169 seagl2018 2018-11-08 2018-11-10 3 00:05 2018-11-08T02:00:00-08:00 10:00 05:00 Chef Seattle Offices Pre-SeaGL Tutorial 585-tutorial-learn-kubernetes-habitat Interested in [Kubernetes](https://kubernetes.io)? Curious about [Habitat](https://www.habitat.sh)? You're in luck! Thanks to IBM and Chef you can learn them for free! Join us on **November 8th, the day before SeaGL starts**, for a workshop at hosted in the Chef offices in Seattle. You'll learn the basics of Kubernetes and how to get great results with Habitat in a Kubernetes cluster. Ideally you'll come out excited and confident to use Kubernetes and Habitat in your own projects. Thanks to IBM donating a robust public Kubernetes cluster (which will be available for a month), you'll even be able to practice what you learn after the tutorial is done! Space is limited and [RSVPs are required](https://www.eventbrite.com/e/ibmxchef-kubernetes-workshops-tickets-52024461565?ref=estw). Here are the vitals: * **When**: Thursday November 8, 2018 from 10-3 * **Where**: Chef Software Inc. located at 619 Western Ave, Seattle, WA 98104 * **Who**: Anyone and everyone, which is to say: You! * **How much**: Absolutely free (just like SeaGL!) * **What**: IBM workshop on Kubernetes, food break, Chef/Habitat workshop * [**RSVP Link**](https://www.eventbrite.com/e/ibmxchef-kubernetes-workshops-tickets-52024461565?ref=estw) Hope to see you there! Interested in [Kubernetes](https://kubernetes.io)? Curious about [Habitat](https://www.habitat.sh)? You're in luck! Thanks to IBM and Chef you can learn them for free! Join us on **November 8th, the day before SeaGL starts**, for a workshop at hosted in the Chef offices in Seattle. You'll learn the basics of Kubernetes and how to get great results with Habitat in a Kubernetes cluster. Ideally you'll come out excited and confident to use Kubernetes and Habitat in your own projects. Thanks to IBM donating a robust public Kubernetes cluster (which will be available for a month), you'll even be able to practice what you learn after the tutorial is done! Space is limited and [RSVPs are required](https://www.eventbrite.com/e/ibmxchef-kubernetes-workshops-tickets-52024461565?ref=estw). Here are the vitals: * **When**: Thursday November 8, 2018 from 10-3 * **Where**: Chef Software Inc. located at 619 Western Ave, Seattle, WA 98104 * **Who**: Anyone and everyone, which is to say: You! * **How much**: Absolutely free (just like SeaGL!) * **What**: IBM workshop on Kubernetes, food break, Chef/Habitat workshop * [**RSVP Link**](https://www.eventbrite.com/e/ibmxchef-kubernetes-workshops-tickets-52024461565?ref=estw) Hope to see you there! false expohall 2018-11-09T01:30:00-08:00 09:30 00:25 Theatre Keynote 579-open-source-today-individuals-need-not-apply The open source software ecosystem has seen major changes since the term "open source" was coined and adopted 20 years ago. The scale and complexity of open source projects have increased, professional development practices like software testing at the project level have been introduced, and the infusion of money into development has created a different landscape for contributors and companies. In this modern world of open source software with the tremendous success in terms of adoption and business investment, is there still a place for individual open source enthusiasts? The open source software ecosystem has seen major changes since the term "open source" was coined and adopted 20 years ago. The scale and complexity of open source projects have increased, professional development practices like software testing at the project level have been introduced, and the infusion of money into development has created a different landscape for contributors and companies. In this modern world of open source software with the tremendous success in terms of adoption and business investment, is there still a place for individual open source enthusiasts? false Elizabeth K. Joseph 2018-11-09T02:00:00-08:00 10:00 00:25 Theatre Keynote 581-insecure-connections-love-and-mental-health-in-our-digital-lives The lens through which we view--and know--what it means to love, to be ourselves, and to connect with others is now backed by microchips and millions of lines of code. As our lives continue to become increasingly managed by our devices, we need to ask ourselves what we're gaining--and what we're giving up--by allowing technology into the spaces that make our hearts ache and that keep us up at night. This talk will weave together two narratives essential to many people: health and love. It will examine the ways in which both of these topics have become entwined with computing, what that means for us as individuals, and what that means for our individual and societal user freedoms. The lens through which we view--and know--what it means to love, to be ourselves, and to connect with others is now backed by microchips and millions of lines of code. As our lives continue to become increasingly managed by our devices, we need to ask ourselves what we're gaining--and what we're giving up--by allowing technology into the spaces that make our hearts ache and that keep us up at night. This talk will weave together two narratives essential to many people: health and love. It will examine the ways in which both of these topics have become entwined with computing, what that means for us as individuals, and what that means for our individual and societal user freedoms. false Molly de Blanc 2018-11-09T02:45:00-08:00 10:45 00:50 Room 3180 Longer Talk 502-intro-to-machine-learning-with-scikit-learn Data, AI, ML #### Overview This talk will give a tour of the **scikit-learn** project, an open source python platform for doing most types of modern machine learning. Scikit-learn is used in all corners of the machine learning world, from early prototypes to production models, both in academia and industry. This powerful tool kit has been carefully maintained to provide high quality, thoroughly documented code and a consistent developer experience. The web site, **scikit-learn.org**, provides a great wealth of introductory material and tutorials, development guides and code documentation, and links to primary research. In this talk, we'll cover the following topics: #### Supervised Machine Learning - Building a basic machine learning classifier - Demonstrating how easy it is to try additional classifiers with minimal code changes - A brief discussion of how to compare the efficacy of different classifiers #### Unsupervised Machine Learning - Running a basic data clustering algorithm - Again demonstrating how easy it is to swap algorithms - Comparing the results of different algorithms, and discussing how a practitioner might choose between them #### Data Processing - A brief overview of the data preprocessing tools available in the scikit-learn platform Participants will gain the knowledge they need to begin their own course of study into pratical machine learning, and will be introduced to helpful resources to lean on during the learning process. The code used in the talk will also be available on github after the talk. #### Overview This talk will give a tour of the **scikit-learn** project, an open source python platform for doing most types of modern machine learning. Scikit-learn is used in all corners of the machine learning world, from early prototypes to production models, both in academia and industry. This powerful tool kit has been carefully maintained to provide high quality, thoroughly documented code and a consistent developer experience. The web site, **scikit-learn.org**, provides a great wealth of introductory material and tutorials, development guides and code documentation, and links to primary research. In this talk, we'll cover the following topics: #### Supervised Machine Learning - Building a basic machine learning classifier - Demonstrating how easy it is to try additional classifiers with minimal code changes - A brief discussion of how to compare the efficacy of different classifiers #### Unsupervised Machine Learning - Running a basic data clustering algorithm - Again demonstrating how easy it is to swap algorithms - Comparing the results of different algorithms, and discussing how a practitioner might choose between them #### Data Processing - A brief overview of the data preprocessing tools available in the scikit-learn platform Participants will gain the knowledge they need to begin their own course of study into pratical machine learning, and will be introduced to helpful resources to lean on during the learning process. The code used in the talk will also be available on github after the talk. false Hailey Buckingham 2018-11-09T05:30:00-08:00 13:30 00:50 Room 3180 Longer Talk 551-hack-your-clothes-merging-and-patching-textiles Something different Many FLOSS enthusiasts exact perfect control of every bit and byte in their digital lives, but feel helpless at the mercy of clothing manufacturers to mass-produce garments for them. Sewing is an under-appreciated technology which allows you to modify, resize, and even duplicate your proprietary garments, or design your own! This talk will take a quick spin through the underlying principles of fabric materials and construction, then share everything you need to know to mend, re-shape, or add pockets to your clothes. And of course, we’ll talk about when you should and shouldn’t sew with floss. Slides online at http://talks.edunham.net/seagl2018/sewingtalk.pdf Many FLOSS enthusiasts exact perfect control of every bit and byte in their digital lives, but feel helpless at the mercy of clothing manufacturers to mass-produce garments for them. Sewing is an under-appreciated technology which allows you to modify, resize, and even duplicate your proprietary garments, or design your own! This talk will take a quick spin through the underlying principles of fabric materials and construction, then share everything you need to know to mend, re-shape, or add pockets to your clothes. And of course, we’ll talk about when you should and shouldn’t sew with floss. Slides online at http://talks.edunham.net/seagl2018/sewingtalk.pdf false edunham 2018-11-09T07:00:00-08:00 15:00 00:50 Room 3180 Longer Talk 494-smart-greenhouses-with-iot-machine-learning-and-sometimes-plants Hardware, IoT What does it take to grow food all year round in the Pacific North West when you are a lazy software engineer? This talk walks through the journey of one who has taken up the challenge of growing food with as much technology and as little effort as possible. The end-result of this journey is one of the most advanced greenhouses in the PNW. Topics include supplemental greenhouse lighting control, energy efficient heating/cooling, visual computing to estimate plant growth, machine learning to predict conditions, automatic irrigation, sensors and monitoring, and much more. What does it take to grow food all year round in the Pacific North West when you are a lazy software engineer? This talk walks through the journey of one who has taken up the challenge of growing food with as much technology and as little effort as possible. The end-result of this journey is one of the most advanced greenhouses in the PNW. Topics include supplemental greenhouse lighting control, energy efficient heating/cooling, visual computing to estimate plant growth, machine learning to predict conditions, automatic irrigation, sensors and monitoring, and much more. false Kevron Rees 2018-11-09T08:00:00-08:00 16:00 00:20 Room 3180 Shorter Talk 509-it-s-properties-all-the-way-down-narrowing-in-on-a-property-test-s-input-space Something different One of the strengths of property testing is its potential to automate testing scenarios for what might otherwise be infeasible or even impossible to write for a project one by one. Writing property tests however, isn't always intuitive. It can be difficult to work out what a project or a function's properties are (not to mention how to arbitrarily explore them). This talk will tackle strategies for pinpointing a testable property and what it means to successfully explore that property's space. This talk will begin with a brief introduction to property based testing, how it's used, the advantages it has over traditional unit testing and why you should write property tests too. We'll talk about applications of property testing such as sending voltage ranges to a vehicle to spoof brake pressure or randomly constructing C headers to verify bindings to that program's symbols can be generated. We'll explore how to take a broad property like valid "header file" and break it into smaller properties. "Header file" breaks first into a list of declarations then eventually into things like types, pointer levels and array dimensions. We'll talk about the importance of starting with the a "hello, world" equivalent for a property test and how that evolves. Next we'll talk about the power of property tests to uncover edge cases and assumptions that were hiding in a code base. Finally we'll touch on what to look for in property testing tooling and what it means to apply it to your own projects. One of the strengths of property testing is its potential to automate testing scenarios for what might otherwise be infeasible or even impossible to write for a project one by one. Writing property tests however, isn't always intuitive. It can be difficult to work out what a project or a function's properties are (not to mention how to arbitrarily explore them). This talk will tackle strategies for pinpointing a testable property and what it means to successfully explore that property's space. This talk will begin with a brief introduction to property based testing, how it's used, the advantages it has over traditional unit testing and why you should write property tests too. We'll talk about applications of property testing such as sending voltage ranges to a vehicle to spoof brake pressure or randomly constructing C headers to verify bindings to that program's symbols can be generated. We'll explore how to take a broad property like valid "header file" and break it into smaller properties. "Header file" breaks first into a list of declarations then eventually into things like types, pointer levels and array dimensions. We'll talk about the importance of starting with the a "hello, world" equivalent for a property test and how that evolves. Next we'll talk about the power of property tests to uncover edge cases and assumptions that were hiding in a code base. Finally we'll touch on what to look for in property testing tooling and what it means to apply it to your own projects. false Shea Newton 2018-11-09T08:30:00-08:00 16:30 00:50 Room 3180 Longer Talk 458-freedom-and-privacy-in-the-web Fighting licensing, tracking, fingerprinting and other issues, from both sides of the cable Legal, Licensing Websites and the technologies they are built on continue to evolve from the static text documents of old (with the occasional image, tiled background and blinking marquee) to very elaborate pieces of interactive software, with both local and remote code execution that brings all kinds of overlooked privacy and user freedom concerns. Fueled by practicality and monetization incentives, web developers regularly impose non-free JavaScript to their visitors, who also have to suffer being tracked and fingerprinted by all kinds of third parties. In this talk we will explore the sometimes obscure issues at play, and we will discuss tools and practices for end users to protect their freedom and privacy when browsing the Web, and for site developers to be able to offer an interactive, feature-rich experience to