Wow! It’s that time of year when linux.conf.au has come around, and this year, for the first time, it’s in the stunning Gold Coast, 13th-17th January 2020. After having a read through the schedule, I’ve made a plan for which talks I’d like to see.
Monday night is the Linux Australia Annual General Meeting, which I’d like to attend. Voting is open for the elections, if you’re a member. You’re not member? You should be. It’s free as in beer, and free as in freedom.
Several of my friends in the tech scene in Melbourne had been very positive about previous iterations of DDD Melbourne – a not-for-profit, grassroots-organised developer conference, that always sold out – so was curious to check it out and was grateful when my friend Cameron arranged tix.
My first impressions were positive – volunteers were very visible in pink capes, the code of conduct was front and centre, the name tag was DIY / free text and lanyards were colour coded for photographic consent. The schedule was voted on by delegates, meaning that the sessions most desired were scheduled in bigger rooms, which worked really well, and the schedule was also printed on the back of the lanyard – this was super helpful. Rooms were colour-coded and easy to find with big signage. The venue unfortunately was really too small for the number of delegates – the official tally was just over 600, and trying to fit this many people into the Town Hall, especially for lunch and morning tea, made it a little crowded.
The content itself was also much better than I expected at a grassroots event, however I did observe that at least three of the presentations I went to were by professional developer advocates – people who are employed by tech companies to professionally present about the company’s platform or product, and the content was very Microsoft-heavy – given they were a key sponsor I didn’t know if they automatically got speaking slots as part of their sponsorship or not – this wasn’t made clear at all. The language coverage itself was also very Microsoft heavy – lots of C#, Visual Studio, Azure – and very little Python or other open source languages like PHP.
NOTE: I currently contract in a similar role at Mycroft.AI
I did find it a little odd that the event was Microsoft-sponsored, but there wasn’t any GitHub presence at all. Interesting, there wasn’t any presence from GCP or AWS – likely because of the Microsoft sponsorship and their competing Azure product.
Overall, I found it a bit too pitched at the junior-dev end of the spectrum, and too Microsoft-heavy for my tastes – but a well run, safe event that has matured beyond its grassroots beginnings.
Keynote: A Day in the Life of a CEO – Dayle Stevens, CIO, AGL Energy
Dayle provided a real-life insight into the daily routine of a CIO – highlight how important it is to keep up to date with mission critical information, and the constant tension between a heavily filled operational schedule of back to back meetings, and the need to be focused strategically and on longer time horizons – against a backdrop of constant context-switching. Her experiences were authentic and realistic – and highlighted that in large organisations that the operating rhythm is set via the content of conversations –
“it’s all about talking with people”.
She is inspired by the ability to drive the direction of the company – and underscored that these days, every company is underpinned by technology, so having a technology role within a company allows you to have a stronger involvement in the overall organisational strategy. Dayle went on to explain that a key challenge for companies today is the complexity of technology – many companies are old – and some still have technology from 50 years ago – so CIOs are not just dealing with “two-speed” IT – they’re working on “three-speed” IT;
dealing with legacy technology
dealing with the digital transformation of today
and needing to embrace the emerging technology of tomorrow
The role of the CIO as a cross-organisational role, that touches every line of business and every function, and is integral to process improvement, was underscored using a business model canvas, covering;
all combined under the umbrella of shared values – and Dayle noted that her job wasn’t just to interface with senior leadership, but to “empower everyone in the organisation”.
In her advice for engaging with CIOs, she referred to DISC personality profiling, noting that most CIOs fall into the ‘Dominant’ quadrant – people who are action oriented and outcomes-driven, and so in dealing with CIOs you need to quickly get to the point. She did however make the comment that she feels other personality types – more analytical types – are less represented at the CIO level, and that this is itself a diversity issue.
This was the standout presentation of the day, and a huge credit to Rian’s presentation ability, and skill in being able co clearly communicate complex concepts.
Rian provided a primer on Quantum Computing – starting with explaining how quantum computing simulates the the the quantum world – the world of molecules – and can be used to help solve wicked problems such as climate change and food production. Personally, quantum computing was always something that was firmly in the theoretical “maybe one day far off into the future” space – and to have such an accessible and easy to follow primer was wonderful.
Rian started with the classic Schrödinger’s cat example, highlighting how observing a system in quantum computing alters the quantum state, then provided an overview of complex numbers, Bra-Ket notation and moved on to quantum states, and then an overview of Bloch spheres, qubits, quantum gates, quantum entanglement and ended with a discussion on how to provide quantum supremacy – that is, how do we mathematically prove that quantum computers are superior to classic computers?
