Welcome to Simon’s Blog

This Blog is about a variety of topics that I’m interested in. My top posts are listed below. I also do regular posts on Audiobooks I’ve listened to and notes from conferences I attend.

The RSS for this site is here , you can subscribe to using a RSS reader such as NewsBlur

Transport in Auckland

Tech

Books and Movies

Misc

Share

Audiobooks – January, February 2026

The Man Who Knew the Way to the Moon by Todd Zwillich

The story of John C. Houbolt, a NASA engineer who pushed for Lunar Orbit Rendezvous for the Apollo program. Just 3 hours long but interesting. 3/5

Who Owns This Sentence: A History of Copyrights and Wrongs by David Bellos & Alexandre Montagu

A look at the almost random ways and reasons copyright has changed over the centuries usually as different groups lobbied governments. 3/5

The Six: The Untold Story of America’s First Women Astronauts by Loren Grush

A fairly balanced biography of the 6 astronauts. Covering before and during the Astronaut careers and to an extent afterwards. Worth a read for space fans. 4/5


My Audiobook Scoring System

  • 5/5 = Brilliant, top 5 book of the year
  • 4/5 = Above average, strongly recommend
  • 3/5 = Average. in the middle 70% of books I read
  • 2/5 = Disappointing
  • 1/5 = Did not like at all

Share

OzMoot 2026 – Day 2 – Afternoon

Celebrating Calligraphy by Jenni Aldred

Leaving Lórien by Stephen Vrettos

  • When the Fellowship leave Lorien the is a ceremony
  • Led by the 2 Highest authority people in the Realm
  • Purposes
    • A Farewell – G sings a song called “Farewell”
    • A Transition
  • Gifts
    • Since G has forsight she gives gifts that help their fate
    • Aragorn
      • Gets a Sheath for his sword
      • A Green Stone.
    • Boromir gets a golden belt
      • Gold is often seen to corrupt
    • Merry and Pippen
      • Gifts of a silver belt
    • Legolas gets a bow
      • Larger than those used in Mirkwood
      • Sign that the two elven kingdoms are closer
    • Sam gets box
      • Not practical for the journey ahead but useful for afterwards in the Shire
    • Gimli
      • Hair from G
      • Becomes close to elves and other Dwarves become closer to Elves
    • Frodo
      • The Phial of Galadriel
      • Echo of Eärendil quest
Share

OzMoot 2026 – Day 2 – Morning

Love and Power an Poetics of Tom Bombadil by Corey Olsen

  • Tolkien does modern poetry and traditional forms
  • Tom is heavily influenced by The Kalevala
    • Similar Meter
    • Similar Song Battles
  • TomB Original Poem
    • The History of TomB
    • A series of Hostile Encounters. Tom sitting beside river, attacked 4x times
    • First Goldberry
    • Old Man Willow
    • The Badgers
    • The Barrow-wight
    • Each encounter leds to a poetry-style sing off
    • The Turn and the Wedding with Goldberry
  • Intro to Bombadilish
    • First 4 lines of Tom
    • Is in Half line, each line has two halfs.
    • Basic Rhythm
      • English as a language naturally uses Iambic Rhythm
      • 2 beat.
      • Look at the 2 syllable words, stress on first sylable
      • Therefore Trokic
      • Spondee – Multiple stress after each other
      • Names always stressed
      • “lived down under hill” very stressed
      • Last 3 half lines very stressed-unstressed
  • 2nd 4 lines. Narrative Flow
    • Almost all just straight Trokic describing narrative flow
  • Next 4 lines – Attack from Goldberry
    • Last 2 lines broken up
    • Halting and has weakness
  • Tom’s response
    • He is giving a command.
    • Command is “Go down! Sleep again” – 3 beat spondee. That wins
  • Old Man Willow is Not a Tree
    • Old Man Willow is a man who lives in tree
    • or Rather a Wood-Spirit who lives in a Tree
    • This was still in early drafts of LOTR
  • Battles vs Old Man Willow
    • Willow starts strong
    • But Tom piles on stressed command words in reply
  • Tom goes a-Courting
    • Doesn’t to a three-beat spondee commanding Goldberry
    • Gentle wooing
  • The Wedding
    • 2-beat spondee at start of middle-4 lines talking about her wedding garments which Tom provided and gave to her
  • Happily Ever After
    • derry-dol and merry-dol are pet names for Goldberry
  • The Fellowship of the Ring
  • Initial lines – “Hey dol! merry dol! ring a dong dillo” and next 3
    • Is calling to Goldberry, saying almost home
  • New lines is even more directed to Goldberry
  • Except for the “Old Tom Bombadil water lilies bringing” and next line which is warning off Old Man Willow
  • Similar again next few lines, warning asides to Old Man Willow
  • The Hobbits run to him
    • “Whoa! Whoa! steady there” command and stopped Hobbits
  • Lots of Stressed line words
  • When arrives back in his house
    • Goldberry wearing Wedding gear, eating Wedding Feast
    • Constantly celebrating and recreating their courtship and marriage moment