their visitors in freedom-respecting ways. Attendees will learn about the [JavaScript Trap](https://www.gnu.org/philosophy/javascript-trap.en.html) and its [solutions](https://www.gnu.org/software/librejs/), as well as [fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint) and other forms of browser [tracking](https://en.wikipedia.org/wiki/Website_visitor_tracking), and how to work around those and other issues from both the visitor and the webmaster side. Websites and the technologies they are built on continue to evolve from the static text documents of old (with the occasional image, tiled background and blinking marquee) to very elaborate pieces of interactive software, with both local and remote code execution that brings all kinds of overlooked privacy and user freedom concerns. Fueled by practicality and monetization incentives, web developers regularly impose non-free JavaScript to their visitors, who also have to suffer being tracked and fingerprinted by all kinds of third parties. In this talk we will explore the sometimes obscure issues at play, and we will discuss tools and practices for end users to protect their freedom and privacy when browsing the Web, and for site developers to be able to offer an interactive, feature-rich experience to their visitors in freedom-respecting ways. Attendees will learn about the [JavaScript Trap](https://www.gnu.org/philosophy/javascript-trap.en.html) and its [solutions](https://www.gnu.org/software/librejs/), as well as [fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint) and other forms of browser [tracking](https://en.wikipedia.org/wiki/Website_visitor_tracking), and how to work around those and other issues from both the visitor and the webmaster side. false Ruben Rodriguez 2018-11-09T02:45:00-08:00 10:45 00:50 Room 3184 Longer Talk 541-basic-licensing-considerations-and-compliance-for-projects-and-companies Legal, Licensing Technology projects do not happen in isolation and often interface with, include or have dependencies on a plethora of other projects which may be licensed under a variety of Open Source, Libre or even proprietary licenses, and possibly include even patent and trademark concerns. Ensuring that a project is compliant with the requirements of all of these licenses can seem like a daunting proposition, but turning a blind eye to the issue can put both the project and its consumers at legal risk or cause rifts in the community if other projects feel their licenses are not being given proper consideration. Large projects and companies often maintain specialists in this area in order to stay on top of things. Such specialists are probably outside of the reach and budget of smaller projects and companies, but there are best practices and a baseline of knowledge available that can be sufficient for most cases. We will discuss: 1. The reasons for licensing your project properly and appropriately for your project's goals. 2. Basic best practices to minimize the complexity of compliance as your project grows. 3. The primary concerns around licensing issues for your project and those in its ecosystem. 4. How to address conflicts in a productive manner. 5. What you need to do in order to reasonably achieve and maintain compliance with a minimum of bookkeeping and effort. 6. When and how to seek advice when you need it. Technology projects do not happen in isolation and often interface with, include or have dependencies on a plethora of other projects which may be licensed under a variety of Open Source, Libre or even proprietary licenses, and possibly include even patent and trademark concerns. Ensuring that a project is compliant with the requirements of all of these licenses can seem like a daunting proposition, but turning a blind eye to the issue can put both the project and its consumers at legal risk or cause rifts in the community if other projects feel their licenses are not being given proper consideration. Large projects and companies often maintain specialists in this area in order to stay on top of things. Such specialists are probably outside of the reach and budget of smaller projects and companies, but there are best practices and a baseline of knowledge available that can be sufficient for most cases. We will discuss: 1. The reasons for licensing your project properly and appropriately for your project's goals. 2. Basic best practices to minimize the complexity of compliance as your project grows. 3. The primary concerns around licensing issues for your project and those in its ecosystem. 4. How to address conflicts in a productive manner. 5. What you need to do in order to reasonably achieve and maintain compliance with a minimum of bookkeeping and effort. 6. When and how to seek advice when you need it. false Paul Berg 2018-11-09T05:00:00-08:00 13:00 00:20 Room 3184 Shorter Talk 447-i-m-lazy-so-i-write-tests Programming Does your team deal with bugs that could have been caught earlier in the development cycle? Wish you could get the benefits of Test-driven development (TDD) but are worried that your dev team might revolt or that stakeholders will think that you're being unproductive? In this talk, we'll discuss an approach I've taken to balance the concerns of developers and stakeholders while simultaneously increasing developer productivity, increasing knowledge sharing, and reducing software defects. I've named this approach "TBD", or "Test-backed development". Does your team deal with bugs that could have been caught earlier in the development cycle? Wish you could get the benefits of Test-driven development (TDD) but are worried that your dev team might revolt or that stakeholders will think that you're being unproductive? In this talk, we'll discuss an approach I've taken to balance the concerns of developers and stakeholders while simultaneously increasing developer productivity, increasing knowledge sharing, and reducing software defects. I've named this approach "TBD", or "Test-backed development". false Jaime Lopez 2018-11-09T05:30:00-08:00 13:30 00:50 Room 3184 Longer Talk 501-easy-microservices-with-python-flask-and-docker Programming This talk will give an overview of how to quickly build and deploy **RESTful microservices** using **Python**, **Flask**, and **Docker**. These open source tools make it very easy to build scalable microservices that are easy to write and maintain, and that can be quickly deployed in most linux (and linux-related) environments. We'll cover the following: 1. Using Flask to build a basic python web application 2. Hosting our app locally with gunicorn, an open source WSGI server 3. Writing a simple Dockerfile 4. Using our Dockerfile to containerize our service 5. Host our service locally using docker 6. See a demo of how to deploy our docker image to a cloud instance and see it hosting our service. Participants will gain a cursory overview of the techniques needed to get started with microservices on these platforms, and will be able to access all the source code on github after the talk as well. This talk will give an overview of how to quickly build and deploy **RESTful microservices** using **Python**, **Flask**, and **Docker**. These open source tools make it very easy to build scalable microservices that are easy to write and maintain, and that can be quickly deployed in most linux (and linux-related) environments. We'll cover the following: 1. Using Flask to build a basic python web application 2. Hosting our app locally with gunicorn, an open source WSGI server 3. Writing a simple Dockerfile 4. Using our Dockerfile to containerize our service 5. Host our service locally using docker 6. See a demo of how to deploy our docker image to a cloud instance and see it hosting our service. Participants will gain a cursory overview of the techniques needed to get started with microservices on these platforms, and will be able to access all the source code on github after the talk as well. false Hailey Buckingham 2018-11-09T07:00:00-08:00 15:00 00:50 Room 3184 Longer Talk 532-continuous-learning-for-developers Education The world of technology never stops moving, and developers are frequently told that they have to be constantly learning in order to keep up. Entire industries are devoted to helping developers stay on the cutting edge, and they offer a multitude of options and formats: books, video, online interactive programs. There's live training, both on-site and remote, small groups and large, and mixes of all of the above. Your time is valuable, so how do you get the maximum return for your investment? You've probably heard about learning styles, but recent evidence indicates they're not as useful as previously believed. Preferences and ingrained habits have more effect on learning and retention than an inherent style. In this session, I'll introduce you to the various learning formats available, and provide some advice on selecting the one that best fits your needs, or those of your team. Your needs may vary depending on the situation: The resources you need to learn a new programming language probably aren't the same as the ones you'd use to learn a new version control system. Know how to identify a format that isn't working for you, and when to change it up. Cost plays a factor too, of course. Attendees will learn: * The available forms of continuous learning * Some sources for finding these products, and what they cost * How to identify the form that works best for you * Evaluating whether education is working With a little planning, you can make continuous learning something to get excited about. The world of technology never stops moving, and developers are frequently told that they have to be constantly learning in order to keep up. Entire industries are devoted to helping developers stay on the cutting edge, and they offer a multitude of options and formats: books, video, online interactive programs. There's live training, both on-site and remote, small groups and large, and mixes of all of the above. Your time is valuable, so how do you get the maximum return for your investment? You've probably heard about learning styles, but recent evidence indicates they're not as useful as previously believed. Preferences and ingrained habits have more effect on learning and retention than an inherent style. In this session, I'll introduce you to the various learning formats available, and provide some advice on selecting the one that best fits your needs, or those of your team. Your needs may vary depending on the situation: The resources you need to learn a new programming language probably aren't the same as the ones you'd use to learn a new version control system. Know how to identify a format that isn't working for you, and when to change it up. Cost plays a factor too, of course. Attendees will learn: * The available forms of continuous learning * Some sources for finding these products, and what they cost * How to identify the form that works best for you * Evaluating whether education is working With a little planning, you can make continuous learning something to get excited about. false Brian MacDonald 2018-11-09T08:00:00-08:00 16:00 00:20 Room 3184 Shorter Talk 460-you-are-never-too-old-to-change-to-a-tech-career People _Dear Abby, I have always wanted to get into tech, but I'm afraid I am too old to start now. There is a training program I want to enroll in that looks really good and interesting, but it takes a year, and I know I will need continual training to develop meaningful skills. I'm already 50, so spending five or ten years learning a new career may not make sense. What should I do? Signed, Feeling Desperate Dear Feeling Desperate, How old will you be in 5 or 10 years if you DON'T make your career change now?_ High tech needs people from all walks of life, especially older people. Please allow me, as the Queen of Career Changers, to inspire and delight you with an assortment of proven reasons to follow your dreams no matter your age. Anyone can learn to do anything, you're never too old to try something new, and life experience is more important than almost anything. _Dear Abby, I have always wanted to get into tech, but I'm afraid I am too old to start now. There is a training program I want to enroll in that looks really good and interesting, but it takes a year, and I know I will need continual training to develop meaningful skills. I'm already 50, so spending five or ten years learning a new career may not make sense. What should I do? Signed, Feeling Desperate Dear Feeling Desperate, How old will you be in 5 or 10 years if you DON'T make your career change now?_ High tech needs people from all walks of life, especially older people. Please allow me, as the Queen of Career Changers, to inspire and delight you with an assortment of proven reasons to follow your dreams no matter your age. Anyone can learn to do anything, you're never too old to try something new, and life experience is more important than almost anything. false Carla Schroder 2018-11-09T08:30:00-08:00 16:30 00:50 Room 3184 Longer Talk 521-computational-randomness-controlled-chaos-in-an-ordered-machine Security, Information Security There are many computational needs for randomness, from virtual card shuffling to creating a cryptographically secure id. Generally, using the default random libraries to create random numbers is sufficient, but for secure cases we might need to use something better. Come learn about the best methods for common scenarios that require random number generation. Attendees will learn how to evaluate different kinds of random number generators and select the best one for a specific purpose. First, we will discuss some high profile examples of randomness gone wrong. Next we will look at both pseudo-random number generators, which use statistically repeatable processes to generate seemingly random series and then true random number generators, which inject physical processes like atmospheric noise to generate sequences of numbers. Finally, we will look at modern methods for creating randomness, including the secrets module and cryptography.io in python. By the end of this talk attendees should: Understand the concept of mathematical randomness and how it is generated Have knowledge of popular random number generators Be able to evaluate different generators and decide when to use a particular kind There are many computational needs for randomness, from virtual card shuffling to creating a cryptographically secure id. Generally, using the default random libraries to create random numbers is sufficient, but for secure cases we might need to use something better. Come learn about the best methods for common scenarios that require random number generation. Attendees will learn how to evaluate different kinds of random number generators and select the best one for a specific purpose. First, we will discuss some high profile examples of randomness gone wrong. Next we will look at both pseudo-random number generators, which use statistically repeatable processes to generate seemingly random series and then true random number generators, which inject physical processes like atmospheric noise to generate sequences of numbers. Finally, we will look at modern methods for creating randomness, including the secrets module and cryptography.io in python. By the end of this talk attendees should: Understand the concept of mathematical randomness and how it is generated Have knowledge of popular random number generators Be able to evaluate different generators and decide when to use a particular kind false Amanda Sopkin 2018-11-09T02:45:00-08:00 10:45 00:50 Room 3183 Longer