Program for SeaGL 2021

2021-11-05
09:00
SeaGL

Welcome to SeaGL 2021!

presented by SeaGL

Welcome to SeaGL 2021!

09:00 - 09:10 Keynotes
09:10
Elana Hashman

[Keynote] (Elana Hashman)

presented by Elana Hashman

Keynote Presentation

09:10 - 09:30 Keynotes
09:35
Marie Nordin

[Keynote] (Marie Nordin)

presented by Marie Nordin

Keynote Presentation

09:35 - 09:55 Keynotes
10:10
Bri Hatch

SSH from your DevOps CI/CD securely

presented by Bri Hatch

Your CI/CD pipeline needs to make things happen, and often that means hitting other machines via SSH or rsync. Since no human is at the keyboard to type a password, how do you automate this securely? We'll show alternatives to passwordless keys in your repository (BAD!!!), describe the security implications, and how you can assure that these keys are usable only for the commands they require.

10:10 - 10:40 Room 3 DevOps
Dawn E. Collett

The Stories We Don't Tell
How open-source communities can break barriers to entry

presented by Dawn E. Collett

It's easy to tell stories about people whose experience in the tech industry is unusual. Some of those stories are focused on innovators, but others are focused on 'trailblazers' from marginalised and under-represented groups. Articles like these often focus on the characteristics that these trailblazers exhibit - strength, perseverance, resilience. However, that's only one part of the story...

more

10:10 - 10:40 Room 2 Tech Culture
Athan Spathas Aaron Wolf Wm Salt Hale

FLOSS daily — but FLO all the time

presented by Athan Spathas, Aaron Wolf, and Wm Salt Hale

The important concepts in technology and collaboration that were pioneered by the Free Software Movement are also pertinent beyond software. Both the term "Free Software" and the common acronym FLOSS (Free / Libre / Open Source Software) are limited to software programs. So, we use the broader term FLO to bring our ethical and creative values to a wide range of other areas. FLO values...

more

10:10 - 10:40 Room 1 Tech Culture
10:45
Molly de Blanc

Predictive Modeling and Privacy

presented by Molly de Blanc

We're defining predictive modeling as the intentional building of a model to predict someone's actions and desires. Predictive modeling can be a really useful tool -- it can help us customize environments to our emotional states, anticipate needs, and help us find the things we want even when we don't know we want them. Predictive modeling can also be a scary violation of privacy, letting other...

more

10:45 - 11:15 Room 3
Mark Wong

PostgreSQL Participation in Google's Summer of Code

presented by Mark Wong

The PostgreSQL community has participated in the international Google Summer of Code program for many years now. This program is focused on introducing students with developing open source software.

This presentation gives a brief overview of the program, the software projects that the PostgreSQL community mentored, and ...

more

10:45 - 11:15 Room 1 Community
der.hans

Intro to jq: grep for JSON

presented by der.hans

Want to parse JSON on the command line? Want a pipeable inline tool for JSON manipulation?

jq is a command line tool, easy to fit into your data pipeline. It can parse, search and manipulate JSON documents.

This talk will cover an introduction to jq and using it to search JSON objects similar to how grep is used for plain text.

Attendees will learn:

  • basic parts of JSON
  • key se...
more

10:45 - 11:15 Room 2 Tools
11:30
SeaGL

Lightning Talks

presented by SeaGL

Lightning Talks

11:30 - 12:00 Social
13:15
der.hans

Introduction to Nextcloud

presented by der.hans

Nextcloud for private, secure cloud features such as collaboration tools, Enterprise File Sync and Share and phone syncing.

Your data, your cloud.

Nextcloud integrates with Collabora Online for collaborative office suite.

In addition to the Nextcloud Talk for video calls it integrates with Big Blue Button for full classroom and meeting style video conferencing.

Nextcloud also has op...

more

13:15 - 13:45 Room 3 Virtual Life & Work
Ski

Lessons Learned from a Ransomware Attack

presented by Ski

Please see https://www.usenix.org/conference/lisa21/presentation/kacoroski for a longer version of the talk as I gave it as a Keynote at the LISA 2021 conference. I would love to have more time, but will fit the key points into 20 minutes if that is all I have. Abstract is:

This talk covers a ransomware attack on medium size school district (23K students, 4K staff). We start with the timeli...

more

13:15 - 13:45 Room 2
davidmstokes

JSON Document Validation in MySQL 8.0

presented by davidmstokes

JSON is a great free form way of interchanging data with minimal data type checking. Relational databases are strictly structured systems to store data with many types of data checks to make sure the data meets rigorous formatting standard. Most databases now allow you to store that free form data in their structured framework. So how do you check that free form data for things like required f...

more

13:15 - 13:45 Room 1 Tools
14:00
Elior Sterling

Developing on Nextcloud
Building on the Google Workspace Alternative

presented by Elior Sterling

NextCloud is an open source alternative to Google Workspace. It has document editing, time tracking, project management tools, and many more apps that you might want to use in business or activism, but there's a lot that could be made better. YOU can help make it better!