The Hands of the King and the Royal Touch: Cutting Edge Research from The Gondor Journal of Medicine by Scott Kirton

  • In a 2nd hand bookstore found some copies of the Gondor Journal of Medicine
  • Aragorn’s healing power is what wins over the people. Not others things he does/is
  • The Royal Touch from kings, mainly to cure Scrofula
    • Scrofula. TB infection of Lymph nodes of the neck
    • Didn’t work directly, but would spontaneously would go away and Kings advisors picked patients who had good chance to cure
    • Legitimized the King’s Authority. Shows he was favored by God
    • Showed King was generous towards people
  • Decline due to skepticism and less claim of divine right of the kings
  • Hands of the King vs The Royal Touch
  • Analysis from the journal on how best to use the Limit resources of King to heal more people

Midsummer in Middle-Earth by Trudy Shannon

  • When is midsummer
  • Date various by different Legal, Astronomical and traditions
  • Strong Traditions in areas with long dark winters
  • Midsummer in the Shire
    • Lithe days built right into the Calendar
    • Fireworks from Gandalf
    • Bilbo leaves Rivendell on Midsummer
    • Free Fair on White Downs. Banquets
      • The Althing in Iceland was similar. Around 1000 people regularly attended
  • Midsummer in Numenor
    • 12 months or 30-31 days
    • Special day not attached to any month similar to Hobbit
    • King ascends sacred Mountain followed by crowd or many people. Only the King speaks
  • Midsummer Gondolin
    • The Gates of Summer . Refs the city’s 7 gates
    • No voice from midnight to the break of day. Dawn welcomed with voices
    • City is attacked on Midsummer
  • Croatia Celebrates the shortest Night and people stay awake all night
  • Midsummer forces Orcs, Wizards and Dwarves
    • Dwarves only sometimes celebrate it.
    • No info on Orcs, Wizards
  • Often times for Weddings

“Circle of Light” – A Faërie Rock Opera by Anna Grob

  • Music performance
  • She is doing a Rock Opera about the Fall of Gondolin and played some songs from it.
  • Some on Spotify
  • and Youtube

Share

OzMoot 2026 – Day 1

Celebrating Middle-Earth on the Table-Top: An exploration of the Middle-Earth Strategy Battle Game by Tim Wraight

  • History of the game
    • First Released in 2001
    • Skirmish orientated
    • Scenarios that called back to the Movies
    • New releases as later moves released
    • Very popular during the films and immediately after
    • Good license from Middle Earth Enterprise so extra supplements that just covered book stuff
    • More Releases as Hobbit movies came out
    • 2018 revived the game and re-released and renamed to Middle Earth Strategy Game
    • Various Releases since then
  • How to Play the game
    • Model, stuff in English
    • Heroes or Worriers
    • Heroes have special characteristics, special abilities etc
    • Turn based, roll priority, move phase ( approx 6 inches), shoot, fight phase, end phase
    • Games take between 1 hour and 1 day
  • How Tolkien and Imagination is Celebrated in the game
    • Narrative Scenarios reflects special moments from the books/films
    • Can do what-ifs like build your own “fantasy fellowship” instead of cannon 9
  • Most people play the Match play variant. 2 players each build an army worth same number of points. Takes about 2 hours
  • Lots of special rules for each Hero Character
  • People can do backgrounds for their army, special color schemes etc. Models from other vendors or 3d printed
  • People like making their own terrain.
  • Also they have display boards to display armies
  • 80 play tournaments in Aus, 160 player+ tournaments in UK