Talk 440-intro-to-sensu-a-monitoring-and-alerting-framework Systems, sysadmin, ops, DevOps Sensu is an open source monitoring solution built for today's environments. Sensu allows you to get complete visibility of your infrastructure and software. Besides monitoring, it also does alerts and metrics routing and ties into tools you might already use. You will leave understanding how Sensu works and how to quickly get started using it. Sensu is an open source monitoring solution built for today's environments. Sensu allows you to get complete visibility of your infrastructure and software. Besides monitoring, it also does alerts and metrics routing and ties into tools you might already use. You will leave understanding how Sensu works and how to quickly get started using it. false garrett honeycutt 2018-11-09T05:00:00-08:00 13:00 00:20 Room 3183 Shorter Talk 525-securing-your-projects-by-choosing-better-open-source-packages Security, Information Security Industry statistics show that ~57% of codebases are open source this is up from ~36% one year ago. Many applications now contain more open source than proprietary source code. How can you determine what you can and cannot trust? Can you trust popularity, if it is popular does that make it safe? It is on the internet and everyone is using it. Does that make it safe? This talk will give you some very simple tools and guidelines to help you decide whether to move along and keep searching. Key takeaways * How to take a discerning look at the software * How many developers does it take to make a good project * How to determine if there may be security issues * The importance of a test suite With these tools in your arsenal, you will understand how to choose components that should pass security muster. Industry statistics show that ~57% of codebases are open source this is up from ~36% one year ago. Many applications now contain more open source than proprietary source code. How can you determine what you can and cannot trust? Can you trust popularity, if it is popular does that make it safe? It is on the internet and everyone is using it. Does that make it safe? This talk will give you some very simple tools and guidelines to help you decide whether to move along and keep searching. Key takeaways * How to take a discerning look at the software * How many developers does it take to make a good project * How to determine if there may be security issues * The importance of a test suite With these tools in your arsenal, you will understand how to choose components that should pass security muster. false Michaela (Miki) Demeter 2018-11-09T05:30:00-08:00 13:30 00:50 Room 3183 Longer Talk 545-setting-sail-introduction-to-kubernetes-concepts-and-architecture Systems, sysadmin, ops, DevOps **Description:** Linux containers have exploded in popularity and usage over the last 5 years and Kubernetes is the leading container orchestration platform. It was originally created at Google but is open-source and home to thousands of contributors, yet is often cited as being overly complex or unfriendly to understand, install and operate. This talk assumes only that the audience know what containers are (though won't necessarily have used them) and through the use of practical examples will: - Summarise the need for container orchestrators and discuss the properties of Kubernetes that made it so popular - Show the Kubernetes primitives and how to use them for constructing and deploying software applications - Explain the architecture of the Kubernetes tooling and how it's components interact - Cover how the platform can (and is being) extended by the community to support more complex applications and use cases **Abstract:** Since it's inception at Google 3 years ago, Kubernetes has surged ahead as the dominant container orchestration platform, boasting a healthy ecosystem and thousands of contributors. But at nearly 2 million lines of code and near-continual feature sprawl, it is often cited that Kubernetes is overly complex and unfriendly to understand, install, configure and operate. If you're planning on deploying containers and Kubernetes, understanding the main primitives and overall system architecture are key pre-requisites. Even if you aim to deploy to one of the major cloud providers (where often the control plane is managed), an appreciation of the behaviours and concepts that underpin the system will reduce much of the operations pain when ready to deploy to production. So do you know your `pods` from your `deployments`? Are you `fluentd` in logging and monitoring containers? Do you believe in `kubicorn`s? In this talk, we will look briefly at why container orchestration is so important, and the properties of Kubernetes that enabled it to capture much of the orchestration mind-share. We'll examine the resource types provided by Kubernetes for us to construct and deploy software applications in a scalable, secure and portable way by walking through clear and practical demo examples. Finally, we'll dive into the architecture of Kubernetes, and explain how all of the composite components interact to deliver the full platform. After attending this talk you'll definitely be ready to take the `Helm`! **Description:** Linux containers have exploded in popularity and usage over the last 5 years and Kubernetes is the leading container orchestration platform. It was originally created at Google but is open-source and home to thousands of contributors, yet is often cited as being overly complex or unfriendly to understand, install and operate. This talk assumes only that the audience know what containers are (though won't necessarily have used them) and through the use of practical examples will: - Summarise the need for container orchestrators and discuss the properties of Kubernetes that made it so popular - Show the Kubernetes primitives and how to use them for constructing and deploying software applications - Explain the architecture of the Kubernetes tooling and how it's components interact - Cover how the platform can (and is being) extended by the community to support more complex applications and use cases **Abstract:** Since it's inception at Google 3 years ago, Kubernetes has surged ahead as the dominant container orchestration platform, boasting a healthy ecosystem and thousands of contributors. But at nearly 2 million lines of code and near-continual feature sprawl, it is often cited that Kubernetes is overly complex and unfriendly to understand, install, configure and operate. If you're planning on deploying containers and Kubernetes, understanding the main primitives and overall system architecture are key pre-requisites. Even if you aim to deploy to one of the major cloud providers (where often the control plane is managed), an appreciation of the behaviours and concepts that underpin the system will reduce much of the operations pain when ready to deploy to production. So do you know your `pods` from your `deployments`? Are you `fluentd` in logging and monitoring containers? Do you believe in `kubicorn`s? In this talk, we will look briefly at why container orchestration is so important, and the properties of Kubernetes that enabled it to capture much of the orchestration mind-share. We'll examine the resource types provided by Kubernetes for us to construct and deploy software applications in a scalable, secure and portable way by walking through clear and practical demo examples. Finally, we'll dive into the architecture of Kubernetes, and explain how all of the composite components interact to deliver the full platform. After attending this talk you'll definitely be ready to take the `Helm`! false John Harris 2018-11-09T07:00:00-08:00 15:00 00:50 Room 3183 Longer Talk 544-terraform-all-the-things Systems, sysadmin, ops, DevOps Many companies continue to manually create and manage their cloud infrastructure via web consoles. Documenting these procedures is challenging, especially since the interfaces are always evolving. Reviewing the changes is also difficult and often involves having a coworker watching over your shoulder. Rolling back a bad change requires deleting your current work and attempting to manually recreate the old infrastructure from memory. (Scaling or deploying the infrastructure to new environments also often involves manually recreating it.) Hashicorp’s Terraform allows for the management of infrastructure as code. While a growing number of groups have started to utilize this tool, most are only just beginning to scratch the surface of its potential. Yes, Terraform can be used to create and manage resources in AWS and other cloud providers. However, thanks to an ever-growing number of providers, it can manage resources in many other popular cloud services. In this talk, attendees will learn: * How a large technology company transitioned from manually provisioning servers to using Terraform to manage cloud resources as reviewable and documentable code stored in a Version Control System * Some easy and actionable tips to aid in managing Terraform as the number of resources and users grows * Why it makes sense to manage all of your cloud resources in Terraform and not just your servers Attendees to this talk should have at least a basic familiarity with what Terraform is and how it is used to manage simple resources. Many companies continue to manually create and manage their cloud infrastructure via web consoles. Documenting these procedures is challenging, especially since the interfaces are always evolving. Reviewing the changes is also difficult and often involves having a coworker watching over your shoulder. Rolling back a bad change requires deleting your current work and attempting to manually recreate the old infrastructure from memory. (Scaling or deploying the infrastructure to new environments also often involves manually recreating it.) Hashicorp’s Terraform allows for the management of infrastructure as code. While a growing number of groups have started to utilize this tool, most are only just beginning to scratch the surface of its potential. Yes, Terraform can be used to create and manage resources in AWS and other cloud providers. However, thanks to an ever-growing number of providers, it can manage resources in many other popular cloud services. In this talk, attendees will learn: * How a large technology company transitioned from manually provisioning servers to using Terraform to manage cloud resources as reviewable and documentable code stored in a Version Control System * Some easy and actionable tips to aid in managing Terraform as the number of resources and users grows * Why it makes sense to manage all of your cloud resources in Terraform and not just your servers Attendees to this talk should have at least a basic familiarity with what Terraform is and how it is used to manage simple resources. false Nathan Handler 2018-11-09T08:00:00-08:00 16:00 00:20 Room 3183 Shorter Talk 420-centralized-syslog-made-easy Systems, sysadmin, ops, DevOps If you have a lot of servers, then you have a lot of logfiles. If you have a lot of logfiles, then you probably want one place to look at all of them. This talk will cover: - How to set up a centralized syslog server - How to point your other servers' syslog daemons to the centralized server - Security implications of centralizing syslog - Security advantages of centralizing syslog - Best practices and common pitfalls of centralized syslogging - What to do with all these logfiles There will be time at the end for Questions And Answers, and the slides, along with a recording of the talk, will be uploaded afterwards. If you have a lot of servers, then you have a lot of logfiles. If you have a lot of logfiles, then you probably want one place to look at all of them. This talk will cover: - How to set up a centralized syslog server - How to point your other servers' syslog daemons to the centralized server - Security implications of centralizing syslog - Security advantages of centralizing syslog - Best practices and common pitfalls of centralized syslogging - What to do with all these logfiles There will be time at the end for Questions And Answers, and the slides, along with a recording of the talk, will be uploaded afterwards. false Omar Ravenhurst 2018-11-09T08:30:00-08:00 16:30 00:50 Room 3183 Longer Talk 417-webauthn-multi-factor-auth-for-everyone Security, Information Security Everyone generally agrees that passwords have problems. Many of the solutions tend to involve multi-factor authentication of some kind but that's always been a pain to implement in the browser, requiring custom backends or other tricky things. Until now! The WebAuthn standard, now at Candidate Review stage at W3C, allows for great ease of accessing extra authentication factors, Yubikeys, software tokens, maybe even biometrics, from browsers. It also specifies everything that’s needed in order to implement authentication workflows using these tokens. This presentation will cover the history of multi-factor authentication and the issues it’s had in adoption, then go into an overview of the WebAuthn spec and how it works and finally demonstrate how to integrate it into various web frameworks. What's FIDO? What's CTAP? What even is a Relying Party and how can I get invited to one? Come and find out! Everyone generally agrees that passwords have problems. Many of the solutions tend to involve multi-factor authentication of some kind but that's always been a pain to implement in the browser, requiring custom backends or other tricky things. Until now! The WebAuthn standard, now at Candidate Review stage at W3C, allows for great ease of accessing extra authentication factors, Yubikeys, software tokens, maybe even biometrics, from browsers. It also specifies everything that’s needed in order to implement authentication workflows using these tokens. This presentation will cover the history of multi-factor authentication and the issues it’s had in adoption, then go into an overview of the WebAuthn spec and how it works and finally demonstrate how to integrate it into various web frameworks. What's FIDO? What's CTAP? What even is a Relying Party and how can I get invited to one? Come and find out! false Benno Rice 2018-11-09T02:45:00-08:00 10:45 00:50 Room 3179 Longer Talk 453-a-punch-card-ate-my-program Something different COBOL is the Rodney Dangerfield of programming languages — it doesn't get any respect. COBOL is routinely denigrated for its verbosity and dismissed as archaic, and for good reason: COBOL bears little to no resemblance to modern programming languages. Yet COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year! In the past I’ve argued that COBOL isn’t such a bad language, but I'm not going to do that here! Instead, we’ll journey deep into the past to recreate a retro bug that could only happen in COBOL! Our travels will include: * Syntactic white space! * Scotch tape! * Dueling compiler options! * Virtual punch cards! * Sentences! * Code blocks! * Periods! No punch cards were harmed in the creation of this talk. COBOL is the Rodney Dangerfield of programming languages — it doesn't get any respect. COBOL is routinely denigrated for its verbosity and dismissed as archaic, and for good reason: COBOL bears little to no resemblance to modern programming languages. Yet COBOL is far from a dead language. It processes an estimated 85% of all business transactions, and 5 billion lines of new COBOL code are written every year! In the past I’ve argued that COBOL isn’t such a bad language, but I'm not going to do that here! Instead, we’ll journey deep into the past to recreate a retro bug that