41 seagl2021 2021-11-05 2021-11-06 2 00:05 2021-11-05T02:00:00-07:00 09:00 00:10 Keynotes Opening Remarks 869-welcome-to-seagl-2021 Welcome to SeaGL 2021! Welcome to SeaGL 2021! false SeaGL 2021-11-05T02:10:00-07:00 09:10 00:20 Keynotes Keynote 865-keynote-hack-the-planet-how-to-get-stuff-done-in-open-source-elana-hashman Keynote Presentation Keynote Presentation false Elana Hashman 2021-11-05T02:35:00-07:00 09:35 00:20 Keynotes Keynote 871-keynote-marie-nordin Keynote Presentation Keynote Presentation false Marie Nordin 2021-11-05T03:10:00-07:00 10:10 00:30 Room 3 20-Minute Talk 841-ssh-from-your-devops-ci-cd-securely DevOps Your CI/CD pipeline needs to make things happen, and often that means hitting other machines via SSH or rsync. Since no human is at the keyboard to type a password, how do you automate this securely? We'll show alternatives to passwordless keys in your repository (BAD!!!), describe the security implications, and how you can assure that these keys are usable only for the commands they require. Your CI/CD pipeline needs to make things happen, and often that means hitting other machines via SSH or rsync. Since no human is at the keyboard to type a password, how do you automate this securely? We'll show alternatives to passwordless keys in your repository (BAD!!!), describe the security implications, and how you can assure that these keys are usable only for the commands they require. false Bri Hatch 2021-11-05T03:50:00-07:00 10:50 00:30 Room 3 20-Minute Talk 843-predictive-modeling-and-privacy We're defining predictive modeling as the intentional building of a model to predict someone's actions and desires. Predictive modeling can be a really useful tool -- it can help us customize environments to our emotional states, anticipate needs, and help us find the things we want even when we don't know we want them. Predictive modeling can also be a scary violation of privacy, letting others know about our inner desires regardless of what we want to share. Even if someone consents to a model being built from them, it is impossible to understand the ways they might be implemented in the future or the direction of technological development. In this session we'll be talking a bit about ow predictive modeling already exists and ways it could develop in the future; why it is something we should be thinking about; and what sorts of things we can do as individuals and collectives. We're defining predictive modeling as the intentional building of a model to predict someone's actions and desires. Predictive modeling can be a really useful tool -- it can help us customize environments to our emotional states, anticipate needs, and help us find the things we want even when we don't know we want them. Predictive modeling can also be a scary violation of privacy, letting others know about our inner desires regardless of what we want to share. Even if someone consents to a model being built from them, it is impossible to understand the ways they might be implemented in the future or the direction of technological development. In this session we'll be talking a bit about ow predictive modeling already exists and ways it could develop in the future; why it is something we should be thinking about; and what sorts of things we can do as individuals and collectives. false Molly de Blanc 2021-11-05T06:15:00-07:00 13:15 00:30 Room 3 20-Minute Talk 854-introduction-to-nextcloud Virtual Life & Work Nextcloud for private, secure cloud features such as collaboration tools, Enterprise File Sync and Share and phone syncing. Your data, your cloud. Nextcloud integrates with Collabora Online for collaborative office suite. In addition to the Nextcloud Talk for video calls it integrates with Big Blue Button for full classroom and meeting style video conferencing. Nextcloud also has options like phone contact and file sync, web forms, project management and password management. Nextcloud is used by large, enterprise organizations, but can also be self-hosted at home for personal use. There are commercial vendors that offer hosting and some Free Software organizations offer hosting as well. Nextcloud was created to be Free Software. Using the AGPL helps ensure it will remain Free in the future. Attendees will learn about: * Basic features of Nextcloud * Integrations with Collabora Online office suite and Big Blue Button * Nextcloud apps * Nextcloud history * Hosting options Nextcloud for private, secure cloud features such as collaboration tools, Enterprise File Sync and Share and phone syncing. Your data, your cloud. Nextcloud integrates with Collabora Online for collaborative office suite. In addition to the Nextcloud Talk for video calls it integrates with Big Blue Button for full classroom and meeting style video conferencing. Nextcloud also has options like phone contact and file sync, web forms, project management and password management. Nextcloud is used by large, enterprise organizations, but can also be self-hosted at home for personal use. There are commercial vendors that offer hosting and some Free Software organizations offer hosting as well. Nextcloud was created to be Free Software. Using the AGPL helps ensure it will remain Free in the future. Attendees will learn about: * Basic features of Nextcloud * Integrations with Collabora Online office suite and Big Blue Button * Nextcloud apps * Nextcloud history * Hosting options false der.hans 2021-11-05T07:00:00-07:00 14:00 00:30 Room 3 20-Minute Talk 861-developing-on-nextcloud Building on the Google Workspace Alternative NextCloud is an open source alternative to Google Workspace. It has document editing, time tracking, project management tools, and many more apps that you might want to use in business or activism, but there's a lot that could be made better. YOU can help make it better! This talk will show you what you need to do to get started with improving the core apps for NextCloud or developing your own using PHP and Javascript. NextCloud is an open source alternative to Google Workspace. It has document editing, time tracking, project management tools, and many more apps that you might want to use in business or activism, but there's a lot that could be made better. YOU can help make it better! This talk will show you what you need to do to get started with improving the core apps for NextCloud or developing your own using PHP and Javascript. false Elior Sterling 2021-11-05T08:30:00-07:00 15:30 00:30 Room 3 20-Minute Talk 848-building-and-supporting-open-source-communities-through-metrics Community Each community is different and therefore requires different metrics for data-driven decisions about building and supporting it. The CHAOSS Project was started to help understand open source communities through metrics. We have had many conversations and realized that everyone cares about a different aspect of the community. This talk will share what we have learned in the CHAOSS Project about having metrics for open source communities. Once the right metrics have been decided on, challenges need to be overcome, both technical and organizational challenges. Finally, this talk will share real-world examples of how open source community metrics have been used to help build and support open source communities. Each community is different and therefore requires different metrics for data-driven decisions about building and supporting it. The CHAOSS Project was started to help understand open source communities through metrics. We have had many conversations and realized that everyone cares about a different aspect of the community. This talk will share what we have learned in the CHAOSS Project about having metrics for open source communities. Once the right metrics have been decided on, challenges need to be overcome, both technical and organizational challenges. Finally, this talk will share real-world examples of how open source community metrics have been used to help build and support open source communities. false Georg Link 2021-11-05T03:10:00-07:00 10:10 00:30 Room 2 20-Minute Talk 824-responding-thoughtfully-to-a-crisis Hopefully, you will never need this talk but if you do face a crisis you'll want a plan -- or at least a plan for making a plan. When a project hits crisis mode, often things will start to move very fast. Thinking about how you want to respond to emergencies and how you want to be seen at the end of the fiasco is worth thinking and talking about in advance. This talk is for folks who suspect that one day it could be their turn to handle a crisis and want to be as prepared as possible when it happens to them. These topics will be covered: * Preserving your