A Comparison of Duels: Tolkien’s Legendarium and the Middle Ages to Early Modern Period by Karolina Firman

  • Does the Legendarium actually have any duels?
  • Definition of a Duel
    • A pre-planned and stylized one-on-one armed fight between two participants in defense of your own or a loved ones honour
  • Other motivations
    • Legitimizing your own masculinity
    • Fights to prove your innocence
    • Demonstrating fencing skills
  • Possible Duels in LOTR
    • Gandalf vs Balrog
    • Eowyn vs the Witch King
    • Samwise fighting Shelob
    • Aragon vs Lurtz (movie only)
    • Boromir vs unnamed Orcs (book)
  • The ones that is closest to traditional definition is Eowyn vs Witch King and Sam vs Shelob.
    • Gandalf vs Balrog has less honour component
    • Aragon vs Lurtz
  • In speakers opinion none of them really qualify
  • Big discussion on what qualifies and what doesn’t

Finrod Felagund and Severus Snape as Saviour Heroes in the Context of Universal Plot Structures by Evelina Timofeeva

  • Both Characters are in love with a character that is far away
  • Both have vast life experience
  • Both perform heroic deeds because of a past performance
  • Both are distrusted by those around them
  • Both die for an apparently lessor character
  • Both a slain by magical creatures
  • I was having trouble keeping up
Share

Everything Open 2026 – Day 3 – Afternoon

Fixing a misconfigured Kubernetes Cluster by Rob Kenefeck

  • First big docker project was to separately build and test application, hardware and OS
  • First k8s job was focused on making tech work, not the security model around it
  • Still considers k8s in Australia to be fairly bleeding edge
  • OWASP Kubernetes Top 10
    • First released in 2022
    • New list version out soon
  • VMs vs Containers
    • People Treat Containers like they are VMs
    • Lots of things in Linux are not namespace in containers
      • Kernel Modules, /sys , /dev
    • Docker Damon will often run as root
    • Shared Kernel
  • Container Security: Opportunities
    • Hardened Kernels – GRSEC, PAX
    • Security Policies/Whitelisting – Seccomp, AppArmor, SELinux
  • Container Security
    • Drop to unprivileged user in Docker
    • Reduce Attack surface – Run from scratch, Multi-Stage container builds
    • Drop all capabilities, add back only what you need
    • Mount volumes with ro, noexec, nosuid, nodev
    • Software bill of materials
  • K02 – Insecure Workload config
    • Apps running as root
    • Ro filesystems
    • Privileged containers disallowed
    • Resource constraints enforced
  • K02 – Supply Chain Vulnerability
  • K03 – Overly Permissive RBAC
    • K8s Secrets are not secret.
    • Openbao is OS alternative to Hashicorp Vault
  • K04 – Policy Enforcement
    • Pod Security Standards via Admission Controller
    • Privileged, Baselines, Restricted
  • K05 – Logging
  • K06 – Broken Authentication
    • tokens left lying around
  • K07 – Network Segmentation
    • K8s networks are flat by default
  • K08: Secrets management
    • Secrets are Environment variables
    • Anyone who can query node or container/pod can see them.
  • K09 – Misconfiguration Cluster Components
    • Dashboards, MCP agents
  • K10 – Outdated and Vulnerable Components
  • Demo with Capture the Flag and vulnerable container

Everything Open Everywhere All At Once by Steven De Costa

  • “ChatGPT: Please create an interesting keynote about random philosophical concepts strung together in a vaguely meaningful way and themed around Chickens”