This talk will show you what you need to do to get started with improving the core apps for NextCloud or developing your o...

more

14:00 - 14:30 Room 3
Deb Nicholson

Responding Thoughtfully to a Crisis

presented by Deb Nicholson

Hopefully, you will never need this talk but if you do face a crisis you'll want a plan -- or at least a plan for making a plan. When a project hits crisis mode, often things will start to move very fast. Thinking about how you want to respond to emergencies and how you want to be seen at the end of the fiasco is worth thinking and talking about in advance. This talk is for folks who suspect th...

more

14:00 - 14:30 Room 2
15:30
Shauna Gordon-McKeon

Software Tools for Collective Self-Governance

presented by Shauna Gordon-McKeon

Software systems embed power relationships in their code through their design and in particular through their permissions systems. Even highly collaborative software often relies on the "Benevolent Dictator For Life" model of community and resource management, with a single account given power they may or may not delegate.

While this is the dominant model of governance embedded in technology...

more

15:30 - 16:00 Room 2 Tools
Bri Hatch

Good Shell Patterns

presented by Bri Hatch

We'll discuss tried-and-true code snippets you can use to make your code more reliable, easier to read, and quicker to debug. Enjoy the elegance of "cd $(dirname $0)", performing actions only on successful exit, and informational help messages. We'll cover all those minor changes that continually come up in our code review sessions that reap outsized rewards.

15:30 - 16:00 Room 1 Miscellaneous
Georg Link Lara

Building and Supporting Open Source Communities Through Metrics

presented by Georg Link and Lara

Each community is different and therefore requires different metrics for data-driven decisions about building and supporting it. The CHAOSS Project was started to help understand open source communities through metrics. We have had many conversations and realized that everyone cares about a different aspect of the community. This talk will share what we have learned in the CHAOSS Project about ...

more

15:30 - 16:00 Room 3 Community
2021-11-06
09:30
Christine Lemmer-Webber Dr. Morgan Lemmer-Webber

[Keynote] (Dr. Morgan Lemmer-Webber and Christine Lemmer-Webber)

presented by Christine Lemmer-Webber and Dr. Morgan Lemmer-Webber

Keynote Presentation

09:30 - 09:50 Keynotes
10:00
davidmstokes

Understanding the MySQL Authentication Process

presented by davidmstokes

MySQL is a popular database but few understand that sometimes the authentication process actually works, that it can be too permissive, and sometimes too many have dangerous permissions provided to them. This session will cover how the server decides which accounts are allowed to access the server, password options, how to use roles, set up dual passwords, setting functional limits on accounts...

more

10:00 - 10:30 Room 2 Tools
Shauna Gordon-McKeon

Know Your Rights as a Tech Worker

presented by Shauna Gordon-McKeon

If there’s a problem with your code, you can file a bug report. But what do you do when there’s a problem with your workplace?

All workers, including tech workers, have the right to try and improve our workplaces. This talk will give you an overview of your rights, with a special focus on issues that commonly arise in the tech industry, such as workplace harassment, overuse of non-disclosur...

more

10:00 - 10:30 Room 3 Community
Dawn E. Collett

Free Security for Open-Source Projects

presented by Dawn E. Collett

Security is an integral part of software development. And yet, without a red team or a security budget, securing a non-commercial FOSS project can seem daunting. If you publish a package that has downstream dependencies, then any security issues can have wide-ranging impact. Even for standalone software, it can be hard to know where to start.

In order to secure an application end-to-end, ...

more

10:00 - 10:30 Room 1 Security
10:45
Francois Caen Troy Perkins

Building cloud networks: Terraform or Ansible?

presented by Francois Caen and Troy Perkins

While DevOps folks are deploying cloud apps at cloud speed, traditional network engineers are still hand jamming on their routers' CLI like it's 1999. Let's fix that!

In this session, we will show you how to deploy multi-cloud networks in the Infrastructure-as-Code age using modern tooling. And we'll answer the question in every network engineer's mind once and for all: Terraform or Ansible?

10:45 - 11:15 Room 1 Tools
Aeva Black

Walking The Cultural Tightrope
Why We Need Codes of Conduct And Why They’re Not Enough

presented by Aeva Black

Aeva, a member of the Kubernetes Code of Conduct (CoC) Committee, will examine difficult topics related to CoC enforcement and provide concrete suggestions on how to implement a CoCC, based on their experience supporting the Kubernetes community through several complex incidents in the past two years.

Standard business approaches to interpersonal risk management (such as “just let HR handle ...

more

10:45 - 11:15 Room 3 Community
11:30
Dmitry Dolgov

Sounds of Open Source archaeology: processing sound with sox

presented by Dmitry Dolgov

It's indeed useful to get out of your comfort zone from time to time and apply your engineering skills in some new area. Once upon a time I've got interested about what kind of simple sound processing one could do using only command line tools at hand. Knowing nothing about the subject it proved to be a challenge for a total newbie like me, but an exciting one with pretty interesting resul...

more

11:30 - 12:00 Room 2 Tools
Aeva Black

Computing Confidentially in the Clouds

presented by Aeva Black

Someone once said that "a cloud is just someone else's computer", implying that you're trusting that "someone" with your data. You also trust them in ways you may not even realize: to patch their infrastructure against the latest threats, to keep your data in the right country, and to only access it in legally compliant ways.