organization's image * How to work together as a team * When to bring in a specialist * Learning from what happened Focusing on the big picture of your organization's goals and thinking holistically about your relationships before you dive into the details, will help you free your mind from all the "what if we aren't doing the right thing?" doubts that can creep in during crisis management. This talk will help you sort through your options so you can move forward and offer some advice on taking good care of your team-mates while things are tough. There are also some crucial actions to take as you get to the end of the current crisis that you'll want to take care of before you declare things "finished!" so you can make sure you're set up for future success. Hopefully, you will never need this talk but if you do face a crisis you'll want a plan -- or at least a plan for making a plan. When a project hits crisis mode, often things will start to move very fast. Thinking about how you want to respond to emergencies and how you want to be seen at the end of the fiasco is worth thinking and talking about in advance. This talk is for folks who suspect that one day it could be their turn to handle a crisis and want to be as prepared as possible when it happens to them. These topics will be covered: * Preserving your organization's image * How to work together as a team * When to bring in a specialist * Learning from what happened Focusing on the big picture of your organization's goals and thinking holistically about your relationships before you dive into the details, will help you free your mind from all the "what if we aren't doing the right thing?" doubts that can creep in during crisis management. This talk will help you sort through your options so you can move forward and offer some advice on taking good care of your team-mates while things are tough. There are also some crucial actions to take as you get to the end of the current crisis that you'll want to take care of before you declare things "finished!" so you can make sure you're set up for future success. false Deb Nicholson 2021-11-05T03:50:00-07:00 10:50 00:30 Room 2 20-Minute Talk 832-intro-to-jq-grep-for-json Tools Want to parse JSON on the command line? Want a pipeable inline tool for JSON manipulation? jq is a command line tool, easy to fit into your data pipeline. It can parse, search and manipulate JSON documents. This talk will cover an introduction to jq and using it to search JSON objects similar to how grep is used for plain text. Attendees will learn: * basic parts of JSON * key search * value matching * string match * using variables with jq * date handling * conditionals * regular expressions * prettified JSON output * plain JSON output * non JSON output Want to parse JSON on the command line? Want a pipeable inline tool for JSON manipulation? jq is a command line tool, easy to fit into your data pipeline. It can parse, search and manipulate JSON documents. This talk will cover an introduction to jq and using it to search JSON objects similar to how grep is used for plain text. Attendees will learn: * basic parts of JSON * key search * value matching * string match * using variables with jq * date handling * conditionals * regular expressions * prettified JSON output * plain JSON output * non JSON output false der.hans 2021-11-05T06:15:00-07:00 13:15 00:30 Room 2 20-Minute Talk 845-lessons-learned-from-a-ransomware-attack Please see https://www.usenix.org/conference/lisa21/presentation/kacoroski for a longer version of the talk as I gave it as a Keynote at the LISA 2021 conference. I would love to have more time, but will fit the key points into 20 minutes if that is all I have. Abstract is: This talk covers a ransomware attack on medium size school district (23K students, 4K staff). We start with the timeline of the attack that was determined by forensic analysis, cover what was damaged in the attack, and then cover the attack recovery process. Then we'll discuss changes that were made to avoid and mitigate any future attacks. We wrap up with the lessons learned during this attack in the hope that they will help you to avoid and recover quicker if you do experience a ransomware attack. After this talk you will have a better understanding of how an attack happens, what kind of alerts may be symptoms of an attack, what to do in case you are attacked, what happens after you are attacked, and what actions you can take now to avoid and mitigate a ransomware attack. cheers, ski Please see https://www.usenix.org/conference/lisa21/presentation/kacoroski for a longer version of the talk as I gave it as a Keynote at the LISA 2021 conference. I would love to have more time, but will fit the key points into 20 minutes if that is all I have. Abstract is: This talk covers a ransomware attack on medium size school district (23K students, 4K staff). We start with the timeline of the attack that was determined by forensic analysis, cover what was damaged in the attack, and then cover the attack recovery process. Then we'll discuss changes that were made to avoid and mitigate any future attacks. We wrap up with the lessons learned during this attack in the hope that they will help you to avoid and recover quicker if you do experience a ransomware attack. After this talk you will have a better understanding of how an attack happens, what kind of alerts may be symptoms of an attack, what to do in case you are attacked, what happens after you are attacked, and what actions you can take now to avoid and mitigate a ransomware attack. cheers, ski false Ski 2021-11-05T07:00:00-07:00 14:00 00:30 Room 2 20-Minute Talk 834-the-stories-we-don-t-tell How open-source communities can break barriers to entry Tech Culture It's easy to tell stories about people whose experience in the tech industry is unusual. Some of those stories are focused on innovators, but others are focused on 'trailblazers' from marginalised and under-represented groups. Articles like these often focus on the characteristics that these trailblazers exhibit - strength, perseverance, resilience. However, that's only one part of the story. The ways in which under-represented people enter, experience, and hopefully thrive in our industry are far more complex. Very few people advance their careers on positive attributes alone. For those from marginalised groups, their tech experience depends on the managers, companies, and communities who put in the time and effort to identify, employ, and sponsor them through their careers. Open-source communities have a role to play in this process; not only are they a frequent first point of contact for young folks and potential career-changers, they're also a place where people are free to learn and make mistakes outside a formal employment structure, with the support of mentors and long-time community members. In this talk, we'll analyse what it means to be successful when nobody in the room looks like you, and break down the narrative of the trailblazers in the tech industry. Then, we'll look at the role that technical groups and communities play in increasing diversity and fostering a sense of belonging in the industry. By the end of the session, you will have learned ways to use your energy to shape open-source communities where difference is both ordinary and celebrated, and also how you can start to translate that into a commercial workplace. It's easy to tell stories about people whose experience in the tech industry is unusual. Some of those stories are focused on innovators, but others are focused on 'trailblazers' from marginalised and under-represented groups. Articles like these often focus on the characteristics that these trailblazers exhibit - strength, perseverance, resilience. However, that's only one part of the story. The ways in which under-represented people enter, experience, and hopefully thrive in our industry are far more complex. Very few people advance their careers on positive attributes alone. For those from marginalised groups, their tech experience depends on the managers, companies, and communities who put in the time and effort to identify, employ, and sponsor them through their careers. Open-source communities have a role to play in this process; not only are they a frequent first point of contact for young folks and potential career-changers, they're also a place where people are free to learn and make mistakes outside a formal employment structure, with the support of mentors and long-time community members. In this talk, we'll analyse what it means to be successful when nobody in the room looks like you, and break down the narrative of the