could only happen in COBOL! Our travels will include: * Syntactic white space! * Scotch tape! * Dueling compiler options! * Virtual punch cards! * Sentences! * Code blocks! * Periods! No punch cards were harmed in the creation of this talk. false Walter Mankowski 2018-11-09T05:30:00-08:00 13:30 00:50 Room 3179 Longer Talk 478-so-you-want-to-be-a-kernel-developer-moving-beyond-checkpatch Programming Many people are interested in kernel development but struggle to get involved. After making a single contribution many people don't know what to do next. Some contributors don't know how to hone their skills, others can't figure out a good project. The focus of this talk is to discuss some of the issues facing new contributors to the Linux kernel who want to take a 'next step' after a first patch and possible solutions. Attendees will come away with some practical ideas about ways to get involved with the Linux kernel community. Many people are interested in kernel development but struggle to get involved. After making a single contribution many people don't know what to do next. Some contributors don't know how to hone their skills, others can't figure out a good project. The focus of this talk is to discuss some of the issues facing new contributors to the Linux kernel who want to take a 'next step' after a first patch and possible solutions. Attendees will come away with some practical ideas about ways to get involved with the Linux kernel community. false labbott 2018-11-09T07:00:00-08:00 15:00 00:50 Room 3179 Longer Talk 570-a-long-day-s-journey-into-backups Systems, sysadmin, ops, DevOps This is a story of the journey taken to have effective, safe backups in customer environments. Part history, part prescriptivism, part actual technical solutions, let's talk about the thousand solutions we tried, and what is really and truly working for the company and for me (and you!), the operations engineer. This is a talk in three parts - the why, the what, and the future of our backups. There will be time for questions. This is a story of the journey taken to have effective, safe backups in customer environments. Part history, part prescriptivism, part actual technical solutions, let's talk about the thousand solutions we tried, and what is really and truly working for the company and for me (and you!), the operations engineer. This is a talk in three parts - the why, the what, and the future of our backups. There will be time for questions. false Rachel Kelly 2018-11-09T08:00:00-08:00 16:00 00:20 Room 3179 Shorter Talk 456-the-intersection-of-tech-x-social-good Education The history of programming is filled with examples of how even the most regular developers discovered how to use their skills to transform the world. With big data, machine learning, and thousands of tutorials at every developer’s fingertips, it is easier than ever to go help causes that we care about. We’ll journey through some incredible projects that were actually very simple ideas that impacted the world, including ones that have secured democracy, allowed transparency in the pharmaceutical industry, and how they were created with all the technology they used. We'll also have a short discussion on developer ethics and what it truly means to be an engineer in today's society and what moral obligation engineers have to create for the greater good. Then, we will learn about resources that you can use to get started on a project that you care about. I will give examples on how to get free domain names, hosting, and support for your new social good side project and how you can get involved in the social good x tech open source community. The history of programming is filled with examples of how even the most regular developers discovered how to use their skills to transform the world. With big data, machine learning, and thousands of tutorials at every developer’s fingertips, it is easier than ever to go help causes that we care about. We’ll journey through some incredible projects that were actually very simple ideas that impacted the world, including ones that have secured democracy, allowed transparency in the pharmaceutical industry, and how they were created with all the technology they used. We'll also have a short discussion on developer ethics and what it truly means to be an engineer in today's society and what moral obligation engineers have to create for the greater good. Then, we will learn about resources that you can use to get started on a project that you care about. I will give examples on how to get free domain names, hosting, and support for your new social good side project and how you can get involved in the social good x tech open source community. false Christina Zhu 2018-11-09T08:30:00-08:00 16:30 00:50 Room 3179 Longer Talk 575-etckeeper-revision-control-for-configuration-files Systems, sysadmin, ops, DevOps etckeeper tracks changes in /etc/ with version control. It ties into package management systems for automagic checkins after updates. It also records important metadata such as permissions and ownership that version control systems (VCS) usually do not track. Use the VCS you know and let etckeeper help you with some of the oddities found in /etc/. An imporatant feature is detecting inadvertant changes or tracking what someone (maybe even you) did late at night or early in the morning. By tracking changes, you can document them, replicate them elsewhere or even back them out. Some important metadata such as file permissions and ownership often is not tracked by a VCS. Same for empty directories. Both metadata and empty directories in /etc/ can be crucial, so etckeeper tracks them seperately and keeps that tracking data in the VCS. etckeeper will also issue warnings about special files such as unix sockets, named pipes and hardlinks that are normally not tracked by VCSen. Using version control on /etc/ poses several challenges. etckeeper does a great job of helping you work through them and track changes made to your operating system. The documentation also helps with secure handling of the repositories. Attendees will learn: * why it's important to track configuration file changes * what special challenges configuration files present for revision control * basic usage for etckeeper etckeeper tracks changes in /etc/ with version control. It ties into package management systems for automagic checkins after updates. It also records important metadata such as permissions and ownership that version control systems (VCS) usually do not track. Use the VCS you know and let etckeeper help you with some of the oddities found in /etc/. An imporatant feature is detecting inadvertant changes or tracking what someone (maybe even you) did late at night or early in the morning. By tracking changes, you can document them, replicate them elsewhere or even back them out. Some important metadata such as file permissions and ownership often is not tracked by a VCS. Same for empty directories. Both metadata and empty directories in /etc/ can be crucial, so etckeeper tracks them seperately and keeps that tracking data in the VCS. etckeeper will also issue warnings about special files such as unix sockets, named pipes and hardlinks that are normally not tracked by VCSen. Using version control on /etc/ poses several challenges. etckeeper does a great job of helping you work through them and track changes made to your operating system. The documentation also helps with secure handling of the repositories. Attendees will learn: * why it's important to track configuration file changes * what special challenges configuration files present for revision control * basic usage for etckeeper false der.hans 2018-11-09T05:00:00-08:00 13:00 00:20 Room 3178 Shorter Talk 562-working-non-remote-a-guide-to-reacclimating-to-human-society People Unpopular opinion: remote work may be one of the best "perks" to ever be popularized by the tech industry, but it is also one of the worst. On one hand, it allows employers access to a more diverse pool of employees, and employees greater schedule flexibility and the ability to customize their working conditions to better fit their needs. On the other, it presents a complex and often frustrating set of challenges not present in any other working environment. For many, the added flexibility more than makes up for the additional complications that often arise from working remote. But what if, like many, you come to realize that working remotely just doesn’t work well for you? What next? During this session, we’ll talk about: - Resetting your routine to account for travel time and traditional business hours. - Readjusting your communication style to account for in-person collaboration - Relearning how to manage outside distractions typical to office life - Reassessing boundaries between work and life - Figuring out how to admit, to yourself and others, that remote work just might not be for you Unpopular opinion: remote work may be one of the best "perks" to ever be popularized by the tech industry, but it is also one of the worst. On one hand, it allows employers access to a more diverse pool of employees, and employees greater schedule flexibility and the ability to customize their working conditions to better fit their needs. On the other, it presents a complex and often frustrating set of challenges not present in any other working environment. For many, the added flexibility more than makes up for the additional complications that often arise from working remote. But what if, like many, you come to realize that working remotely just doesn’t work well for you? What next? During this session, we’ll talk about: - Resetting your routine to account for travel time and traditional business hours. - Readjusting your communication style to account for in-person collaboration - Relearning how to manage outside distractions typical to office life - Reassessing boundaries between work and life - Figuring out how to admit, to yourself and others, that remote work just might not be for you false Megan Guiney 2018-11-09T05:30:00-08:00 13:30 00:50 Room 3178 Longer Talk 448-bootstrapping-understanding-an-introduction-to-reverse-engineering Programming Most people associate reverse engineering with software exploits and malware. But reverse engineering encompasses a broad range of tools and techniques that have application anywhere you need to understand a program without being able to read the original source. Reverse engineering is a lot like applying the scientific method: make observations, formulate a hypothesis, test, refine ... and repeat. In this talk, we will explore the reverse engineering process by taking the data files from an old computer game, and use reverse-engineering techniques to learn how to read them. [Text of the presentation](http://www.muppetlabs.com/~breadbox/txt/bure.html) [Notes from the talk](https://twitter.com/BR903/status/1061533093956206592) Most people associate reverse engineering with software exploits and malware. But reverse engineering encompasses a broad range of tools and techniques that have application anywhere you need to understand a program without being able to read the original source. Reverse engineering is a lot like applying the scientific method: make observations, formulate a hypothesis, test, refine ... and repeat. In this talk, we will explore the reverse engineering process by taking the data files from an old computer game, and use reverse-engineering techniques to learn how to read them. [Text of the presentation](http://www.muppetlabs.com/~breadbox/txt/bure.html) [Notes from the talk](https://twitter.com/BR903/status/1061533093956206592) false Brian Raiter 2018-11-09T07:00:00-08:00 15:00 00:50 Room 3178 Longer Talk 463-open-source-governance-the-hard-parts People So you’ve released an open source project to the world, people are using it …the hard part is done, right? No, far from it. Open sourcing a project is only a fraction of the effort that will go into it over time. Come to this talk to learn about the hard parts of Open Source Governance and lessons learned from using, contributing, and governing dozens of Open Source projects. Learn how to triage and determine levels of support for issues that come into your projects (open source users are customers!). Also, learn how to handle when something goes wrong – whether it is with your own project or an upstream project two levels up from yours. Want to turn users of your project into contributors? Come hear about best practices both for finding initial contributors and keeping them engaged. Walk away knowing how to handle the hardest (and most rewarding) parts of open source governance. So you’ve released an open source project to the world, people are using it …the hard part is done, right? No, far from it. Open sourcing a project is only a fraction of the effort that will go into it over time. Come to this talk to learn about the hard parts of Open Source Governance and lessons learned from using, contributing, and governing dozens of Open Source projects. Learn how to triage and determine levels of support for issues that come into your projects (open source users are customers!). Also, learn how to handle when something goes wrong – whether it is with your own project or an upstream project two levels up from yours. Want to turn users of your project into contributors? Come hear about best practices both for finding initial contributors and keeping them engaged. Walk away knowing how to handle the hardest (and most rewarding) parts of open source governance. false Nell Shamrell 2018-11-09T08:00:00-08:00 16:00 00:20 Room 3178 Shorter Talk 486-run-more-effective-meetings People Team meetings set the stage for your work as a group, but unfortunately many of us attend meetings that feel like a complete waste of time. Meetings that meander off-topic, that repeatedly drift back to the same unresolved topic, or end up turning into a monologue don't foster great team work. Once poor habits are established, it can feel difficult to reclaim a weekly wasteful meeting. Luckily, there are ways to gently disrupt disorganized meetings. Either as the meeting convener or as a participant, you have the power to improve the meetings you attend. This talk will teach you how to set the stage for a productive meeting, how to keep a meeting on course and how to politely but firmly handle several common types of meeting derailment. The best part is that the difference is immediately noticeable. Healthy meeting habits are contagious, in the best possible way! Team meetings set the stage for your work as a group, but unfortunately many of us attend meetings that feel like a complete waste of time. Meetings that meander off-topic, that repeatedly drift back to the same unresolved topic, or end up turning into a monologue don't foster great team work. Once poor habits are established, it can feel difficult to reclaim a weekly wasteful meeting. Luckily, there are ways to gently disrupt disorganized meetings. Either as the meeting convener or as a participant, you have the power to improve the meetings you attend. This talk will teach you how to set the stage for a productive meeting, how to keep a meeting on course and how to politely but firmly handle several common types of meeting derailment. The best part is that the difference is immediately noticeable. Healthy meeting habits are contagious, in the best possible way! false Deb Nicholson 2018-11-10T01:30:00-08:00 09:30 00:25 Theatre Keynote 582-the-democratization-of-software In 1995 everything changed with the creation of the World Wide Web. Anything that could be digitized was