/Ops SSH is the go to tool for sysadmins and developers for interactive connections to remote machines. It creates secure, encrypted connections between computers, even across hostile networks. Unless you accept keys without verification (DON'T DO THAT!!!). SSH can also create tunnels for encapsulating other connections, including other protocols and data. Sysadmins can bridge protocols across networks for ease of access such as a one-off data sync. Devs can present the dev database on their desktop to ease use of graphical development tools. After attending this session, audience members will be able to create a local tunnel from client to server, a remote tunnel from server to client, and do simple analysis of local vs remote evaluation of a command. Attendees will be able to use tunnels for SSH or sample other protocols (MySQL and HTTP), and tunneling via a third party system. They will also be familiar with dynamic SOCKS proxies and using SSH to tunnel graphical applications. Finally, attendees will also learn SSH configuration and command line tips for convenience of use, including using forced command to restrict an SSH key to one purpose. SSH is the go to tool for sysadmins and developers for interactive connections to remote machines. It creates secure, encrypted connections between computers, even across hostile networks. Unless you accept keys without verification (DON'T DO THAT!!!). SSH can also create tunnels for encapsulating other connections, including other protocols and data. Sysadmins can bridge protocols across networks for ease of access such as a one-off data sync. Devs can present the dev database on their desktop to ease use of graphical development tools. After attending this session, audience members will be able to create a local tunnel from client to server, a remote tunnel from server to client, and do simple analysis of local vs remote evaluation of a command. Attendees will be able to use tunnels for SSH or sample other protocols (MySQL and HTTP), and tunneling via a third party system. They will also be familiar with dynamic SOCKS proxies and using SSH to tunnel graphical applications. Finally, attendees will also learn SSH configuration and command line tips for convenience of use, including using forced command to restrict an SSH key to one purpose. false der.hans 2017-10-06T06:00:00-07:00 13:00 00:20 Room 1113 Shorter Talk 290-automatic-chicken-door-howto No, it will not hurt the chicken Hardware/IoT In this talk I'll show you how I created a raspberry pi-powered chicken door using only Free Software. You can use this knowledge to get inspired to create your own automated hardware+software systems. I'll go over these features: * hardware interleave gravity lock mechanism * instant-read photoresistor poll door actuation trigger * photoresistor signal analog to digital conversion * worm gear 12V DC motor controlled via L9110 motor driver chip * dual hall-effect magnetic door position sensors * fallback door status mitigating magnetic sensor failure * night-vision wide-angle camera with motion-triggered video capture * C + bash + python polyglot control code with standardized output convention * offline operation with 2.4Ghz wifi for monitoring and maintenance I'm a hardware beginner, so this is a beginner talk in terms of hardware. I know just enough about hardware to ask someone smarter how to not make everything start smoking. I've been writing software for about 20 years, so I want to get into some detail about the software. This talk isn't about carpentry--you'll have to ask my wife about that. * [slides](https://github.com/meonkeys/seagl2017-rpi-talk) * [video](https://archive.org/details/AutomaticChickenDoorHOWTOATalkByAdamMonsenAtSeaGL2017) * [source code for door controller](https://github.com/meonkeys/rpi-chx-code) * [follow-up blog post](http://adammonsen.com/post/1425) In this talk I'll show you how I created a raspberry pi-powered chicken door using only Free Software. You can use this knowledge to get inspired to create your own automated hardware+software systems. I'll go over these features: * hardware interleave gravity lock mechanism * instant-read photoresistor poll door actuation trigger * photoresistor signal analog to digital conversion * worm gear 12V DC motor controlled via L9110 motor driver chip * dual hall-effect magnetic door position sensors * fallback door status mitigating magnetic sensor failure * night-vision wide-angle camera with motion-triggered video capture * C + bash + python polyglot control code with standardized output convention * offline operation with 2.4Ghz wifi for monitoring and maintenance I'm a hardware beginner, so this is a beginner talk in terms of hardware. I know just enough about hardware to ask someone smarter how to not make everything start smoking. I've been writing software for about 20 years, so I want to get into some detail about the software. This talk isn't about carpentry--you'll have to ask my wife about that. * [slides](https://github.com/meonkeys/seagl2017-rpi-talk) * [video](https://archive.org/details/AutomaticChickenDoorHOWTOATalkByAdamMonsenAtSeaGL2017) * [source code for door controller](https://github.com/meonkeys/rpi-chx-code) * [follow-up blog post](http://adammonsen.com/post/1425) false Adam Monsen 2017-10-06T06:30:00-07:00 13:30 00:20 Room 1113 Shorter Talk 309-using-a-chromebook-as-your-daily-driver-linux-laptop Hardware/IoT ChromeOS is running on a Linux kernel under the hood already, but it doesn't expose that to end users by default. However, there are a number of options for getting a familiar software toolset running on your Chromebook. We'll talk about reasons why (_and why not_) you might want to consider Chromebooks as a hardware choice, take a look at the choices for using the hardware as a platform for running Linux software with a particular bent towards development and sysadmin type usage, and talk about some of the trade-offs between the options. ChromeOS is running on a Linux kernel under the hood already, but it doesn't expose that to end users by default. However, there are a number of options for getting a familiar software toolset running on your Chromebook. We'll talk about reasons why (_and why not_) you might want to consider Chromebooks as a hardware choice, take a look at the choices for using the hardware as a platform for running Linux software with a particular bent towards development and sysadmin type usage, and talk about some of the trade-offs between the options. false Andrew Beyer 2017-10-06T07:00:00-07:00 14:00 00:50 Room 1113 Longer Talk 351-distributed-systems-with-docker-swarm Systems/Ops Recent versions of Docker support a clustering feature called swarm. Swarm allows a set of machines running Docker to form a cluster. Together with Docker Compose, swarm simplifies the task of deploying a set of services to multiple hosts and provides DNS based service discovery and load balancing without the need to run additional software. During this talk you'll learn how to: * Package applications as docker images * Deploy multiple containers together using compose * Use swarm mode to communicate between containers * Scale your system to multiple machines A full demo of the running system will be included. This talk assumes basic knowledge of Linux, but does not assume prior experience with containers. A GitHub repo with all source code referenced during the talk will be provided. Recent versions of Docker support a clustering feature called swarm. Swarm allows a set of machines running Docker to form a cluster. Together with Docker Compose, swarm simplifies the task of deploying a set of services to multiple hosts and provides DNS based service discovery and load balancing without the need to run additional software. During this talk you'll learn how to: * Package applications as docker images * Deploy multiple containers together using compose * Use swarm mode to communicate between containers * Scale your system to multiple machines A full demo of the running system will be included. This talk assumes basic knowledge of Linux, but does not assume prior experience with containers. A GitHub repo with all source code referenced during the talk will be provided. false James Cooper 2017-10-06T08:30:00-07:00 15:30 00:50 Room 1113 Longer Talk 279-a-brief-history-of-i-o A short walk down the data path Systems/Ops Whether it’s video and keyboards, disks and network interfaces, or touch screens and cellular modems all computers do some form of input and output. The ways in which I/O happens have changed massively over the years though. On the hardware side we’ve gone from paper tape to punch cards to tape to many generations of hard drives and now various forms of solid-state storage. We’ve also gone from serial lines and modems to 2.5Mbps Ethernet all the way up to 100Gbps and beyond not to mention Wi-Fi. On the software side there have been many different ways to communicate with the POSIX file APIs and Berkeley socket APIs looming over much of it. This session will give you an overview of historical hardware I/O mechanisms and how they’ve evolved into the mechanisms we have today. It will also look at the software side of things starting with mainframe I/O mechanisms and looking at the progression from there to the modern POSIX APIs. Lastly it will look at some of the ways I/O is changing and what the future of I/O may hold. Whether it’s video and keyboards, disks and network interfaces, or touch screens and cellular modems all computers do some form of input and output. The ways in which I/O happens have changed massively over the years though. On the hardware side we’ve gone from paper tape to punch cards to tape to many generations of hard drives and now various forms of solid-state storage. We’ve also gone from serial lines and modems to 2.5Mbps Ethernet all the way up to 100Gbps and beyond not to mention Wi-Fi. On the software side there have been many different ways to communicate with the POSIX file APIs and Berkeley socket APIs looming over much of it. This session will give you an overview of historical hardware I/O mechanisms and how they’ve evolved into the mechanisms we have today. It will also look at the software side of things starting with mainframe I/O mechanisms and looking at the progression from there to the modern POSIX APIs. Lastly it will look at some of the ways I/O is changing and what the future of I/O may hold. false Benno Rice 2017-10-06T09:30:00-07:00 16:30 00:50 Room 1113 Longer Talk 338-a-filesystem-and-disk-i-o-deep-dive-using-blktrace-and-debugfs Systems/Ops Programs like `iostat` and `iotop` can tell you all sorts of interesting things about what's happening on your block devices. You can answer questions like: "How busy are my disks?" "What's my average latency?" "How many blocks per second am I writing?" "Which processes are doing the most disk I/O?" What do you do when that information isn't detailed enough? While it's great to have statistics on how your disks are performing and which processes are responsible for generating most of the I/O, how do you answer a question like: "Which files are most