Ohio LinuxFest Speakers
We’re proud to announce an amazing lineup of speakers for 2017. Keep reading for bios and presentation descriptions. More to be added as we finalize our content for this year.
Karen Sandler is the executive director of the Software Freedom Conservancy and has an extensive list of accomplishments within the free software community.
Karen is known as a cyborg lawyer for her advocacy for free software, particularly in relation to the software on medical devices. Prior to joining Conservancy, she was executive director of the GNOME Foundation and before that was General Counsel of the Software Freedom Law Center. Karen co-organizes Outreachy, the award-winning outreach program for women globally and for people of color who are underrepresented in US tech. She is also pro bono counsel to the Free Software Foundation and GNOME. Karen is a recipient of the O’Reilly Open Source Award and cohost of the oggcast Free as in Freedom.
Keynote: The Battle Over Our Technology
Have you ever struggled to explain the concept and importance of software freedom to non-technical friends and family members? Karen’s keynote will take a broad look at ethics in technology, a topic that is fundamental to those involved in free and open source software. Issues around ethics become ever more relevant as technology and society develop.
Máirín ‘Mo’ Duffy is a principal interaction designer at Red Hat as well as the team lead for Fedora’s community design team. A recipient of the 2016 O’Reilly Open Source Award, Máirín has over a decade of expertise in user experience and design in Free/Libre and Open Source Software (FLOSS) communities. Her portfolio includes a wide range of designs for FLOSS including Mailman/Hyperkitty, Anaconda, numerous components of the Fedora project infrastructure, Spacewalk, virt-manager, the GNOME desktop, as well as other projects such as the SELinux and Container Coloring Books.
Máirín is a passionate advocate for software freedom, particularly in the creative domain. Her design workflow is 100% FLOSS, involving tools such as Inkscape, Gimp, and Scribus on top of Fedora Workstation, and she uses open formats and licensing for her design work.
Keynote: Who Cares if the Code is Free? User Experience & Open Source
Open source technology is now mainstream. Technologies large and small that impact people all over the world are powered by open source platforms, libraries, and backends. There’s an urgent problem, though: open source has become synonymous with shockingly poor user experience (UX). In this talk, we’ll discuss why UX design, and design in general, isn’t just fluffy stuff painted on at the end of the software development process. Rather, it’s a crucially important tool to make software freedom ubiquitous and accessible to all. You’ll learn how a UX design process works, and how you can get started (or find help) right away to improve the UX of your own software.
Tarus Balog is the founder and CEO of The OpenNMS Group, the services company behind the popular open-source monitoring software. Tarus has been involved in managing communications networks professionally since 1988, and unprofessionally since 1978 when he got his first computer—a TRS-80 from Radio Shack. Having worked as a network management consultant for many years, he was constantly frustrated in the lack of flexibility involved in commercial solutions such as OpenView and Tivoli, as well as shocked by their high prices. Looking for a better solution, he turned to open source and joined the OpenNMS project in 2001 and became principal administrator of the project in 2002. Since then he has managed not only to make a living working with free software, but The OpenNMS Group has thrived. Tarus is an outspoken evangelist for free and open source software and the communities it inspires.
Keynote: A Brief History of an Open Source Company
Most people who like open source have thought at one point or another “how can I make a living with free software?” That was my thought over fifteen years ago when I started a company around the OpenNMS open source network monitoring platform. This presentation will trace the history of that company, covering such things as how it got started and the decisions we faced concerning growth, dealing with customers, legal issues and keeping our employees happy. Oh, and making money. Kind of important to make money.
It is hoped that people can learn from our mistakes and perhaps be inspired to start their own journey into a professional life around free and open source software.
Adam Stephens is an engineering manager at CoverMyMeds, leading a cross-discipline team which focuses on infrastructure and operations improvements. He has a background in Linux systems engineering and has spent many years scaling systems infrastructure through automation and configuration management.
Open Source Solutions Stage: Multi Data Center PostgreSQL service discovery with Consul
With CoverMyMeds expanding to multiple Data Centers, we required a flexible solution for discovering our PostgreSQL clusters from any network location. This talk will cover how we used Consul to provide discovery of PostgreSQL master/slave nodes across all of our Data Centers, with the majority of the time being a live demo.
Aladin has been passionate about building great teams and building transformative technology experiences for nearly 20 years. He has learned from his mistakes, always strives to improve, and attributes his successes to healthy teams.
Cleaning Up Toxic Teams and Dissolving Dysfunction
In this session, you will get a deep dive into team health topics covered in Patrick Lencioni’s books and workshops covering the 5 Dysfunctions of a Team, The Advantage, and The Ideal Team Player.
The Five Dysfunctions of a Team outlines the root causes of politics and dysfunction on the teams where you work, and the keys to overcoming them. Counter to conventional wisdom, the causes of dysfunction are both identifiable and curable. However, they don’t die easily. Making a team functional and cohesive requires levels of courage and discipline that many groups cannot seem to muster.
The Advantage provides readers with a groundbreaking, approachable model for achieving organizational health. Organizational health is about making a company function effectively by building a cohesive leadership team, establishing real clarity among those leaders, communicating that clarity to everyone within the organization and putting in place just enough structure to reinforce that clarity going forward. The model in The Advantage was originally introduced in Pat’s business fable, The Four Obsessions of an Extraordinary Executive.
An ideal team player embodies three virtues: humility, hunger and people smarts. The power this combination yields drastically accelerates and improves the process of building high-performing teams.
Dr. Alexander Bandar is an engineer by training, and an entrepreneur by accident. Having worked ten years in the field of manufacturing software, with clients from GE to Apple to the Defense Department, he now directs the Columbus Idea Foundry – one of the world’s largest community workshops, or “makerspaces”, which he began as a passion and is now his full-time career. Having recently renovated a 60,000 square-foot factory in Columbus OH, the Idea Foundry houses tools from blacksmithing to 3D printing, teaches classes on design and fabrication, and sells memberships to anyone who wishes to use the workshop as if it were their own. With 500+ members and growing rapidly (of whom approximately one third are entrepreneurs), the Columbus Idea Foundry is one of the most active makerspaces on the planet, has won numerous international awards in the “maker movement” arena, and is quickly finding a place in the creative, educational, technological and business ecosystems of Central Ohio and beyond. From Los Angeles to Barcelona, Dr. Bandar speaks and consults regularly about this exciting new culture of “democratized opportunity”.