What if you didn't have to trust them? What if you could audit the...

more

11:30 - 12:00 Room 3 Security
Jim Hall

Open Source Business Practices

presented by Jim Hall

The Open Source Initiative partnered with Brandeis University to deliver a series of micro courses about open source software. This Open Source Technology Management program includes several sub-topics. In early 2021, Jim taught the micro courses about Open Source Business Practices and how to Establish an Open Source Program Office.

This talk will share highlights from Open Source Business ...

more

11:30 - 12:00 Room 1
13:15
Brian Callahan

Stories from reviving and extending a university's information security program

presented by Brian Callahan

In 2019, I was tasked with reviving a university information security program that had been on life support for the last 5 years. Two years on, and I have helped to design and implement several new courses, rewrote from scratch other courses, implemented monthly campus-wide infosec hangout nights, begun a campus-wide infosec awareness campaign, and more.

Join me as I tell stories about what ...

more

13:15 - 13:45 Room 1 Miscellaneous
jberkus

Open Source Governance: Six Types and Three Models

presented by jberkus

So, your open source project needs to adopt some kind of governance. But what kind? And are there models you can copy from? When you first contemplate governance, it seems baffling and random, but on analysis it turns out there are some great standard options and prior art. This session will help you understand, and then choose.

Based on work done by OSPOs and the CNCF Governance Working G...

more

13:15 - 13:45 Room 2
Thierry Bultel

Cross debugging on Linux : A history, current state of the art and coming improvements

presented by Thierry Bultel

Cross debugging, and more generally, remote debugging, is something that may be unknown, or badly used, by either beginner engineers, or sometimes even by senior engineers, for several reasons. Some people simply do not know that remote debugging tools exists, some might consider the complex setup as a show-stopper, some other ones may not trust the tools (_and we can explain...

more

13:15 - 13:45 Room 3 Tools
14:00
Tobie Langel

Does open source need its own Priority of Constituencies?

presented by Tobie Langel

From its inception, open source—and free software before it—was built around ethical notions: give people agency and power over their software so they could use, modify, and share it as they pleased to accomplish whatever it is that they wanted to do with it.

In a world where running software required programming skills, there was a lot of overlap between users and developers of open source,...

more

14:00 - 14:30 Room 2 Tech Culture
Richard Littauer

Birds by Starlight: Tracking Nocturnal Flight Calls Using Open Source Software

presented by Richard Littauer

We all know that Canada Geese migrate. They're up there, honking away, going somewhere in spring, and then back again in autumn. But what most people don't know is that all of the cool birds - Cape May Warblers, Semipalmated Sandpipers, Gray-cheekec Thrushes, you name it - also migrate. They do this at night, and they give a lot of little traffic updates to their friends: "Beep beep, I'm over h...

more

14:00 - 14:30 Room 3 Tools
Vagrant Cascadian

Debugging Reproducible Builds One Day at a Time
Patching Your Supply Chain

presented by Vagrant Cascadian

Reproducible builds are a set of software development practices that
create an independently-verifiable path from source to binary code. A
build is reproducible if given the same source code, build environment
and build instructions, any party ...

more

14:00 - 14:30 Room 1 Security
15:30
Ben Cotton

Your bug tracker and you

presented by Ben Cotton

Your project surely has a bug tracker. But what does it tell you? In this talk, you'll learn how to set up your bug tracker to get the most information you can. You'll find out what you can learn—and can't—from mining your bugs.

15:30 - 16:00 Room 3 Tools
Stephen Michel

Technically Biased: Taking Free Software's Niche Appeal Mainstream
A Lesson From My Grandma

presented by Stephen Michel

The Free Software movement's ideals are egalitarian. We aim to bring the benefits of computing freedom to all users. However, we often overlook an uncomfortable inequality: Software Freedom disproportionately empowers programmers and those wealthy enough to hire them.

For today's average "end users", freedomware leaves them with basically the same options as proprietary freeware: use it as-i...

more

15:30 - 16:00 Room 2 Tech Culture
Katie McLaughlin

Expressive Security
Vulnerabilities with Emoji

presented by Katie McLaughlin

Emoji are an interesting beast. Once an obscure part of the Unicode standard, they are now so popular you can buy Emoji Poop Slippers (yes, I'm serious).

However, now that emoji are saturating our systems so, there are interesting side effects. Follow along as we discover how some systems do not like emoji, which systems can handle the odd non-standard character, and if we can find any secur...

more

15:30 - 16:00 Room 1 Security
16:30
Cory Doctorow

[Keynote] Seize the Means of Computation (Cory Doctorow)
Software Freedom in an Age of Monopoly, Inequality and Crisis

presented by Cory Doctorow

After a year of lockdown, there can no longer be any question as to whether digital rights are human rights. The internet is a single wire that delivers free speech, free assembly, education, family life, romance, parenting, employment, access to politics and civics, to tools and ideas, to community and the public sphere.

And yet, technological self-determination is farther away than ever. O...

more

16:30 - 16:50 Keynotes