trailblazers in the tech industry. Then, we'll look at the role that technical groups and communities play in increasing diversity and fostering a sense of belonging in the industry. By the end of the session, you will have learned ways to use your energy to shape open-source communities where difference is both ordinary and celebrated, and also how you can start to translate that into a commercial workplace. false Dawn Cooper 2021-11-05T08:30:00-07:00 15:30 00:30 Room 2 20-Minute Talk 851-software-tools-for-collective-self-governance Tools Software systems embed power relationships in their code through their design and in particular through their permissions systems. Even highly collaborative software often relies on the "Benevolent Dictator For Life" model of community and resource management, with a single account given power they may or may not delegate. While this is the dominant model of governance embedded in technology, it's certainly not the only model. This talk will provide an overview of software projects - most free/open source - which provide ways for governments, institutions, communities, and even groups of internet strangers to govern themselves and their resources in a more democratic way. Software systems embed power relationships in their code through their design and in particular through their permissions systems. Even highly collaborative software often relies on the "Benevolent Dictator For Life" model of community and resource management, with a single account given power they may or may not delegate. While this is the dominant model of governance embedded in technology, it's certainly not the only model. This talk will provide an overview of software projects - most free/open source - which provide ways for governments, institutions, communities, and even groups of internet strangers to govern themselves and their resources in a more democratic way. false Shauna Gordon-McKeon 2021-11-05T03:10:00-07:00 10:10 00:30 Room 1 20-Minute Talk 836-floss-daily-but-flo-all-the-time Tech Culture The important concepts in technology and collaboration that were pioneered by the Free Software Movement are *also* pertinent *beyond* software. Both the term "Free Software" and the common acronym FLOSS (*Free / Libre / Open Source Software*) are limited to software programs. So, we use the broader term **FLO** to bring our ethical and creative values to a wide range of other areas. FLO values matter in hardware, science and medicine, governance, music and art, and many other domains. FLO is about people, communities, and cultures rather than about the products themselves. As Cory Doctorow emphasizes, *information* doesn't want to be free, *people* want to be free. That's why the FLO movement emphasizes people-first principles. FLO encompasses more than licensing and source availability. The FLO world that we wish to see is one in which all of us are both legally and *practically* able to use, study, adapt, and share creative resources in *all* the different facets of our lives. This session will address why FLO matters as a term as well as a movement. The discussion will be facilitated by three FLO advocates who have experience with hardware and (FLOSS) software, community development, music education and performance, fundraising, and beyond. The audience is invited to participate via a live dialog while we explore getting 'into the FLO'. The important concepts in technology and collaboration that were pioneered by the Free Software Movement are *also* pertinent *beyond* software. Both the term "Free Software" and the common acronym FLOSS (*Free / Libre / Open Source Software*) are limited to software programs. So, we use the broader term **FLO** to bring our ethical and creative values to a wide range of other areas. FLO values matter in hardware, science and medicine, governance, music and art, and many other domains. FLO is about people, communities, and cultures rather than about the products themselves. As Cory Doctorow emphasizes, *information* doesn't want to be free, *people* want to be free. That's why the FLO movement emphasizes people-first principles. FLO encompasses more than licensing and source availability. The FLO world that we wish to see is one in which all of us are both legally and *practically* able to use, study, adapt, and share creative resources in *all* the different facets of our lives. This session will address why FLO matters as a term as well as a movement. The discussion will be facilitated by three FLO advocates who have experience with hardware and (FLOSS) software, community development, music education and performance, fundraising, and beyond. The audience is invited to participate via a live dialog while we explore getting 'into the FLO'. false Athan Spathas Aaron Wolf Wm Salt Hale 2021-11-05T03:50:00-07:00 10:50 00:30 Room 1 20-Minute Talk 827-postgresql-participation-in-google-s-summer-of-code Community The [PostgreSQL](https://www.postgresql.org/) community has participated in the international [Google Summer of Code](https://summerofcode.withgoogle.com/) program for many years now. This program is focused on introducing students with developing open source software. This presentation gives a brief overview of the program, the software projects that the PostgreSQL community mentored, and the commitment needed to have a successful summer. The PostgreSQL organization's projects ranged from command line utilities, Web applications, testing tools, extensions to PostgreSQL and other database related software. PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. The [PostgreSQL](https://www.postgresql.org/) community has participated in the international [Google Summer of Code](https://summerofcode.withgoogle.com/) program for many years now. This program is focused on introducing students with developing open source software. This presentation gives a brief overview of the program, the software projects that the PostgreSQL community mentored, and the commitment needed to have a successful summer. The PostgreSQL organization's projects ranged from command line utilities, Web applications, testing tools, extensions to PostgreSQL and other database related software. PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. false Mark Wong 2021-11-05T04:30:00-07:00 11:30 00:30 Room 1 20-Minute Talk 868-lightning-talks Lightning Talks Lightning Talks false SeaGL 2021-11-05T06:15:00-07:00 13:15 00:30 Room 1 20-Minute Talk 821-json-document-validation-in-mysql-8-0 Tools JSON is a great free form way of interchanging data with minimal data type checking. Relational databases are strictly structured systems to store data with many types of data checks to make sure the data meets rigorous formatting standard. Most databases now allow you to store that free form data in their structured framework. So how do you check that free form data for things like required fields, proper data types, and that the data is within a pre-set range? The wonderful folks at JSON-Schmea.org have devised a way to do all that and we will look at how MySQL implemented their templating system to verify that you JSON document going into your relational database meets your criteria. JSON is a great free form way of interchanging data with minimal data type checking. Relational databases are strictly structured systems to store data with many types of data checks to make sure the data meets rigorous formatting standard. Most databases now allow you to store that free form data in their structured framework. So how do you check that free form data for things like required fields, proper data types, and that the data is within a pre-set range? The wonderful folks at JSON-Schmea.org have devised a way to do all that and we will look at how MySQL implemented their templating system to verify that you JSON document going into your relational database meets your criteria. false davidmstokes 2021-11-05T07:45:00-07:00 14:45 00:30 Room 1 Afternoon Break 867-friday-booth-crawl Visit our lovely virtual expo area in the Social track! Visit our lovely virtual expo area in the Social track! false SeaGL 2021-11-05T08:30:00-07:00 15:30 00:30 Room 1 20-Minute Talk 839-good-shell-patterns Miscellaneous We'll discuss tried-and-true code snippets you can use to make your code more reliable, easier to read, and quicker to debug. Enjoy the elegance of "cd $(dirname $0)", performing actions only on successful exit, and informational help messages. We'll cover all those minor changes that continually come up in our code review sessions that reap outsized rewards. We'll discuss tried-and-true code snippets you can use to make your code more