We are excited about our lineup of speakers for the 2020 OLF Conference! Read on for details.
Nixie Pixel has been a tech media personality, producer and early adopter of a little known platform at the time called YouTube. 10 years later, she’s grown her brand by educating, entertaining and helping new users make the switch to Linux. She was the first person to bring Linux to the Discovery Channel Network, and prior to that, was a show host for Tech TV. In 2017, she created her own open source community, GeekBeacon – a fellowship of Geeks that share her open source values and dedication toward social good.
Keynote – The Good, the Bad and the Core Dumps – Open Sourcing Your Community
Jon “Maddog” Hall
Jon “Maddog” Hall is the Chairman of the Board of the Linux Professional Institute. Since 1969, he has been a programmer, systems designer, systems administrator, product manager, technical marketing manager, author and educator, and is currently working as an independent consultant.
Jon “Maddog” Hall has concentrated on Unix systems since 1980 and Linux systems since 1994, when he first met Linus Torvalds and correctly recognized the commercial importance of Linux and Free and Open Source Software. He has been a tremendous friend to the Ohio LinuxFest, offering his support and appearing on our stage starting in 2004. He travels the world speaking on the benefits of Free and Open Source Software.
Keynote – Performance: More than just speed
In “the old days” performance of a program was measured by how many hours it might take to process a batch of cards, but today performance is measured by many things, including battery life.
There are many elements that can affect a program’s performance in today’s environment. This is just a brief introduction to areas of performance, why they are important, and ways of making your program perform better.
Robert Young is a serial entrepreneur who is best known for founding Red Hat Inc., the open source software company. He also owns the franchise for the Hamilton Tiger-Cats of the Canadian Football League and serves as self-styled Caretaker of the team. He was born in Hamilton, Ontario, Canada. He attended Trinity College School in Port Hope, Ontario. He received a Bachelor of Arts from Victoria College at the University of Toronto.
Keynote – Building Open Businesses
Baremetal RISC-V Renode
Explore the line between hardware and software by writing code with absolute control over the cpu and peripherals. We’ll explore how to do this using a completely free and open source simulator (Renode), toolchain (GCC), and instruction set (RISC-V). Using assembly, we’ll initialize parts of the system such as CPU interrupts and privilege levels, and setting up a call stack so we can use C. Using C we’ll build a handler for serial IO. Finally we’ll talk about the next steps in building a toy operating system such as building a simple monitor menu, memory management, and multitasking.
One Sprint to Drastically Improve Web Accessibility
Accessibility is generally a forgotten child of web development, but there are great reasons to make your website more accessible: more users can interact with your content, it makes life easier for all users, and it’s a legal requirement as part of the ADA. It could be daunting to do an accessibility overhaul of your site, but with this talk I’ll give you a solid outline to fix many common accessibility concerns within one sprint cycle.
I’ll talk about tools you can use, from Linux’s Orca Screen Reader, to accessibility auditing browser extensions, to color contrast analyzers. I will also demonstrate common errors sites make and how to fix them quickly and effectively within the framework of Agile tickets, including full fledged Acceptance Criteria available for use by your team.
After this talk you should have confidence to get rid of a fair percentage of accessibility issues within one sprint, making life better for all users.
Delta Ansible: Keeping up with Changes and Deprecations
Updated for 2020! Including: Demystifying Collections, Evaluating Bare Conditionals, and what to expect for Ansiblefest 2020!
Ansible is a very well known tool that is now owned and maintained by Red Hat that simplifies configuration management. In recent years, its development has been fast-paced and has frequent iterations and new feature releases. Despite the benefits that this brings, it has made it hard for sysadmins and devops teams to keep up with the latest best practices, deprecations, and the newest features. Starting from the 2.0 release, I will walk through select features that have undergone significant changes and deprecations from a sysadmin’s perspective with the intent of providing easy-to-implement upgrade strategies. Additionally, I will outline what is required for a minimal integration testing environment, mentioning the pitfalls and gotchas that I’ve run into on the way, in order to provide a path for ongoing upkeep and maintenance. All this, of course, always pointing back to the release notes.