How the Open Source Movement, Digital Prototyping, and Crowd Funding Is Democratizing Opportunity
Dr. Bandar will speak on the new culture of “democratized opportunity”, which he considers to be represented by (1) free information, (2) open source software, (3) digital prototyping tools, and (4) crowdfunding. At the nexus of these four phenomena is an empowered culture of innovation, wherein everyday people are more capable than ever to take an idea out of their head, hold it in their hand, and turn it into a product, a passion, or a business. Alex will use the backdrop of the Columbus Idea Foundry, one of the world’s largest and most active “makerspaces”, as evidence of this creative culture, and its impact on art, technology, education, and entrepreneurship. Lastly, a route to disseminating this culture throughout the world, to strive for a planet of 10 billion educated and empowered innovators will be presented.
Alex Juarez is a Principal Engineer at Rackspace, touting 10 years with the company. Alex enjoys all things Linux, especially training and mentoring others, and has qualified to do so as an RHCA/RHCI. When Alex isn’t helping others he’s crafting killer cocktails and finding the best spots to grub in San Antonio.
Building Training Environments
Let’s talk about training. This was how the conversation started. Our goal was to put together a system that is as self-sufficient and streamlined as possible. We also wanted something we could move around and other people could use.
Using Ansible, Ansible Tower, Asciinema and some good ole Bash scripting we were able to build a platform which we think met most of our goals. I want to share with you some the work we did internally to build a training platform. There is no need to know any of the technologies; this is more of an overview where we’ll talk about concepts and the lessons learned.
Attendees will walk away with some new ideas, some knowledge of how we got around pitfalls, and hopefully a smile on their face.
Cameron Hughes, Tracey Hughes, and Trevor Watkins
Cameron Hughes is a senior software/knowledge engineer for Advanced Software Construction (ASC), where he leads the TAMI-2 (Transcript Analysis, Mining & Interpretation) project. He is also software epistemologist for Ctest Laboratories, where he does research in Artificial Intelligence. He is a member of the advisory board for the NREF (National Robotics Education Foundation), volunteer co-director of the Oak Hill Robotics Makerspace and chair of NEOACM. He has co-authored many books, including Linux Rapid Application Development, Robot Programming: A Guide to Controlling Autonomous Robots, and Build Your Own Teams of Robots.
Tracey Hughes performs epistemic visualization, user interface design and development at Ctest Laboratories and ASC. She is currently visualizing the knowledge space of software agents embedded in robots and an ontology of Artificial Intelligence called C.A.V.E. (Cosmology of Artificial Intelligence Visualized Epistemically) Drawings. She leads user-interface development for the TAMI-2 protect at ASC. Mrs. Hughes has written many books on robotics, multicore, multithreaded, object-oriented, and parallel programming in C++ with Cameron Hughes as well as the book Linux Rapid Application Development.
Trevor Watkins is an assistant professor at Kent State University (KSU), where he serves as subject librarian for STEM. He also works part-time in the College of Aeronautics and Engineering, where he teaches software engineering and embedded systems using GNU/Linux. He has over a decade of experience designing, integrating, migrating and deploying GNU/Linux and Unix systems and networks. He holds a Masters in Library Information Science (KSU), Information Architecture and Knowledge Management (KSU), and Computing and Information Systems from Youngstown State University.
A Little Artificial Intelligence Help With Syslog
The proliferation of mobile computing, PAAS, SAAS, IAAS, and virtualization has increased the burden of log file analysis for the system administration and programming function. The spike in the number of log entries has made analysis by manual human effort untenable and automated analysis essential. But effective log file analysis is not an exact science. A useful log analysis process often requires human insight and judgment. So while automated log analysis methods are useful, they must also be knowledge-based to be effective. In this talk, we describe a new Linux utility and an approach that uses autonomous epistemic agents to analyze entries in real time. The epistemic agent uses its a priori knowledge and posteriori knowledge extracted from logs. This talk provides those burdened with the task of monitoring and understanding Syslog and its variants with new Syslog configuration techniques and a preview of an AI layer proposal for Syslog.
Cassandra Faris, Chad White, Jason Green, and Warner Moore
Cassandra Faris is the Director of Talent Management at Improving Columbus, a software development consulting and training company. She is passionate about growing the tech community and its people, regularly attending, speaking at, and helping organize conferences and events. She is President of the Microsoft-focused Dog Food Conference and a Per Scholas Advisory Board member. She has an MBA in Organizational Leadership, and is an avid tabletop gamer, runner, and soccer fan who travels as much as possible.
Chad White is an active member of the Columbus tech community with a passion for cyber security, open source tech, and entrepreneurship. He is the founder of Rogue Talent, a national recruiting outfit that specializes in helping technologists and leaders within these niches to write the next chapter of their careers. An Ohio University alum with 10 years of industry experience, Chad is dedicated to reimagining the recruiting experience and modernizing career coaching in the Digital Age. He speaks as a tech career expert at notable annual conferences throughout the region such as Ohio Linuxfest, BSides, and InfoSec Summit. Chad is also an avid traveler and the founder of the Central Ohio Rum Society, a spirits education group that meets monthly at cocktail shops around Columbus.
Jason understands systems by their limits. He loves privacy, security, python, linux, networking, and play. He learned to code by transcribing games from magazines into the parade of his father’s computers from CompuServe. After multi-year forays into database administration, network engineering, and systems administration, Jason has returned to his first obsession, development. He often stays up too late seeking an elegant solution. He occasionally awakes with one. You probably have a lot in common.