Lightning Talks

  • End Security by Obscurity
    • mygov code generator app
    • enrol + TOPT
    • is it secure? Is it spyware?
    • Only availbale via the app store
    • Made Freedom of Information in 2021 and gone through multiple appeals/reviews after being denied
    • Looking for money to appeal further
  • High Altitude Balloons and and ASN.1
    • Need a protocol with various requirements to help recovered balloon and get data from it.
    • Existing protocol not ideal
    • asn.1 old protocol that might be useful
  • What would it take to run everything Open in New Zealand
    • Running a conference is hard
    • Small team and Harder
    • Good idea?
    • What will this actually take
    • Contact Chelsea if interested.
  • Open source is not all you need to fight inshitification
    • No but other freedoms are needed
  • Brain Model in your Hand
    • I’m doing a talk in front of 300 people. My brain thinks I’m being chased by a Lion
  • Learn an Indigenous Language
  • How to Eat Fruit
  • Help is at Hand
    • Join a Union
  • My Community
  • Open Source Institute
  • My $50 question now costs a trip to fench
    • Pycon did battle decks
    • What is the most popular emoji on github?
    • Ran a big query on Bigquery
    • Grabbed the software heritage project
    • Lots of small files. Hard to query or mirror
    • 3 Petabytes. Too might to download
  • Solid Open Source Package
    • 6 talks about deplatforming and/or self hosting this week
    • SOLID is a decentralized Social data
Share

Everything Open 2026 – Day 3 – Morning

Open source can have friends everywhere by Emma Davidson

  • Large Business Benifit a lot from unpaid open source volenteers
  • But when they burn out unmaintained open source becomes a risk
  • 0.3% of the AUKUS Budget ($1b) would cover 15,000 Open Source software Internships
  • Lots of other stuff in talk but I didn’t really get good notes

Books-As-Code by Alec Clews

  • https://books-as-code.gitlab.io/
  • Main Book “Staying Safe Online” is targetted at Seniors so will be printed and sold in bookshops
  • Start writing your book. Don’t delay
  • Planning and High Level Design
    • Who are your readers?
    • What will you book teach them?
    • How are they going to buy your book?
  • The reader
    • Experience and background
    • Problems
    • How do they consume knowledge ( offline for older people, online for technical readers)
    • Where do they find your book
  • Plan the book content
    • List is ever evolving
    • Just a list of all the comment and topics
    • Ask AI to create a high level outline to get yourself starts rather than a blank page
    • Can use a mind-map to do outline
    • Elevator Pitch. Needed for traditional publisher. Useful for others
  • How Wlll you Write?
    • Capture notes and research
    • Formats to create
      • epub3 for ebooks
      • Prepress PDF for print
      • Display PDF for screen
      • HTML Online
    • Need a toolchain to create
  • Docs as Code
    • Lightweight Text Format – eg Markdown
    • Developer Style workflow
    • Automation
    • Simple Publication tools and platforms
    • This is not new. “The Unix Programming Environment” was done this way in 1984
  • What does Alex use
    • Asciidoctor – supports all the formats. Markdown is not enough
    • M4 pre-processor
    • sed, pandoc, ripgrep, sheel scripts
    • Gnu Make plus scripts
    • Graphics editors. Freeplane, GIMP
  • Writing Style
    • Follow best practices
    • Simple English. Use US English
    • Make content accessible. Alt text, good colours
  • Web vs Books
    • Web is non-linear. Books are not
    • Structure Book for easy-of-use and discovery
  • Create the Best Possible Book
    • You can’t see you own mistakes
  • QA Tools
    • Vale or TextLink style guide
    • Link Checks – lychee
    • epubcheck
    • Unit tests for code examples
    • Ai can review and suggest improvements in text. Gemini Write Extension
  • Human QA Resources
    • Beta Readers. Not all will do a good job. Social networks, local writers group
    • Find professional copy editor service. Will cost $$$
    • Get human editors to raise tickets
    • Update linter to spot previous problems
  • Publishing
    • Check the IP is all good
    • Copyright and License
    • ISBN
    • Legal Deposit
  • Traditional vs Self-publishing
    • Check exact what trad will do. Varies
    • Trans looks good on resume but might sell more
    • They will take more money, will own some rights
    • Never pay a trandional publish. Asking for money indicates a scam
  • Self Publishing
    • Responsibility for everything
    • You need all the skills
    • Keep more of the income
  • Typesetting
    • Consistent style
    • KDP is cheap for preview copies
  • Sales Tools
    • Need Book Description and Back Jacket Blurb. Hook Sentence, clear value proposition
    • Book Cover
      • Self-designed for free book
      • DesignDusk Premade for $200 odd
      • Bespoke is $700+. Consider ROI
    • Keywords and Categories. SEO
  • Kindle Direct Publish – KDP
    • Amazon’s Print on Demand
    • No Distribution to bookstores and libraries
    • Supports ebooks
    • No standard colour printing in Au Market
  • Print and Distribution
    • Looks at other books and genre and size sell for to decide price.
    • Looks at overheads and costs
    • See try.books.by and bookvault.app
    • Ingramspark as POD allows Retails Bookstores
  • Online Marketing and Newsletters
    • Better to create a Book Specific profile on Social media
    • Maybe create a seperate persona
    • Worth the work if you plan multiple books