SSH Tunnels and More
SSH is the go to tool for sysadmins and developers for interactive connections to remote machines. It creates secure, encrypted connections between computers, even across hostile networks. Unless you accept keys without verification (DON’T DO THAT!!!).
SSH can also create tunnels for encapsulating other connections, including other protocols and data. Sysadmins can bridge protocols across networks for ease of access such as a one-off data sync. Devs can present the dev database on their desktop to ease use of graphical development tools.
After attending this session, audience members will be able to create a local tunnel from client to server, a remote tunnel from server to client, and do simple analysis of local vs remote evaluation of a command. Attendees will be able to use tunnels for SSH or sample other protocols (MySQL and HTTP), and tunneling via a third party system. They will also be familiar with dynamic SOCKS proxies and using SSH to tunnel graphical applications. Finally, attendees will also learn SSH configuration and command line tips for convenience of use, including using forced command to restrict an SSH key to one purpose.
* Local Tunnels
* Remote Tunnels
* Tunnels via 3rd-party Hosts
* Dynamic Tunnels
* X11 Tunneling
* Service Tunnel Examples
* Configuration Tips
* Command Line Tips
* Tools That Use SSH
* SSH Home Game
Zoë Kooyman, Program Manager; Greg Farough, Campaigns Manager
UN Sustainable Goals
Dorothy Gordon is a global leader in the field of technology and development with a special focus on Africa. She works to bring about greater engagement and action on policy, implementation and evaluation issues relating to the impact of technology on society. She is a Pan-Africanist and a feminist.
Dorothy is the current Chair of the Inter-Governmental Council for UNESCO’s Information for All Programme with a mandate to build a more inclusive Knowledge Society. She is a member of the Global Partnership on Artificial Intelligence expert working group on innovation and commercialization. Previously she served on the Global Commission on Internet Governance and worked for many years as a manager with the United Nations Development Programme.
Her commitment to Open Source technologies stems from the fact that they build greater technology ownership, innovation and diversity. As the founding Director-General of the Ghana-India Kofi Annan Centre of Excellence in ICT she ensured that the backend systems were run exclusively on Open Source technology. During her tenure the Centre hosted FOSSFA (the Free Software and Open Source Foundation for Africa) of which she was a Council member. Previously on the Board of Creative Commons, Dorothy currently serves on its Advisory Council. She is a strong advocate of the ROAM principles (internet universality) and all dimensions of the Open Movement.
Exploring trade-offs in S3 file systems
Many Linux user-space file systems (FUSE) layer on top of S3 (Amazon Simple Storage Service) to allow existing applications to use scalable storage without rewriting. These work well for many applications but for others compare unfavorably to NFS. Performance of some operations can differ an order of magnitude while other operations cannot be implemented at all. In this talk, we explore the trade-offs between s3fs, goofys, and s3ql including performance, interoperability, and POSIX compatibility.
Solving Organizational MFA Challenges
Multi-Factor-Authentication is nowadays known to a lot of people and used at many different places. MFA is meant to secure the users logins.
But if you do not only want to use MFA but if you are to provide 2nd factors to the employees in your organization, to your customer or to any user group, then you are faced with a lot of organizational challenges.
How can you ship hardware tokens to the users? How can users enroll their smartphone, without any secrets being compromised? Is it possible to use modern technologies like FIDO2 in your situation at all? How can you handle lost 2nd factors with the least effort for the users?
In the first part of this talk we will discuss several of those challenges that an organization is facing, where these problems originate and how those challenges can be handled in general.
In the second part we will take a look at the Open Source solution privacyIDEA, which is an enterprise ready MFA management system. We will see how those challenges can be coped with in a very flexible way using a unique event handler framework that allows to automate arbitrary processes.
