LCA2016 Revisited - Copyleft For the Next Decade
Posted by Craige McWhirter on

Bradley Kuhn presented his thoughts on a comprehensive plan for the next decade of Copyleft.

  • Copyleft is a strategy to defend Free Software.
  • Gave an example of OpenStack as a project where proprietary updates are not being released back upstream.
  • Quoted Martin Fink from Hewlett Packard Enterprise as stating that we should start forking non-Copyleft projects as AGPL projects. Taunted HP by stating he looked forward to HP's AGPL fork of OpenStack. I could not find a reference for this quote but did find this strongly worded post: Change Your Default from Hewlett Packard Enterprise.
  • Proportionate reduction in Copyleft software the reason it's "not working".
  • Copyleft is complimentary not contradictory to other strategies.
  • Referred to his LCA2015 talk on attacks to Copyleft.
  • Rhetoric attacks replaced with co-option and astroturfing.

"If Copyleft is not enforced, there is no observable difference between Copyleft and non-Copyleft." -- Bradley Kuhn

  • Doesn't expect companies will ever do enforcement on behalf of the community.
  • Opposition's political strategy:
    • Convince developers that Copyleft is "old-hat" or harms adoption.
      • Fund them to write non-Copyleft code.
    • For projects that are Copyleft:
      • Don't let developers keep their own copyrights.
      • Don't enforce Copyleft on behalf of the community.
      • Vilify community enforcers
      • If enforcing, sell out for other goals ie: money
  • Spoke about some the issues around corporate lawyers.
  • Anti-Copyleft lawyers are amazing organised
  • Alleges there are secret meetings where they actively workshop anti-Copyleft strategies.
  • Provided two examples of this.

Always Have a Plan

  • Copyleft opponents are more savvy than they were previously.
  • Demand from your employers to own the copyrights on your work.
  • Copyleft is better enforced by multiple copyright holders.
  • Return to volunteer coding.
  • Write AGPL'd software , Free Software on your own time.
  • Be willing to fork non-Copyleft projects.
  • Listed examples of companies replacing Copyleft projects with their own.
  • Believes that the Linux kernel modules will be the next battle ground. Perhaps the definitive battleground.
  • More and more GPL violators are deliberately violating.
  • Their goal is to test and extend the limits of violation.
  • Enforcement is a zero sum game.
    • If Copyleft wins, software that should be free is liberated.
    • If they win, software that should be free remains proprietary.
  • Enforcement done for profit is a path to corruption.

How to Help

  • Developers join the enforcement coalitions
  • Financially support the Software Freedom Conservancy.
  • Complete Corresponding Source has to work.
  • Software Freedom is the underdog.
  • Called for a community of individuals to stand up for the GPL.
  • A community of cooperating individuals is our strength
  • Which is how Free Software started.
  • Conservancy can't act alone.

Software Freedom Conservancy

LCA2016 Revisited - Fuzz all the things
Posted by Craige McWhirter on

I actually saw this talk by Erik de Castro Lopo but didn't write about it as I arrived late and ended up sitting within arm's reach of the lectern... that and to be honest it's taken me this second viewing for it to sink in anyway.

With focus a on C / C++ Erik used his experiences with libsndfile and FLAC to provide examples of fuzzing.

The fuzzing technique provides:

  • A method to test a program with random input.
  • Provide a great leap forward in effectiveness.
  • Allows you to find bugs before they're reported.
  • Recommends AFL (American Fuzzy Lop)
  • Spends some time walking through how AFL works and how to use it.
  • Walked through sanitizers.
  • Provides a demo you can clone from git and use.
  • Covered the pro and cons rather extensively.
  • Took a walk through some SSH code as example of code not designed to be fuzzed and to underscore coding with fuzzing in mind from the start.
  • Provided a live demo and other cases.

An excellent talk, well worth watching if this is your field of endeavour.

LCA2016 Revisited - Using Linux features to make a hacker's life hard
Posted by Craige McWhirter on

This talk by Kayne Naughton was the most talked about talk that I did not see while at LCA2016 in Geelong, so naturally it's the first talk I've watched revisiting the conference.