actively being written to or read from and by whom?" This question can be answered by `blktrace`, a block layer IO tracing mechanism which, among other things, provides detailed information about every logical block address (LBA) that is read and written from your disk. In this talk I'll show you how to run `blktrace` and how to interpret some of it's cryptic output. Using some arithmetic and `debugfs` I'll show you how to go from an LBA, to a disk partition, to a filesystem block, to an inode, and finally to a filename. In this talk we'll also cover some fun things about the GNU/Linux 'ext' family of filesystems. "What's an inode?" "How are files broken up and organized into multiple disk blocks?" We'll explore these concepts using the `debugfs` tool, which we'll use to help us read file contents straight off the disk using `dd`. How cool is that? Programs like `iostat` and `iotop` can tell you all sorts of interesting things about what's happening on your block devices. You can answer questions like: "How busy are my disks?" "What's my average latency?" "How many blocks per second am I writing?" "Which processes are doing the most disk I/O?" What do you do when that information isn't detailed enough? While it's great to have statistics on how your disks are performing and which processes are responsible for generating most of the I/O, how do you answer a question like: "Which files are most actively being written to or read from and by whom?" This question can be answered by `blktrace`, a block layer IO tracing mechanism which, among other things, provides detailed information about every logical block address (LBA) that is read and written from your disk. In this talk I'll show you how to run `blktrace` and how to interpret some of it's cryptic output. Using some arithmetic and `debugfs` I'll show you how to go from an LBA, to a disk partition, to a filesystem block, to an inode, and finally to a filename. In this talk we'll also cover some fun things about the GNU/Linux 'ext' family of filesystems. "What's an inode?" "How are files broken up and organized into multiple disk blocks?" We'll explore these concepts using the `debugfs` tool, which we'll use to help us read file contents straight off the disk using `dd`. How cool is that? false Mike Hamrick 2017-10-06T03:45:00-07:00 10:45 00:50 Room 3199 Longer Talk 392-clojure-for-unix-hackers Or how I learned to stop hating and love node.js Programming ## Intended Audience Unix hackers, sysadmins, and developers; especially those skeptical of the JVM and node.js. Anyone interested in functional programming, lisps, or data oriented programming. ## Audience Takeaways - Basic understanding of Clojure and functional programming - Appreciation of sympathetic philosphies between Unix and Clojure - Introduction to scripting with Clojurescript ## Motivation Clojure is a modern functional, expressive, and data-oriented lisp. However it runs atop the JVM, CLR, and Javascript runtimes. Sometimes seen as bloated, slow, and "something we have to install for developers", this talk aims to show that not only is Clojure(script) fun, performant, and pragmatic, but it also has a lot in common with Unix and can be a useful tool for scripting, server-side devlepment, UI work, and more! ## Outline ### Intro to Clojure - Intro and motivation - Brief history of Lisp - Whirlwind tour of Clojure - Functional Programming ### Comparisons to Unix - REPL driven development - Data oriented programming - Pipelines and unix philosophy ### Scripting with Clojurescript - Intro to Clojurescript - Bootstrapped Clojurescript and Planck/Lumo - Script Examples ### Beyond Scripting - Browser - Electron - Server - React Native ### Conclusion and References ## Intended Audience Unix hackers, sysadmins, and developers; especially those skeptical of the JVM and node.js. Anyone interested in functional programming, lisps, or data oriented programming. ## Audience Takeaways - Basic understanding of Clojure and functional programming - Appreciation of sympathetic philosphies between Unix and Clojure - Introduction to scripting with Clojurescript ## Motivation Clojure is a modern functional, expressive, and data-oriented lisp. However it runs atop the JVM, CLR, and Javascript runtimes. Sometimes seen as bloated, slow, and "something we have to install for developers", this talk aims to show that not only is Clojure(script) fun, performant, and pragmatic, but it also has a lot in common with Unix and can be a useful tool for scripting, server-side devlepment, UI work, and more! ## Outline ### Intro to Clojure - Intro and motivation - Brief history of Lisp - Whirlwind tour of Clojure - Functional Programming ### Comparisons to Unix - REPL driven development - Data oriented programming - Pipelines and unix philosophy ### Scripting with Clojurescript - Intro to Clojurescript - Bootstrapped Clojurescript and Planck/Lumo - Script Examples ### Beyond Scripting - Browser - Electron - Server - React Native ### Conclusion and References false Wes Payne 2017-10-06T06:00:00-07:00 13:00 00:20 Room 3199 Shorter Talk 325-python-packaging-and-dependency-management-in-the-real-world Programming One of Python's greatest strengths is the large and diverse set of existing code bases that you can build on to accomplish your goals. Unfortunately, as projects grow, managing your dependencies can become a constant headache. Unwinding which transitive dependency update now conflicts with other dependencies or is simply broken then somehow preventing that version of the dependency from being used is a common issue that needs to be addressed. Other issues include ensuring the correct system packages are installed so that Python packages can be built and link against system libs properly. Consistently reproducing an installation across more that one machine is surprisingly difficult. Python packages can and do execute arbitrary code on the build machines. Pip does not have a proper dependency resolver. The list goes on and on. As part of running a continuous integration system that installs Python packages tens of thousands of times per day the OpenStack project has learned how to deal with many of these issues. I will talk about how we use tools from PyPa (like pip constraints) and tools we have built (Bindep, PBR) to reliably perform Python package installs that are consistent and reproducible in the real world. One of Python's greatest strengths is the large and diverse set of existing code bases that you can build on to accomplish your goals. Unfortunately, as projects grow, managing your dependencies can become a constant headache. Unwinding which transitive dependency update now conflicts with other dependencies or is simply broken then somehow preventing that version of the dependency from being used is a common issue that needs to be addressed. Other issues include ensuring the correct system packages are installed so that Python packages can be built and link against system libs properly. Consistently reproducing an installation across more that one machine is surprisingly difficult. Python packages can and do execute arbitrary code on the build machines. Pip does not have a proper dependency resolver. The list goes on and on. As part of running a continuous integration system that installs Python packages tens of thousands of times per day the OpenStack project has learned how to deal with many of these issues. I will talk about how we use tools from PyPa (like pip constraints) and tools we have built (Bindep, PBR) to reliably perform Python package installs that are consistent and reproducible in the real world. false Clark Boylan 2017-10-06T06:30:00-07:00 13:30 00:20 Room 3199 Shorter Talk 378-how-to-learn-rust Programming Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This talk will answer the question "When should I use Rust?", and introduce you to the fabulous world of educational resources created by friendly Rustaceans to accompany you on your adventure into safe systems programming. Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This talk will answer the question "When should I use Rust?", and introduce you to the fabulous world of educational resources created by friendly Rustaceans to accompany you on your adventure into safe systems programming. false edunham 2017-10-06T07:00:00-07:00 14:00 00:50 Room 3199 Longer Talk 365-logs-are-magic Why Git Workflows and Commit Structure Should Matter To You Programming Git is a powerful, critical, yet poorly understood tool that virtually all Open Source developers use. One of the key features that git provides is a powerful and comprehensive log that displays the history of all the changes that have happened in a project, including potential developments that weren't ever merged, details about former versions of software that can inform future development, and even such mundane details as whether development on feature A started before or after development of bugfix B. Despite the power and utility of git's log, few developers take full advantage of it. Worse, some common practices that developers have adopted in the name of convenience (or just plain cargo culting) can actually destroy this useful information. Moreover, if developers are following the common exhortation to "commit often", they may end up with logs full of uninteresting noise, as all the details of debugging attempts and experiments are inadvertently recorded. This talk will: * detail the potential benefits of having informative and well structured logs * discuss common developer habits that can make logs less useful * explain techniques to preserve informative development history Git is a powerful, critical, yet poorly understood tool that virtually all Open Source developers use. One of the key features that git provides is a powerful and comprehensive log that displays the history of all the changes that have happened in a project, including potential developments that weren't ever merged, details about former versions of software that can inform future development, and even such mundane details as whether development on feature A started before or after development of bugfix B. Despite the power and utility of git's log, few developers take full advantage of it. Worse, some common practices that developers have adopted in the name of convenience (or just plain cargo culting) can actually destroy this useful information. Moreover, if developers are following the common exhortation to "commit often", they may end up with logs full of uninteresting noise, as all the details of debugging attempts and experiments are inadvertently recorded. This talk will: * detail the potential benefits of having informative and well structured logs * discuss common developer habits that can make logs less useful * explain techniques to preserve informative development history false John SJ Anderson 2017-10-06T08:30:00-07:00 15:30 00:50 Room 3199 Longer Talk 260-what-s-new-in-python-3-6-and-some-of-the-factors-to-consider-when-upgrading-from-python-3-5-or-python-2-7 Python tends to have a "scorched earth" policy. You don't need to be burned Programming Python 3.6 has