Warner Moore is a driven technology leader and architect with a background in web operations and information security. He has focused his career in working with high growth organizations where technology is their business and product. Warner is passionate about culture, innovation, and community. His passion is reflected in his community contributions by organizing Ohio LinuxFest, LOPSA Columbus, DevOpsDays Ohio, and Toastmasters. A long time attendee of Ohio LinuxFest (OLF), Warner began working with the OLF in 2012 by founding the Career Track. Following the 2013 conference, he assumed the role of Conference Chair. As Conference Chair, Warner provides oversight for all aspects of the conference.
The ‘Onwards’ & ‘Upwards’ of Careers in Open Source – A Panel Discussion
The job market in tech is hotter than ever before, with skills and experience in open source technologies – from SysAdmin to DevOps – easily comparing in demand to the likes of cybersecurity and big data. In the OLF Career Panel session, we will explore how to pursue a career and advance in the booming tech industry, modern job search/hiring best practices, staying relevant and challenged in a rapidly evolving profession, obtaining a proper mentor, and establishing yourself as a recognized thought leader, among other topics. Panelists will include established local thought leaders across the business technology spectrum, providing valuable insight from three different perspectives: The Technologist, The Hiring Manager, and The Recruiter. Chad White, a local entrepreneur, trusted tech recruiter and longtime friend to OLF, will moderate. The Career Panel discussion will end with an open Q&A session, an opportunity for the audience to engage the panelists in discussion.
Christopher H. Laco
Chris comes to us from the Akron, Ohio area where he’s been a programmer, webmaster, server magician and all-around jack of all trades in the industry for over 22 years. He is experienced in various languages including Perl, Ruby, C#, VB.NET, Python and remembers what a modem and Mosaic 1.0 looks like. He is currently living the Manager lifestyle at Rackspace building OpenStack Private Clouds.
Helping Your Manager Be a Better Leader for You
How can you be a better manager? How can you help your manager be a better manager for you? In this talk we’ll talk about these things and build a better bridge between developers and their managers so we can build stronger teams together from the bottom up.
- Why Do This to Yourself?
- Full Time Mentoring
- Positive Change
- Shoehorned / Voluntold
- New Managers
- Life as an Individual Contributor
- From Peer to Manager
- Defining Yourself / Measuring Productivity / Measuring Success
- Stress Management (Manager and Individual Contributors)
- Organize! Organize! Organize!
- Provide Clear Direction / Ask for Clear Direction
- Don’t Procrastinate
- No Lone Wolfs
- Goals and Feedback
- Setting Goals / Goal Types (Defining Your Style)
- Revisiting Goals
- Personal Development Plans
- Gathering/Delivering Peer Feedback
- Being Better
- Be Vulnerable
- Be Clear
- Be Direct
- Success = “They” / Failure = “I”
- I “Work for” The Team / The Team Does Not “Work for” Me
- Servant Leadership
Clif Flynt has been programming computers since 1970. Through his company Noumena Corporation he offers Linux and Tcl training and custom software development. He recently published Linux Shell Scripting Cookbook, Third Edition for Packt Press.
Command Line Tools
Clif will introduce the basics of shell programming – using features such as filename globbing and for loops as well as basic tools like grep and ls. A few more advanced topics like using ffmpeg tools and sox to massage video and audio files will also be covered.
Cody Hofstetter is the Founder and CEO of an IT/Cybersecurity firm specializing in vulnerability assessments, penetration testing, forensic investigation, and advanced data recovery/destruction. Chairman of a non-profit that advocates Free and Open Source Software adoption to assist businesses and non-profits in utilizing FOSS to reduce their base operating expenses so they may allocate their limited resources elsewhere. Mr. Hofstetter’s background is originally in finance and he has been forming and buying companies since the age of 19. He currently divides his time between four main ventures: his IT/Cybersecurity firm, the FOSS non-profit, sitting on the board as Treasurer for the only known working steamboat on the East Coast dedicated to watershed/environmental education, and his latest business acquisition, a health-oriented and local community focused restaurant in Frenchtown, New Jersey.
Getting Hit by an 18-wheeler: Privacy & Anonymity in the Modern Age
With ever increasing levels of powerful nation-state and corporate surveillance becoming commonplace, how much privacy does an individual have left? Do privacy and anonymity still exist at all? In this talk, we’ll cover a brief overview of current tracking methodology followed by useful tools and techniques you can begin using immediately. We’ll touch upon proxy chains, VPNs, encrypted DNS queries, setting up your own DNS nameservers, TOR, local CDN redirection, and more. If you think encryption is hard, we’ll also cover how to get you started using encrypted containers with Veracrypt in under five minutes.
Colin Dean has been using plain text accounting tools for more than four years. He runs the fledgling /r/plaintextaccounting reddit and has contributed to the ledger-like ecosystem. Presently, Colin works for Arcadia Healthcare Solutions and has previously worked for IBM Watson and Vivísimo. He is on the board of directors for the Code & Supply Scholarship Fund as well as Meta Mesh Wireless Communities. He has used ledger for a variety of purposes during his tenure at all of these.
Plain Text Accounting with the ledger Ecosystem
Plain Text Accounting is the practice of maintaining a ledger in a format that values human readability, accountant auditability, and version control. The ledger-like ecosystem enables recording of purchases and transfers and investments, versioning of ledger-files to provide an audit trail, and performing analysis to produce registers, balance sheets, profit and loss statements, track billable time and paid time off, and lots of other reports. In this presentation, you’ll learn some basic accounting principals, ledger tool usage, and why you might choose plain text accounting over Quicken, QuickBooks, Mint.com, or You Need a Budget.
David Carver, Parker Gibson
David Carver has over 20 years in software development, ranging from the big old Mainframe to mobile applications. His primary expertise is in E-Commerce and business to business development and deployment. He is a big proponent of Open Source development, and constantly contributes back to various projects. He was previously the project lead for the Eclipse XSL Tools project, has created the Serenity for Android project for streaming media from Plex and Emby servers, and created the X-Streamer overlay tool for X-Wing Miniatures players for use with XSplit and OBS Studio.