reliable, easier to read, and quicker to debug. Enjoy the elegance of "cd $(dirname $0)", performing actions only on successful exit, and informational help messages. We'll cover all those minor changes that continually come up in our code review sessions that reap outsized rewards. false Bri Hatch 2021-11-05T09:30:00-07:00 16:30 01:00 Social Evening Hour 872-devops-party-games SeaGL Edition! The DevOps part game is coming to SeaGL! Whoo!! https://devopspartygames.com/ Please take a minute to sign up for Twitch and then join us here, https://www.twitch.tv/devopspartygames The DevOps part game is coming to SeaGL! Whoo!! https://devopspartygames.com/ Please take a minute to sign up for Twitch and then join us here, https://www.twitch.tv/devopspartygames false SeaGL 2021-11-05T10:45:00-07:00 17:45 01:30 Social Evening Late 873-cocktails-and-mocktails-with-mako BYO! [Here's](https://wiki.mako.cc/SeagGL_Cocktail_Hour_2021) the list of ingredients that you may want to procure in advance -- but you're also welcome to join and *muddle* through with whatever you already have. Join us in the Social track! [Here's](https://wiki.mako.cc/SeagGL_Cocktail_Hour_2021) the list of ingredients that you may want to procure in advance -- but you're also welcome to join and *muddle* through with whatever you already have. Join us in the Social track! false SeaGL 2021-11-06T02:15:00-07:00 09:15 00:15 Social Costume Contest 874-costume-contest All attendees are welcome Prizes for - Most Creative - Most Nerdy - Audience choice, don't forget to vote! The costume contest is all-ages and should be considered a PG event. Winners will be announced right before TeaGL at 2'30pm on Saturday. Prizes for - Most Creative - Most Nerdy - Audience choice, don't forget to vote! The costume contest is all-ages and should be considered a PG event. Winners will be announced right before TeaGL at 2'30pm on Saturday. false SeaGL 2021-11-06T07:30:00-07:00 14:30 00:15 Social Costume Contest 875-winners-announced from the morning's costume contest Winners announced! Join us in the Social track! Prizes for - Most Creative - Most Nerdy - Audience choice, don't forget to vote! [Vote here between 10am and 2pm!](https://forms.gle/PP4RN9FwT5dQmwc39) Winners announced! Join us in the Social track! Prizes for - Most Creative - Most Nerdy - Audience choice, don't forget to vote! [Vote here between 10am and 2pm!](https://forms.gle/PP4RN9FwT5dQmwc39) false SeaGL 2021-11-06T07:45:00-07:00 14:45 00:30 Social Afternoon Break 870-saturday-teagl Enjoy some tea drinking and tea talk and meet your swap buddy if you participated in this year's swap. Join us in the Social track! Enjoy some tea drinking and tea talk and meet your swap buddy if you participated in this year's swap. Join us in the Social track! false SeaGL 2021-11-06T10:30:00-07:00 17:30 01:00 Social Evening Hour 877-make-tea-sandwiches-with-molly-and-sri Learn to make two different sandwiches The most excellent Molly de Blanc is up first with her tea sandwiches, including vegan options. (She's making apple brie sandwiches and a smoked not-salmon sandwich with cream cheese and dill, more details are [here.](http://deblanc.net/blog/2021/11/05/teagl-sandwiches/)) Sandwich savvy Sri Ramkrishna follows up with a slightly spicier sandwich. (A classic Indian sandwich with bread, cheese, cucumbers, tomatoes, butter and ketchup. Optional chutney.) Join us in the Social track! Bring your favorite bread and tune in for both of these interactive sandwich demos! The most excellent Molly de Blanc is up first with her tea sandwiches, including vegan options. (She's making apple brie sandwiches and a smoked not-salmon sandwich with cream cheese and dill, more details are [here.](http://deblanc.net/blog/2021/11/05/teagl-sandwiches/)) Sandwich savvy Sri Ramkrishna follows up with a slightly spicier sandwich. (A classic Indian sandwich with bread, cheese, cucumbers, tomatoes, butter and ketchup. Optional chutney.) Join us in the Social track! Bring your favorite bread and tune in for both of these interactive sandwich demos! false SeaGL 2021-11-06T11:30:00-07:00 18:30 01:30 Social Evening Late 878-trivia-contest-for-fun-and-prizes with Remy DeCausemaker and Elana Hashman Remy DeCausemaker, open source impresario and man about the virtual FOSS town teams up with Elana Hashman, last year's reigning trivia champion (and one of our keynotes) will host our second annual Trivia night. This year's event will involve teams and artisanal handmade graphics and all new questions! Join us in the Social track! Remy DeCausemaker, open source impresario and man about the virtual FOSS town teams up with Elana Hashman, last year's reigning trivia champion (and one of our keynotes) will host our second annual Trivia night. This year's event will involve teams and artisanal handmade graphics and all new questions! Join us in the Social track! false SeaGL 2021-11-06T02:30:00-07:00 09:30 00:20 Keynotes Keynote 866-interdisciplinarity-in-foss-keynote-dr-morgan-lemmer-webber-and-christine-lemmer-webber Morgan and Chris talk about the skills they've learned in their humanities backgrounds and how those have translated into their work within FOSS communities and projects. They'll then discuss the benefits of seeking out varied skillsets within your communities, the value of looking at problems from multiple lenses, and how to use all of the tools we've got to promote our projects. Dr. Morgan Lemmer-Webber (she/her) is an art historian, avid crafter, and FOSS user and advocate. She recently completed her PhD in Art History at the University of Wisconsin, Madison. A lifelong exploration of various handcrafts and media inspired her dissertation research on women and textile production in the Roman empire. Morgan is also interested in the intersection of FOSS and academia, particularly in the context of digital humanities research. She built the original digitization of the William Ramsay ledger as a custom static site generator in Python. She looks forward to doing more digital humanities exploration and community engagement within the FOSS world now that her dissertation is complete. Christine Lemmer-Webber (she/her) is a long-time user freedom advocate. Her degree in interdisciplinary humanities with a focus on philosophy and ethics has informed her approach to free and open source software and free culture. She is mostly known for her work co-authoring and co-editing the ActivityPub distributed social network protocol. In previous times of her life she worked as tech lead at Creative Commons, co-founded MediaGoblin, started and ran the Liberated Pixel Cup, and kicked off the work on CC BY-SA 4.0 and GPL compatibility. These days her primary work is on Spritely, a project to improve the security of federated social networks and bridge them with virtual worlds. When she isn't programming, she enjoys cooking, sketching, and making ASCII art. Morgan and Chris talk about the skills they've learned in their humanities backgrounds and how those have translated into their work within FOSS communities and projects. They'll then discuss the benefits of seeking out varied skillsets within your communities, the value of looking at problems from multiple lenses, and how to use all of the tools we've got to promote our projects. Dr. Morgan Lemmer-Webber (she/her) is an art historian, avid crafter, and FOSS user and advocate. She recently completed her PhD in Art History at the University of Wisconsin, Madison. A lifelong exploration of various handcrafts and media inspired her dissertation research on women and textile production in the Roman empire. Morgan is also interested in the intersection of FOSS and academia, particularly in the context of digital humanities research. She built the original digitization of the William Ramsay ledger as a custom static site generator in Python. She looks forward to doing more digital humanities exploration and community engagement within the FOSS world now that her dissertation is complete. Christine Lemmer-Webber (she/her) is a long-time user freedom advocate. Her degree in interdisciplinary humanities with a focus on philosophy and ethics has informed her approach to free and open source software and free culture. She is mostly known for her work co-authoring and co-editing the ActivityPub distributed social network protocol. In previous times of her life she worked as tech lead at Creative Commons, co-founded MediaGoblin, started and ran the Liberated Pixel Cup, and kicked off the work on CC BY-SA 4.0 and GPL compatibility. These days her primary work is on Spritely, a project to improve the security of federated social networks and bridge them with