a bunch of cool features, but you have to know what they are if you are going to take advantage of them. My talk is going to focus on what is new and why they are "cool" and you should use them. I am also going to discuss the decision criteria you should use when making the decision about what which version to use when implementing your python software projects. Python 3.6 has a bunch of cool features, but you have to know what they are if you are going to take advantage of them. My talk is going to focus on what is new and why they are "cool" and you should use them. I am also going to discuss the decision criteria you should use when making the decision about what which version to use when implementing your python software projects. false Jeff Silverman 2017-10-06T09:30:00-07:00 16:30 00:50 Room 3199 Longer Talk 347-verbose-mode-an-exploration-of-programming-languages-and-craft Programming I want to talk about knitting technical writing and how it has changed based on the education level we provide in schools, and what that means for technology. The reason mainstream patterns are hard is because they assume a base level of knowledge in their users, and because they are so concerned about brevity that they omit context. This talk explains how the meaning of "common knowledge" changes, but our standards for interfaces and documentation don't keep up. Come to this talk because you want to learn about how analytics can make your life easier, what that has to do with documentation, and my top tips for gauging your audience's experience and comfort level. This talk is an analysis of how education, assumptions, and technological constraints can make systems of learning accessible or impenetrable, and what we can do about it. I want to talk about knitting technical writing and how it has changed based on the education level we provide in schools, and what that means for technology. The reason mainstream patterns are hard is because they assume a base level of knowledge in their users, and because they are so concerned about brevity that they omit context. This talk explains how the meaning of "common knowledge" changes, but our standards for interfaces and documentation don't keep up. Come to this talk because you want to learn about how analytics can make your life easier, what that has to do with documentation, and my top tips for gauging your audience's experience and comfort level. This talk is an analysis of how education, assumptions, and technological constraints can make systems of learning accessible or impenetrable, and what we can do about it. false hwaterhouse 2017-10-07T02:00:00-07:00 09:00 00:30 Expo Hall 30 minute coffee 401-expo-hall-open-coffee-on-saturday-morning Brought to you by PogoLinux Brought to you by PogoLinux false Adam Monsen 2017-10-07T03:30:00-07:00 10:30 00:15 Expo Hall 15 minute coffee 403-saturday-second-coffee Brought to you by PogoLinux Brought to you by PogoLinux false Adam Monsen 2017-10-07T04:45:00-07:00 11:45 01:15 Expo Hall Lunch 408-lunch-provided Pizza party! Free! Pizza party! Free! false Adam Monsen 2017-10-07T08:00:00-07:00 15:00 00:30 Expo Hall 30 minute coffee 402-saturday-afternoon-coffee Brought to you by PogoLinux Brought to you by PogoLinux false Adam Monsen 2017-10-07T10:30:00-07:00 17:30 00:30 Expo Hall Cleanup 404-saturday-cleanup Brought to you by Adam Monsen Brought to you by Adam Monsen false Adam Monsen 2017-10-07T02:30:00-07:00 09:30 01:00 Theatre Keynote 406-keynote-rikki-endsley Rikki is an editor and community manager for Opensource.com where she mentors writers and helps people tell their tech stories. Previously she worked as a community evangelist on the Open Source and Standards team at Red Hat. Other hats she has worn include: tech journalist; community manager for the USENIX Association; associate publisher of Linux Pro Magazine, ADMIN, and Ubuntu User; and managing editor of Sys Admin magazine and UnixReview.com. In 2016 she won an O’Reilly Open Source Award for her tireless work to build a vibrant, creative and well-documented open source community. Follow her on Twitter: @rikkiends Rikki is an editor and community manager for Opensource.com where she mentors writers and helps people tell their tech stories. Previously she worked as a community evangelist on the Open Source and Standards team at Red Hat. Other hats she has worn include: tech journalist; community manager for the USENIX Association; associate publisher of Linux Pro Magazine, ADMIN, and Ubuntu User; and managing editor of Sys Admin magazine and UnixReview.com. In 2016 she won an O’Reilly Open Source Award for her tireless work to build a vibrant, creative and well-documented open source community. Follow her on Twitter: @rikkiends false Rikki Endsley 2017-10-07T03:45:00-07:00 10:45 00:50 Room 5104 Longer Talk 375-leveraging-collaborative-mentorship-to-strengthen-your-free-software-community A case study for discussion People There has been much discussion over the past several years about improving the quality of free software communities in terms of increasing participation and reducing burnout. Numerous explanations and suggestions have been offered in order to make lasting improvements. Indeed, building and strengthening your community should be recognized as a core mission for all free software project leaders. However, this requires learning a skill set not traditionally associated with technical project management. We will present the successes and failures of one free software community in establishing a collaborative mentorship program as a case study in community improvement and as a springboard for further discussion. Our efforts in establishing a number of mentor-mentee collaborations between experienced developers and newcomers to free software provides a wealth of hard-won knowledge and experience in free software community building and maintenance. Additionally, as this community is primarily composed of those who are historically under-represented in technology, the successes and failures are likely to be unique and potentially counter-intuitive to those used to engaging with more mainstream free software communities. We hope sharing these experiences will serve as a source for critical reflection for attendees in gauging the relative effectiveness of their own community building initiatives. Successful free software communities are as varied as their associated projects, and we hope the lessons we share will inspire others to make their communities just that much more successful. There has been much discussion over the past several years about improving the quality of free software communities in terms of increasing participation and reducing burnout. Numerous explanations and suggestions have been offered in order to make lasting improvements. Indeed, building and strengthening your community should be recognized as a core mission for all free software project leaders. However, this requires learning a skill set not traditionally associated with technical project management. We will present the successes and failures of one free software community in establishing a collaborative mentorship program as a case study in community improvement and as a springboard for further discussion. Our efforts in establishing a number of mentor-mentee collaborations between experienced developers and newcomers to free software provides a wealth of hard-won knowledge and experience in free software community building and maintenance. Additionally, as this community is primarily composed of those who are historically under-represented in technology, the successes and failures are likely to be unique and potentially counter-intuitive to those used to engaging with more mainstream free software communities. We hope sharing these experiences will serve as a source for critical reflection for attendees in gauging the relative effectiveness of their own community building initiatives. Successful free software communities are as varied as their associated projects, and we hope the lessons we share will inspire others to make their communities just that much more successful. false Brian Callahan Lisa Marie Maginnis 2017-10-07T06:00:00-07:00 13:00 00:20 Room 5104 Shorter Talk 384-snowdrift-coop-5-years-of-a-work-in-progress Something different In 2012, an optimistic programmer convinced his friend to *do* something about his complaints and ideas around economic injustice and market-failures in free/libre/open (FLO) culture and software. Five years later, Snowdrift.coop has a concrete vision, a global community of volunteers, and a valuable collection of writings and research about sustainable funding for FLO projects. Still, Snowdrift.coop needs further work to reach a full launch. Through that story, this talk will summarize the challenges in building a cooperative, ethical web platform and reflect on the relevant changes (both good and bad) in the overall FLO ecosystem over the past five years. In 2012, an optimistic programmer convinced his friend to *do* something about his complaints and ideas around economic injustice and market-failures in free/libre/open (FLO) culture and software. Five years later, Snowdrift.coop has a concrete vision, a global community of volunteers, and a valuable collection of writings and research about sustainable funding for FLO projects. Still, Snowdrift.coop needs further work to reach a full launch. Through that story, this talk will summarize the challenges in building a cooperative, ethical web platform and reflect on the relevant changes (both good and bad) in the overall FLO ecosystem over the past five years. false Aaron Wolf 2017-10-07T06:30:00-07:00 13:30 00:20 Room 5104 Shorter Talk 366-a-static-site-generator-should-be-your-next-language-learning-project Programming When learning a new language, some folks prefer to read the language documentation, or work through simple exercises like you might find on http://exercism.io -- but I prefer to have something more like an actual project. I find that holds my focus a little better, and that I do a better job of absorbing the new language syntax and features if I'm using them for something *real*. In this talk, I'm going to outline why writing a static website generator is the perfect task for this sort of language learning project. I'll cover the code you'll need to write in order to develop a simple template-based website generation system, and show how this particular project actually manages to hit all the points you need to understand to claim basic understanding of a language. When learning a new language, some folks prefer to read the language documentation, or work through simple exercises like you might find on http://exercism.io -- but I prefer to have something more like an actual project. I find that holds my focus a little better, and that I do a better job of absorbing the new language syntax and features if I'm using them for something *real*. In this talk, I'm going to outline why writing a static website generator is the perfect task for this sort of language learning project. I'll cover the code you'll need to write in order to develop a