Parker Gibson is co-creator of the El Pee and the Man, War Hammer 40K podcast. He rolls dice, and rolls them badly.
Lessons Learned Video Casting With Linux and OBS Studio
The journey started innocently enough; we wanted to record our games from the local X-Wing Miniatures gaming group, and put them up on YouTube for everyone to see. The problem… I wanted to use Linux to do everything, and there needed to be very little post production afterwards.
OBS-Studio helps cover the main piece of the recording and presentation aspect, but what do you do when most of the hardware still doesn’t have Linux drivers, or they are very experimental? You get creative. This talk will be broken into two sections. First covering the technical pieces, including the software and hardware components we have come to use after months of experimentation and trial and error. We’ll discuss many of the challenges experienced as well as the solutions and workarounds we came up with. The second part of the talk will cover the challenges of building a community and getting the product out to the audience. Just because you build it doesn’t mean they will come to view it. Especially with the sheer number of videos on Twitch and YouTube.
David Gilpin is a Principal Consultant with the Oracle Cloud Infrastructure team, specializing in Oracle Linux and Virtualization. He has a Computer Science degree from Sam Houston State University (go Bearkats!) and has been involved with technologies including hardware, software, storage, networking, and virtualization for more than 25 years. In his spare time David enjoys hobbies including electronics, computing, and Amateur Radio – especially Digital modes (interfacing computers with transceivers.)
Open Source Solutions Stage: FOSS at Oracle? Really?
David Gilpin will discuss that Oracle – purveyor of widely used proprietary software as well as the fastest growing Cloud – uses, contributes and invests heavily in Open Source.
Attendees will discover how to download and use several Oracle Products for FREE!
Dru Lavigne is the Director of Technical Documentation at iXsystems, which sponsors the FreeNAS, TrueOS, and Lumina open source projects. She is author of BSD Hacks, The Best of FreeBSD Basics, and The Definitive Guide to PC-BSD. She is founder and current Chair of the BSD Certification Group Inc., a non-profit organization with a mission to create the standard for certifying BSD system administrators.
What’s New in FreeNAS 11
This presentation will provide an overview of some of the many new features in FreeNAS 11.0. These include:
- Alert Services for configuring alert notifications
- the ability to start specified services at boot time
- AD Monitoring to ensure the AD service restarts if disconnected
- a preview of the new user interface
- support for S3-compatible storage and the bhyve hypervisor
I’ll also provide a sneak peek at the upcoming 11.1 which adds these features:
- a complete rewrite of the Jails/Plugins to transition from warden to iocage
- the ability to write a new plugin with a few lines of code
- a new asynchronous middleware API
Eystein Stenberg has over eight years of experience in security and systems management as a developer, a support engineer, a technical account manager, a product manager, and now CTO. He has been in the front lines of some of the largest production environments in various roles and has in-depth knowledge of the challenges in systems security in a real-world context. Eystein has spoken at various conferences, including Embedded Linux Conference, Embedded Systems Conference, and Internet of Things World. He holds a Masters degree in cryptography and his writing credits include Distributing a Private Key Generator in Ad Hoc Networks.
Linux IoT Botnet Wars and the Lack of Basic Security Hardening
We will discuss the various malwares infecting Linux Internet of Things (IoT) devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Some of the fundamental security concepts we will cover include:
- Closing unused open network ports
- Intrusion detection systems
- Enforcing password complexity and policies
- Removing unnecessary services
- Frequent software updates to fix bugs and patch security vulnerabilities
We will also delve into the arguments and counter-arguments of vigilante hacking with Hajime and BrickerBot as examples and the potential long-term consequences in this new age of connected devices.
This presentation will help the Linux community understand real-world security risks in bringing their devices online and what specific measures to take to help defend their devices. The talk is aimed at design engineers, embedded development teams, systems integrators, and product managers.
Garrett Honeycutt has been hacking *nix based systems and spreading the merits of open source software for over twenty years. He began using Puppet in 2007 while building out a national carrier grade VoIP system. Previously he has worked on such things as building core internet infrastructure for an ISP, creating mobile media distribution platforms, and as a Professional Services Engineer with Puppet Labs helping customers around the world with Puppet, DevOps processes and project management. As the Puppet Architect at Ericsson in Stockholm where he coordinated with and mentored those writing Puppet code for their global R&D sites supporting over 30k developers.
He has consulted for many different types of companies from small startups to global multinationals in many countries and differing sectors. He co-organized FOSSETCON and is an organizer of DevOpsDays Indianapolis.
How to Build a CD Pipeline for Your Systems
This presentation will show how to use pipeline tools such as Jenkins in conjunction with configuration management and testing software to build a continuous delivery (CD) pipeline for systems. It will cover the ideas behind building a CD pipeline, what types of testing are used, and at what stages. The talk will be vendor neutral with regards to how this is achieved along with practical guides to commonly used software for each step.
From Pennsylvania Amish country comes an avid technologist, serial mentor and community evangelist. Jason Plum can be seen attending, staffing booths, and speaking at as many FOSS conferences and Linux User Groups as he can manage. Jason is a Senior Build Engineer at GitLab and an Arch Linux ARM developer.
Working in the Open
Changing your internal model to open-by-default can take a shift in your patterns. What does it take to work in the open, for the open? I’m happy to be able to say that I work for a company that contributes back to the community directly, producing a Free and Open Source Software product that the community can use to continue the grand objective of FOSS. While I have been a part of this community for a short time, I have some insights on the change from closed to open as I re-framed my career and I would like to share those with anyone interested.
Jeff Klukas has a background in experimental particle physics, working both as a teacher and as a researcher helping discover the Higgs boson. He is now the technical lead for the data platform at Simple, a branchless bank in the cloud. He has been a collaborator in the development of an internal PostgreSQL → Kafka change data capture pipeline (similar to Bottled Water) that has become a key foundation of Simple’s service-oriented architecture. He also has a lead role in using that pipeline to provide analysts a rich database audit trail in Simple’s data warehouse.