virtual worlds. When she isn't programming, she enjoys cooking, sketching, and making ASCII art. false Christine Lemmer-Webber Dr. Morgan Lemmer-Webber 2021-11-06T09:30:00-07:00 16:30 00:20 Keynotes Keynote 864-keynote-seize-the-means-of-computation-cory-doctorow Software Freedom in an Age of Monopoly, Inequality and Crisis After a year of lockdown, there can no longer be any question as to whether digital rights are human rights. The internet is a single wire that delivers free speech, free assembly, education, family life, romance, parenting, employment, access to politics and civics, to tools and ideas, to community and the public sphere. And yet, technological self-determination is farther away than ever. Open source means nothing without software freedom (who cares if you can see the source to applications whose essential cloud components you can't modify?). Interoperability is criminalized in new ways every day. A single corporate account termination can cost you your media, your email archives, your mobile device, and even brick your thermostat and doorbell. Time is running out to seize the means of computation and safeguard the power of tech to give us more control over our lives. After a year of lockdown, there can no longer be any question as to whether digital rights are human rights. The internet is a single wire that delivers free speech, free assembly, education, family life, romance, parenting, employment, access to politics and civics, to tools and ideas, to community and the public sphere. And yet, technological self-determination is farther away than ever. Open source means nothing without software freedom (who cares if you can see the source to applications whose essential cloud components you can't modify?). Interoperability is criminalized in new ways every day. A single corporate account termination can cost you your media, your email archives, your mobile device, and even brick your thermostat and doorbell. Time is running out to seize the means of computation and safeguard the power of tech to give us more control over our lives. false Cory Doctorow 2021-11-06T03:00:00-07:00 10:00 00:30 Room 3 20-Minute Talk 850-know-your-rights-as-a-tech-worker Community If there’s a problem with your code, you can file a bug report. But what do you do when there’s a problem with your workplace? All workers, including tech workers, have the right to try and improve our workplaces. This talk will give you an overview of your rights, with a special focus on issues that commonly arise in the tech industry, such as workplace harassment, overuse of non-disclosure agreements and forced arbitration clauses, and misclassification of contractors. We’ll also talk about what you can do when your company does something unethical, following the “Bargaining for the Common Good” model used by workers around the country to fight poverty, systemic racism, and climate change. If there’s a problem with your code, you can file a bug report. But what do you do when there’s a problem with your workplace? All workers, including tech workers, have the right to try and improve our workplaces. This talk will give you an overview of your rights, with a special focus on issues that commonly arise in the tech industry, such as workplace harassment, overuse of non-disclosure agreements and forced arbitration clauses, and misclassification of contractors. We’ll also talk about what you can do when your company does something unethical, following the “Bargaining for the Common Good” model used by workers around the country to fight poverty, systemic racism, and climate change. false Shauna Gordon-McKeon 2021-11-06T03:45:00-07:00 10:45 00:30 Room 3 20-Minute Talk 829-walking-the-cultural-tightrope Why We Need Codes of Conduct And Why They’re Not Enough Community Aeva, a member of the Kubernetes Code of Conduct (CoC) Committee, will examine difficult topics related to CoC enforcement and provide concrete suggestions on how to implement a CoCC, based on their experience supporting the Kubernetes community through several complex incidents in the past two years. Standard business approaches to interpersonal risk management (such as “just let HR handle it” and “don’t do anything that could make us liable”) do not translate effectively to open source community management, where liability extends outside organizational authority and interpersonal dynamics are fundamentally different. Conversely, ignoring community health leads to poor -- sometimes catastrophic -- outcomes for technical projects, and ultimately an increase in business risk in your software supply chain. In this talk, Aeva will discuss what it means to shape an open source community through a values-driven approach to leadership, and provide concrete suggestions for open source projects and their corporate sponsors to implement which can improve community health and diversity. These suggestions will be based on real examples, though all identifying details will be anonymized to maintain the confidentiality of those involved. Aeva, a member of the Kubernetes Code of Conduct (CoC) Committee, will examine difficult topics related to CoC enforcement and provide concrete suggestions on how to implement a CoCC, based on their experience supporting the Kubernetes community through several complex incidents in the past two years. Standard business approaches to interpersonal risk management (such as “just let HR handle it” and “don’t do anything that could make us liable”) do not translate effectively to open source community management, where liability extends outside organizational authority and interpersonal dynamics are fundamentally different. Conversely, ignoring community health leads to poor -- sometimes catastrophic -- outcomes for technical projects, and ultimately an increase in business risk in your software supply chain. In this talk, Aeva will discuss what it means to shape an open source community through a values-driven approach to leadership, and provide concrete suggestions for open source projects and their corporate sponsors to implement which can improve community health and diversity. These suggestions will be based on real examples, though all identifying details will be anonymized to maintain the confidentiality of those involved. false Aeva Black 2021-11-06T04:30:00-07:00 11:30 00:30 Room 3 20-Minute Talk 828-computing-confidentially-in-the-clouds Security Someone once said that "a cloud is just someone else's computer", implying that you're trusting that "someone" with your data. You also trust them in ways you may not even realize: to patch their infrastructure against the latest threats, to keep your data in the right country, and to only access it in legally compliant ways. What if you didn't have to trust them? What if you could audit the integrity of their systems at any time, isolate your work from cloud admins, and guarantee your data is processed only when and where you want? Sounds good, right? With new hardware coming online in all major cloud providers, _Confidential Computing_ promises to alter the trust relationship between cloud provider and consumer. However, the tech stack is still young, and it is not integrated in cloud-native scenarios (containers) yet. In this session, Aeva Black will present a vision towards this goal, introduce a few open source projects which facilitate it, and point interested developers towards community-led projects actively working on building this technology. Someone once said that "a cloud is just someone else's computer", implying that you're trusting that "someone" with your data. You also trust them in ways you may not even realize: to patch their infrastructure against the latest threats, to keep your data in the right country, and to only access it in legally compliant ways. What if you didn't have to trust them? What if you could audit the integrity of their systems at any time, isolate your work from cloud admins, and guarantee your data is processed only when and where you want? Sounds good, right? With new hardware coming online in all major cloud providers, _Confidential Computing_ promises to alter the trust relationship between cloud provider and consumer. However, the tech stack is still young, and it is not integrated in cloud-native scenarios (containers) yet. In this session, Aeva Black will present a vision towards this goal, introduce a few open source projects which facilitate it, and point interested developers towards community-led projects actively working on building this technology. false Aeva Black 2021-11-06T06:15:00-07:00 13:15 00:30 Room 3 20-Minute Talk 