simple template-based website generation system, and show how this particular project actually manages to hit all the points you need to understand to claim basic understanding of a language. false John SJ Anderson 2017-10-07T07:00:00-07:00 14:00 00:50 Room 5104 Longer Talk 358-giving-the-public-what-they-pay-for Opening Government Funded Research People The United States and other governments spend tens, if not hundreds of billions of dollars per year funding research for the benefit of their own populations and of mankind. This research results in large amounts of software technology in bleeding edge areas that is ripe for development into disruptive products. However, much of this research is opaque and unavailable to the common software developer, being dished out to those parties known to have an interest in it rather than widespread dissemination and collaboration like the Open Source world enjoys. Bringing modern Open Source practices into institutional research provides a better means of spreading, utilizing and commercializing these technologies and fulfilling the basic charters of these institutions. I have spent the last year and a half changing how government research interfaces with the Open Source world in order to take advantage of these new, superior models. I would like to share my tactics, my successes, my setbacks and my vision for where we are going and how it will change the world. The United States and other governments spend tens, if not hundreds of billions of dollars per year funding research for the benefit of their own populations and of mankind. This research results in large amounts of software technology in bleeding edge areas that is ripe for development into disruptive products. However, much of this research is opaque and unavailable to the common software developer, being dished out to those parties known to have an interest in it rather than widespread dissemination and collaboration like the Open Source world enjoys. Bringing modern Open Source practices into institutional research provides a better means of spreading, utilizing and commercializing these technologies and fulfilling the basic charters of these institutions. I have spent the last year and a half changing how government research interfaces with the Open Source world in order to take advantage of these new, superior models. I would like to share my tactics, my successes, my setbacks and my vision for where we are going and how it will change the world. false Paul Berg 2017-10-07T08:30:00-07:00 15:30 00:50 Room 5104 Longer Talk 363-software-patents-global-trends Something different In the developer community, nobody cares where their collaborators are physically located. It's a completely different story for legal practitioners and others who look at the licenses, patents and treaties that dictate what's feasible, what's expensive and what's impossible -- or even illegal. Software production has become rapid, diverse and global and in many instances, regulators have been struggling to keep up. While lawmakers, treaty drafters and standards setting organizations may feel ready for action, many of their proposed actions need considerably more input from global free and software projects and companies. Project leaders and company executives need a high level understanding of the complex interplay between patents and copyright, the varying scope of patentability in different regions, as well as the impact of governmental and international bodies seeking to simplify or regulate the international production and use of software. This talk will give the audience a feel for current trends and offer resources for further education on many of the specific issues. With a global understanding of where things are headed, the free software community will be ready to impactfully address and respond to proposed policy decisions. In the developer community, nobody cares where their collaborators are physically located. It's a completely different story for legal practitioners and others who look at the licenses, patents and treaties that dictate what's feasible, what's expensive and what's impossible -- or even illegal. Software production has become rapid, diverse and global and in many instances, regulators have been struggling to keep up. While lawmakers, treaty drafters and standards setting organizations may feel ready for action, many of their proposed actions need considerably more input from global free and software projects and companies. Project leaders and company executives need a high level understanding of the complex interplay between patents and copyright, the varying scope of patentability in different regions, as well as the impact of governmental and international bodies seeking to simplify or regulate the international production and use of software. This talk will give the audience a feel for current trends and offer resources for further education on many of the specific issues. With a global understanding of where things are headed, the free software community will be ready to impactfully address and respond to proposed policy decisions. false Deb Nicholson 2017-10-07T09:30:00-07:00 16:30 00:50 Room 5104 Longer Talk 362-taking-license-compatibility-semi-seriously Something different License compatibility refers to the problem of creating combined works out of code under different, seemingly clashing FLOSS licenses. It most often arises where at least one of the licenses is in the GPL family. A surprising amount of intellectual energy, by developers, users, lawyers and "compliance professionals", has been devoted to dealing with the topic of license compatibility. Incompatibility is often spoken of as a significant open source compliance issue. But there has been very little critical analysis of the assumptions behind received wisdom about license compatibility. Where such analysis occurs, it seems to have little to do with the real-world behavior of developers and projects. This talk attempts to make some sense out of the topic of license compatibility, noting where it makes sense and where it doesn't. We'll discuss some interesting historical and contemporary cases, like ZFS and Linux. The talk will propose ways of adjusting how we think about license interpretation so that compatibility doctrine is on more solid ground and in line with the realities of community development. License compatibility refers to the problem of creating combined works out of code under different, seemingly clashing FLOSS licenses. It most often arises where at least one of the licenses is in the GPL family. A surprising amount of intellectual energy, by developers, users, lawyers and "compliance professionals", has been devoted to dealing with the topic of license compatibility. Incompatibility is often spoken of as a significant open source compliance issue. But there has been very little critical analysis of the assumptions behind received wisdom about license compatibility. Where such analysis occurs, it seems to have little to do with the real-world behavior of developers and projects. This talk attempts to make some sense out of the topic of license compatibility, noting where it makes sense and where it doesn't. We'll discuss some interesting historical and contemporary cases, like ZFS and Linux. The talk will propose ways of adjusting how we think about license interpretation so that compatibility doctrine is on more solid ground and in line with the realities of community development. false Richard Fontana 2017-10-07T03:45:00-07:00 10:45 00:50 Room 5102 Longer Talk 263-building-a-better-thermostat Hardware/IoT After returning from a recent trip that occurred during the middle of a heat wave. I arrived home to find my apartment quite hot, at least 45C inside. Needless to say it wasn’t the most comfortable way to come home after 15 days out of town, I decided it was time for me to do something about it to address this so I didn't come home to that unpleasant surprise again. Normally, this problem is solved by having a thermostat which controls the air conditioning. However, my apartment did not have a thermostat. So I decided to build one using open source software. This talk will cover how I went about solving my problem using existing software and protocols like home-assistant, MQTT, and also some new software that was created for this. It'll also discuss how using open software and home automation I was able to solve my issue but also make cooling my apartment smarter. After returning from a recent trip that occurred during the middle of a heat wave. I arrived home to find my apartment quite hot, at least 45C inside. Needless to say it wasn’t the most comfortable way to come home after 15 days out of town, I decided it was time for me to do something about it to address this so I didn't come home to that unpleasant surprise again. Normally, this problem is solved by having a thermostat which controls the air conditioning. However, my apartment did not have a thermostat. So I decided to build one using open source software. This talk will cover how I went about solving my problem using existing software and protocols like home-assistant, MQTT, and also some new software that was created for this. It'll also discuss how using open software and home automation I was able to solve my issue but also make cooling my apartment smarter. false Matthew Treinish 2017-10-07T06:30:00-07:00 13:30 00:20 Room 5102 Shorter Talk 273-automatically-watching-the-most-interesting-twitch-streams Entertainment without Burden Something different It can be tedious to watch multiple twitch streams at once, as streamers are constantly moving in and out of games, reading their subscriber messages, and doing other audience engagement tasks in the downtime. What if a viewer wants to just see the uptime, or the most interesting parts of live streams automatically? My solution to this problem (for one game at least) is called pubgredzone. It applies the NFL RedZone concept to an incredibly popular battle royale game called PlayerUnknown's BattleGrounds. This game starts with 100 players alive and lets them battle it out until one player remains, while constantly displaying the number of alive players in the top right corner of the screen. pubgredzone will poll Twitch for popular streams of this game, grab a frame from each of these streams, crop each frame down to just the number of players alive, and do OCR on these numbers to determine which stream has the fewest number of players alive. The website will then automatically switch to the determined "best" stream using LiveJS, that way the viewer only sees the interesting parts of the streams (people battling it out at the end to win. analgous to only seeing Touchdowns in NFL RedZone). I will give a high level overview of the game and the problem solved, how I built the webapp and plans for the future. Technologies used: - ImageMagick (crop images) - Tesseract (Object Character recognition) - ffmpeg (take a frame from a recorded Twtich stream) - livestreamer (library for recording Twitch streams) - LiveJS (automagically refresh viewers' browser tabs when