digitized and entire industries changed. And with the digitization came tools to help everyone become a producer of digital content. From music to video, books to journalism, we pulled all the friction out of the content pipeline and democratized entire industries. But the industry we never talk about is the one that was already digital – software. Software was democratized as well. We’ve shared software for as long as we’ve written software. By pulling the friction out of the pipeline around software and sharing it liberally through open source licensing, we’ve ended up in a completely new software industry over the past 20 years. This talk presents the trends that got the industry to where it is, as well as ideas for the coming challenges for the next twenty years of open source software. It might be a cautionary tale. [Slides](https://www.slideshare.net/stephenrwalli/the-democratization-of-software-seagl-2018) In 1995 everything changed with the creation of the World Wide Web. Anything that could be digitized was digitized and entire industries changed. And with the digitization came tools to help everyone become a producer of digital content. From music to video, books to journalism, we pulled all the friction out of the content pipeline and democratized entire industries. But the industry we never talk about is the one that was already digital – software. Software was democratized as well. We’ve shared software for as long as we’ve written software. By pulling the friction out of the pipeline around software and sharing it liberally through open source licensing, we’ve ended up in a completely new software industry over the past 20 years. This talk presents the trends that got the industry to where it is, as well as ideas for the coming challenges for the next twenty years of open source software. It might be a cautionary tale. [Slides](https://www.slideshare.net/stephenrwalli/the-democratization-of-software-seagl-2018) false Stephen Walli 2018-11-10T02:00:00-08:00 10:00 00:25 Theatre Keynote 583-making-the-mental-shift-from-system-administration-to-system-architect-team-lead Most of the system admins of the past started with being the only IT person and team. So the knowledge level of seeing the overall architecture and need for growth just a part of the everyday thought process. What was not really both forth was you were doing System Architecture just on small level. What happens as the team grows? You not only have you to worry about but others and their roles. The mental mind shift is how do the following: - Move from a single mindset to a multi-talented team - How to build your team on a daily basis - How to preserve your tech skills and continue to grow - Are you your worst enemy? Most of the system admins of the past started with being the only IT person and team. So the knowledge level of seeing the overall architecture and need for growth just a part of the everyday thought process. What was not really both forth was you were doing System Architecture just on small level. What happens as the team grows? You not only have you to worry about but others and their roles. The mental mind shift is how do the following: - Move from a single mindset to a multi-talented team - How to build your team on a daily basis - How to preserve your tech skills and continue to grow - Are you your worst enemy? false Tameika Reed 2018-11-10T02:45:00-08:00 10:45 00:50 Room 3179 Longer Talk 443-php-isn-t-just-for-the-web-anymore-daemonizing-php Programming A long time ago, it wasn't smart to run PHP daemons. Memory management issues made long-running processes impractical, and PHP "daemons" were often just frequently-restarted cron jobs. Since PHP 5, it's become more and more common to use PHP from the command line, and some are even brave enough to daemonize their PHP scripts. We'll discuss different useful ways to run PHP from the command line, and why you should be using it in your infrastructure. A long time ago, it wasn't smart to run PHP daemons. Memory management issues made long-running processes impractical, and PHP "daemons" were often just frequently-restarted cron jobs. Since PHP 5, it's become more and more common to use PHP from the command line, and some are even brave enough to daemonize their PHP scripts. We'll discuss different useful ways to run PHP from the command line, and why you should be using it in your infrastructure. false Steve Meyers 2018-11-10T05:30:00-08:00 13:30 00:50 Room 3179 Longer Talk 560-a-case-study-in-incrementing-a-language-s-major-version-php Programming In 2015, the PHP project released version 7.0 of the PHP language. Doing so was the culmination of several years of discussion and hard work to resolve what a new major version would look like, what would be included, and most importantly, what would be broken for existing users. In the end, PHP 7 was released with almost no backward compatibility breaks for well written, modern PHP 5 code. As a result, uptake of PHP 7 after two years has been — depending on which source you use and how you measure it — between 33% and 67%. In this talk, I'll discuss how the PHP team balanced the carrot and the stick to encourage adoption, and compare how PHP's approach to a major version bump has contrasted with other languages in the recent past. In 2015, the PHP project released version 7.0 of the PHP language. Doing so was the culmination of several years of discussion and hard work to resolve what a new major version would look like, what would be included, and most importantly, what would be broken for existing users. In the end, PHP 7 was released with almost no backward compatibility breaks for well written, modern PHP 5 code. As a result, uptake of PHP 7 after two years has been — depending on which source you use and how you measure it — between 33% and 67%. In this talk, I'll discuss how the PHP team balanced the carrot and the stick to encourage adoption, and compare how PHP's approach to a major version bump has contrasted with other languages in the recent past. false Adam Harvey 2018-11-10T07:00:00-08:00 15:00 00:50 Room 3179 Longer Talk 555-you-got-chocolate-in-my-peanut-butter-net-on-mac-linux Programming For most people, the idea of .NET development brings to mind a Visual Studio window, laden with toolbars and wizards, driven by a programmer who makes just as much use of her mouse as her keyboard. The idea of learning C# is more daunting than other languages, because in addition to the language itself, it seems like you also have to learn the correct way to make use of the massive Visual Studio IDE. I was recently very surprised, and pleased, to learn that as part of the processing of Open Sourcing .NET, Microsoft not only made it cross-platform -- it runs on Mac and Linux now, in addition to Windows -- it also added an extremely capable command line tool that completely removes the need to use Visual Studio or any othe IDE. To prove just how capable the tooling is, in this session, I will code a .NET application, from scratch, on a Macintosh, using only Emacs and the command line. I will not touch a mouse once! The .NET Core tooling has made a believer of me — come see for yourself just how good the new open source .NET Core is! For most people, the idea of .NET development brings to mind a Visual Studio window, laden with toolbars and wizards, driven by a programmer who makes just as much use of her mouse as her keyboard. The idea of learning C# is more daunting than other languages, because in addition to the language itself, it seems like you also have to learn the correct way to make use of the massive Visual Studio IDE. I was recently very surprised, and pleased, to learn that as part of the processing of Open Sourcing .NET, Microsoft not only made it cross-platform -- it runs on Mac and Linux now, in addition to Windows -- it also added an extremely capable command line tool that completely removes the need to use Visual Studio or any othe IDE. To prove just how capable the tooling is, in this session, I will code a .NET application, from scratch, on a Macintosh, using only Emacs and the command line. I will not touch a mouse once! The .NET Core tooling has made a believer of me — come see for yourself just how good the new open source .NET Core is! false John SJ Anderson 2018-11-10T08:00:00-08:00 16:00 00:20 Room 3179 Shorter Talk 434-an-intermediate-vocabulary-of-tech Education It is often said that the hardest problem to solve is when two people are talking about different things but believe they are talking about the same thing. As you grow in your engineering career being able communicate about problems effectively is perhaps your single most important skill. This talk exists to distill the breadth of engineering verticals into a quick hit of common vocabulary. Developers rise through the ranks of their given area of expertise. But what happens when the front end engineer is in charge of solving problems with members of the security team, or the devops team, or the product team? The vocabulary of development is such a critical, but often overlooked, aspect of how we effectively communicate and solve problems across and within groups. It's important to learn how to talk and understand everyone you encounter in your role. This talk aims to go through the most encountered areas of engineering. Software, DevOps, Security, Program and Product Management. Vocabulary encompasses both the main technologies in the space and the main problem concepts they deal with. It is often said that the hardest problem to solve is when two people are talking about different things but believe they are talking about the same thing. As you grow in your engineering career being able communicate about problems effectively is perhaps your single most important skill. This talk exists to distill the breadth of engineering verticals into a quick hit of common vocabulary. Developers rise through the ranks of their given area of expertise. But what happens when the front end engineer is in charge of solving problems with members of the security team, or the devops team, or the product team? The vocabulary of development is such a critical, but often overlooked, aspect of how we effectively communicate and solve problems across and within groups. It's important to learn how to talk and understand everyone you encounter in your role. This talk aims to go through the most encountered areas of engineering. Software, DevOps, Security, Program and Product Management. Vocabulary encompasses both the main technologies in the space and the main problem concepts they deal with. false Laurie Barth 2018-11-10T08:30:00-08:00 16:30 00:50 Room 3179 Longer Talk 485-structured-playbooks How to design Ansible Playbooks and applications for reusability Systems, sysadmin, ops, DevOps Ansible is a powerful and flexible deployment toolkit, but that freedom without structure can often leave you swimming in a sea of playbooks that deploy very similar applications. When building multiple applications that share structure, those applications can share a "meta-playbook" to deploy them - for instance, your Rails applications probably have environment configuration files, an Apache or nGINX virtual host configuration file, and a bundle of gems to be installed. If you have 3 different Rails applications, how many deployment steps are unique to each? Which variables cannot be shared between those applications? We will walk through designing shared playbooks to reduce the number of lines in your Playbook repository, and show how this simplifies the process of writing a new Playbook for an application. Ansible is a powerful and flexible deployment toolkit, but that freedom without structure can often leave you swimming in a sea of playbooks that deploy very similar applications. When building multiple applications that share structure, those applications can share a "meta-playbook" to deploy them - for instance, your Rails applications probably have environment configuration files, an Apache or nGINX virtual host configuration file, and a bundle of gems to be installed. If you have 3 different Rails applications, how many deployment steps are unique to each? Which variables cannot be shared between those applications? We will walk through designing shared playbooks to reduce the number of lines in your Playbook repository, and show how this simplifies the process of writing a new Playbook for an application. false Sasha Reid 2018-11-10T02:45:00-08:00 10:45 00:50 Room 3184 Longer Talk 489-preparing-lesson-plans-teaching-yourself-training-others Education Being a teacher for 30 years, Lesson Plans are a basic necessity before entering the classroom. I'll explain why and how we create them. I recently started training as a Pilates instructor for my personal growth. When creating lesson plans, my trainer was effusive about how I had devised them. This comes from many years of teaching - it's almost second nature for me. In this talk, I'll explain how you can share your knowledge effectively - basically training people in the concepts that you want them to learn. As I have discovered, you will also learn how to reinforce your own learning for new subjects by preparing lesson plans to teach others. Being a teacher for 30 years, Lesson Plans are a basic necessity before entering the classroom. I'll explain why and how we create them. I recently started training as a Pilates instructor for my personal growth. When creating lesson plans, my trainer was effusive about how I had devised them. This comes from many years of teaching - it's almost second nature for me. In this talk, I'll explain how you can share your knowledge effectively - basically training people in the concepts that you want them to learn. As I have discovered, you will also learn how to reinforce your own learning for new subjects by preparing lesson plans to teach others. false Susan Harris 2018-11-10T05:00:00-08:00 13:00 00:20 Room 3184 Shorter Talk 462-how-i-automate-my-pool-pumps-with-a-raspberry-pi-and-some-open-source-software Hardware, IoT Most Internet-of-Things devices you can buy today tend to be completely proprietary, inflexible, and tied into some would-be data overlord's cloud. But it can be different: in this talk I will to a show-and-tell on my project to automate my swimming pool's pumps using a Raspberry Pi and some open-source software. I now can schedule and monitor what's happening with my pool from the living room couch, at a fraction of the cost of a commercial system, and without lock-in. The message of the talk: you can probably do it, too! Most Internet-of-Things devices you can buy today tend to be completely proprietary, inflexible, and tied into some would-be data overlord's cloud. But it can be different: in this talk I will to a show-and-tell on my project to automate my swimming pool's pumps using a Raspberry Pi and some open-source software. I now can schedule and monitor what's happening with my pool from the living room couch, at a fraction of the cost of a commercial system, and without lock-in. The message of the talk: you can probably do it, too! false Johannes Ernst 2018-11-10T05:30:00-08:00 13:30 00:50 Room 3184 Longer Talk 444-how-to-learn-arduino-by-playing-with-fire Hardware, IoT An intro to computer science for pyromaniacs. My goal was to create a propane fire poofer to impress my friends. I ended up building a control system with buttons, solenoids, and LEDs, and levelling up my arduino skills along the way. I'll take you on my journey as I go from simple Arduino sketch to fully optimized control system. I’ll share what I learned about helpful libraries