816-cross-debugging-on-linux-a-history-current-state-of-the-art-and-coming-improvements Tools **Cross debugging**, and more generally, **remote debugging**, is something that may be unknown, or badly used, by either beginner engineers, or sometimes even by senior engineers, for several reasons. Some people simply do not know that remote debugging tools exists, some might consider the complex setup as a show-stopper, some other ones may not trust the tools (_and we can explain why_). Yet the return of investment of such tools is _significant_, provided that they are used appropriately. This presentation talks about the first-fruits of cross-debugging, going through some real experiences, some architecture schemes and functionnal descriptions, comparing the existing solutions (eg, **gdb-server** vs **lldb** vs **tcf** ...), and their integration in IDEs (**Eclipse**, **VsCode**). A technical chapter about the debugger mysteries, explains, in particular, why _multithread_, or _SMP_ debugging is a complex issue, and how existing debuggers deal with it. A chapter of performance analysis tools (eg, _valgrind_) is presented, too, in order to offer a kind of swiss army knife to the listeners. As a conclusion, a short presentation of the debug tools on another OpenSource OS ([Zephyr](https://www.zephyrproject.org/)) is done. **Cross debugging**, and more generally, **remote debugging**, is something that may be unknown, or badly used, by either beginner engineers, or sometimes even by senior engineers, for several reasons. Some people simply do not know that remote debugging tools exists, some might consider the complex setup as a show-stopper, some other ones may not trust the tools (_and we can explain why_). Yet the return of investment of such tools is _significant_, provided that they are used appropriately. This presentation talks about the first-fruits of cross-debugging, going through some real experiences, some architecture schemes and functionnal descriptions, comparing the existing solutions (eg, **gdb-server** vs **lldb** vs **tcf** ...), and their integration in IDEs (**Eclipse**, **VsCode**). A technical chapter about the debugger mysteries, explains, in particular, why _multithread_, or _SMP_ debugging is a complex issue, and how existing debuggers deal with it. A chapter of performance analysis tools (eg, _valgrind_) is presented, too, in order to offer a kind of swiss army knife to the listeners. As a conclusion, a short presentation of the debug tools on another OpenSource OS ([Zephyr](https://www.zephyrproject.org/)) is done. false Thierry Bultel 2021-11-06T07:00:00-07:00 14:00 00:30 Room 3 20-Minute Talk 844-birds-by-starlight-tracking-nocturnal-flight-calls-using-open-source-software Tools We all know that Canada Geese migrate. They're up there, honking away, going somewhere in spring, and then back again in autumn. But what most people don't know is that all of the cool birds - Cape May Warblers, Semipalmated Sandpipers, Gray-cheeked Thrushes, you name it - also migrate. They do this at night, and they give a lot of little traffic updates to their friends: "Beep beep, I'm over here, don't hit me." In this talk, I'll talk about how scientists across the world are using Nocturnal Flight Call monitoring stations to listen in on these little tweeters. I'll talk about how I set up my monitoring stations, and how I both use and write open source software to find, identify, and ultimately record migrating birds for Science™. And yes, I've recorded several species of seagulls. We all know that Canada Geese migrate. They're up there, honking away, going somewhere in spring, and then back again in autumn. But what most people don't know is that all of the cool birds - Cape May Warblers, Semipalmated Sandpipers, Gray-cheeked Thrushes, you name it - also migrate. They do this at night, and they give a lot of little traffic updates to their friends: "Beep beep, I'm over here, don't hit me." In this talk, I'll talk about how scientists across the world are using Nocturnal Flight Call monitoring stations to listen in on these little tweeters. I'll talk about how I set up my monitoring stations, and how I both use and write open source software to find, identify, and ultimately record migrating birds for Science™. And yes, I've recorded several species of seagulls. false Richard Littauer 2021-11-06T08:30:00-07:00 15:30 00:30 Room 3 20-Minute Talk 849-your-bug-tracker-and-you Tools Your project surely has a bug tracker. But what does it tell you? In this talk, you'll learn how to set up your bug tracker to get the most information you can. You'll find out what you can learn—and can't—from mining your bugs. Your project surely has a bug tracker. But what does it tell you? In this talk, you'll learn how to set up your bug tracker to get the most information you can. You'll find out what you can learn—and can't—from mining your bugs. false Ben Cotton 2021-11-06T03:00:00-07:00 10:00 00:30 Room 1 20-Minute Talk 835-free-security-for-open-source-projects Security Security is an integral part of software development. And yet, without a red team or a security budget, securing a non-commercial FOSS project can seem daunting. If you publish a package that has downstream dependencies, then any security issues can have wide-ranging impact. Even for standalone software, it can be hard to know where to start. In order to secure an application end-to-end, you need to understand several different aspects of the pipeline. While theft of personal data is a very common concern for closed-source projects, open-source projects may be more at risk of malicious code being distributed due to a token compromise, or security issues in upstream dependencies. Fortunately, if you know where to look, there are lots of free security tools for open-source software. Some of these tools are open-source themselves, and others are free for use in open-source projects. In addition, depending on how your project is managed and hosted, you can abstract some aspects of security away by using platforms with built-in tooling. In this talk, we'll discuss the basics of security at scale (and on a budget) in open-source projects, and look at the differences between security for open-source and closed-source projects. Then, we'll break down a couple of standard workflows for different types of open-source projects, and look at where free security tools may (or may not) fit into a simple solution. Security is an integral part of software development. And yet, without a red team or a security budget, securing a non-commercial FOSS project can seem daunting. If you publish a package that has downstream dependencies, then any security issues can have wide-ranging impact. Even for standalone software, it can be hard to know where to start. In order to secure an application end-to-end, you need to understand several different aspects of the pipeline. While theft of personal data is a very common concern for closed-source projects, open-source projects may be more at risk of malicious code being distributed due to a token compromise, or security issues in upstream dependencies. Fortunately, if you know where to look, there are lots of free security tools for open-source software. Some of these tools are open-source themselves, and others are free for use in open-source projects. In addition, depending on how your project is managed and hosted, you can abstract some aspects of security away by using platforms with built-in tooling. In this talk, we'll discuss the basics of security at scale (and on a budget) in open-source projects, and look at the differences between security for open-source and closed-source projects. Then, we'll break down a couple of standard workflows for different types of open-source projects, and look at where free security tools may (or may not) fit into a simple solution. false Dawn Cooper 2021-11-06T03:45:00-07:00 10:45 00:30 Room 1 20-Minute Talk 857-building-cloud-networks-terraform-or-ansible Tools While DevOps folks are deploying cloud apps at cloud speed, traditional network engineers are still hand jamming on their routers' CLI like it's 1999. Let's fix that! In this session, we will show you how to deploy multi-cloud networks in the Infrastructure-as-Code age using modern tooling. And we'll answer the question in every network engineer's mind once and for all: Terraform or Ansible? While DevOps folks are deploying cloud apps at cloud speed, traditional network engineers are still hand jamming on their routers' CLI like it's 1999. Let's fix that! In this session, we will show you how to deploy multi-cloud networks in the Infrastructure-as-Code age using modern tooling. And we'll answer the