stream changes) - jq (parse json received from Twitch API). It can be tedious to watch multiple twitch streams at once, as streamers are constantly moving in and out of games, reading their subscriber messages, and doing other audience engagement tasks in the downtime. What if a viewer wants to just see the uptime, or the most interesting parts of live streams automatically? My solution to this problem (for one game at least) is called pubgredzone. It applies the NFL RedZone concept to an incredibly popular battle royale game called PlayerUnknown's BattleGrounds. This game starts with 100 players alive and lets them battle it out until one player remains, while constantly displaying the number of alive players in the top right corner of the screen. pubgredzone will poll Twitch for popular streams of this game, grab a frame from each of these streams, crop each frame down to just the number of players alive, and do OCR on these numbers to determine which stream has the fewest number of players alive. The website will then automatically switch to the determined "best" stream using LiveJS, that way the viewer only sees the interesting parts of the streams (people battling it out at the end to win. analgous to only seeing Touchdowns in NFL RedZone). I will give a high level overview of the game and the problem solved, how I built the webapp and plans for the future. Technologies used: - ImageMagick (crop images) - Tesseract (Object Character recognition) - ffmpeg (take a frame from a recorded Twtich stream) - livestreamer (library for recording Twitch streams) - LiveJS (automagically refresh viewers' browser tabs when stream changes) - jq (parse json received from Twitch API). false Cullen Taylor 2017-10-07T07:00:00-07:00 14:00 00:50 Room 5102 Longer Talk 278-brewing-beer-with-linux-python-and-a-raspberrypi Hardware/IoT Making beer with open software is a blast! There are a host of open source programs available for driving the hardware required to brew awesome beer. This presentation will include an overview of the most popular brewing software available with special attention paid to the python-based project "CraftBeerPi". There will also be a detailed review of the system Christopher has been brewing beer with, including all-electric kettles and a temperature controlled fermentation chamber. Making beer with open software is a blast! There are a host of open source programs available for driving the hardware required to brew awesome beer. This presentation will include an overview of the most popular brewing software available with special attention paid to the python-based project "CraftBeerPi". There will also be a detailed review of the system Christopher has been brewing beer with, including all-electric kettles and a temperature controlled fermentation chamber. false Christopher Aedo 2017-10-07T08:30:00-07:00 15:30 00:50 Room 5102 Longer Talk 353-your-solution-is-not-my-problem Systems/Ops When you attend a conference, you're likely to see some really inspiring talks about how the speaker uses a particular technology or infrastructure stack. "Wow!" you think, "I'm going to go back to the office and try that out just like the speaker did it!" Before you do that, come see THIS talk. It hopefully will convince you that while your current infrastructure or solution isn't perfect, it may be exactly what you need while the shiny new solution you just learned about may not be a good fit at all. This talk will teach you: * How to discover the pain points in your infrastructure * How to determine the needs of your company & your team * How to apply this information to make an informed technology judgement call When you attend a conference, you're likely to see some really inspiring talks about how the speaker uses a particular technology or infrastructure stack. "Wow!" you think, "I'm going to go back to the office and try that out just like the speaker did it!" Before you do that, come see THIS talk. It hopefully will convince you that while your current infrastructure or solution isn't perfect, it may be exactly what you need while the shiny new solution you just learned about may not be a good fit at all. This talk will teach you: * How to discover the pain points in your infrastructure * How to determine the needs of your company & your team * How to apply this information to make an informed technology judgement call false Gareth J. Greenaway 2017-10-07T09:30:00-07:00 16:30 00:50 Room 5102 Longer Talk 357-hello-gmom Pushing back against loneliness in end-of-life care. Design/UI/UX/Accessibility #### Abstract **Content Warning:** This talk includes references to debilitating illness and death, but the emphasis is on quality of life and family. After suffering a debilitating stroke, Barbara, my girlfriend's grandmother, was left disabled, bed-bound, and mostly non-verbal. We visited often, and were with her when she passed earlier this year. For Christmas, I built her a web application to be a window into the life of her granddaughter. Research into providing end-of-life care reveals common feelings of powerlessness, isolation, and loneliness. A small web application provided a sense of connection and relevance, improving the quality of life for both grandmother and granddaughter. The application delivered MMS messages and photos from Barbara's family to a television in her room. The receiving device was a Raspberry Pi Zero. I purchased a phone number through Twilio and created a small Rails application to proxy MMS messages to the Pi Zero via a websocket connection. The tech is ordinary, about as far away from the cutting edge as it gets. I searched for commercial solutions, but couldn't find anything that met her specific situation and abilities. So I built it, and it's now my favorite thing I've ever shipped. The most important consideration for this project was the UX. For us, the people sending messages, integrating it into an existing communication habit increased the likelihood of regular use. Gmom had some short-term memory impairment, so cycling messages helped her remember them. Her eyesight was great--better than mine--but we still experimented with typography, color contrast, and layout to optimize her reading experience. Now that she's passed, I'm hoping that the project can be a foundation or inspiration for others to build tools that bring them closer to the people they love. This small project--a $5 computer and some "off-the-shelf" technology--increased the quality of life for all of us. #### Goals and Themes - **UX First**: Technology decisions were made through the lens of UX. Knowing my users well made the product viable. - **Off the shelf**: Using off the shelf parts and tools, I was able to increase the quality of life for my family. This is something we can all do. - **The power of community**: I was inspired by people I've met through the OSS community. #### References - Rokach, A. (2015) [The Dying and Those Who Care for Them](https://www.omicsonline.org/open-access/the-dying-and-those-who-care-for-them-jpc-1000101.php?aid=66704#5) - Ranjana, S. F.R.A.C.P. (2011) [The Loneliness of Visiting](http://www.nejm.org/doi/full/10.1056/NEJMp1013909?query=TOC&) - Marie Curie Briefing (undated) [Inequities in palliative care – isolation and loneliness](https://www.mariecurie.org.uk/globalassets/media/documents/policy/briefings-consultations/scotland-briefings/marie-curie-briefing-inequities-isolation-loneliness.pdf) #### Abstract **Content Warning:** This talk includes references to debilitating illness and death, but the emphasis is on quality of life and family. After suffering a debilitating stroke, Barbara, my girlfriend's grandmother, was left disabled, bed-bound, and mostly non-verbal. We visited often, and were with her when she passed earlier this year. For Christmas, I built her a web application to be a window into the life of her granddaughter. Research into providing end-of-life care reveals common feelings of powerlessness, isolation, and loneliness. A small web application provided a sense of connection and relevance, improving the quality of life for both grandmother and granddaughter. The application delivered MMS messages and photos from Barbara's family to a television in her room. The receiving device was a Raspberry Pi Zero. I purchased a phone number through Twilio and created a small Rails application to proxy MMS messages to the Pi Zero via a websocket connection. The tech is ordinary, about as far away from the cutting edge as it gets. I searched for commercial solutions, but couldn't find anything that met her specific situation and abilities. So I built it, and it's now my favorite thing I've ever shipped. The most important consideration for this project was the UX. For us, the people sending messages, integrating it into an existing communication habit increased the likelihood of regular use. Gmom had some short-term memory impairment, so cycling messages helped her remember them. Her eyesight was great--better than mine--but we still experimented with typography, color contrast, and layout to optimize her reading experience. Now that she's passed, I'm hoping that the project can be a foundation or inspiration for others to build tools that bring them closer to the people they love. This small project--a $5 computer and some "off-the-shelf" technology--increased the quality of life for all of us. #### Goals and Themes - **UX First**: Technology decisions were made through the lens of UX. Knowing my users well made the product viable. - **Off the shelf**: Using off the shelf parts and tools, I was able to increase the quality of life for my family. This is something we can all do. - **The power of community**: I was inspired by people I've met through the OSS community. #### References - Rokach, A. (2015) [The Dying and Those Who Care for Them](https://www.omicsonline.org/open-access/the-dying-and-those-who-care-for-them-jpc-1000101.php?aid=66704#5) - Ranjana, S. F.R.A.C.P. (2011) [The Loneliness of Visiting](http://www.nejm.org/doi/full/10.1056/NEJMp1013909?query=TOC&) - Marie Curie Briefing (undated) [Inequities in palliative care – isolation and loneliness](https://www.mariecurie.org.uk/globalassets/media/documents/policy/briefings-consultations/scotland-briefings/marie-curie-briefing-inequities-isolation-loneliness.pdf) false Jeremy 2017-10-07T03:45:00-07:00 10:45 00:50 Room 3187 Longer Talk 314-open-source-from-standing-rock-to-your-home-community Technology for protecting water, earth, and people Something different At Standing Rock we had as many as 20,000 people living in open fields, along a hillside, and tucked behind a grove of trees, all without the modern infrastructure that makes a city of that size function today. The community at the camps had to generate our own electricity, bring Internet from 10 miles away without access to the fiber lines, boost cell phone signals from far away, communicate over handheld radios, get safe water to everyone, manage waste, and generally stay warm and well fed even through the harsh winter. We did all this while sustaining serious attacks on our equipment from private security infiltrators. The lessons from that experience can be useful whether you are joining one of the many currently active water protector camps around the US or trying to find ways to be more sustainable in your own community. Consider a variety of methods for power generation, and why some won out at Standing Rock but others may be better elsewhere. How do you keep electricity use within your generation capacit? Every community needs to choose its trade-offs, but lots of money or lots of time can give you almost anything you want. LED holiday lights are super useful, too. Internet connectivity is a must, but how do you get it? Hint: Satellite probably isn't the answer, unless you have a sponsor with VERY deep pockets. Ubiquiti gear is one good option if you have an ISP that will work with you to extend their reach to your camp or community. 