I cannot do Rian’s presentation justice in a summary – you really do need to see this talk, or get this talk to your own conference.
Ben was the most engaging presenter of the day, and his delivery style was warm, humorous and entertaining.
He told the story of this journey founding several startups, and the lessons he’s learned from each of them, condensed around a sort of maturity model;
Minimum Viable Product
He highlighted the need to focus on your own personal brand, and to have a clear understanding of what will drive you – particularly as founding a startup requires a lot of resilience.
“What is going to drive you at your lowest point?”
One aspect he advocated was that as a startup founder, you have to push yourself to be social – you have to have large networks – “go to the pub, you will get a job” – opportunities come through social engagement. I’m not sure if I agree with this – firstly because it plays into the “bro culture” of hiring people like you – or who drink in the same pub as you – or who drink – an activity that you have in common – and because I think it’s the easy way out. Hiring the person you met in the pub at a meetup just screams due diligence.
One key takeaway from Ben’s presentation was ensuring that you are continually talking with your customers, and using their feedback to iterate on your product – it’s never a case of “build it and they will come” – because they won’t. Marketing and selling, getting product traction are incredibly important for a startup, and it can be helpful to find a partner or ambassador to help you with this – a recurring theme from startup advisors – you need the right mix of co-founders for a successful product.
This was a great, accessible introduction to machine learning concepts
Damien is a Developer Advocate at Microsoft, and started by putting Machine Learning into context with artificial intelligence and deep learning, and underscored the need to start the machine intelligence life-cycle with a “sharp question” – a question that machine learning approaches can answer. He highlighted that one of the hardest parts of a machine learning development lifecycle is going to be getting your data in the right format – it’s often unstructured, inconsistent and requires a lot of cleaning.
He went on to provide an overview of how machine learning models work, and explained the concept of ‘overfit‘. He explained model functions, and how the decision boundary – what “is” and “isn’t” – is explained by a mathematical function. Here we got into some matrix-based calculus as he went on to explain the concept of a cluster function, an error function, and how we want to minimise this – using calculus minimisation techniques, such as gradient descent.
He went on to explain how model functions which are linear have specific limitations because they are linear – they are two-dimensional, but many applications of machine learning are multidimensional. To make the model non-linear, an activation function – such as a sigmoid function – is applied.
The key takeaway here was that if you have a generalised typed of machine learning scenario you don’t need to start from scratch because there are several machine learning models and model training tools available in tools like TensorFlow.
This year, linux.conf.au 2017 headed to the picturesque state of Tasmania, to Hobart’s Wrest Point convention centre, and the theme of the conference was ‘the future of open source’. My key takeaway from the conference was that:
The future will be built on trust, and trust takes many forms –
Trusting that data and systems have confidentiality, integrity and availability – traditional security
Trusting that digital experiences will be pleasant, safe and as frictionless as possible – user experience and community experience
Trusting that people will build the future that they want – agency and empowerment
This blog post is going to explore some of my picks from the conference through these lenses.
Security, privacy and integrity
Security, privacy and integrity was a recurring theme of the conference.
Michael Cordover – The Future of Privacy
Michael Cordover‘s talk, ‘The Future of Privacy‘, was perhaps the most thought-provoking talk around privacy. Michael provided a history of privacy, underscoring how technology has shaped notions of what it means to be left alone, and what it means to have personal data remain private. In our ubiquitously-connected, always-on world, it’s becoming harder to delineate what informed consent means – given that data can be inferred by association (which is exactly how Tapad‘s technology is designed). It’s also harder for people to be aware of how apps and platforms are using data – terms and conditions are hard to read, and detract from usability. Practically, it’s hard to own your own data – you essentially have to run your own services. Open systems, decentralisation, federation and non-permissive by default are Cordover’s answers to these problems – but these all pay a usability price. In Cordover’s words,
There’s no easy path forward that ordinary people can take.
David Bell – In Case of Emergency: Break Glass – BCP, DRP, & Digital Legacy
As a first time linux.conf.au Speaker, David delivered a solid presentation covering business continuity planning, disaster recovery planning and digital legacy. His focus was on ensuring that appropriate planning was done before business interruption events. He also covered personal digital legacy – an almost-unexplored topic – for example – would the people you leave behind when you die know how to access your passwords?
