linux.conf.au 2018 Sydney – A little bit of history repeating

This year, linux.conf.au 2018 headed back to Sydney, where it hasn’t been held since 2007. This year I skipped quite a few sessions due to having Linux Australia duties and tasks to do, and because the heat and humidity were exhausting. Thankfully, the videos by Next Day Video were released very quickly, so I’m spending “Week 2” of linux.conf.au catching up!

On reflection, several themes came through.

  • Volunteers, volunteering and volunteer labour – There are several free software and opensource organisations across the world, and they’re all vying for volunteer contributions. Moreover, the volunteer base itself is ageing; we’re getting older and having children and families and other family responsibilities – we simply don’t have the time to contribute that we once did. At the other end of the demographic curve, younger people don’t have the same passion and ‘fire in the belly’ for free and open source software. In one sense, that’s a product of the success of the free and open source software movement – because it’s been normalised; but on the other hand this leaves us with a gap in the ‘compelling-reasons-to-join-a-free-and-open-source-project’ list. As a concrete example, during the opening of linux.conf.au, no less than three organisations – Open Source Initiative, Free Software Foundation, and Code Club Australia – did a shoutout for volunteers. At the same time, Linux Australia – the auspicing body of the conference – had fewer nominations to its board than open vacancies. I want to be clear: The Organisers and Volunteers of linux.conf.au did a phenomenal job. They were dedicated, professional, resilient and awe-inspiring. As individuals, and as a conference team, amazing. Systemically though, open source has some major issues to address to avoid burnout, and worse, resentment.
  • Infrastructure-as-code continues to gain maturity – As more and more devices become internet-connected, and we’re managing more and more devices, we need better orchestration. We’re seeing this manifest in container-all-the-things, in MQTT for unified messaging and in our approach to IoT hardware and open hardware. Standards however remain a barrier to interoperability and greater maturity in code-based orchestration, as outlined brilliantly by Kathy Giori.
  • Open source touches many disciplines – the range of Miniconfs available this year sent a strong and undeniable message – free and open source software, hardware and practices are touching many disciplines. Art, genomics, games, galleries, libraries and museums (GLAM) – Linux and open source touch each of these in fundamental ways. Personally, I’m delighted to see this cross-pollination happening in our communities. Together, we do better.

On communities, volunteering and volunteer labour

“A division of labour in free software” – Molly de Blanc, Free Software Foundation

Molly’s talk used the results of different surveys of opensource communities to show visually that labour in free software is gendered, ageist, and that these schisms also apply to what is considered technical and non-technical work. The implications of these findings are that these patterns are repeated without intervening action, such as having quotas on leadership boards. Importantly, anecdotal data shows that we still value technical work over important non-technical work; people still justify their non-technical contributions to an opensource project by emphasising the technical contributions they do make.

This resonated strongly with me; as the leader of an organisation that turns over around $AUD 1 million a year – Linux Australia – there are a number of skills I need to have – budgeting, strategic communications, strategic and operational management – and of course, the ability to be an efficient administrator. None of these are technical skills; yet, as the leader of a technical organisation I am expected to have a strong grasp of technology issues. Even in a non-technical role, you’re not allowed to be non-technical.

https://youtu.be/6NDB2VFYlfg

“Dealing with Contributor Overload” – Holden Karau

Holden Karau is a core contributor to the Apache Spark project, and this war story and guidance was learned the hard way – when the project became so big that contributors were significantly overloaded. She provided a number of strong pieces of guidance for dealing with contributor overload, including:

  • Developing a contributor pipeline to allow users of the project to become contributors, and in time, core committers
  • Not ‘raising the bar’ for changes and requests because these have very unattractive downsides such as making the contribution pipeline harder and paradoxically increasing the contributor workload by increasing questions and requests for assistance.
  • The power of having clear roadmaps which make it clear what the core project is, and is not going to do, so that people can either start their own project, or plan around it. The Roadmap also helps guide contributions, and show how smaller tasks contribute to larger milestones.
  • Focussing on committer productivity – such as better tools to merge changes, making it easier to review changes, and more tests – can have significant long term dividends. Imagine what a 1% productivity increase would mean across say 10-20 committers? 50 committers? 100 committers?
  • Creating safe spaces to ask questions and contribute without being mocked – people who feel safe to fail are going to commit more.

https://youtu.be/BempWfBkvs8

 

“Burning Down the Castle” – Daniel Vetter, Intel (previous graphics kernel maintainer)

Daniel’s talk was an eye-opener. As a previous graphics kernel maintainer, Dan has seen a whole range of poor behaviours that contribute to maintainer burn-out, rage-quitting and other unproductive outcomes. His talk advocates for a kinder, gentler approach to maintaining a technically elite community.