4GLTE may work for your camp or community, too, and a few boosting techniques can make it reach a larger area AND improve speed (to a point). Local caching of frequently needed pages can help decrease total bandwidth usage to the ISP, and a local Intranet can give you even more advantages: A Mumble server for encrypted comms, Discord for local conversations, a community news site with calendar of events, and/or locally hosted resources for students in your school(s). Get your Ham license. It's way more useful than you imagine, even if it isn't "private" at all. Better still, you can use your Ham license to build and pilot better drones than the ones you can get off the shelf. It may not seem glamorous, but getting safe water and managing waste is really important, too. There are low-tech and higher-tech solutions for the sustainability-minded hacktivist. As a special bonus, learn the wonderful game of "A--hole or Infiltrator", because, let's face it, we all do stupid things. At Standing Rock we had as many as 20,000 people living in open fields, along a hillside, and tucked behind a grove of trees, all without the modern infrastructure that makes a city of that size function today. The community at the camps had to generate our own electricity, bring Internet from 10 miles away without access to the fiber lines, boost cell phone signals from far away, communicate over handheld radios, get safe water to everyone, manage waste, and generally stay warm and well fed even through the harsh winter. We did all this while sustaining serious attacks on our equipment from private security infiltrators. The lessons from that experience can be useful whether you are joining one of the many currently active water protector camps around the US or trying to find ways to be more sustainable in your own community. Consider a variety of methods for power generation, and why some won out at Standing Rock but others may be better elsewhere. How do you keep electricity use within your generation capacit? Every community needs to choose its trade-offs, but lots of money or lots of time can give you almost anything you want. LED holiday lights are super useful, too. Internet connectivity is a must, but how do you get it? Hint: Satellite probably isn't the answer, unless you have a sponsor with VERY deep pockets. Ubiquiti gear is one good option if you have an ISP that will work with you to extend their reach to your camp or community. 4GLTE may work for your camp or community, too, and a few boosting techniques can make it reach a larger area AND improve speed (to a point). Local caching of frequently needed pages can help decrease total bandwidth usage to the ISP, and a local Intranet can give you even more advantages: A Mumble server for encrypted comms, Discord for local conversations, a community news site with calendar of events, and/or locally hosted resources for students in your school(s). Get your Ham license. It's way more useful than you imagine, even if it isn't "private" at all. Better still, you can use your Ham license to build and pilot better drones than the ones you can get off the shelf. It may not seem glamorous, but getting safe water and managing waste is really important, too. There are low-tech and higher-tech solutions for the sustainability-minded hacktivist. As a special bonus, learn the wonderful game of "A--hole or Infiltrator", because, let's face it, we all do stupid things. false Elior Sterling 2017-10-07T06:30:00-07:00 13:30 00:20 Room 3187 Shorter Talk 337-diverse-t-shirts-for-diverse-people Something different Did you know that most people are not the same as most other people? I know, it surprised me too. It turns out, that the differences that people share also affect the sort of clothing that fits them. Different people have different shapes. Different people like different colours. T-shirt manufacturers, however, aren't always great at reflecting this diversity. Fewer colours are available in "women's cuts" than in "men's cuts". The colours available in larger sizes are not the colours available in smaller sizes. Some women do not fit into the same sorts of fitted t-shirt as other women. Not all men want "men's cut" shirts. People in tech love t-shirts, and they can be a great way to get people to do free advertising for you. But for that to work, you need people to actually want to wear your shirt. Over the last few years, the conferences that I've run have started working on ways to make our attendees enjoy their conference t-shirts more, with excellent results. I'd like to share these strategies with you so that we can fit more people into more excellent t-shirts. Did you know that most people are not the same as most other people? I know, it surprised me too. It turns out, that the differences that people share also affect the sort of clothing that fits them. Different people have different shapes. Different people like different colours. T-shirt manufacturers, however, aren't always great at reflecting this diversity. Fewer colours are available in "women's cuts" than in "men's cuts". The colours available in larger sizes are not the colours available in smaller sizes. Some women do not fit into the same sorts of fitted t-shirt as other women. Not all men want "men's cut" shirts. People in tech love t-shirts, and they can be a great way to get people to do free advertising for you. But for that to work, you need people to actually want to wear your shirt. Over the last few years, the conferences that I've run have started working on ways to make our attendees enjoy their conference t-shirts more, with excellent results. I'd like to share these strategies with you so that we can fit more people into more excellent t-shirts. false Christopher Neugebauer 2017-10-07T07:00:00-07:00 14:00 00:50 Room 3187 Longer Talk 350-the-rhythm-of-patterns Something different Human beings have evolved to recognise patterns: In weather, in plants, in stellar movements. We do this intuitively to make order out of the abstract. Patterns are so ingrained that, even without knowing, we imbue patterns in everything we create - to make order out of what would otherwise be chaos. In this talk I’ll use music and rhythm to introduce you to the power of patterns and how they affect your thinking and the software you build and use. There will be a brief demo, and then the audience and I will create a Balinese Monkey Chant together to demonstrate how simple patterns interweave to make more complex creations and how you can apply this thinking to software development. You’ll learn: - The shared pattern characteristics of music and software. - How simple patterns layer into complex creations. - Balinese Monkey music is fun. Human beings have evolved to recognise patterns: In weather, in plants, in stellar movements. We do this intuitively to make order out of the abstract. Patterns are so ingrained that, even without knowing, we imbue patterns in everything we create - to make order out of what would otherwise be chaos. In this talk I’ll use music and rhythm to introduce you to the power of patterns and how they affect your thinking and the software you build and use. There will be a brief demo, and then the audience and I will create a Balinese Monkey Chant together to demonstrate how simple patterns interweave to make more complex creations and how you can apply this thinking to software development. You’ll learn: - The shared pattern characteristics of music and software. - How simple patterns layer into complex creations. - Balinese Monkey music is fun. false Susan Harris 2017-10-07T08:30:00-07:00 15:30 00:50 Room 3187 Longer Talk 385-keep-it-secret-keep-it-safe Who's In Control Of Your Medical Data? Something different The high-tech industry has revolutionized healthcare, ushering in an amazing new era of medicine, but both providers and patients have struggled to keep up with changes in how we track healthcare data. Widespread digitization of medical records has the promise to be a step forward in the advancement of treatment, but there are several pitfalls that we must avoid to ensure that patients retain control over personal data, are empowered to use open formats, and can access data using FOSS tools. - How much do you know about Electronic Health Records (EHR/EMR)? - Do you have a local digital copy of your family's medical records? - How confident are you that your doctors _can_ and _will_ keep your personal information private and secure? This talk will provide an introduction to EHR systems, healthcare apps, and both open & closed formats for medical data. We'll discuss legal aspects of medical data, HIPAA, genetic rights, and suggest ways to increase privacy, reduce personal risk, and retain greater control over _who_ gets to see _which_ of your records (and _when_!) The high-tech industry has revolutionized healthcare, ushering in an amazing new era of medicine, but both providers and patients have struggled to keep up with changes in how we track healthcare data. Widespread digitization of medical records has the promise to be a step forward in the advancement of treatment, but there are several pitfalls that we must avoid to ensure that patients retain control over personal data, are empowered to use open formats, and can access data using FOSS tools. - How much do you know about Electronic Health Records (EHR/EMR)? - Do you have a local digital copy of your family's medical records? - How confident are you that your doctors _can_ and _will_ keep your personal information private and secure? This talk will provide an introduction to EHR systems, healthcare apps, and both open & closed formats for medical data. We'll discuss legal aspects of medical data, HIPAA, genetic rights, and suggest ways to increase privacy, reduce personal risk, and retain greater control over _who_ gets to see _which_ of your records (and _when_!) false Robinson Tryon 2017-10-07T09:30:00-07:00 16:30 00:50 Room 3187 Longer Talk 287-how-to-build-a-cd-pipeline-for-your-systems Systems/Ops Show how to use pipeline tools such as Jenkins in conjunction with configuration management and testing software to build a CD pipeline for systems. Will cover the ideas behind building a CD pipeline, what types of testing are used and at what stages. The talk will be vendor neutral with regards to how this is achieved along with practical guides to commonly used software for each step. Show how to use pipeline tools such as Jenkins in conjunction with configuration management and testing software to build a CD pipeline for systems. Will cover the ideas behind building a CD pipeline, what types of testing are used and at what stages. The talk will be vendor neutral with regards to how this is achieved along with practical guides to commonly used software for each step. false garrett honeycutt 2017-10-07T03:45:00-07:00 10:45 00:50 Room 3199 Longer Talk 321-philosophy-in-code I Kant Even Programming Coding in practice is a perpetual learning experience.  