So You’ve Decided to Build It Yourself by Leesa Ward

  • Definition for “from scratch”
    • WordPress Plugins
    • Anything from a small script to a full plugin or library
  • The Seven Sins
  • Envy
    • Want a feature yourself
    • Or you “assume” your clients really want a feature
    • Focus and what is important. Talk to the client. What is essential.
    • Build things as requested. Don’t spend time making something have options unless client asks for them. At least don’t too early
  • Lust
    • Allow buffer time to explore ideas
    • Or maybe create time outside the project
  • Greed
    • Maybe there are better uses for your time
    • Try create something bit-by-bit rather than a long term project that doesn’t deliver till the end
    • Develop common patterns and conventions
  • Gluttony
    • Sometimes you have to say no
    • Make sure reusable. Automate things. Create change logs and release numbers
  • Sloth
    • Just build the MVP
    • Shipping something that is messy but “just works”
    • Create automation and doc manual steps so you can sorta work with it next time you see it.
    • At least have a decent README file
    • Future is going to forget why you have done something this weird way and if you document it you’ll learn it again the hard way
  • Wrath
    • Frustrated Developers. Was harder than we expected. Other delays. AI gets stuck
    • Add buffer time. Get better at predicting timeline. Communicate well with clients. Don’t rely too much on AI
  • Pride
    • Assuming your way is the best way. Doesn’t document.
    • It’s not about the code it is about solving problems
    • Accept that sometimes things are the way it is. Work with what the company uses and knows
    • Don’t get stuck with sunk-cost if you have gone the wrong way
  • Takeaways
    • Be Proactive in communication
    • Document everything
    • First milestone should be an extensible MVP. Start small but build to grow and build to last
    • Treat all {non personal) projects as those other devs will be using and working on them
  • github.com/doubleedesign
Share

Everything Open 2026 – Day 2 – Afternoon

My degoogled life by Joshua Hesketh

  • Part personal journey, part reflection, part advice
  • Why?
    • Applies to any SaaS software where you are giving up data
    • If you are not paying for it you are the product
    • Different threat levels for different people
    • Privacy vs Secrecy
    • Situations can change. You share information now with a good company but their policy could change, they could have leaks or the law could change
  • Almost impossible to completely cut yourself off from Google
  • Tradeoffs
    • Self hosted software is often worse than the SaaS equivs
    • A lot more effort
    • SaaS services have full time staff looking after it, patching it etc
    • SaaS services are bigger targets than the personal setup
  • GraphereOS replacing Android
    • Ironically available mostly for Pixels
    • Many Apps worked via the website, just bookmark
    • Installed some Apps from Apps Store.
  • Youtube
    • Subscribe to channels via RSS
    • Watch in incognito and regularly close and reopen window
    • Few recommendations “Fantastic if you want to avoid doomscrooling”
  • Email Hosting
    • Have important stuff going to a SaaS provider email
    • Switched everything to a provider (fastmail)
Share