 

https://www.youtube.com/watch?v=BB0luXmuo3g

 

“Mirror, mirror on the wall: testing Conway’s Law in open source communities” – Lindsay Holmwood

Lindsay provided an outline of Conway’s law of organisational communication patterns, and the concept of mirroring – the mapping between the organisational structure and the supporting technical structures for communication. Strong mirroring leads to strong ownership – you are led to the actors who own a system. Using an overview of the empirical literature on organisational development and he explained how organisations try to solve the problem of communication – using different structural strategies. But mirroring works poorly in unstable environments – those undergoing radical change and innovation. This has led to the rise of structures like guilds. These theories are then applied to open source to show that shifts away from the ‘core’ of an open source project can indicate a decline in the project itself. This necessitates a need to build a pipeline – again the pipeline – of people moving closer to the core in their contributions.

This talk was intense – but the key takeaway was that the way we design organisational structures has a significant impact on organisational outputs and long term organisation success. This is of particular importance for projects that are scaling up significantly; poor choices during scale up will lead to poor productivity later in the project’s lifecycle.

https://www.youtube.com/watch?v=xYkh1sAu0UM

 

Orchestrate all the things. With code.

“MQTT as a Unified Message Bus for Infrastructure Services” – Matthew Treinish

This was an excellent talk by Matt Treinish, who outlined the reasons behind the design of MQTT, which was originally designed for sensor telemetry. He goes on to show there are different levels of quality of service for the broker. An excellent introduction to how MQTT can be used as a unified messaging bus – as used in FireHose.

https://www.youtube.com/watch?v=y6xN6S407Xc

 

“What does the buyout of @arduino mean for #openhardware?” – Kathy Giori, IoT at Mozilla

I was truly disappointed not to be able to make it to Kathy’s presentation, as it came about partially because of a tweet I’d sent out to #lcapapers in mid-2017 – and which Kathy shouted out to me for. Thank you, and apologies for not being there in person.

Giori provided an overview of the corporate history of Arduino and how it’s now consolidated under one company; lamenting the drawn-out legal process that led to this point.

She continued to outline some of the challenges in licensing for open hardware and how manufacturers are being cheated by lower-quality knock-offs; with those same manufacturers then expecting the original author of open hardware / open software to provide ongoing support. This led to a discussion on the different levels of openness in open hardware, and the pros and cons of each.

Concluding the talk, Kathy provided an overview of the Mozilla Web of Things project, which is attempting to bring some standardisation and streamlining to the very fragmented IoT and open hardware space. There are competing standards, competing platforms, and the piece that I didn’t realise was that this is actually inflating costs for consumers. Because individual companies need to make hubs and supporting infrastructure for “their” range of IoT hardware, this means each endpoint device – light bulb, sensor, thermostat and so on – is quite expensive. Mozilla is seeking to have stronger interoperability in this space by creating the ‘Web of Things’:

“The “Web of Things” (WoT) is the idea of taking the lessons learned from the World Wide Web and applying them to IoT. It’s about creating a decentralized Internet of Things by giving Things URLs on the web to make them linkable and discoverable, and defining a standard data model and APIs to make them interoperable.”

If anyone can drive this, Mozilla can, but my personal feeling is that they’re going to come up against significant corporate interests in doing so – at a time when their own corporate mis-steps (Mr Robot, anyone) have significantly backfired. I live in hope.

https://www.youtube.com/watch?v=x2ltqoAqJbY

Cross-pollination, because together we do better

“The Future of Art” by J Rosenbaum

This was the mind-blowing talk of #lca2018 for me personally. Academic and artist J Rosenbaum took us through their research, which sits at the intersection of machine learning, neural networks and the production of art.

J’s talk started with an overview of machine learning projects, such as Botnik and Janelle Shae, and moved on to underscoring the collaboration between human and machine in generative art.

The future is not man versus machine  – the future of art is man with machine.

https://www.youtube.com/watch?v=lTT2mq692JQ

 

“The Knitting Printer” by Sarah Spencer

Again a brilliant intersectional talk by Melbourne-based hobbyist and knitter, Sarah Spencer, in which she provides an introduction to knitting machines, and provides a breakdown of how she reverse engineered a hack to a 32-bit knitting machine to be able to get images from her computer to the knitting machine.