It can be daunting when first tackling a new language, framework, legacy codebase, etc. Immanuel Kant outlined some thought tools for making sense of vast new intellectual territory and eventually conquering them.  I have found the application of these insights enormously helpful over the years. This talk will aim to pass along those tools and techniques, and hopefully make the beginning of future challenges less intimidating. Coding in practice is a perpetual learning experience.  It can be daunting when first tackling a new language, framework, legacy codebase, etc. Immanuel Kant outlined some thought tools for making sense of vast new intellectual territory and eventually conquering them.  I have found the application of these insights enormously helpful over the years. This talk will aim to pass along those tools and techniques, and hopefully make the beginning of future challenges less intimidating. false Margaret 2017-10-07T06:00:00-07:00 13:00 00:20 Room 3199 Shorter Talk 316-you-can-t-unit-test-c-right Programming Testing is a wonderful thing. Code with good tests is so much easier to work with and change due to the comfort the tests provide that you haven't broken anything you didn't expect to break. C can be a tricky language to work in. It compiles to static code. It's incredibly low-level compared to many of the languages people use these days. It also comes with a delightfully bewildering and wide array of ways to very effectively shoot yourself in the foot. On top of that the POSIX API implementations C code often relies on don't lend themselves to easy testing, especially of unhappy paths. Which means that while we should absolutely be testing our C code it should be really hard to unit test, right? Join me for a quick overview of the ways in which C can be unit tested, including ways to push around the POSIX APIs, and how you too can increase your C code's level of comfort. Testing is a wonderful thing. Code with good tests is so much easier to work with and change due to the comfort the tests provide that you haven't broken anything you didn't expect to break. C can be a tricky language to work in. It compiles to static code. It's incredibly low-level compared to many of the languages people use these days. It also comes with a delightfully bewildering and wide array of ways to very effectively shoot yourself in the foot. On top of that the POSIX API implementations C code often relies on don't lend themselves to easy testing, especially of unhappy paths. Which means that while we should absolutely be testing our C code it should be really hard to unit test, right? Join me for a quick overview of the ways in which C can be unit tested, including ways to push around the POSIX APIs, and how you too can increase your C code's level of comfort. false Benno Rice 2017-10-07T06:30:00-07:00 13:30 00:20 Room 3199 Shorter Talk 315-how-to-get-a-cross-project-feature-landed-in-openstack Or how I plotted to obtain success... Programming A little over two years ago, I was told in a Vancouver conference center meeting room, "Two others have tried to propose that feature, but they have both failed". I knew it was the right path to take. I knew people in the room and the larger community wanted to go in that direction. The question was how? In this this talk, I'll cover my experience building consensus on design, setting expectations across the community, and rallying people together to reach critical mass to land a complex cross project feature in a project such as OpenStack. A little over two years ago, I was told in a Vancouver conference center meeting room, "Two others have tried to propose that feature, but they have both failed". I knew it was the right path to take. I knew people in the room and the larger community wanted to go in that direction. The question was how? In this this talk, I'll cover my experience building consensus on design, setting expectations across the community, and rallying people together to reach critical mass to land a complex cross project feature in a project such as OpenStack. false Julia Kreger 2017-10-07T07:00:00-07:00 14:00 00:50 Room 3199 Longer Talk 257-scaling-applications-with-redis practical lessons from real world experience Data/AI/ML Using Redis for - Caching - As queue for running background jobs - Storing rapidly changing data I will be sharing real world examples of practical solutions to scale applications. It will be intermediate to advanced level talk. It is best to have some Redis experience and understanding of key/value data stores, caching and queues. Or exposure to alternative technologies such as Memcache or RabbitMQ. Checkout https://www.meetup.com/Seattle-Redis for more Redis info. For those of you who could not attend, here are the slides https://docs.google.com/presentation/d/1ohEaLzaUMDy5uA2VcdEw4WtdZyqroOhK8a_W32bU_T8/edit?usp=sharing Using Redis for - Caching - As queue for running background jobs - Storing rapidly changing data I will be sharing real world examples of practical solutions to scale applications. It will be intermediate to advanced level talk. It is best to have some Redis experience and understanding of key/value data stores, caching and queues. Or exposure to alternative technologies such as Memcache or RabbitMQ. Checkout https://www.meetup.com/Seattle-Redis for more Redis info. For those of you who could not attend, here are the slides https://docs.google.com/presentation/d/1ohEaLzaUMDy5uA2VcdEw4WtdZyqroOhK8a_W32bU_T8/edit?usp=sharing false Dmitry Polyakovsky 2017-10-07T08:30:00-07:00 15:30 00:50 Room 3199 Longer Talk 396-platform-agnostic-and-self-organizing-software-packages Systems/Ops One of the dreams of development is to build a software package once, then be able to deploy it anywhere. With current Open Source projects this dream is closer than ever. Come to this talk to learn how to create software packages that run (almost) anywhere. You will see how the same application can be run on bare metal, on a VM, or in a container - with everything needed to automate that application already built into the package itself. This even works with a mixed infrastructure - metal for your static compute heavy loads, vms for your persistent data stores, and ephemeral short lived containers for you applications managed by Kubernetes or other container scheduling services. Come to this talk to also learn how to build and deploy these packages with the intelligence to self organize into topologies, no central orchestrator needed. Learn how the dream of platform agnostic and self organizing packages is fulfilled today and where it will evolve in the future. One of the dreams of development is to build a software package once, then be able to deploy it anywhere. With current Open Source projects this dream is closer than ever. Come to this talk to learn how to create software packages that run (almost) anywhere. You will see how the same application can be run on bare metal, on a VM, or in a container - with everything needed to automate that application already built into the package itself. This even works with a mixed infrastructure - metal for your static compute heavy loads, vms for your persistent data stores, and ephemeral short lived containers for you applications managed by Kubernetes or other container scheduling services. Come to this talk to also learn how to build and deploy these packages with the intelligence to self organize into topologies, no central orchestrator needed. Learn how the dream of platform agnostic and self organizing packages is fulfilled today and where it will evolve in the future. false Nell Shamrell 2017-10-07T09:30:00-07:00 16:30 00:50 Room 3199 Longer Talk 267-open-broadcasting-software Something different OBS Studio is a FLOSS application that puts you in the directors chair for live streaming or recording. It is built as an application to help video game or creative streamers share their computer screens with a live audience, but it's power goes beyond that. Anyone who is using their computer to tell a story can benefit from the professional touch that OBS can provide. It can manage multiple capture devices, independently combine captured window areas, and overlay text and graphics. I'll show you what this software can do and what you can do with it. A simple example: Presenters often like to include their twitter handle on their slides. When the presenter goes to the terminal, the twitter handle isn't displayed. If the presenter uses obs studio to control the projector display, obs studio can trivially be configured to overlay a twitter handle, company graphic, whatever. ~~~~~ notes for committee ~~~~~~ Hi!!! I'm Spencer. Get hype for SeaGL hyperoni! I'm going to talk about what OBS was built for, and how to do some basic things with it. Then I'll talk about the other applications I've discovered and started using: booth displays, conference presentations, etc. I'll also spend a little bit talking about how OBS Studio is not a typical FLOSS application. Their install base is massive, their twitter account has over 70k followers, the application was built for windows first, but works on Linux. If you go to a computer parts store and look at high-to-medium end webcams and microphones, they have 'works with OBS' stamped on the box. Not since the Tux stickers have we seen that on consumer electronics. goals: how can a meetup group use this to stream the presentation OBS Studio is a FLOSS application that puts you in the directors chair for live streaming or recording. It is built as an application to help video game or creative streamers share their computer screens with a live audience, but it's power goes beyond that. Anyone who is using their computer to tell a story can benefit from the professional touch that OBS can provide. It can manage multiple capture devices, independently combine captured window areas, and overlay text and graphics. I'll show you what this software can do and what you can do with it. A simple example: Presenters often like to include their twitter handle on their slides. When the presenter goes to the terminal, the twitter handle isn't displayed. If the presenter uses obs studio to control the projector display, obs studio can trivially be configured to overlay a twitter handle, company graphic, whatever. ~~~~~ notes for committee ~~~~~~ Hi!!! I'm Spencer. Get hype for SeaGL hyperoni! I'm going to talk about what OBS was built for, and how to