PostgreSQL + Kafka: The Delight of Change Data Capture
PostgreSQL is an open source relational database. Kafka is an open source log-based messaging system. Because both systems are powerful and flexible, they’re devouring whole categories of infrastructure. And they’re even better together.
In this talk, you’ll learn about commit logs and how that fundamental data structure underlies both PostgreSQL and Kafka. We’ll use that basis to understand what Kafka is, what advantages it has over traditional messaging systems, and why it’s perfect for modeling database tables as streams. From there, we’ll introduce the concept of change data capture (CDC) and run a live demo of Bottled Water, an open source CDC pipeline, watching INSERT, UPDATE, and DELETE operations in PostgreSQL stream into Kafka. We’ll wrap up with a discussion of use cases for this pipeline: messaging between systems with transactional guarantees, transmitting database changes to a data warehouse, and stream processing.
Jim Wildman is a farm boy from central Ohio who discovered Unix in 1985 and has been involved in that world ever since. Linux came along in 1995 and lead to his first production system in 1998 (a Hylafax server). For many years, Jim was involved in with the Central Ohio Linux User Group (COLUG) and has spoken at numerous business and user group conferences including Red Hat Summit. Jim has worked in every major industry vertical and is currently employed as a Senior Solutions Architect by Red Hat, supporting accounts in Florida.
Securing the Cloud at Rest… Network Bound Disk Encryption
As companies move more and more applications to the cloud, the importance of all types of security increases. One area is the securing of virtual machine and container images at rest (i.e., when they are not running). Encryption of these images presents a number of challenges. Network Bound Disk Encryption addresses the question of “how do I enter a password for 10,000 containers to startup unattended?” This presentation will provide an overview and short demo of the Clevis and Tang NBDE pair.
John is the VP of Technology for Infinity Interactive, a virtual IT consultancy. When he’s not maintaining Perl modules or tweaking his Emacs config, he likes to play around with new languages like Swift and write about himself in the third person.
JSON Web Tokens Will Improve Your Life
JSON Web Tokens, or JWTs, are a standardized way of representing a JSON-based data structure and transmitting it between two parties. JWTs rely on cryptographic signatures which ensure that the data transmitted in the JWT isn’t modified during transit. JWTs are designed to be extremely compact—small enough to be transmitted in an HTTP header, for example—and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They’re based on a very simple and elegant algorithm that’s easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.
Unfortunately, learning how to use JWTs can be complicated by the terminology that’s commonly used. “Claims,” “signatures,” “body,” “payload”—a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.
This talk will cover:
- the structure of a JSON Web Token
- the algorithm for generating one
- available libraries and tooling
- some common scenarios where JWTs can be used.
Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.
Old Dogs & New Tricks: What’s New with Perl5 This Century
The Perl programming language has a somewhat checkered reputation. People enjoy ranting about the supposed “read-only” nature of the language, and war stories of having to maintain horrible legacy Perl codebases are a popular feature of after-hours gatherings at programming conferences around the world. But, as Bjarne Stroustrup notes, “There are only two kinds of languages: the ones people complain about and the ones nobody uses”—and Perl also enjoys a reputation as a language that gets pulled out when you need just a bit more “oomph” on the command line than you can muster up with bash, sed, awk, and friends.
The thing that most people don’t realize is that the Perl5 community, after a brief period of reduced activity in the early 2000s, has regained velocity and organization, and has produced new stable language releases (with new features!) for the last 6 years (and counting). During that period of time, the community consensus around issues such as installation management, deployment, and other best practices has undergone significant evolution. New libraries and frameworks have been introduced and have replaced older standards that you may be familiar with. (CGI.pm? No more!) As people from the Perl community have gained experience with newer languages and frameworks, they’ve brought new ideas from those systems back into the Perl fold, either adding them to the core language or to libraries available on the CPAN. The result combines all the stability from Perl’s overarching commitment to backwards compatibility with support for the newest protocols and programming paradigms.
This talk will summarize significant new features that have been added to the core language, discuss tooling options for managing Perl installations, explain the community consensus on best practices around deployments and which competing libraries to use for particular purposes, and generally get you up to speed on how the Perl5 community thinks about development in Perl in 2016.
John Mertic is Director of Program Management for ODPi, R Consortium, and Open Mainframe Project at The Linux Foundation. Previously, Mertic was director of business development software alliances at Bitnami. Mertic comes from a PHP and Open Source background, being a developer, evangelist, and partnership leader at SugarCRM, board member at OW2, president of OpenSocial, and frequent conference speaker around the world. As an avid writer, Mertic has published articles on IBM Developerworks, Apple Developer Connection, and PHP Architect, and authored the book The Definitive Guide to SugarCRM: Better Business Applications and the book Building on SugarCRM.
Making Linux and Open Source First Class on the Mainframe
The Open Mainframe Project is a Linux Foundation Project. The founding members include among others CA, SUSE, Marist College, and IBM. The project’s mission is to drive collaboration around Linux and open source on the mainframe platform. This session will give you the inside track on Linux and open source on the mainframe from a board member of the Open Mainframe Project and a leader in the mainframe ecosystem team. The session will cover how the open source community is gathering around the platform to drive forward enterprise computing. Furthermore, it will cover the background and mission of the Open Mainframe Project, the recent intern program, and development efforts, and then explain how everybody can participate.
Ken Moore is the founder and lead developer of the Lumina desktop project. Ken is a senior developer and core team member for the TrueOS project (formerly known as PC-BSD); he is also responsible for various other Qt5 projects for iXsystems.
Lumina Rising: Challenging Desktop Orthodoxy
The Lumina desktop environment caused a stir in the desktop community when version 1.0 came out, primarily as it is a completely new framework and not based upon any existing desktop codebase. While Lumina targets BSD operating systems as the primary audience, portability to Linux is also a primary design goal.