Everything Open 2026 – Day 2 – Morning

Peak Text: AI and the Golden Age of Libraries and Archives by Keir Winesmith

  • Finished “EGOT of GLAMs” with latest job
  • Mapping Brisbane
    • 1957 Tram network: based on older tracks, evolved into suburbs. River is fixed
    • Averaged with AI = River + Tramlines
  • Maps of Queensland
    • Merged many maps of Queensland with Model that knows birds.
  • NFSA (National Film and Sound Archive), Machine Learning and AI
    • Pilot to have AI transcribe etc material in the archive
    • Internal Transparency
  • Principals of NFSA AI project
    • Maintain Trust – Train only on stuff they have copyright
    • Build effectively and Transparently
    • Create Public Value
  • AI = Archival Intelligence
    • or maybe “Average Inputs”
  • Stereograms created by AI
    • Defaults to the small subset that is online
    • Previously was 1900 colonial pictures
    • Now still colonial but Google products a Sanfran street scene
  • The perfect Training Data is what archives have been putting out for years with lots of metadata
  • OpenAi Whisper trained on lots of youtube videos it turns mumbles into “Like and subscribe” and music fade outs turn into “Than you for watching”
  • The new golden age
    • Previous Golden Age was films explosion between the wars
    • 1980s and 1990s of Video games
  • Australian stories are no longer being made on celleloid and now being on social media
  • Thinks as boomers die off Facebook is dying off.
    • Other platforms my die in the next few years
    • New sites just algorithmically created content, not stuff shared by friends etc
  • What does NFSA do in response to how things change
  • Ability to search transcripts mean they can find people taking about something or someone, not just titles
  • Mass Transcript + Graph. References to cultural things like movies, quotes in unrelated documents.
  • Transcribed 18.7 years of content
  • Hope to open up more later in 2026
  • But don’t forget openness got us in this mess in the first place
    • Need to think before publishing stuff, since now it will be ingested by everyone

The Evolution of the OCI Artifact Revolution by Andrew Block

  • Modern Eras of Computing
  • What technologies came out of the cloud native era – Containers
  • The power of containers
    • Resource Management
    • Consistency
    • Speed
  • The Container format wars – docker vs rkt
    • Docker Ecosystem tied closely to Docker Inc
  • The Open Container Initiative
    • Image Spec, Runtime Spec, Distribution Spec
    • “Containers are just fancy files and fancy processes”
  • Image Manifest
    • Just a json file
    • Media Type header will come up later
  • Expanding beyond Container images
    • OCI can store Artifacts which are content types other than container images
    • Registry must explicitly support it (most of them do now)
  • New stuff you can store
    • Signature
    • Software packages ( .jar, rpm )
  • OCI Image and Distribution Spec 1.1
    • Released 2024
    • artifactType or mediaType
    • Can refer to other artifacts (ie signature for container) and API supports both directions to discover
  • Benefits of OCI Artifacts
    • Standard
    • Centralised Management
    • Reuse existing tools
    • Evolve existing practices
  • What Projects use it
    • Helm and Homebrew both use it.
    • Notary, Sigstore, etc use it to store signations etc of other Containers
    • Argo CD and Flux CD store manifests within OCI artifacts. Easier to give prod servers access to OCI registry rather than git repo
    • Kubernetes OCI Image Volume – Not exactly a OCI Artifact
  • Tooling
    • skopeo and crane let us inspect OCI metadata
    • ORAS – Create and manipulate OCI artifacts
    • The Evolution of the OCI Artifact Revolution by Andrew Block
  • AI
    • Currently uses git, hugging face, Object Storage to store stuff
    • Challenges. Several types of content, lack of standards ways to store and use
    • ModelPack is potential standard solution
    • Leverages stuff already in OCI
  • Demo with helm (using report software called “zot”)
    • Can push chart to oci: url
  • ORAS
    • ORAS can push a simple artifact . Even a simple plain text file

README: The Developer’s forgotten love letter by Swapnil Ogale

  • Technical Writer at AWS
  • “Customers will jump straight to the README, not to your comprehensive docs” – A Senior Developer
  • Story about how a powerful tool with no documentation doesn’t get any traction. A better documented tool that is less powerful gets more traction.
  • It is the first impression of your product. Sometimes the only impression
  • Anatomy of a good README
    • The Hook
    • Getting Started
    • Examples
    • Beyond the Basics
    • Building Trust
  • The Hook
    • Start with user’s pain point, not your technical achievement
    • Problem Solver not Technical Jargon
  • Getting Started
    • What do I install, what version, command that wroks, One good example, where to get help
  • Beyond the Basics
    • Full Docs, How to contribute
  • Building Trust
    • License information
    • Maybe Contributor list
  • Readme driven development
    • Design for users first
    • Think like a user
  • The User Journey
    • What is this?
    • Will it solve my problem?
    • Can I try it easily?
    • What if I get stuck?
  • The first 30 seconds
    • What makes them stay
    • Clear problem statement
    • Easy setup instructions
    • One problem example
  • What works for users?
    • Write like explaining to a friend
    • Use Screenshots and gifs when helpful
    • Break up walls of text
    • Test on fresh machine
    • update when things change
  • What frustrates users – anti-patterns
    • “It is easy, just”
    • Assuming I know the jargon
    • “See the source for details”
    • Installation steps that don’t work
    • No examples
  • Some Templates and Tools
  • AI Tools
    • Loses personality
    • Make sure it has examples
    • Has example AI prompt and wrapper script that we will share
  • Key Takeaways
    • Users are not lazy, they’re busy solving problems
    • “Obvious” is not obvious to them
    • Examples > Explanations
    • Test instructions ohttp://joinbookwyrm.com/n real users
    • README Maintenance is feature work
Share