George Fong – The Security and Integrity of the Internet
The key takeaway from George’s talk that continued to resonate for days afterwards was:
Trust is the byproduct of integrity
Using examples such as Dirty COW and Heartbleed, Fong opined that we as an opensource community need to make sure that Linux – which the foundation of the internet rests upon – is trustworthy. Bugs are only shallow if many eyeballs are on them, and all too often there aren’t enough eyeballs. Using the analogy of seatbelts, and how few of us would ever feel safe and secure driving without one, he articulated how the internet in many ways is still a frontier, devoid of strong security measures and protocols that ensure safety and integrity – and therein, trust.
Touching on another key theme of the conference – agency and empowerment – he urged the audience to grasp that they, we, the open source community are the voices of the internet. Fong encouraged us to use those voices to better educate the public on what we do – we need to promote our activities to strengthen integrity. Things are broken – and we’re not helping. It’s up to us to fix the problem.
On a side note, as the recently-elected President of Linux Australia, I’m looking forward to working with George, and recently-appointed Chair of Internet Australia, Anne Hurley, to identify how we can work collaboratively together on some of these aims – as Internet Australia and Linux Australia have some overlap in mission, values and remit.
Jon Oxer – Network Protocol Analysis for IoT Devices
Nowhere is security, privacy and integrity more pressing that in the field of Internet of Things. There were several IoT related talks this year, but two that stood out. Firstly, Jon Oxer‘s talk on Network Protocol Analysis for IoT Devices was an eye-opener into the history of the radio frequency spectrum, how some of it is unregulated, but moreover how device protocols can be reverse engineered with simple equipment and a penchant for code-breaking. Oxer showed how simple it is to launch a man-in-the-middle attack on IoT devices on the RF 422 MHz band by intercepting their transmissions, decoding their protocols and then using a playback attack. We definitely need better encryption in IoT.
Christopher Biggs – How to Defend Yourself from your Toaster
Christopher Biggs also gave an excellent security talk around IoT – ‘How to defend yourself from your toaster‘, however he tackled it from the perspective of an IoT device manufacturer or developer – clearly articulating what features and functions should be included in new IoT devices. Although he didn’t frame it as such, his talk was basically outlining a maturity model for IoT devices. For example, devices with low maturity have poor user interfaces, no provision for maintenance, and employ poor security practices – such as having insecure protocols (such as telnet) available. He provided useful advice for improving maturity, for instance port-scanning devices to see which ports are open, and what data is being transmitted. One of the key takeaways here was that if you are designing an IoT device, or managing a fleet of IoT devices, that you need to get someone else to do the hard parts. Apple, Amazon and Google all now have SDKs available for IoT, but the drawback is that most of them are not open sourced.
Biggs spoke of a metric that I hadn’t heard before in this space – MTT1C – mean time to first compromise – or the length of time it takes an IoT device to be compromised once it’s placed on the public internet. This got me thinking that I haven’t seen anywhere a capability maturity model for enterprise IoT – for instance the practices, support, metrics and continuous improvement that would be used in a large organisational deployment of IoT. Perhaps this is something that the standards bodies in this space – Open Connectivity Foundation, BITAG and Resin.io – will develop in time.
Dr Vanessa Teague – Election Software
Dr Vanessa Teague gave one of my favourite talks of the conference on e-voting systems, and the general problem of end to end verification. Using a number of examples of how companies have (or have not) implemented verification, she articulated a number of anomalies with current e-voting systems in NSW, which are soon to be used in both WA and Victoria. Given the recent controversy around United States elections, this talk was particularly timely, and gave rise to a number of uncomfortable questions – such as just how many votes does it take to change an election result, and possibly the course of history?
One of the most resonating points within Dr Teague’s talk was the rejection of an e-voting system – V-Vote – which had superior verification capabilities, but poor user experience and usability qualities. This touches on the second theme which emerged from #lca2017 – it is not sufficient for a product, tool or platform to be functional – it must also have form. People are persuaded by the shiny – and rather than scoff at this – default behaviour for a lot of our community – we need to recognise and respond to this.
Dr Teague was an engaging, humourous and articulate speaker, and I’d really like to hear more from her in future conf lineups.
It may be unusual to relate user experience and customer / community experience to trust, but I see it as fitting. Our experience with a task, a process, or an interaction either enhances or erodes our trust in the organisation, platform or person with whom we’re interacting.
Donna Benjamin – I am your User, why do you Hate me?