As the next phase of development (version 2.0) is rapidly nearing completion, it is time to announce how the Lumina project is evolving the foundational principles behind the current generation of desktop environments. Intrinsic to their designs, the current generation of Desktop Environments have numerous flaws and limitations. Lumina is charting a new model of desktop architecture, re-imagining solutions to session security, application dependencies, message handling, and operating system integration.
Kent Adams is the Senior Engineer and Manager of Technical Support for SIP.US/SIPTRUNK.com. Having worked in the VoIP space for years, along with helping customers prevent and remediate intrusions every day, there are few people who are more knowledgeable about where the real problems lie with regard to VoIP security. He is passionate about open source technology, regularly develop custom solutions for FreePBX, Asterisk, and FreeSWITCH. Kent is also intimately familiar with nearly every make and model of firewall on the market and spends decent portions of every day beating overzealous Sonicwall, Foritgate, and ASA appliances belonging to under-prepared IT professionals into submission. Finally he has summoned the vast powers of certification on many occasions with A+, Server+, Network+, Security+, and ITIL Foundations certificates.
VoIP Security Basics
Security in the VoIP space is often based on hearsay and knee-jerk reactions. In this talk you will learn about the most common attacks on VoIP systems and networks, misconceptions and misplaced trust in modern security advents, and how to use several open source tools to determine where the holes in your security are. Specific topics covered will include firewall pinholes, SIP authentication methods, encryption, and dialing restrictions. Finally, you will be introduced to specific VoIP security uses for various open source technologies including tcpdump, nmap, and sipvicious.
Michael Contino is an experienced Information Security professional with a demonstrated history of working with Financial and E-commerce industry technology leaders. He maintains a deep specialization in orchestrating ongoing assessments of dynamic infrastructure and establishing cybersecurity practices within Linux, UNIX, Mac OSX, and mixed-OS environments. He currently runs global vulnerability management at a multi-billion dollar e-commerce leader, leveraging only open source tools and systems. He also holds several Linux and Security certifications and has consistently ranked top 10% in premier cybersecurity competitions. In his spare time, he actively mentors college and high school students to facilitate a passion for cyber security and help students get scholarships to attempt college.
Top 10 Easy Cybersecurity Wins for Linux Environments
As Cybersecurity continues to gain more visibility in news cycles across the globe, many teams are looking for ways to increase their security posture to avoid being the next company making a incident disclosure. To help out, I’ll use my professional experience to present 10 powerful, and hopefully fairly easy, changes that can be made across to a Linux infrastructure to reduce the risk of compromise. This talk will include an overview of the 10 goals, actionable code/command examples for each tip, and a walkthrough of the corresponding attack vector.
Michael Dolan is VP of Strategic Programs responsible for collaborative Projects and Legal Programs at the Linux Foundation. He has helped form over 50 open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain, automotive, Internet of Things, Big Data and analytics, security, containers, storage and embedded devices. Mr. Dolan is also involved in OpenChain, SPDX and runs open source legal programs such as the Linux Foundation’s annual Legal Summit and Open Compliance Summit. Prior to joining the Linux Foundation, Mr. Dolan spent 8+ years at IBM in roles across systems, services and software. He received an MBA from Case Western Reserve University in 2004, a JD from Cleveland State University in 2002 and a Bachelor of Arts in Economics in 1999 from John Carroll University.
Building Sustainable FOSS Communities
Sustainable open source project communities have helped free and open source software (FOSS) underpin the technologies that run the world’s infrastructure, social and business systems. Does FOSS happen by magic or is there a sustaining model that underpins the success of highly used projects? What are the best practices that encourage interest in a project, commercial adoption, and a supporting ecosystem? The Linux Foundation has been at the forefront of sustaining FOSS communities and will share a perspective on how projects have built sustainable communities and ecosystems.
Mike Jones has been using Linux personally and professionally since 1998. He previously worked for the Battelle Memorial Institute and is presently the Lead Software Architect for Armada Power, a startup spun out of Battelle in 2015. He has taught programming at Columbus State and has threatened to do it again if his schedule permits it.
OpenWrt for Embedded Development
OpenWrt is an open source firmware for many consumer routers, but it is also finding community interest as embedded development system for all kinds of IoT projects and products. This presentation will give a short history of OpenWrt, as well as the forking and merging of the LEDE project. Next up will be setting up a build environment and building a custom OpenWrt image. The talk will then cover some of the basics of packaging software to be included in a custom image. Live demos of booting newly built images for OpenWrt and packaged software on a Raspberry Pi will be included.
Nikola got his first computer when he was 9 and immediately fell in love with it. In college he studied computer science and stumbled upon different languages and DevOps things—anything from Java to Apache and Nginx. Throughout college, Nikola started doing Ruby more and more (after watching DHH creating a blog in a couple of minutes) and landed his first Ruby gig. After that he started two of his own startups which both failed; he subsequently worked in three startups and is currently working in one early stage company. He realized his interest in business from getting involved in the startup community and has been increasingly focused on that area for the past two years. This helped him notice the non-technical skills he was missing as a software engineer.
Essential Non-Technical Skills
This talk is a sum of experience the speaker has collected working in fast paced companies as either a software developer or leading development. It’s split up into three major parts:
Art Of Good Communication – Explains the pillars of good communication, why we need to communicate and what techniques were used to improve communication skills. It includes things like journaling, why being empathetic to others is one of the keys to good communication, and how to deal with a conversation where there is a lot of tension in the air.
Art Of Not Burning Out – Touches on a controversial topic in today’s software development/startup/DevOps world of how hard we should work and how not to burn out. It tries to explain why we burn out so often, what the real reasons behind burning out are, and how to fix it.
Art Of Getting Things Done – Explains a framework the speaker developed over the years of trying different systems, and how can you incorporate that into your workflow.