Massive respect, @chixor.

https://www.youtube.com/watch?v=Y6k15pdFTsA

 

“Wearing access: a story about open collections, a sewing machine and the nation’s secrets” – Bonnie Wildie

Bonnie’s talk, from the OpenGLAM Miniconf, was very much a hidden gem of the conference. She talked about the concept of redaction art, created from files that have been redacted – and remixed. Bonnie even turned the redaction art into a dress, which opened up a conversation on the politics and power of what we wear. Dress and costume become media for subversion. Much awesome.

https://www.youtube.com/watch?v=XhTzE67HrhE

My talk picks for #lca2018 – linux.conf.au

linux.conf.au 2018 heads to UTS in Sydney – where it hasn’t been since 2007 – which is a very long time in technology.

This year’s line up has swung away from the community-focused content of linux.conf.au 2017 Hobart, back to technically-heavier talks. Personally I think this was the right move – without robust technical depth, linux.conf.au risks losing its traditional audience of kernel and Linux hackers.

The conference theme of

a little bit of history repeating

plays out in the programme in a couple of ways. First, the conference welcomes back Karen Sandler as a keynote. Karen last keynoted linux.conf.au 2012 in Ballarat, in one of the best presentations I’ve ever seen about bodily autonomy, and the impact that software freedoms have not just on technology, but on our personal health. Her talk at linux.conf.au 2017 Hobart on ‘Surviving the next 30 years of free software‘ was also thought-provoking – as our community ages, how do we prepare for the death of our community members – and importantly – how to we curate their code legacy? I can’t wait to hear what Karen speaks out in Sydney.

Miniconfs

History repeating also plays out in the Miniconfs that we’re seeing this year. The Open Education Miniconf is back after a several-year hiatus, while the stalwart Sysadmin Miniconf is back. Open Hardware is as popular as ever, and has already sold out.

What I love above this year’s Miniconfs is the reach-out and cross-pollination with other disciplines. The Bioinformatics Miniconf is back, after debuting at linux.conf.au 2016 (disclosure: I was 2IC of LCA2016). The Art and Tech Miniconf, led by the amazing Kris Howard, is going to be my top pick, because of the cross over with elements such as data visualisation, and even a Knitting Printer.

Main talks

The next generation

  • History can’t repeat unless we have the next generation to repeat it – and David Tulloh’s war-story from volunteering to teach kids to code will provide insights to those running MakerSpaces and HackerSpaces, coding camps and so on about how to engage students in learning code.

Continual learning

Accessibility and inclusiveness

Open source community

Open hardware

Open source making the world a better place

 

linux.conf.au 2017 Hobart – The future of open source

This year, linux.conf.au 2017 headed to the picturesque state of Tasmania, to Hobart’s Wrest Point convention centre, and the theme of the conference was ‘the future of open source’. My key takeaway from the conference was that:

The future will be built on trust, and trust takes many forms –
  1. Trusting that data and systems have confidentiality, integrity and availability – traditional security
  2. Trusting that digital experiences will be pleasant, safe and as frictionless as possible – user experience and community experience
  3. Trusting that people will build the future that they want – agency and empowerment

This blog post is going to explore some of my picks from the conference through these lenses.

Security, privacy and integrity

Security, privacy and integrity was a recurring theme of the conference.

Michael Cordover – The Future of Privacy

Michael Cordover‘s talk, ‘The Future of Privacy‘, was perhaps the most thought-provoking talk around privacy. Michael provided a history of privacy, underscoring how technology has shaped notions of what it means to be left alone, and what it means to have personal data remain private. In our ubiquitously-connected, always-on world, it’s becoming harder to delineate what informed consent means – given that data can be inferred by association (which is exactly how Tapad‘s technology is designed). It’s also harder for people to be aware of how apps and platforms are using data – terms and conditions are hard to read, and detract from usability. Practically, it’s hard to own your own data – you essentially have to run your own services. Open systems, decentralisation, federation and non-permissive by default are Cordover’s answers to these problems – but these all pay a usability price. In Cordover’s words,

There’s no easy path forward that ordinary people can take.

David Bell – In Case of Emergency: Break Glass – BCP, DRP, & Digital Legacy

As a first time linux.conf.au Speaker, David delivered a solid presentation covering business continuity planning, disaster recovery planning and digital legacy. His focus was on ensuring that appropriate planning was done before business interruption events. He also covered personal digital legacy – an almost-unexplored topic – for example – would the people you leave behind when you die know how to access your passwords?

George Fong – The Security and Integrity of the Internet

George Fong (previous Chair of Internet Australia, current Deputy Chancellor at Federation University) delivered a very strong presentation which advocated for the defence of security and integrity of the internet, largely because governments and other non-technical actors in the ecosystem don’t trust the internet – the “cybers”.