for debouncing buttons, programming LEDs and doing data management, when to use state machines, interrupts, structs, and classes, how to manage multiple files, coding tricks for saving memory, and how I finally mastered pointers - all in the service of making cooler flame effects. An intro to computer science for pyromaniacs. My goal was to create a propane fire poofer to impress my friends. I ended up building a control system with buttons, solenoids, and LEDs, and levelling up my arduino skills along the way. I'll take you on my journey as I go from simple Arduino sketch to fully optimized control system. I’ll share what I learned about helpful libraries for debouncing buttons, programming LEDs and doing data management, when to use state machines, interrupts, structs, and classes, how to manage multiple files, coding tricks for saving memory, and how I finally mastered pointers - all in the service of making cooler flame effects. false zebular13 2018-11-10T07:00:00-08:00 15:00 00:50 Room 3184 Longer Talk 529-exploring-security-of-iot-devices Hardware, IoT Internet of Things devices are becoming increasingly common in our lives and in our homes. Connected sensors and controls are inexpensive and popular to buy online and in stores. Their sleek plastic shells promise a well designed package, but these devices can harbor surprising secrets. With a 4-star rating from hundreds of reviewers on Amazon, a slick mobile app, and $99 price tag, the Reolink Argus 2 wireless camera seems to tick all the boxes for a savvy shopper. I bought one to use in my home, but after hearing horror stories about IoT devices I decided to open it up to see how it worked, and to investigate if the software was respecting my privacy and security. This talk will share my discoveries in reverse engineering this device and explore the the implications for their design decisions. I'll go through contacting the vendor and trying to responsibly disclose my discoveries. I'll also share the resources that I've discovered and written to fix the security problems and make it a useful, more secure device. Internet of Things devices are becoming increasingly common in our lives and in our homes. Connected sensors and controls are inexpensive and popular to buy online and in stores. Their sleek plastic shells promise a well designed package, but these devices can harbor surprising secrets. With a 4-star rating from hundreds of reviewers on Amazon, a slick mobile app, and $99 price tag, the Reolink Argus 2 wireless camera seems to tick all the boxes for a savvy shopper. I bought one to use in my home, but after hearing horror stories about IoT devices I decided to open it up to see how it worked, and to investigate if the software was respecting my privacy and security. This talk will share my discoveries in reverse engineering this device and explore the the implications for their design decisions. I'll go through contacting the vendor and trying to responsibly disclose my discoveries. I'll also share the resources that I've discovered and written to fix the security problems and make it a useful, more secure device. false Ben Kero 2018-11-10T08:00:00-08:00 16:00 00:20 Room 3184 Shorter Talk 451-convincing-engineers-big-business-believes-in-open-source Education My company has not always embraced open source and the ideals it espouses, and in the last few years we have endeavored to radically alter this by embracing open source contributions whole-heartedly at a company-wide level. That being said, change is hard and takes time to sink in. It is our jobs as open source advocates to spread this idea of open source as a first class citizen in the way all our software engineers think throughout the company. This talk focuses on ideas you can use to bring people along for the ride and change the hearts and minds of your coworkers. Together, we can realize our companies as an open source first companies, but it will take all of us to get there. I want to share some tips with you on how. I will be instructing fellow open source advocates on how we can get individual contributors and people leaders alike engaged in the idea of our companies moving toward an open source first culture. My company has not always embraced open source and the ideals it espouses, and in the last few years we have endeavored to radically alter this by embracing open source contributions whole-heartedly at a company-wide level. That being said, change is hard and takes time to sink in. It is our jobs as open source advocates to spread this idea of open source as a first class citizen in the way all our software engineers think throughout the company. This talk focuses on ideas you can use to bring people along for the ride and change the hearts and minds of your coworkers. Together, we can realize our companies as an open source first companies, but it will take all of us to get there. I want to share some tips with you on how. I will be instructing fellow open source advocates on how we can get individual contributors and people leaders alike engaged in the idea of our companies moving toward an open source first culture. false Trevor Menagh 2018-11-10T08:30:00-08:00 16:30 00:50 Room 3184 Longer Talk 468-push-it-push-it-real-good Systems, sysadmin, ops, DevOps Git. It can be intimidating if you're accustomed to other kinds of source control management. Even if you're already using it and comfortable with the basics, situations can arise where you wish you understood it better. Developers often just want to write code and tell everyone else to take a hike, but the reality is that most of us work on teams where the feature-based code we write must be integrated, tested, and ultimately released. This session will cover the most critical git concepts, basic and advanced, in a completely visualized way. At the same time, you’ll pick up git terminal commands to help you understand (or even eliminate) a git GUI you already use. Go beyond the basics to learn how to get yourself out of a git pickle, practical release management strategies, and more. Git. It can be intimidating if you're accustomed to other kinds of source control management. Even if you're already using it and comfortable with the basics, situations can arise where you wish you understood it better. Developers often just want to write code and tell everyone else to take a hike, but the reality is that most of us work on teams where the feature-based code we write must be integrated, tested, and ultimately released. This session will cover the most critical git concepts, basic and advanced, in a completely visualized way. At the same time, you’ll pick up git terminal commands to help you understand (or even eliminate) a git GUI you already use. Go beyond the basics to learn how to get yourself out of a git pickle, practical release management strategies, and more. false Lyndsey Padget 2018-11-10T02:45:00-08:00 10:45 00:50 Room 3178 Longer Talk 577-what-not-to-automate Something different During a talk at DevOps Days Seattle the speaker stated "Automate as much as you can". While this seems like an obvious statement at first blush, on further inspection there are a number of exceptions to this rule, begging the question: What shouldn't I automate? This talk will give you a framework for deciding whether something is worth automating. We'll discuss: * The return on investment of time to automate * The ethical considerations of automating particular tasks, such as hiring * Things that require humans intervention * And more! We'll consider this question through the lens of economics, business, ethics, and psychology to explore the wide world of automation and it's consequences. During a talk at DevOps Days Seattle the speaker stated "Automate as much as you can". While this seems like an obvious statement at first blush, on further inspection there are a number of exceptions to this rule, begging the question: What shouldn't I automate? This talk will give you a framework for deciding whether something is worth automating. We'll discuss: * The return on investment of time to automate * The ethical considerations of automating particular tasks, such as hiring * Things that require humans intervention * And more! We'll consider this question through the lens of economics, business, ethics, and psychology to explore the wide world of automation and it's consequences. false Lucy Wyman 2018-11-10T05:00:00-08:00 13:00 00:20 Room 3178 Shorter Talk 540-no-your-github-is-not-your-resume People You are hiring to fill a position, and you have two great candidates. One has a robust GitHub profile, and the other has no profile at all. Is this an easy choice? You have heard that having a GitHub profile can help when job hunting. Is it true? How can you get started? What if you don’t have the time? In this session, we will look at the implications of working in open source, from the perspectives of both the candidate and the hiring manager. Individuals will come away with an understanding of how open source participation affects their hireability, how they can get started, and what to do when active participation is challenging. Hiring managers will come away with an understanding of how to evaluate the open source work of potential candidates, how to evaluate candidates with no history, and how requiring an open source footprint creates harmful bias. You are hiring to fill a position, and you have two great candidates. One has a robust GitHub profile, and the other has no profile at all. Is this an easy choice? You have heard that having a GitHub profile can help when job hunting. Is it true? How can you get started? What if you don’t have the time? In this session, we will look at the implications of working in open source, from the perspectives of both the candidate and the hiring manager. Individuals will come away with an understanding of how open source participation affects their hireability, how they can get started, and what to do when active participation is challenging. Hiring managers will come away with an understanding of how to evaluate the open source work of potential candidates, how to evaluate candidates with no history, and how requiring an open source footprint creates harmful bias. false Duane O’Brien 2018-11-10T05:30:00-08:00 13:30 00:50 Room 3178 Longer Talk 459-documentation-is-teaching-and-teaching-is-everything Documentation Everyone is a newbie at 99% of everything, so teaching is the most important and noble task of all. Creating and maintaining documentation is not easy, but it is necessary. Documentation is recording your accumulated experiences and creating your institutional memory. Documentation is building a library of knowledge, and adding to the total store of recorded human knowledge. Documentation is a primary tool for bringing new contributors up to speed efficiently. Good documentation = happy users. Teaching how to use your software reveals its flaws, and expands your own expertise. Creating good documentation is not easy, but it is just as necessary as writing code. There are many options for creating good helpful documentation: wikis, blogs, videos, slideshows, wherever your imagination leads you. The important bit is doing _something._ Some of the elements of good documentation are: Concise and to the point Task-oriented and procedural, with examples of both correct and incorrect results Simple and direct: teach one thing at a time After you have created your documentation people must be able to find it, and find what they want in it. And then someone has to maintain it. This may all sound a little scary, like it's complicated and a lot of work. I will show you how to minimize the pain and maximize pleasant results with proven tips and tricks learned from years of experience, such as SEO tricks to help users find your documentation, efficient tools and workflow, and how to encourage contributors. Everyone is a newbie at 99% of everything, so teaching is the most important and noble task of all. Creating and maintaining documentation is not easy, but it is necessary. Documentation is recording your accumulated experiences and creating your institutional memory. Documentation is building a library of knowledge, and adding to the total store of recorded human knowledge. Documentation is a primary tool for bringing new contributors up to speed efficiently. Good documentation = happy users. Teaching how to use your software reveals its flaws, and expands your own expertise. Creating good documentation is not easy, but it is just as necessary as writing code. There are many options for creating good helpful documentation: wikis, blogs, videos, slideshows, wherever your imagination leads you. The important bit is doing _something._ Some of the elements of good documentation are: Concise and to the point Task-oriented and procedural, with examples of both correct and incorrect results Simple and direct: teach one thing at a time After you have created your documentation people must be able to find it, and find what they want in it. And then someone has to maintain it. This may all sound a little scary, like it's complicated and a lot of work. I will show you how to minimize the pain and maximize pleasant results with proven tips and tricks learned from years of experience, such as SEO tricks to help users find your documentation, efficient tools and workflow, and how to encourage contributors. false Carla Schroder 2018-11-10T07:00:00-08:00 15:00 00:50 Room 3178 Longer Talk 423-open-source-docops-how-open-data-kit-writes-tests-and-publishes-documentation Documentation Free and Open Source projects are notorious for incomplete and poorly written documentation. [GitHub's 2017 Open Source Survey](http://opensourcesurvey.org/2017/) found that "documentation is highly valued, but often overlooked" with 93% of respondents agreeing that "incomplete or outdated documentation is a pervasive problem." In attempt to solve that problem, many FOSS projects try to make doc writing "easier" and less formal --- using wikis, lightweight site generators, and Markdown. Some people claim that this enables "non coders" (that is, people who aren't familiar with command lines and versino control systems) to contribute. This is a mistake. Any project larger than a small utility library needs *real* documentation tools. "Quick" tools like wikis and Jekyll blogs contribute to documentation debt as a organizing, editing, and adding content slowly become more onerous and disconnected from the developer experience. The solution is to treat Docs like Code, to treat your documentation like a first class product --- an engineering product. By not ignoring the lessons we've learned about how to write, test, and deploy code together, we can get better at writing, testing, and deploying documentation together. Additionally, far from scaring off "non-coders", this approach encourages potential contributors to learn basic open source contribution skills in a less complicated, easier to understand context. (Because typos don't cause impossible to debug compilation errors, and documentation is less prone to merge conflicts.) This talk will walk through how Open Data Kit uses the common tools, processes, and platforms of modern open source development --- git, GitHub, automated testing, continuous integration --- to produce high quality documentation and empower new open source contributors. Free and Open Source projects are notorious for incomplete and poorly written documentation. [GitHub's 2017 Open Source Survey](http://opensourcesurvey.org/2017/) found that "documentation is highly valued, but often overlooked" with 93% of