The overall goal of the talk is to raise awareness of the fact that technical skills are just a piece of the puzzle if we want to be truly successful. The intent is to give the audience tools and motivation to improve those nontechnical skills.
Patrick Tudor is a systems engineer at the Internet Corporation for Assigned Names and Numbers in an operational role supporting ICANN’s public websites: a broad portfolio including IANA.org, ICANN.org, InterNIC.net, and example.com. Patrick lives in Los Angeles with his German Shepherd dog Jemma.
Protecting Public Websites with Apache and Linux Containers
New features in Apache 2.4 combined with Linux containers will propel your websites forward. In this talk you’ll see configurations with direct benefits for your own websites. Explore tools in Apache 2.4 to enforce common policy across diverse properties with help from containers. We will cover using Macros, If clauses, and other techniques to make a common configuration dynamic as well as protecting resources with limits by method, ACL, or via synthetic errors. Administrators who use web servers other than Apache will still gain valuable ideas from concepts presented and those who are only indirectly involved in the operation of websites will gain insight toward achieving a shared security policy and unified branding across sites. Let’s make better websites with containers and Apache.
Roberto C. Sánchez
Roberto is a practicing software engineer, Debian Developer, consultant, university adjunct instructor, and retired US Air Force officer with extensive experience in free/libre/open source, government, and commercial software development.
Secure Cloud: Linode With Full Disk Encryption
With the cloud’s increasing popularity across the business spectrum, the issue of securing data and systems deployed in the cloud has become critically important. Encryption, especially of data at rest, is a near-constant topic of discussion and of the various approaches to encryption in the cloud, each has various trade-offs. For some threat profiles, encrypting a single partition is sufficient. However, for enhanced security against physical compromise, full disk encryption (FDE) is a viable option, though one difficult to deploy in the cloud. While there are many cloud providers, this talk will discuss, step-by-step, and demonstrate how to provision a new Linode virtual server with FDE. Anyone interested in hosting services and/or data in the cloud in a secure manner will benefit from this talk. Some of the specific topics covered in the talk include:
- Different encryption options for data at rest, including which options are offered by popular cloud providers
- How different encryption options protect against different threats
- The pros and cons of full disk encryption in a cloud environment
- The types of protection full disk encryption provides and does not provide
- A detailed HOWTO for deploying a Linode virtual server with full disk encryption
- Unique issues associated with managing a virtual server with full disk encryption
By the end of the talk, attendees will understand how to arrive at their own decision regarding which cloud encryption option best suits their needs and will have seen a complete deployment of a Linode virtual server with FDE.
Robert has been in IT for 30 years. He started using Linux when he downloaded the boot and root disks from GEnie in 1993 on his 1200 baud modem (kernel 0.99p11). He has shaken the hand of Linus Torvalds (Duke University Linux Expo 1998).
A Short Tutorial on a Revision Control System for Sysadmins
A live demo of RCS – the oldest but still very usable revision control system will be presented. The talk will also cover differences between RCS, Git, and other alternatives as well as why would you want to use it rather than Git. RCS is a good, simple revision system which works nicely for local scripts and config files. When not to use RCS will also be discussed.
Scott Seighman is a Solutions Architect at Red Hat, the world’s leading provider of open source software solutions. Based in Cleveland, Scott roams the Ohio Valley creating possibilities, solving problems, and establishing working relationships with Red Hat’s customers and partners.
Monitoring Java Application Performance Using Thermostat
Thermostat is an open source instrumentation and service tool that helps Java developers understand what is happening inside the Java virtual machine when their programs are running. Thermostat collects and combines information from various sources—including the Hotspot VM—to present a complete picture of how an application is behaving. In this session, you’ll see Thermostat in action as it is used to examine various Java applications, as well as identify and fix problems—often without even modifying application code. You’ll also learn how to add more features to Thermostat through plugins. If you’re a developer, sysadmin, or QA specialist—or use Java in your IT environment—join this session to learn how Thermostat can make your life easier.
Simón Ruiz’s preference for the command line began with his first computer experience using CP/M on an Epson QX-10 as a kid. His affair with Linux began over a decade ago when he started supporting Edubuntu desktop computers in Indiana schools. He dedicated himself to working with Linux in schools until recently transitioning into corporate work by taking a job as Linux Engineer with Salesforce’s Marketing Cloud in Indianapolis. He got his first camera in first grade, and hasn’t stopped squeezing the shutter since.
Photography? From the command line? Absolutely! Linux gives you access to your camera hardware, and plenty of interesting tools for manipulating, working with, and combining images in interesting ways once they’re captured. We’ll explore a small sample of the tools and utilities available to you for the purpose of interacting with cameras and images without involving a graphical user interface.
Steve McMaster, Tom Kopchak, Ted Waddell
Steve McMaster is the director of security and compliance at Hurricane Labs. Throughout his 10 years at Hurricane, he’s spent time working on each of the technical teams, giving him a mix of experience in systems administration, penetration testing, Splunk management, and now security operations. Steve’s team at Hurricane Labs uses the malware lab for research into the latest malware threats, development of new security monitoring, and training of security analysts.
Tom Kopchak is the director of technical operations at Hurricane Labs. Tom has a Masters in Computing Security from the Rochester Institute of Technology, which prepared him for the technical aspects of firewall and network management at Hurricane Labs. Tom now leads the team responsible for providing Splunk management services to Hurricane Labs customers. His team uses the malware lab for training of Splunk administrators, testing of new Splunk features, and replication and troubleshooting of customer issues.
Ted Waddell is a security operations intern at Hurricane Labs. Ted works alongside the security analysts at Hurricane, helping to build out the tools and infrastructure the analysts use on a day-to-day basis. Ted is the primary administrator of the malware lab.