An open-source documentation workflow loved by both Data Scientists and Engineers
I observed a white paper authoring collaboration workflow problem at my Forbes 50 employer wherein a tedious workflow around legacy tooling caused undue stress, headaches, rework, and, ultimately, a cosmetically poor-looking document with inconsistent content and styles. Knowing that a good document requires both good content and presentation, I proposed and led the creation of a simple workflow amenable to our team’s software engineers and data scientists: treating the white paper text as code with technologies including Markdown, GitHub Enterprise, Pandoc, LaTeX, and a review process that gets the tooling out of the way in order to enable content authors to focus less on logistics and more on writing and reviewing.
The result was that a team of seven engineers and data scientists created a 50-page document containing text, diagrams, equations, graphics, and more in just two weeks. The result greatly pleased our directors and executives. They praised our team not only for the incredibly valuable content, but also the professional appearance of the document. When they learned about the peer review process we used to create it, they wanted more teams to use it.
This talk focuses on the problems of passing around files by email or shared drives, the problems of collaborative editing of online documentation, and the problems we’re still addressing in our solution that we’ve now used to author several significant internal documents.
Improving Your MySQL Queries with Indexes and Histograms
Nobody complains that the database is too fast. Many seek to improve the performance of their queries by adding indexes and are shocked to find performance may worsen. Histograms do not have the overhead of indexes but it is not a one size fits all cure. The query optimizer, much like a GPS, uses historical information to find your data and like a GPS it can be mislead on the current status. This session will cover indexes, histograms, there best uses, and how to determine which will help your situation.
404 Not Found: How the internet works (or doesn’t)
We all use the internet every day – we send emails, binge watch our favorite shows, “Like” cat videos, and browse content from all over the world from our living rooms. But have you ever wondered how we got to this point? How did the internet begin? And what happens behind the scenes to make that movie magically show up on your screen when you press play?
In this talk, we’ll discover the origins of the internet, explore how it evolved over time, and learn how digital “goods” like our videos and emails are delivered directly to us in an instant. You will come away from this talk with some high-level knowledge of how the internet is built, why it sometimes breaks, and a better understanding (and hopefully appreciation!) of the world wide web that you interact with every day.
This talk covers why the linux/open source crowd are the perfect folks to work in offensive security, a.k.a penetration testing, and how to get started. This will be a combination of career guidance and available tools to get started, including an overview of OWASP’s Juice Shop and other resources.
This comes with obligatory disclaimers: don’t use any of this for anything illegal or evil.
Custom Caching with NGINX Open Source
– NGINX Open Source is a F/OSS web server with a powerful feature set.
– Every project has a set of constraints unique to the customer’s needs.
– A small organization can build on innovations that larger teams have shared with the community. You don’t have to re-invent the wheel: ask the right questions and read the manual.
In 2014, NPR’s Digital Services team published a write-up of their NGINX “botcache” webserver configuration, designed to protect Drupal websites from excess bot-generated traffic. In 2020, their project was exactly what I was looking for. I’ll share how I used their “botcache” project write-up as a template to explore NGINX Open Source’s features, and ended up building a customized NGINX caching server that protects Drupal websites from bot-generated load and accelerates page loads while permitting unlimited customer traffic. Along the way, I’ll look at simple performance metrics, scoping a project’s goals to the customer’s desired outcomes, explore NGINX community resources, and share specific configuration choices that generated the most improvements.
Nathan Case and Andrew J Krug
We Don’t Compete on Security
Kaminsky said it best at BlackHat 2017 when he uttered the words “We don’t compete on security”. A call to action for open-sourcerers to develop security tools and share the secrets to their technology strategies to defend. Contribution though is not just code. Companies the world over should be thinking about their people and process. In this talk we’ll explore what makes an open source security strategy valuable to you and the world.
As a creator/contributor to popular open source tools ( Margaritashotgun and AWS IR ) Krug and Case ( the speakers ) will bring some pragmatic advice to new tool creators as well as a call to action to create and distribute re-usable code. The future of open source is one that embraces building cloud and leveraging cloud native technologies to protect our users.
Assumptions, data collection, and product market fit are often overlooked though when it comes to communicating how tooling should be published, curated, and maintained. Attendees will leave with practical advice on the full open source security lifecycle.