The key takeaway from George’s talk that continued to resonate for days afterwards was:

Trust is the byproduct of integrity

Using examples such as Dirty COW and Heartbleed, Fong opined that we as an opensource community need to make sure that Linux – which the foundation of the internet rests upon – is trustworthy. Bugs are only shallow if many eyeballs are on them, and all too often there aren’t enough eyeballs. Using the analogy of seatbelts, and how few of us would ever feel safe and secure driving without one, he articulated how the internet in many ways is still a frontier, devoid of strong security measures and protocols that ensure safety and integrity – and therein, trust.

Touching on another key theme of the conference – agency and empowerment – he urged the audience to grasp that they, we, the open source community are the voices of the internet. Fong encouraged us to use those voices to better educate the public on what we do – we need to promote our activities to strengthen integrity. Things are broken – and we’re not helping. It’s up to us to fix the problem.

On a side note, as the recently-elected President of Linux Australia, I’m looking forward to working with George, and recently-appointed Chair of Internet Australia, Anne Hurley, to identify how we can work collaboratively together on some of these aims – as Internet Australia and Linux Australia have some overlap in mission, values and remit.

Jon Oxer – Network Protocol Analysis for IoT Devices

Nowhere is security, privacy and integrity more pressing that in the field of Internet of Things. There were several IoT related talks this year, but two that stood out. Firstly, Jon Oxer‘s talk on Network Protocol Analysis for IoT Devices was an eye-opener into the history of the radio frequency spectrum, how some of it is unregulated, but moreover how device protocols can be reverse engineered with simple equipment and a penchant for code-breaking. Oxer showed how simple it is to launch a man-in-the-middle attack on IoT devices on the RF 422 MHz band by intercepting their transmissions, decoding their protocols and then using a playback attack. We definitely need better encryption in IoT.

Christopher Biggs – How to Defend Yourself from your Toaster

Christopher Biggs also gave an excellent security talk around IoT – ‘How to defend yourself from your toaster‘, however he tackled it from the perspective of an IoT device manufacturer or developer – clearly articulating what features and functions should be included in new IoT devices. Although he didn’t frame it as such, his talk was basically outlining a maturity model for IoT devices. For example, devices with low maturity have poor user interfaces, no provision for maintenance, and employ poor security practices – such as having insecure protocols (such as telnet) available. He provided useful advice for improving maturity, for instance port-scanning devices to see which ports are open, and what data is being transmitted. One of the key takeaways here was that if you are designing an IoT device, or managing a fleet of IoT devices, that you need to get someone else to do the hard parts. Apple, Amazon and Google all now have SDKs available for IoT, but the drawback is that most of them are not open sourced.

Biggs spoke of a metric that I hadn’t heard before in this space – MTT1C – mean time to first compromise – or the length of time it takes an IoT device to be compromised once it’s placed on the public internet. This got me thinking that I haven’t seen anywhere a capability maturity model for enterprise IoT – for instance the practices, support, metrics and continuous improvement that would be used in a large organisational deployment of IoT. Perhaps this is something that the standards bodies in this space – Open Connectivity Foundation, BITAG and Resin.io – will develop in time.

Dr Vanessa Teague – Election Software

Dr Vanessa Teague gave one of my favourite talks of the conference on e-voting systems, and the general problem of end to end verification. Using a number of examples of how companies have (or have not) implemented verification, she articulated a number of anomalies with current e-voting systems in NSW, which are soon to be used in both WA and Victoria. Given the recent controversy around United States elections, this talk was particularly timely, and gave rise to a number of uncomfortable questions – such as just how many votes does it take to change an election result, and possibly the course of history?

One of the most resonating points within Dr Teague’s talk was the rejection of an e-voting system – V-Vote – which had superior verification capabilities, but poor user experience and usability qualities. This touches on the second theme which emerged from #lca2017 – it is not sufficient for a product, tool or platform to be functional – it must also have form. People are persuaded by the shiny – and rather than scoff at this – default behaviour for a lot of our community – we need to recognise and respond to this.

Dr Teague was an engaging, humourous and articulate speaker, and I’d really like to hear more from her in future conf lineups.

User experience and community experience

It may be unusual to relate user experience and customer / community experience to trust, but I see it as fitting. Our experience with a task, a process, or an interaction either enhances or erodes our trust in the organisation, platform or person with whom we’re interacting.

Donna Benjamin – I am your User, why do you Hate me?