do some basic things with it. Then I'll talk about the other applications I've discovered and started using: booth displays, conference presentations, etc. I'll also spend a little bit talking about how OBS Studio is not a typical FLOSS application. Their install base is massive, their twitter account has over 70k followers, the application was built for windows first, but works on Linux. If you go to a computer parts store and look at high-to-medium end webcams and microphones, they have 'works with OBS' stamped on the box. Not since the Tux stickers have we seen that on consumer electronics. goals: how can a meetup group use this to stream the presentation false Spencer Krum 2017-10-07T03:45:00-07:00 10:45 00:50 Room 1113 Longer Talk 380-introduction-to-containers-on-linux Using Common Container Runtimes from a User's Perspective Systems/Ops Containers are an increasingly common tool everywhere. They're used in the software development process, debugging, and in production services. As a Linux desktop user you can similarly benefit from technologies built with containers. Like virtual machines they will enable you to install apps, test out a new Linux distro, or simply learn how containers work. This talk is geared towards users of desktop Linux who have had basic experience with the command-line. It will cover how they can easily explore container technologies such as LXD, Docker, and rkt to try out new technologies, build packages, and run old programs. By the end of the talk everyone will be able to understand the differences between container technologies, launching and stopping containers, exposing services run inside containers, and creating new containers using Docker. Containers are an increasingly common tool everywhere. They're used in the software development process, debugging, and in production services. As a Linux desktop user you can similarly benefit from technologies built with containers. Like virtual machines they will enable you to install apps, test out a new Linux distro, or simply learn how containers work. This talk is geared towards users of desktop Linux who have had basic experience with the command-line. It will cover how they can easily explore container technologies such as LXD, Docker, and rkt to try out new technologies, build packages, and run old programs. By the end of the talk everyone will be able to understand the differences between container technologies, launching and stopping containers, exposing services run inside containers, and creating new containers using Docker. false Ben Kero 2017-10-07T06:30:00-07:00 13:30 00:20 Room 1113 Shorter Talk 329-the-journey-to-open-source-the-net-documentation Building community around docs Documentation Is it possible to build an open source community around docs? Microsoft, and more specifically the .NET team, have completely embraced open source for all things .NET! Not just the products and tools, but also its documentation. In this presentation, attendees will learn about the journey to open source the .NET documentation, including its API reference. You’ll learn how to apply the lessons we’ve learned building a community around a product and its documentation. You’ll become more involved with your customer base, delighting them with your efforts. Is it possible to build an open source community around docs? Microsoft, and more specifically the .NET team, have completely embraced open source for all things .NET! Not just the products and tools, but also its documentation. In this presentation, attendees will learn about the journey to open source the .NET documentation, including its API reference. You’ll learn how to apply the lessons we’ve learned building a community around a product and its documentation. You’ll become more involved with your customer base, delighting them with your efforts. false Maira Wenzel 2017-10-07T07:00:00-07:00 14:00 00:50 Room 1113 Longer Talk 261-creating-fresh-kernels Systems/Ops The kernel is an important part of every Linux system. The Linux kernel releases a new version approximately every 3 months and brings in a large number of changes with each release. There are a variety of choices distributions can make for kernels, from choosing a single kernel version to support for many years to updating to the newest version as soon as it comes out. This talk is designed to give an overview of what goes in to choosing a kernel for a distribution. Topics will include how the kernel development process works, how that can drive decisions about what kernel version to use, and how users can influence the kernel process. The kernel is an important part of every Linux system. The Linux kernel releases a new version approximately every 3 months and brings in a large number of changes with each release. There are a variety of choices distributions can make for kernels, from choosing a single kernel version to support for many years to updating to the newest version as soon as it comes out. This talk is designed to give an overview of what goes in to choosing a kernel for a distribution. Topics will include how the kernel development process works, how that can drive decisions about what kernel version to use, and how users can influence the kernel process. false labbott 2017-10-07T08:30:00-07:00 15:30 00:50 Room 1113 Longer Talk 369-writing-the-next-great-tech-book From Idea to Successful Publication Documentation You have an idea for the next great technical book. Maybe you're excited about a new technology that nobody's written about yet. Maybe you're unimpressed with the books that are out there on your favorite topic. Maybe writing a book is on your bucket list. This session will help your idea reach its potential as a published book. Technical publishing is an opaque process with a lot of moving parts, which can be confusing for outsiders to navigate. This session will guide you through the steps you should take to turn an idea into a proposal that a publisher will accept, and what to expect from the publishing experience. Creating a great technical book takes more than a good idea. It also requires a knowledge of the market, to determine whether there's an audience willing to buy, or whether the space is too crowded to accept new entries. Publishers vary in their approach and target markets, so you need to determine which one will provide the best chance of success. Self-publishing is an option, but carries its own risks and benefits. Doing the setup work that you may not have thought about yet will help you create a proposal that will appeal to publishers, and will also make the writing process easier. Once you have a contract with a publisher, or have decided to self-publish, it's more than just a matter of putting the words in order. Finding the right environment, setting a schedule, and communicating with your editor are all critical to success. This session will explain how the process works, highlight the parts you may not know, and give you advice on how not to get overwhelmed by your project. This talk will cover: - The various motivations for writing a tech book - Traditional vs. self-publishing - How to craft a quality proposal - What to expect from the publishing process - How to make writing easier and more enjoyable You have an idea for the next great technical book. Maybe you're excited about a new technology that nobody's written about yet. Maybe you're unimpressed with the books that are out there on your favorite topic. Maybe writing a book is on your bucket list. This session will help your idea reach its potential as a published book. Technical publishing is an opaque process with a lot of moving parts, which can be confusing for outsiders to navigate. This session will guide you through the steps you should take to turn an idea into a proposal that a publisher will accept, and what to expect from the publishing experience. Creating a great technical book takes more than a good idea. It also requires a knowledge of the market, to determine whether there's an audience willing to buy, or whether the space is too crowded to accept new entries. Publishers vary in their approach and target markets, so you need to determine which one will provide the best chance of success. Self-publishing is an option, but carries its own risks and benefits. Doing the setup work that you may not have thought about yet will help you create a proposal that will appeal to publishers, and will also make the writing process easier. Once you have a contract with a publisher, or have decided to self-publish, it's more than just a matter of putting the words in order. Finding the right environment, setting a schedule, and communicating with your editor are all critical to success. This session will explain how the process works, highlight the parts you may not know, and give you advice on how not to get overwhelmed by your project. This talk will cover: - The various motivations for writing a tech book - Traditional vs. self-publishing - How to craft a quality proposal - What to expect from the publishing process - How to make writing easier and more enjoyable false Brian MacDonald 2017-10-07T09:30:00-07:00 16:30 00:50 Room 1113 Longer Talk 386-intermediate-shell-scripting-getting-more-bash-for-your Systems/Ops Want to take your shell scripting to the next level? Interested in adding string manipulation and arrays to your arsenal? In shell math? Shell still has the best system integration for stringing together our favorite command line tools such as ls, grep and sed. Better yet is doing some of that work in the shell without reaching for a forked program, especially inside loops. This presentation will cover intermediate scripting techniques and useful command line tips. After attending this session, audience members will understand string operators, in shell math, indexed arrays and associative arrays. They will also be familiar with regular expressions, globbing and differences between the two. Finally, attendees will be familiar with useful builtin variables. Want to take your shell scripting to the next level? Interested in adding string manipulation and arrays to your arsenal? In shell math? Shell still has the best system integration for stringing together our favorite command line tools such as ls, grep and sed. Better yet is doing some of that work in the shell without reaching for a forked program, especially inside loops. This presentation will cover intermediate scripting techniques and useful command line tips. After attending this session, audience members will understand string operators, in shell math, indexed arrays and associative arrays. They will also be familiar with regular expressions, globbing and differences between the two. Finally, attendees will be familiar with useful builtin variables. false der.hans 2017-10-07T11:00:00-07:00 18:00 03:45 Silver Cloud Inn Party 407-official-seagl-2017-party * Silver Cloud Hotel * 1100 Broadway * Seattle, WA 98122 * Entertainment * Refreshments * Snacks * All Ages Welcome * Silver Cloud Hotel * 1100 Broadway * Seattle, WA 98122 * Entertainment * Refreshments * Snacks * All Ages Welcome false Adam Monsen