question in every network engineer's mind once and for all: Terraform or Ansible? false François Caen Troy Perkins 2021-11-06T06:15:00-07:00 13:15 00:30 Room 1 20-Minute Talk 846-stories-from-reviving-and-extending-a-university-s-information-security-program Miscellaneous In 2019, I was tasked with reviving a university information security program that had been on life support for the last 5 years. Two years on, and I have helped to design and implement several new courses, rewrote from scratch other courses, implemented monthly campus-wide infosec hangout nights, begun a campus-wide infosec awareness campaign, and more. Join me as I tell stories about what went right, what went wrong, what I might do differently with the benefit of hindsight, and what the future has in store. This talk is designed to give you insights on how you can better engage with and implement infosec awareness and education in your own organizations and help prepare the next generation of security experts. In 2019, I was tasked with reviving a university information security program that had been on life support for the last 5 years. Two years on, and I have helped to design and implement several new courses, rewrote from scratch other courses, implemented monthly campus-wide infosec hangout nights, begun a campus-wide infosec awareness campaign, and more. Join me as I tell stories about what went right, what went wrong, what I might do differently with the benefit of hindsight, and what the future has in store. This talk is designed to give you insights on how you can better engage with and implement infosec awareness and education in your own organizations and help prepare the next generation of security experts. false Brian Callahan 2021-11-06T07:00:00-07:00 14:00 00:30 Room 1 20-Minute Talk 858-debugging-reproducible-builds-one-day-at-a-time Patching Your Supply Chain Security Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code. A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts. I'd like to share with you my process for going about fixing Reproducible Builds issues in Debian, though some of the ideas will be applicable to debugging issues of any kind in any environment. I'll explore how I go about identifying issues to work on, learn more about the specific issues, recreate the problem locally, isolate the potential causes, dissect the problem into identifiable parts, and adapt the packaging and/or source code to fix the issues. This will give you an eye into how I think about, struggle with, and eventually fix all sorts of things. Watching this talk should help you go from someone who "knows a bit of code" to someone ready to submit a fix to your favorite free software project! This talk will mostly focus on the *hows* of Reproducible Builds, not too much on the *whys*, which can be further explored at: https://reproducible-builds.org/ Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code. A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts. I'd like to share with you my process for going about fixing Reproducible Builds issues in Debian, though some of the ideas will be applicable to debugging issues of any kind in any environment. I'll explore how I go about identifying issues to work on, learn more about the specific issues, recreate the problem locally, isolate the potential causes, dissect the problem into identifiable parts, and adapt the packaging and/or source code to fix the issues. This will give you an eye into how I think about, struggle with, and eventually fix all sorts of things. Watching this talk should help you go from someone who "knows a bit of code" to someone ready to submit a fix to your favorite free software project! This talk will mostly focus on the *hows* of Reproducible Builds, not too much on the *whys*, which can be further explored at: https://reproducible-builds.org/ false Vagrant Cascadian 2021-11-06T08:30:00-07:00 15:30 00:30 Room 1 20-Minute Talk 826-expressive-security Vulnerabilities with Emoji Security Emoji are an interesting beast. Once an obscure part of the Unicode standard, they are now so popular you can buy Emoji Poop Slippers (yes, I'm serious). However, now that emoji are saturating our systems so, there are interesting side effects. Follow along as we discover how some systems do not like emoji, which systems can handle the odd non-standard character, and if we can find any security vulnerabilities only using the humble smiley-face. In this talk, we will cover many aspects, including: * a short history of emoji * the year of emoji convergence * how to identify your operating system based on how emoji appear * how one WordPress fix saved a quarter of the internet from XSS through emoji By the end of this talk, you will appreciate how complex human expression is, and why ensuring unicode compatibility will help your systems. Emoji are an interesting beast. Once an obscure part of the Unicode standard, they are now so popular you can buy Emoji Poop Slippers (yes, I'm serious). However, now that emoji are saturating our systems so, there are interesting side effects. Follow along as we discover how some systems do not like emoji, which systems can handle the odd non-standard character, and if we can find any security vulnerabilities only using the humble smiley-face. In this talk, we will cover many aspects, including: * a short history of emoji * the year of emoji convergence * how to identify your operating system based on how emoji appear * how one WordPress fix saved a quarter of the internet from XSS through emoji By the end of this talk, you will appreciate how complex human expression is, and why ensuring unicode compatibility will help your systems. false Katie McLaughlin 2021-11-06T03:00:00-07:00 10:00 00:30 Room 2 20-Minute Talk 818-understanding-the-mysql-authentication-process Tools MySQL is a popular database but few understand that sometimes the authentication process actually works, that it can be too permissive, and sometimes too many have dangerous permissions provided to them. This session will cover how the server decides which accounts are allowed to access the server, password options, how to use roles, set up dual passwords, setting functional limits on accounts, and more. MySQL is a popular database but few understand that sometimes the authentication process actually works, that it can be too permissive, and sometimes too many have dangerous permissions provided to them. This session will cover how the server decides which accounts are allowed to access the server, password options, how to use roles, set up dual passwords, setting functional limits on accounts, and more. false davidmstokes 2021-11-06T03:45:00-07:00 10:45 00:30 Room 2 20-Minute Talk 838-does-open-source-need-its-own-priority-of-constituencies Tech Culture From its inception, open source—and free software before it—was built around ethical notions: give people agency and power over their software so they could use, modify, and share it as they pleased to accomplish whatever it is that they wanted to do with it. In a world where running software required programming skills, there was a lot of overlap between users and developers of open source, and so this rather simple framework was sufficient to deal with open source’s different constituencies. Since then, open source has become ubiquitous. As a result, the number of constituencies has ballooned: there are indie and corporate contributors and maintainers, open source software vendors, developers building proprietary code on top of open source, end-users who don’t know anything about software, people impacted by open source software who are not even using it, cloud providers, etc., etc. When the interests of these different actors are in conflict, which one of them do we favor and why? Neither the Four Freedoms nor the Open Source Definition (OSD) really helps us answer that question. Faced with similar issues, other communities have designed really effective frameworks to guide their decision-making processes. W3C’s “priority of constituencies” is such a framework. In this talk we’ll dig into what W3C’s priority of constituencies is, outline its benefits, but also its limits. We’ll then see how we could apply the priority of constituencies to open source, what that reveals about the complexity of the open source ecosystem, and in particular how the parts that are difficult to fit in such a framework are precisely those that have made the news in the past few years. From its inception, open source—and free software before it—was built around ethical notions: give people agency and power over their software so they could use, modify, and share