Building a Malware Analysis Lab With Open Source Software
Malware analysis is a key component of any security operations center in today’s world, and open source software is at the forefront of enabling these capabilities. At Hurricane Labs, we’ve combined our research, development, testing and training environments into a single, multi-purpose lab using a variety of open source tools (and yes, some closed source ones we couldn’t avoid, but we’ll tell you why). In this talk, we’ll explore our combination of Cuckoo malware sandbox, Squid, Snort/Suricata, ELK, pfSense, and some (yes open source) scripts we wrote ourselves, which provides this comprehensive lab environment, and discuss how to set up your own environment to learn with (and maybe even do some malware research, too).
Steve has been working for Red Hat since December 2015 and is deployed to client sites to accomplish projects related to OpenShift. He is known for being an honest, straight-forward person who doesn’t pull punches. He has some unique insights into Red Hat’s culture as seen through the eyes of someone who has not grown up with the company.
So What is It Like to Work at Red Hat Anyways?
I’ve been working at Red Hat since December 2015. I often get asked things like “How did you get into Red Hat” or “What were you doing before” or even “How can I work for a place like that?” I’m not a marketing person, nor am I in charge of recruiting, so in this talk we’ll go over some of the common questions I hear, attempt to cut through any of the marketing and self promotion, and if there is time, cover a bit of what it is like to work solely on client sites as an OpenShift Consultant. If you want to know my honest opinion about working at Red Hat, come on out! Ask questions and get involved in the conversation.
Stu is a software engineer at Red Hat, and has been a strong advocate of open source ever since he first started using Linux in the late 1990s. After leaving the Navy in 2005, Stu has been a software engineer focused in various areas including virtualization/containerization and package management.
KubeVirt, Virtual Machine Management Using Kubernetes
Kubernetes is a widely-used and extensible orchestration tool for containers. Containers and virtual machines both co-exist in the data centers of today, however there is not an open-source management solution encompassing both workloads, and this is beyond the scope of the core Kubernetes project.
The vision of the KubeVirt project is to manage virtual machines using Kubernetes as its infrastructure. Using a unified management approach simplifies deployments, allows for better resource utilization, and different workloads can be supported in an optimal way. We will cover how we are using the extensible nature of Kubernetes in a way that works well with its native patterns. This will include the current state of the project along with rationale on key decisions that led us to where we are. As with any evolving community project, there is more work to be done—we’ll spend some time discussing those gaps. This session will include a demonstration of how we currently accomplish virtual machine deployments and where we plan to go from here.
Rafeeq manages OLFI training sessions and is the career track chair of the Ohio LinuxFest and an active member of information risk management community. Rafeeq is based in Columbus and works as Executive Consulting Partner with Verizon global professional services.
New Jobs in AI Economy
Artificial Intelligence is an emerging field and is expected to eliminate many jobs across the globe. However, at the same time, it is also going to create new jobs that will require new skills and much high pay packages. This session is about some of these areas, skill sets required for these jobs, and how you can start building your career in this new area.
Terry is the release engineer for all motion control products at Kessler Crane, Inc. When he’s not hunting down developers for submitting buggy code, he teaches part time at IPFW where he tries to convince students that they’ll always be the life of the party if they embrace physics.
My Summer Science Project Powered by Raspberry Pi
This summer I decided to create a high temperature superconductor as a garage physics project. Creation of this superconductor requires careful control of the temperature during the heating process. This provided an excellent opportunity to dive into Raspberry Pi development. Come hear about the open source software tools used, and the many successes and failures along the way.
Wes Kennedy and Shiraz Lall
Wes Kennedy, a Systems Engineer for State and Local Education clients, has been at Nutanix since 2015. Previously, he spent 8 years as a Solution Engineer and Architect at Columbus firms, responsible for architecting applications and services for stability and scalability, plus administrated physical and virtual servers, DevOps, Custom monitoring solutions, dashboards across multiple Data and Call Centers. Wes, a former Nutanix customer, liked the technology so much, he joined the company because buying the company was out of the question.
Shiraz Lall, a Solution Architect has been at Nutanix since 2014 covering Commercial and Enterprise Accounts and witnessed the dramatic growth of the company. Seeking a better way to architect and manage IT infrastructure, Shiraz left his homeland in New York City to live in the Great State of Ohio. Prior to Nutanix, he spent +10 years as a Solution Architect and Sr. Systems Engineer at Parsons Brinckerhoff, a 15,000 employee company, where his responsibilities included IT plan, build and run functions covering the technology gamut from Virtualization to Servers & Storage to Backup & Recovery Plans to Data Center Engineering & Monitoring.
Open Source Solutions Stage: LINUX POWER!
Join us to hear about IBM® Hyperconverged Systems powered by Nutanix. These 1U and 2U POWER-based appliances are the only hyperconverged solution to combine unmatched performance with the one-click simplicity of the Nutanix Enterprise Cloud Platform software solution. Perfect for Scale-out Linux workloads like IBM WebSphere® Application Server (WAS), NGINX, IBM Big Insights/Hadoop, and NoSQL/open source databases (OSDB) like EDB Postgres & MongoDB.
In addition, Nutanix will highlight Acropolis Container Services (ACS) which provides enterprise-class persistent storage for containers, plus the ability to easily deploy and manage containerized applications on the Nutanix enterprise cloud platform. ACS makes containers a viable reality for enterprise applications.
Wesley is a System Administrator for Best Sanitizers. He is a Core Maintainer on the Praelatus project where he handles all of the needs for the project with System Administration and Ops. This includes running, securing, and maintaining the project’s email server.
Should You Run a Mail Server, and How?
The goal of this talk is to help decide if your project and business would benefit from having an in-house email server, focusing on the costs (monetary and otherwise) vs. the benefits and how to make that determination. The target audience of this talk is people with a project or business looking at how to structure communications. It will also be beneficial for those that want to set up their own email server for personal use. I will go over the different terms relating to email, the corresponding technology, and speak about the pain we felt setting up email for the Praelatus project. I will go over the basics of Postfix, Dovecot, Mailman, and Spamassassin configuration. I will also talk about encryption and how important it is to keep up with standards of an email server so that your server does not get labeled as spam. With all of this in mind, the focus of this talk is less technical and more about the why / when you should set up an email server.