Everything Open 2026 – Day 1 – Afternoon

The unreasonable cost of open source contribution by Rob Norris

  • Slides: https://despairlabs.com/presentations/open-source-cost/
  • Link to Chris Neugebauer’s Monktoberfest talk in 2024
  • The xkcd diagram is about projects and their funding. Not so much about the people and what they need
  • People talk about: Projects, Foundation, Company, Government, Charity or non profit, Grants
    • The above are not people
    • Who is the “Random person in Nebraska” and what are their wants and needs?
  • I can tell you about my story
    • 30 years of “non-mainstream” computing
    • 20+ years as sysadmin, programmer, etc
    • Overview of family situation. Partner and semi-adult children. 5 people total.
  • Monthly Expanses. All in $AU
    • Rent $2400/month
    • Groceries $2500
    • Utilities $850
    • 2x cars $3100
    • Heath: $2800
    • Total $12,000/month average in 2025
  • Income
    • $14,500 /month
    • Enough to cover month to month but not to to large items
    • $22k/month before Tax
  • This is a lot more than Patreon or similar will support for just about anyone.
  • Set up as a business
    • Set up a business
    • Invoicing
      • Local and International requirements
    • Tax of various types
    • Things a normal person doesn’t have to think about like Insurance, Office Space, Loans, Equipment
    • Contracts. Agreements, IP, Disputes
    • Charging for hours
  • Customers
    • Go off your profile/reputation
    • Grant applications, advertising?
    • Customer relationship management
  • What have we learned
    • Lot of software out there doing critical things
    • It needs to be maintained
    • We don’t value maintenance work
    • We have set up maintainers to fail.
  • “I’m not taking any questions, cause I don’t have any answers”

Roll for initiative: The battle against the beast of AI Slop by J Rosenbaum

  • How to recognise AI Images
    • Zoom in and look for details between elements, especially in the background
    • For video look at it frame by frame, doesn’t stuff jump around
    • Look at facts presented, google the name.
    • Look up the place or objects in it. Do they look like real versions?
  • AI Text
    • Hidden Unicode
    • Weird case, Bold, lists
    • Messed up facts.
    • Lack of an opinion
  • Music
    • Wobble in sustained notes
    • Safe, Homogeneous
  • Protecting yourself against AI slop
    • Duck Duck Go
    • Swearing and -Noai in google doesn’t work anymore
    • Don’t interact with it
    • Tell people who are sharing it
  • Running locally
  • Find Ethical tools. eg “Fairly Trained” , “Mitsua”
  • Protecting your Work
    • Tarpits
    • Glaze, Mist, protects your style from being trained
    • NSFW brushes
    • opt-out
  • People have been hired to tidy up Ai-generated content and make it look less sloppy.