it as they pleased to accomplish whatever it is that they wanted to do with it. In a world where running software required programming skills, there was a lot of overlap between users and developers of open source, and so this rather simple framework was sufficient to deal with open source’s different constituencies. Since then, open source has become ubiquitous. As a result, the number of constituencies has ballooned: there are indie and corporate contributors and maintainers, open source software vendors, developers building proprietary code on top of open source, end-users who don’t know anything about software, people impacted by open source software who are not even using it, cloud providers, etc., etc. When the interests of these different actors are in conflict, which one of them do we favor and why? Neither the Four Freedoms nor the Open Source Definition (OSD) really helps us answer that question. Faced with similar issues, other communities have designed really effective frameworks to guide their decision-making processes. W3C’s “priority of constituencies” is such a framework. In this talk we’ll dig into what W3C’s priority of constituencies is, outline its benefits, but also its limits. We’ll then see how we could apply the priority of constituencies to open source, what that reveals about the complexity of the open source ecosystem, and in particular how the parts that are difficult to fit in such a framework are precisely those that have made the news in the past few years. false Tobie Langel 2021-11-06T06:15:00-07:00 13:15 00:30 Room 2 20-Minute Talk 859-open-source-governance-six-types-and-three-models So, your open source project needs to adopt some kind of governance. But what kind? And are there models you can copy from? When you first contemplate governance, it seems baffling and random, but on analysis it turns out there are some great standard options and prior art. This session will help you understand, and then choose. Based on work done by OSPOs and the CNCF Governance Working Group, we will explain: 1. What governance really is 2. The six types of OSS project governance 3. Three models you can copy for your project After this brief presentation you will be ready to start on writing or revising your own project's governance. So, your open source project needs to adopt some kind of governance. But what kind? And are there models you can copy from? When you first contemplate governance, it seems baffling and random, but on analysis it turns out there are some great standard options and prior art. This session will help you understand, and then choose. Based on work done by OSPOs and the CNCF Governance Working Group, we will explain: 1. What governance really is 2. The six types of OSS project governance 3. Three models you can copy for your project After this brief presentation you will be ready to start on writing or revising your own project's governance. false jberkus 2021-11-06T07:00:00-07:00 14:00 00:30 Room 2 20-Minute Talk 819-open-source-business-practices The Open Source Initiative partnered with Brandeis University to deliver a series of micro courses about open source software. This Open Source Technology Management program includes several sub-topics. In early 2021, Jim taught the micro courses about Open Source Business Practices and how to Establish an Open Source Program Office. This talk will share highlights from Open Source Business practices, including how organizations can use open source to run their business, pros and cons of licenses, and engaging with the community. For example, a business might include open source software as part of their overall stack, such as in a Cloud offering. Or a business might include code licensed under a permissive license like BSD, to build a proprietary product. Or a business might release a proprietary product as open source software. Or they might use open source in some other way. This micro course helped people understand the issues in using or adopting open source, and how to do it right. (A key point in the course was "If you use open source to run your business, you should *invest* in that open source software." Don't just take; you need to contribute back. The Open Source Initiative partnered with Brandeis University to deliver a series of micro courses about open source software. This Open Source Technology Management program includes several sub-topics. In early 2021, Jim taught the micro courses about Open Source Business Practices and how to Establish an Open Source Program Office. This talk will share highlights from Open Source Business practices, including how organizations can use open source to run their business, pros and cons of licenses, and engaging with the community. For example, a business might include open source software as part of their overall stack, such as in a Cloud offering. Or a business might include code licensed under a permissive license like BSD, to build a proprietary product. Or a business might release a proprietary product as open source software. Or they might use open source in some other way. This micro course helped people understand the issues in using or adopting open source, and how to do it right. (A key point in the course was "If you use open source to run your business, you should *invest* in that open source software." Don't just take; you need to contribute back. false Jim Hall 2021-11-06T08:30:00-07:00 15:30 00:30 Room 2 20-Minute Talk 822-technically-biased-taking-free-software-s-niche-appeal-mainstream A Lesson From My Grandma Tech Culture The Free Software movement's ideals are egalitarian. We aim to bring the benefits of computing freedom to all users. However, we often overlook an uncomfortable inequality: Software Freedom disproportionately empowers programmers and those wealthy enough to hire them. For today's average "end users", freedomware leaves them with basically the same options as proprietary freeware: use it as-is, or politely ask the developer and hope for the best. In my opinion, this is a key reason why it's difficult to convince the wider public to care; it's why Software Freedom largely remains a movement by and for programmers. In this talk, I'll argue that: - Programming education policy is the most important area for Software Freedom advocacy. - Designing for "nontechnical users" is an existential threat to Free Software. - Scriptable interfaces are a great way to make software more accessible to tech-illiterate users. The Free Software movement's ideals are egalitarian. We aim to bring the benefits of computing freedom to all users. However, we often overlook an uncomfortable inequality: Software Freedom disproportionately empowers programmers and those wealthy enough to hire them. For today's average "end users", freedomware leaves them with basically the same options as proprietary freeware: use it as-is, or politely ask the developer and hope for the best. In my opinion, this is a key reason why it's difficult to convince the wider public to care; it's why Software Freedom largely remains a movement by and for programmers. In this talk, I'll argue that: - Programming education policy is the most important area for Software Freedom advocacy. - Designing for "nontechnical users" is an existential threat to Free Software. - Scriptable interfaces are a great way to make software more accessible to tech-illiterate users. false Stephen Michel 2021-11-06T07:00:00-07:00 14:00 00:30 Room 4 20-Minute Talk 856-sounds-of-open-source-archaeology-processing-sound-with-sox Tools It's indeed useful to get out of your comfort zone from time to time and apply your engineering skills in some new area. Once upon a time I've got interested about what kind of simple sound processing one could do using only command line tools at hand. Knowing nothing about the subject it proved to be a challenge for a total newbie like me, but an exciting one with pretty interesting results. The final knowledge was not only tips and tricks about tooling, but also the story of projects behind those tools, which I would love to share with you. It's indeed useful to get out of your comfort zone from time to time and apply your engineering skills in some new area. Once upon a time I've got interested about what kind of simple sound processing one could do using only command line tools at hand. Knowing nothing about the subject it proved to be a challenge for a total newbie like me, but an exciting one with pretty interesting results. The final knowledge was not only tips and tricks about tooling, but also the story of projects behind those tools, which I would love to share with you. false Dmitry Dolgov