respondents agreeing that "incomplete or outdated documentation is a pervasive problem." In attempt to solve that problem, many FOSS projects try to make doc writing "easier" and less formal --- using wikis, lightweight site generators, and Markdown. Some people claim that this enables "non coders" (that is, people who aren't familiar with command lines and versino control systems) to contribute. This is a mistake. Any project larger than a small utility library needs *real* documentation tools. "Quick" tools like wikis and Jekyll blogs contribute to documentation debt as a organizing, editing, and adding content slowly become more onerous and disconnected from the developer experience. The solution is to treat Docs like Code, to treat your documentation like a first class product --- an engineering product. By not ignoring the lessons we've learned about how to write, test, and deploy code together, we can get better at writing, testing, and deploying documentation together. Additionally, far from scaring off "non-coders", this approach encourages potential contributors to learn basic open source contribution skills in a less complicated, easier to understand context. (Because typos don't cause impossible to debug compilation errors, and documentation is less prone to merge conflicts.) This talk will walk through how Open Data Kit uses the common tools, processes, and platforms of modern open source development --- git, GitHub, automated testing, continuous integration --- to produce high quality documentation and empower new open source contributors. false Adam Michael Wood 2018-11-10T08:00:00-08:00 16:00 00:20 Room 3178 Shorter Talk 554-accessibility-in-front-end-environments Design, UX, UI, Accessibility There are currently over 4 billion internet users world wide. With roughly 19% of the world population experiencing some kind of accessibility limitation, the need for developers who are aware of their limitations and trained in best practices for how to limit the impact those limitations have on users is more important than ever. In this presentation I am going to give a brief overview of some of the most common accessibility issues, what the current best practices and technology offer and some open source projects available. The talk is going to focus on user interfaces with technology. There are currently over 4 billion internet users world wide. With roughly 19% of the world population experiencing some kind of accessibility limitation, the need for developers who are aware of their limitations and trained in best practices for how to limit the impact those limitations have on users is more important than ever. In this presentation I am going to give a brief overview of some of the most common accessibility issues, what the current best practices and technology offer and some open source projects available. The talk is going to focus on user interfaces with technology. false Daniel Ramsayer 2018-11-10T08:30:00-08:00 16:30 00:50 Room 3178 Longer Talk 475-usability-testing-in-open-source-software Design, UX, UI, Accessibility Is your program easy to use? Generally, a program has good usability if it is easy for new users to learn, easy for them to use, and easy for them to remember when they use the program again. Usability is not the same as user experience (UX) but they are related. You may think that usability is difficult, but it only takes a little time and effort to make your program easier to use. In this talk, we will walk through how to do usability testing in open source software, and share actual usability test results from usability testing in GNOME. Attendees will learn how to easily set up and perform their own usability tests, to make their programs easier to use. Is your program easy to use? Generally, a program has good usability if it is easy for new users to learn, easy for them to use, and easy for them to remember when they use the program again. Usability is not the same as user experience (UX) but they are related. You may think that usability is difficult, but it only takes a little time and effort to make your program easier to use. In this talk, we will walk through how to do usability testing in open source software, and share actual usability test results from usability testing in GNOME. Attendees will learn how to easily set up and perform their own usability tests, to make their programs easier to use. false Jim Hall 2018-11-10T02:45:00-08:00 10:45 00:50 Room 3183 Longer Talk 564-personal-threat-modelling-for-fun-and-peace-of-mind Security, Information Security It’s easy to see what being secure means in an enterprise setting, but what about personal security? In a world where technology and the goal posts for security are constantly changing, understanding what threats you face and what risk they pose is the first step. In this talk, I will discuss what a threat model is, and walk you through the process of making a threat model relevant to your personal circumstances. Having this model will enable you to choose mitigation actions to suit your risk profile and lifestyle. It’s easy to see what being secure means in an enterprise setting, but what about personal security? In a world where technology and the goal posts for security are constantly changing, understanding what threats you face and what risk they pose is the first step. In this talk, I will discuss what a threat model is, and walk you through the process of making a threat model relevant to your personal circumstances. Having this model will enable you to choose mitigation actions to suit your risk profile and lifestyle. false Tiberius Hefflin 2018-11-10T05:00:00-08:00 13:00 00:20 Room 3183 Shorter Talk 500-keeping-secrets-in-your-code Security, Information Security While in general it's a bad idea to add passwords and other secrets to your version control system, it's a reasonably common practice in the world of "Infrastructure as Code". This talk will provide a brief introduction to Gnu Privacy Guard (gpg), and how it can be used to safely encrypt secrets only shared with a select audience. Whether you choose to commit those secrets to your version control is up to you. While in general it's a bad idea to add passwords and other secrets to your version control system, it's a reasonably common practice in the world of "Infrastructure as Code". This talk will provide a brief introduction to Gnu Privacy Guard (gpg), and how it can be used to safely encrypt secrets only shared with a select audience. Whether you choose to commit those secrets to your version control is up to you. false Michael Krotscheck 2018-11-10T05:30:00-08:00 13:30 00:50 Room 3183 Longer Talk 526-everyday-use-of-gnu-guix Systems, sysadmin, ops, DevOps VIDEO AVAILABLE: https://media.marusich.info/everyday-use-of-gnu-guix-chris-marusich-seagl-2018.webm In this talk, I will introduce GNU Guix: a liberating, dependable, and hackable package manager that follows the "purely functional software deployment model" pioneered by Nix. I will demonstrate some common use cases of Guix and show you how I use it in my everyday life. In addition, I will briefly explain the basic idea behind the functional model and how it enables Guix to provide useful features like the following: - Transactional upgrades and roll-back of installed software. - Unprivileged users can simultaneously install multiple versions of software. - Transparently build from source or download pre-built binaries. - Installed software is bootstrappable, trustable, and auditable all the way down to your compiler's compiler. - Eliminates an entire class of "works on my system" type problems. No prior knowledge of Guix, Nix, or the functional model is required. When you leave this talk, I hope you will have a basic understanding of what Guix is, how to use it, and why it will help make your life brighter. VIDEO AVAILABLE: https://media.marusich.info/everyday-use-of-gnu-guix-chris-marusich-seagl-2018.webm In this talk, I will introduce GNU Guix: a liberating, dependable, and hackable package manager that follows the "purely functional software deployment model" pioneered by Nix. I will demonstrate some common use cases of Guix and show you how I use it in my everyday life. In addition, I will briefly explain the basic idea behind the functional model and how it enables Guix to provide useful features like the following: - Transactional upgrades and roll-back of installed software. - Unprivileged users can simultaneously install multiple versions of software. - Transparently build from source or download pre-built binaries. - Installed software is bootstrappable, trustable, and auditable all the way down to your compiler's compiler. - Eliminates an entire class of "works on my system" type problems. No prior knowledge of Guix, Nix, or the functional model is required. When you leave this talk, I hope you will have a basic understanding of what Guix is, how to use it, and why it will help make your life brighter. false Chris Marusich 2018-11-10T07:00:00-08:00 15:00 00:50 Room 3183 Longer Talk 520-monitoring-and-alerting-knowing-the-unknown Systems, sysadmin, ops, DevOps Successful monitoring and alerting systems can detect all known points of failure and include alerts that will quickly escalate these problems to the appropriate parties. The meat of this talk will focus on addressing the problems in a system that have not been thought of specifically. What about the monsters lurking in the dark to strike when your team is out? How do you find those unknown unknowns and give your future self the tools to investigate them? We will look at the best tactics and technologies for finding those unforeseen problems and bringing them to light. First, I will discuss methods for discovering the most common points of failure--ideally before a product or feature goes live. Next I will briefly go over best practices for logging in a system. Next, we will discuss methods for detecting problems when all other techniques have failed. Finally I will do an overview of open source logging/alerting systems like Elasticsearch, Logstash, and Kibana (ELK) by Elastic. By the end of this talk attendees should: Understand the key components of a thorough monitoring/alerting system Gain some new techniques for catching and debugging the more elusive issues Have some familiarity with open source logging/alerting technologies Successful monitoring and alerting systems can detect all known points of failure and include alerts that will quickly escalate these problems to the appropriate parties. The meat of this talk will focus on addressing the problems in a system that have not been thought of specifically. What about the monsters lurking in the dark to strike when your team is out? How do you find those unknown unknowns and give your future self the tools to investigate them? We will look at the best tactics and technologies for finding those unforeseen problems and bringing them to light. First, I will discuss methods for discovering the most common points of failure--ideally before a product or feature goes live. Next I will briefly go over best practices for logging in a system. Next, we will discuss methods for detecting problems when all other techniques have failed. Finally I will do an overview of open source logging/alerting systems like Elasticsearch, Logstash, and Kibana (ELK) by Elastic. By the end of this talk attendees should: Understand the key components of a thorough monitoring/alerting system Gain some new techniques for catching and debugging the more elusive issues Have some familiarity with open source logging/alerting technologies false Amanda Sopkin 2018-11-10T08:00:00-08:00 16:00 00:20 Room 3183 Shorter Talk 427-the-impact-of-lossy-networks-on-tcp-performance Systems, sysadmin, ops, DevOps TCP guarantees that bytes that go in one end of a network connection emerge at the other end in the same order. This guarantee holds true even if the network is "lossy" or has jitter. To do that, TCP has to be able to detect packets that arrive out of sequence or are lost. In this presentation, I describe: 1. How to create a testbed to do network experiments using virtual machines. 2. How to simulate a lossy network 3. How to use system counters to measure packet loss rate. This is how you translate the experiment into the real world. 4. Results performance degradation as a function of packet loss rate The description, slides, software, and results will be posted somewhere so that the audience may download it. TCP guarantees that bytes that go in one end of a network connection emerge at the other end in the same order. This guarantee holds true even if the network is "lossy" or has jitter. To do that, TCP has to be able to detect packets that arrive out of sequence or are lost. In this presentation, I describe: 1. How to create a testbed to do network experiments using virtual machines. 2. How to simulate a lossy network 3. How to use system counters to measure packet loss rate. This is how you translate the experiment into the real world. 4. Results performance degradation as a function of packet loss rate The description, slides, software, and results will be posted somewhere so that the audience may download it. false Jeff Silverman 2018-11-10T08:30:00-08:00 16:30 00:50 Room 3183 Longer Talk 422-the-tragedy-of-systemd Something different systemd is, to put it mildly, controversial. As a FreeBSD developer I decided I wanted to know why. I delved into the history of bootstrap systems, and even the history of UNIX and other contemporary operating systems, to try and work out why something like systemd was seem as necessary, if not desirable. I also tried to work out why so many people found it so upsetting, annoying, or otherwise rage-inducing. Join me on a journey through the bootstrap process, the history of init, the reasons why change can be scary, and the discovery of a part of your OS you may not even know existed. systemd is, to put it mildly, controversial. As a FreeBSD developer I decided I wanted to know why. I delved into the history of bootstrap systems, and even the history of UNIX and other contemporary operating systems, to try and work out why something like systemd was seem as necessary, if not desirable. I also tried to work out why so many people found it so upsetting, annoying, or otherwise rage-inducing. Join me on a journey through the bootstrap process, the history of init, the reasons why change can be scary, and the discovery of a part of your OS you may not even know existed. false Benno Rice 2018-11-10T02:45:00-08:00 10:45 00:50 Room 3180 Longer Talk 565-introduction-to-identity-management Security, Information Security You might be working on an open source project, and it seems that you will require people to sign up to use for your service. Seems easy enough, right? But, what happens when you start collecting user information? What are the implications? How do you keep the information secure? How do regulations like GDPR impact the service that you will be providing? The top concern of many open source users is privacy, and making sure that their private and personal information and details do not get leaked, misused, or abused. During this talk, you will learn what identity management is, what are some best practices around gathering and storing user information, and about a couple tools that you could find useful for making this job easy. You will also learn a bit more about the General Data Protection Regulation of the European Union, which was implemented on May 25th. What information is covered under this regulation and what changes with it? Who are going to