Donna Benjamin‘s excellent talk aimed to bring a user experience / human-centred design element to open source developers by questioning some of the fundamental ‘defaults’ we tend to hold. Using project onboard experiences as a lens to explore how we treat newcomers, she demonstrated that our actions are turning people away from opensource – exactly the opposite effect that we’re aiming for. She outlined how contributions in triage, review and testing are not valued as highly as code contributions, again presenting a barrier to increasing participation and diversity. Benjamin argued for the open source community to see users not in terms of what they can’t do – develop software – but as people – with needs and emotions.

This talk highlighted for me the lack of design thinking, human-centred design and user experience practices that are adopted not just on open source products, but to communities in general. Lowering ‘friction’ – the antithesis of good user experience – is something that both open source products and open source communities need to get better at.

Rikki Endsley – The proper care and feeding of communities and carnivorous plants

Rikki Endsley‘s talk likewise touched on how managing communities is a complex task, often fraught with pitfalls. The key takeaway was that you can’t change everything at once – you need to change elements of the community carefully, then have the metrics available to measure the impact of the change.

VM Brasseur – The Business of Community

VM Brasseur‘s talk was a practical guide for people working inside companies to ‘sell’ support of open source projects to management. This talk was framed along three key topics – benefits, costs and implementation. Benefits such as word of mouth marketing, stronger brand recognition, and more effective upstream support are all selling points. One of the strong points of this talk was the recognition of in-kind / non-monetary support to open source communities by business, such as the provision meeting space, marketing, guidance, leadership and mentoring. In particular, Brasseur cautioned that businesses should ask the community what it needed – rather than making assumptions – and providing, for instance, unwanted promotional goodies. Although implementation plans will vary across companies, Brasseur provided some generic advice, such as having clear goals and objectives for community support, setting expectations and being transparent about the company’s intentions.

Nadia Eghbal – Consider the Maintainer (keynote)

Nadia’s keynote brought to the fore many simmering tensions within the open source community. Essentially, the burden of maintaining open source software falls to a few dedicated maintainers, who in some cases may be supporting a product with a user base of tens or thousands of uses.

Eghbal set out four freedoms for open source producers / maintainers, being:

  • The freedom to decide who participates in your community
  • The freedom to say no to contributions or requests
  • The freedom to define the priorities and policies of the project
  • The freedom to step down or move on from a project, temporarily or permanently

Whether these freedoms are embraced and used to support open source maintainers remains to be seen.

Nadia Eghbal keynoting linux.conf.au 2017
Nadia Eghbal keynoting linux.conf.au 2017

Agency and empowerment

The third key theme that was reflected in the conference programme was that of agency and empowerment – being the changes that we want to see in the open source world.

Pia Waugh – Choose your own adventure

Pia Waugh kicked off this theme, delivering the first conference keynote, where she gave a retrospective on human evolution, and then extrapolated this to the future of open source, articulating how we’re likely to see a decentralisation of power in order to strengthen democracy. She went on to challenge a number of existing paradigms, calling them out as anachronisms as the world has evolved.

This talk was full of Waugh’s trademark energy and vibrancy, and was an excellent choice to open the conference.

Dr Audrey Lobo-Pulo – Publicly Releasing Government Models

Dr Audrey Lobo-Pulo’s talk extended the open data movement by advocating for the public release of government open source models – financial and economic models used to assess public policy decisions – in essence, virtual worlds to explore the implications of policy.

The key takeaway from her talk was that industry and business also stand to benefit greatly from the release of these models, as they could then be combined with private data – in a unique public private partnership. Lobo-Pulo put forward the four components of government policy models (shown below) – and how each contributes the accuracy and validity of the model.

Karen M. Sandler – Surviving the Next 30 Years of Free Software

Karen‘s sensitive and tactful talk recognised the fact that as a community, many of our pillars and key contributors are aging, and that over the next few years we are likely to bid goodbye to many in our community. Her talk explored the different ways in which copyrights can be assigned after death, and the key issues to consider – empowering us to make informed and well founded decisions while we are in a position to do so. Few presenters could have handled this difficult topic with such aplomb, and as usual Karen’s grace, wit and wisdom shone through.

Closing thoughts

Again, linux.conf.au delivered engaging, thought-provoking and future-looking talks from a range of experienced, vibrant and wise Speakers – and again it was an excellent investment of time. The diversity of Speakers this year was excellent, if perhaps erring on the non-technical side.

Open source still faces a number of challenges – the ecosystem is often underfunded, maintainers are prone to burnout and we still haven’t realised that UX needs to be a key part of what we’re all about. But that’s part of the fun – we have the power to evolve just like the rest of the world.

And I can’t wait for a bit of history repeating at Sydney 2018!

Save

Save

Save

Save

Save

Save