The allotted 40 minutes was clearly not long enough for Kayne to delve into his obviously deep knowledge of security in general and specifically the Linux space.

What resulted was a faced passed, informative, insightful and humorous take on Linux security, how to do it properly and how to effectively deter most would be hackers.

There's some genuine laugh-out-loud moments and plenty of 'oh's as Kayne drops the penny for us more than once.

A great talk that lived up to it's at-conference reputation.

LCA By The Bay

Dipping My Toe Into Federated Social Media
Posted by Craige McWhirter on

I've started dipping my toe into federated social media. During LCA2016 I stood up an instance of GNUSocial. You can find it here as social.mcwhirter.io and if you're already in the federated social media universe, you can reach me as craige@social.mcwhirter.io.

GNUSocial

Machine Ethics and Emerging Technologies - Paul Fenwick - LCA2016
Posted by Craige McWhirter on

Paul Fenwick posed a journey of questioning what the future might look in 10,000 years time and is what we're doing today good for humanity.

  • More and more white collar jobs are being automated.
  • What are all these masses going to do with their leisure time?
  • More leisure time means more innovation.
  • Covered the benefits of drones.
  • Covered the dark side of drone use.
  • LARs (Lethal Autonomous Robots) are a significant issue.
    • Enables anonymous warfare
    • Long term target monitoring and execution
  • Can be used for long term environmental monitoring.

Another excellent, informative and entertaining talk by Paul.

Updated:

Added the talk below.

Paul Fenwick

The Machine - Keith Packard - LCA2016
Posted by Craige McWhirter on

Keith Packard

  • Switching from Processor centric computing to memory driven computing
  • Described how the memory fabric works.
  • Will be able to connect any computing node to the shared memory.
  • Illustrated node assembly.
  • Next prototype will interconnect 320 terrabytes of memory accessible storage.
  • Planning to build larger machines.
  • Putting in facilities to protect the hardware from a compromised operating system.
  • Showed how fabric attached memory connects.
  • Linux is being ported to the machine.
    • Linux with HPE changes.
    • All work is being open sourced.
  • Creating a new file system allocate mempry in 8G units.
    • Library File System (LFS)
  • Currently focussing on Librarian, machine-wide shared memory allocator.
  • Trying to provide a two level allocation scheme
  • POSIX API.
  • No sparse files.
  • Locking is not global.
  • Farbic attached memory is not cache coherent
  • Read errors are signalled synchronously.
  • Write errors are asynchronous and require a barrier.
  • Went through all the areas they're working on Free Software.

LCA by the Bay

LCA2016 Thursday Keynote - Jono Bacon
Posted by Craige McWhirter on

Jono Bacon spoke about how open communities are changing the world and how they may be improved in the future.

Community 1.0

  • Early Free Software communities were built from observing other groups around them and figuring things out as they went along.
  • Very high technical barrier of entry

Community 2.0

The Renaissance

  • Allowed broader participation, with Wikipedia as an example.
  • Knowledge had been built to allow people to start in the community from a common point
  • Self organising groups
  • Enabled greater diversity
  • Companies began engaging with communities.

What Does 3.0 Look Like?

  • How do we build effective reproducible communities?
    • Thoughtful and productive communities advance the human race,
  • Sharing the knowledge on how to build effective communities is going to be
  • Covered ubiquitous computing growth, 3D printing, Arduino etc
  • Crowd funding as one method of empowering consumers.
  • Not just consumption but empowering people to have better lives, key.
  • We need to empower diversity in all it's forms.
  • Openness is the greatest enabler.
  • The principles of openness are flowing through all forms of technology, life and work.
  • In a world worried about AI, we the people should be ensuring that it's open and taking control.

"Open Source is where society innovates" - Jono Bacon

  • We need to crack predictable collaboration. Making great great community leadership available everyone.
  • We can do better, we've only scratch the surface with our success thus far.

How do we do this?