Donna Benjamin‘s excellent talk aimed to bring a user experience / human-centred design element to open source developers by questioning some of the fundamental ‘defaults’ we tend to hold. Using project onboard experiences as a lens to explore how we treat newcomers, she demonstrated that our actions are turning people away from opensource – exactly the opposite effect that we’re aiming for. She outlined how contributions in triage, review and testing are not valued as highly as code contributions, again presenting a barrier to increasing participation and diversity. Benjamin argued for the open source community to see users not in terms of what they can’t do – develop software – but as people – with needs and emotions.
This talk highlighted for me the lack of design thinking, human-centred design and user experience practices that are adopted not just on open source products, but to communities in general. Lowering ‘friction’ – the antithesis of good user experience – is something that both open source products and open source communities need to get better at.
Rikki Endsley – The proper care and feeding of communities and carnivorous plants
Rikki Endsley‘s talk likewise touched on how managing communities is a complex task, often fraught with pitfalls. The key takeaway was that you can’t change everything at once – you need to change elements of the community carefully, then have the metrics available to measure the impact of the change.
VM Brasseur – The Business of Community
VM Brasseur‘s talk was a practical guide for people working inside companies to ‘sell’ support of open source projects to management. This talk was framed along three key topics – benefits, costs and implementation. Benefits such as word of mouth marketing, stronger brand recognition, and more effective upstream support are all selling points. One of the strong points of this talk was the recognition of in-kind / non-monetary support to open source communities by business, such as the provision meeting space, marketing, guidance, leadership and mentoring. In particular, Brasseur cautioned that businesses should ask the community what it needed – rather than making assumptions – and providing, for instance, unwanted promotional goodies. Although implementation plans will vary across companies, Brasseur provided some generic advice, such as having clear goals and objectives for community support, setting expectations and being transparent about the company’s intentions.
Nadia Eghbal – Consider the Maintainer (keynote)
Nadia’s keynote brought to the fore many simmering tensions within the open source community. Essentially, the burden of maintaining open source software falls to a few dedicated maintainers, who in some cases may be supporting a product with a user base of tens or thousands of uses.
Eghbal set out four freedoms for open source producers / maintainers, being:
The freedom to decide who participates in your community
The freedom to say no to contributions or requests
The freedom to define the priorities and policies of the project
The freedom to step down or move on from a project, temporarily or permanently
Whether these freedoms are embraced and used to support open source maintainers remains to be seen.
Agency and empowerment
The third key theme that was reflected in the conference programme was that of agency and empowerment – being the changes that we want to see in the open source world.
Pia Waugh – Choose your own adventure
Pia Waugh kicked off this theme, delivering the first conference keynote, where she gave a retrospective on human evolution, and then extrapolated this to the future of open source, articulating how we’re likely to see a decentralisation of power in order to strengthen democracy. She went on to challenge a number of existing paradigms, calling them out as anachronisms as the world has evolved.
This talk was full of Waugh’s trademark energy and vibrancy, and was an excellent choice to open the conference.
Dr Audrey Lobo-Pulo – Publicly Releasing Government Models
Dr Audrey Lobo-Pulo’s talk extended the open data movement by advocating for the public release of government open source models – financial and economic models used to assess public policy decisions – in essence, virtual worlds to explore the implications of policy.
The key takeaway from her talk was that industry and business also stand to benefit greatly from the release of these models, as they could then be combined with private data – in a unique public private partnership. Lobo-Pulo put forward the four components of government policy models (shown below) – and how each contributes the accuracy and validity of the model.
Karen M. Sandler – Surviving the Next 30 Years of Free Software
Karen‘s sensitive and tactful talk recognised the fact that as a community, many of our pillars and key contributors are aging, and that over the next few years we are likely to bid goodbye to many in our community. Her talk explored the different ways in which copyrights can be assigned after death, and the key issues to consider – empowering us to make informed and well founded decisions while we are in a position to do so. Few presenters could have handled this difficult topic with such aplomb, and as usual Karen’s grace, wit and wisdom shone through.
Again, linux.conf.au delivered engaging, thought-provoking and future-looking talks from a range of experienced, vibrant and wise Speakers – and again it was an excellent investment of time. The diversity of Speakers this year was excellent, if perhaps erring on the non-technical side.
Open source still faces a number of challenges – the ecosystem is often underfunded, maintainers are prone to burnout and we still haven’t realised that UX needs to be a key part of what we’re all about. But that’s part of the fun – we have the power to evolve just like the rest of the world.
And I can’t wait for a bit of history repeating at Sydney 2018!