be affected? You might be working on an open source project, and it seems that you will require people to sign up to use for your service. Seems easy enough, right? But, what happens when you start collecting user information? What are the implications? How do you keep the information secure? How do regulations like GDPR impact the service that you will be providing? The top concern of many open source users is privacy, and making sure that their private and personal information and details do not get leaked, misused, or abused. During this talk, you will learn what identity management is, what are some best practices around gathering and storing user information, and about a couple tools that you could find useful for making this job easy. You will also learn a bit more about the General Data Protection Regulation of the European Union, which was implemented on May 25th. What information is covered under this regulation and what changes with it? Who are going to be affected? false Jose Antonio Rey 2018-11-10T05:30:00-08:00 13:30 00:50 Room 3180 Longer Talk 524-qubes-os-a-reasonably-secure-operating-system Security, Information Security All operating systems, both free and non-free, are vulnerable to attacks from bad people. Just a simple action – opening random PDFs or Word/LibreOffice docs, running bash one-liners from Reddit, plugging in a cute USB stick shaped like a penguin you found on the sidewalk – and it could spell game over for your computer. Even if an attacker doesn’t gain root access to your computer, your files are still left to be damaged or stolen, and your online identity is exposed to abuse. Qubes OS seeks to minimize that potential for damage. Under Qubes, your machine runs a graphical desktop environment/window manager and all your other software runs in compartmentalized virtual machines, with limits on what hardware they access and how they communicate with one another. This is done in a usable manner, and you don’t have to be a virtual machine expert to get it set up! In this talk, I will show you various features of Qubes. From opening random PDFs and Word/LibreOffice documents in disposable VMs, to managing anonymous identities, to keeping your password databases and GPG keys in offline compartmentalized virtual machines, and more! This is not a in-depth discussion of Qubes, and beginners are more than welcome! Disclaimer: I’m not a Qubes developer. I’m just a fan. (nerdface emoji) “If you're serious about security, Qubes OS is the best OS available today,” says famous whistleblower and activist Edward Snowden. “It's what I use, and free. Nobody does VM isolation better.” All operating systems, both free and non-free, are vulnerable to attacks from bad people. Just a simple action – opening random PDFs or Word/LibreOffice docs, running bash one-liners from Reddit, plugging in a cute USB stick shaped like a penguin you found on the sidewalk – and it could spell game over for your computer. Even if an attacker doesn’t gain root access to your computer, your files are still left to be damaged or stolen, and your online identity is exposed to abuse. Qubes OS seeks to minimize that potential for damage. Under Qubes, your machine runs a graphical desktop environment/window manager and all your other software runs in compartmentalized virtual machines, with limits on what hardware they access and how they communicate with one another. This is done in a usable manner, and you don’t have to be a virtual machine expert to get it set up! In this talk, I will show you various features of Qubes. From opening random PDFs and Word/LibreOffice documents in disposable VMs, to managing anonymous identities, to keeping your password databases and GPG keys in offline compartmentalized virtual machines, and more! This is not a in-depth discussion of Qubes, and beginners are more than welcome! Disclaimer: I’m not a Qubes developer. I’m just a fan. (nerdface emoji) “If you're serious about security, Qubes OS is the best OS available today,” says famous whistleblower and activist Edward Snowden. “It's what I use, and free. Nobody does VM isolation better.” false Emmanuel Morales 2018-11-10T07:00:00-08:00 15:00 00:50 Room 3180 Longer Talk 465-client-side-video-editing-lessons-in-webassembly-and-ffmpeg Programming There's a lot of hype about the potentials of WebAssembly in the browser right now. It elicits hopes about everything from importing new functionalities into browser based applications, to the potential (and in some circles hoped for) death of JavaScript. This talk is for folks who are curious about the real world applications and limitations of WebAssembly as it exists today. Or perhaps for individuals who have written a thing or two using WebAssembly but are now wondering how to implement major features in more complex environments. I’d like to invite listeners to come follow along the journey of some intrepid developers as they integrate the popular FFmpeg multimedia framework into a React application. I’ll discuss the various complications in conversion, and why many WebAssembly ports are not currently as simple to use as an `npm install`. By the end of the talk, we’ll have created a road map for how to get started adding serious functionality to an application through WebAssembly. I’ll also cover how much time to budget for getting started, some potential pitfalls, and some tips and tricks for porting over large, complicated libraries. There's a lot of hype about the potentials of WebAssembly in the browser right now. It elicits hopes about everything from importing new functionalities into browser based applications, to the potential (and in some circles hoped for) death of JavaScript. This talk is for folks who are curious about the real world applications and limitations of WebAssembly as it exists today. Or perhaps for individuals who have written a thing or two using WebAssembly but are now wondering how to implement major features in more complex environments. I’d like to invite listeners to come follow along the journey of some intrepid developers as they integrate the popular FFmpeg multimedia framework into a React application. I’ll discuss the various complications in conversion, and why many WebAssembly ports are not currently as simple to use as an `npm install`. By the end of the talk, we’ll have created a road map for how to get started adding serious functionality to an application through WebAssembly. I’ll also cover how much time to budget for getting started, some potential pitfalls, and some tips and tricks for porting over large, complicated libraries. false Megan Slater 2018-11-10T08:00:00-08:00 16:00 00:20 Room 3180 Shorter Talk 510-take-back-your-data Security, Information Security [Slides!](https://andschwa.com/public/Take_Back_Your_Data.pdf) This talk is aimed at those with a beginner to intermediate level of experience using technology, and falls under the category of (personal) "Information Security." In today's world, users have lost control over their personal data. A massive industry has been created by companies such as Google, Amazon, Facebook, Microsoft, and others where the product is _you_: your likes, dislikes, behaviors, interests, social circles, emails, instant messages, location, face, voice, medical problems, and anything else that is entered into a phone or computer. These companies have convinced people, often unknowingly, to give them their most personal (and valuable) data, which they sell to other companies for incredible profits. The users do not know who ends up with their data, nor how it is used, but fortunately users are becoming aware of this as a problem. The first few minutes of this talk would cover what the problem is, and why users should care; however, I believe the majority of the audience will already want to protect their data. The rest of the talk will cover in some detail how to keep data in your own hands: switching to privacy-conscious alternatives for email, search, browsers, and messengers; blocking trackers and avoiding insecure connections; disabling operating system analytics and microphones; and using a password manager to compartmentalize login information. While this topic is incredibly broad, my talk would aim to cover the most impactful (and easiest) steps thoroughly, and follow it with references to more advanced steps. I would end with pointers to the EFF's Surveillance Self-Defense project and DuckDuckGo's privacy blog. For steps such as installing and configuring uBlock Origin and HTTPS Everywhere in Firefox, I would do a quick demo, with a sidenote that the same can be done on Android, and that alternatives such as Privacy Badger and DuckDuckGo Privacy Essentials exist. For steps such as using a VPN, I would explain the what and why, with references to some known good providers, the caveats of their use, and the availability of WireGuard for better mobile VPN support. For steps such as switching to alternatives such as Posteo or ProtonMail, DuckDuckGo, and Signal I would only briefly cover their existence and alternatives, as a demo is not required. The goals I would like to achieve with this talk are: (1) increase the audience's awareness of their potential data leaks; (2) enable some of the audience to take their first steps to keep their data safe; and (3) leave the audience with more tools to secure their personal information. [Slides!](https://andschwa.com/public/Take_Back_Your_Data.pdf) This talk is aimed at those with a beginner to intermediate level of experience using technology, and falls under the category of (personal) "Information Security." In today's world, users have lost control over their personal data. A massive industry has been created by companies such as Google, Amazon, Facebook, Microsoft, and others where the product is _you_: your likes, dislikes, behaviors, interests, social circles, emails, instant messages, location, face, voice, medical problems, and anything else that is entered into a phone or computer. These companies have convinced people, often unknowingly, to give them their most personal (and valuable) data, which they sell to other companies for incredible profits. The users do not know who ends up with their data, nor how it is used, but fortunately users are becoming aware of this as a problem. The first few minutes of this talk would cover what the problem is, and why users should care; however, I believe the majority of the audience will already want to protect their data. The rest of the talk will cover in some detail how to keep data in your own hands: switching to privacy-conscious alternatives for email, search, browsers, and messengers; blocking trackers and avoiding insecure connections; disabling operating system analytics and microphones; and using a password manager to compartmentalize login information. While this topic is incredibly broad, my talk would aim to cover the most impactful (and easiest) steps thoroughly, and follow it with references to more advanced steps. I would end with pointers to the EFF's Surveillance Self-Defense project and DuckDuckGo's privacy blog. For steps such as installing and configuring uBlock Origin and HTTPS Everywhere in Firefox, I would do a quick demo, with a sidenote that the same can be done on Android, and that alternatives such as Privacy Badger and DuckDuckGo Privacy Essentials exist. For steps such as using a VPN, I would explain the what and why, with references to some known good providers, the caveats of their use, and the availability of WireGuard for better mobile VPN support. For steps such as switching to alternatives such as Posteo or ProtonMail, DuckDuckGo, and Signal I would only briefly cover their existence and alternatives, as a demo is not required. The goals I would like to achieve with this talk are: (1) increase the audience's awareness of their potential data leaks; (2) enable some of the audience to take their first steps to keep their data safe; and (3) leave the audience with more tools to secure their personal information. false Andy Schwartzmeyer 2018-11-10T08:30:00-08:00 16:30 00:50 Room 3180 Longer Talk 523-robust-image-resizing Programming If your application handles images you've probably written something to crop and resize them. It's simple enough to execute ImageMagick with the appropriate flags, but is that sufficient? In this talk we will: * Explore common pitfalls of naive image resizing implementations * Native binary versioning differences (which version of ImageMagick am I using?) * Uncapped RAM usage * EXIF orientation issues * ICC color profile support * Compare performance of different image processing tools * ImageMagick * GraphicsMagick * VIPS * Create an AWS Lambda image resize function * Lets us bound RAM utilization per request * Includes known versions of native dependencies If your application handles images you've probably written something to crop and resize them. It's simple enough to execute ImageMagick with the appropriate flags, but is that sufficient? In this talk we will: * Explore common pitfalls of naive image resizing implementations * Native binary versioning differences (which version of ImageMagick am I using?) * Uncapped RAM usage * EXIF orientation issues * ICC color profile support * Compare performance of different image processing tools * ImageMagick * GraphicsMagick * VIPS * Create an AWS Lambda image resize function * Lets us bound RAM utilization per request * Includes known versions of native dependencies false James Cooper 2018-11-10T06:20:00-08:00 14:20 00:40 Expo Hall TeaGL Tea Time 584-teagl-tea-time-at-seagl This year we're pleased to introduce TeaGL, the SeaGL Tea Swap! If there's any tea you particularly enjoy, bring it along to SeaGL on Saturday and bring enough for a few other people. Share your tea with the SeaGL community and try some interesting teas brought by others. Black, green, white, herbal, whatever! All teas are welcome at TeaGL. The sharing happens all day, so bring your tea to the expo hall in the morning on Saturday. We've also dedicated the Saturday afternoon break as Tea Time so all tea lovers (or simply tea curious) can get together in the expo hall, visit with our sponsors, and have a nice cuppa. This year we're pleased to introduce TeaGL, the SeaGL Tea Swap! If there's any tea you particularly enjoy, bring it along to SeaGL on Saturday and bring enough for a few other people. Share your tea with the SeaGL community and try some interesting teas brought by others. Black, green, white, herbal, whatever! All teas are welcome at TeaGL. The sharing happens all day, so bring your tea to the expo hall in the morning on Saturday. We've also dedicated the Saturday afternoon break as Tea Time so all tea lovers (or simply tea curious) can get together in the expo hall, visit with our sponsors, and have a nice cuppa. false expohall 2018-11-10T10:00:00-08:00 18:00 04:00 Silver Cloud Inn Evening Reception 586-conference-reception At the Silver Cloud The conference reception will include lightning talks, snacks, drinks -- both alcoholic and non-alcoholic and networking and relaxing with your fellow conference attendees. There will be a few door prizes and some gushing about our amazing volunteers. This event is all-ages, although consumers of alcoholic beverages should bring ID. The conference reception will include lightning talks, snacks, drinks -- both alcoholic and non-alcoholic and networking and relaxing with your fellow conference attendees. There will be a few door prizes and some gushing about our amazing volunteers. This event is all-ages, although consumers of alcoholic beverages should bring ID. false Adam Monsen