  • For self respect we need to contribute. To contribute we need access.
  • Jono realised that his role as community manager was to help other contributors be as effective as possible with their time when they're contributing.
  • Discussed the difference between system 1 and system 2 thinking.
  • However behavioural economics is hard to apply in practice.
  • The principles can be pulled out and used though.
  • Discussed SCARF model of social threats and rewards.
  • From this model we can figure out how to put this into practice.
    • We accomplish goals indirectly. Gave Boeing as an example.
    • We influence behaviour with small actions. Recommended the book Lunch.
  • Build comprehensive rewarding experiences.
  • Need to make building a successfully structured community easy.
  • Described experiences from different stakeholder perspectives.
community_3.0 = {
    system 1 and 2 thinking +
    behavioural patterns +
    workflow +
    experiences +
    pacakaged guidance
}

The most important feeling we can create is a sense of belonging.

Jono Bacon

Introduction to monitoring with Prometheus - Jamie Wilkinson - LCA2016
Posted by Craige McWhirter on

Jamie Wilkinson gave on overview of the Prometheus monitoring tool, based on the Borgmon white paper released by Google.

  • Monitoring complexity was becoming expensive.
  • Borgmon inverted the monitoring process
    • Was heavily relied upon at Google.
  • Prometheus, Bosun, Riemann are stream based monitoring like Borgman.
  • Prometheus scrapes /varz
  • Sends alerts as key value pairs
  • Using shards for scaling.
  • Defines targets in a YAML file.
  • Data storage is in a global database in memory
  • Use "higher level abstractions to lower cost of maintenance
  • Use metrics, not checks
  • Design alerts based on service objectives.

Another brilliant monitoring talk from Jamie.

Prometheus

The future belongs to unikernels - Andrew Stuart - LCA2016
Posted by Craige McWhirter on

Andrew Stuart gave an overview of the current state of unikernels:

Overview

  • Unikernel zoo is increasing.
    • MirageOS is the most mature at present and requires code written in OCaml.
    • HalVM requires you code to be written in Haskell
    • Ling requires your code to be written in Erlang.
    • runtime.js some thing as the above but in JavaScript.
    • OSv is not language specific and very minimalist.
    • rump kernels is essentially a very stripped down version of NetBSD and will run some other unikernels.
  • Threading, not forking.
  • Might be a Linux based unikernel coming.

Unikernels and Security

  • Suggests machines with user sign-in capabilities will be come less come due to security risks.
  • Unikernels are not invulnerable.
  • MirageOS have a bitcoin pinata.

LCA by the Bay

Sentrifarm - open hardware telemetry system for Australian farming conditions - Andrew McDonnell - LCA2016
Posted by Craige McWhirter on

Andrew McDonnell created Sentrifarm in 2015.

Requirements

  • Low power
  • Distributed
  • Using radio for communication
  • Local storage
  • Cheap

Background

  • They entered Hackaday - actual entry page.
    • Wanted to learn new skills
    • Have fun
    • Experiment
    • Perhaps produce something useful
  • There were lots of discarded prototypes
  • So many cheap devices facilitating experimentation.
  • Radio links were not quite as open as he would have liked.
  • Used Lora based ISM-band radio
  • Learned how much easier it is to have PCBs fabricated these days.
  • Fabrication lead times can be about 6 months.

Open Hardware Components

  • 8 devices Carambola2 - Linux OpenWRT board

Firmware

  • platform.io
  • Replaces need for Arduino IDE
  • Open Source
  • IDE agnostic

MQTT for communication

  • Specifically MQTT-SN for low bandwidth
  • Packages
    • mosquitto
    • mqtt_sn_tools
    • arduino-mqtt-sn
  • Gateway runs OpenWRT

Andrew provided an overview of how the gateway processing model worked.

Backend

  • Ubuntu 14.04
  • Docker 1.8.3
  • Carbon + Whisper + Graphite
  • Grafana
  • Custom Python scripts
  • Millions of lines of code and Andrew only had to write 7.

  • 3D printed some components.

    • Made a custom holder for the PCB
  • Used OpenSCAD to design the component.
  • Made the antenna himself with plans off the Internet.
    • Got range up to 9km.

Andrew's project is an ingenious solution to a serious problem. I need one of these for myself!

Updated:

Added the talk itself below.

LCA by the Bay