Is it even worthwhile to self-host these days? by Steven Ellis

  • User Personas
    • FAF “Family Acceptance Factor”
      • Some of them have no technical skills
      • Some of them use phones, windows, android, etc
      • Some use facebook for phones, some use instgram
  • How: The Dream vs reality
    • Start with an old laptop maybe
    • Network is critical. Start Clean
  • Focus Technologies vs the nice to haves
  • Why?
    • Cost? – Often a fallacy
    • Security / Privacy – What do I want to share?
    • The Hoster can be compelled to turn data off by government?
    • Maybe beteer buying a service that we trust rather than trying to run ourselves
  • Domain
    • Don’t host your own domain
    • Don’t buy too many domains
    • Small biz should own their own domain
    • Big companies should own all the domains and variations
  • Email
    • Use your domain
    • Have a backup for things like the email bill
    • Self host – Stalwart , Docker Mailserver / Mailcow
  • Family Mail / Small Business
    • Do they need all the features?
    • But need to support multiple devices
    • Hard to scale small to very large business
    • Doesn’t you family need exchange features?
  • Photos
    • Lots of self-hosting options
    • Immich, Photoprism, Pcgallery, Powigo, NextCloud
    • Default Providers
    • Hosting Service
    • Gallery/ Sharing
    • Backups
    • Google One Account
      • Which has local NAS backup
      • and more backups
    • Sync out of Google is getting harder
  • Media
    • 1000s of DVDS, Critical Documents
    • Family videos
    • Accessing the Media
    • Stephen’s approach
      • TrueNas
      • unraid, proxmox, openmedia vault
      • containers for most services
      • Regular offsite backups
  • Iot
    • Matter seems to be the platform of the future
    • Use the Tuya App
    • Alternative Firmwares – ESPHome,
    • IOT vlan so can’t see home network
  • AI
    • Sucks down Power and high spec HW. $$$
    • Self Host home automation, private voice service
    • Can work with older GPUs . Integrated GPU in chips can do enough
  • Self hosting Journey
    • Almost everything in containers
    • Efficient Power supply unit is worth it.
    • Fresh tomato – Firewall on Netgear R7000
    • GigE is probably fast enough
  • Take Aways
    • Not everything scales up or down
    • Automate everything
    • FAF is critical
      • Can your partner / kids / parents use it?
      • Appliance / Containers are very effective
    • Backup everything, regularly
    • Do you want to Provide 24×7 support for the whole family
  • Make sure you document everything?
    • Have an offline copy
  • Hardware redundancy?
    • None but bought better hardware
    • Backups and procedure to recover quickly
  • Network over Power
    • Can sometimes work but try all other options first
Share

Everything Open 2026 – Day 1 – Morning

Breaking to Build: What Security Teaches Us About Openness by Kylie McDevitt

  • Works in Security. Founder of company called Infosec
  • Vulnerability research, Linux devices, Organising various Security events and Confs
  • Why Breaking things matter
    • You can only improve what you can say, security and openness both rely on clarity
  • IoT Code of Practice – 13 Principles, released 2020
  • Code of Practice Project
    • Test approx 50 consumer IoT devices
    • Goal: Practical evidence-based vendor advice
    • Focus common patterns, not single vendor
    • Cameras, doorbells, tops, smart speakers, home automation devices
  • Testing Methodology
    • DUT = Device under test
    • Dynamic analysis of DUT. How it boots, what it seems to do, contact, etc
    • Firmware acquisition
    • Dynamic and static analysis of Firmware
    • Triage results, Look for interesting results to follow further
    • Create exploit to “prove harm”
  • Dynamic Analysis
    • Look at network traffic. websites it connects to. s3 buckets
    • Port scans (may change at different stages)
    • Obtain console access
    • http MITM if poss
  • Firmware acquisition
    • Meta: Had some computer problems here. Unable to record notes
  • Assumptions that break everything
    • Trusted Firmware Sources
    • Local-Only Interfaces
    • One-way trust relationships
    • Hidden features never removed from production
  • What Breaking Teaches Us
    • Patterns show where to focus
    • Fragile assumptions are the real threat
    • Feedback loops make Systems Stronger
      • Clear, constructive guidance for vendors
  • Openness
    • Sharing, Reproducible results, Community standards, Public Education – all feed off each other
    • Intersect Government, Community and Industry
  • Looking Forward
    • Systems are getting more complex going forward
    • More attack surfaces
    • More reliance on shared codebases ( frameworks, open source, vendor common code )
    • Great need for open collaborative defence
  • How we keep improving
    • Keep breaking things – systematically and legally
    • Keep sharing what we have learned
    • Keep building community capacity
    • Keep helping each other succeed
  • “Breaking is the first Step, Understanding is the second, Sharing is what makes the ecosystem stronger”

Encouraging democratic participation with software by Vanessa Teague

  • Slides downloadable
  • Democracy Developers – https://www.democracydevelopers.org.au/
    • Build software that supports democracy
    • Australian based but works worldwide
  • What projects can we do we’d be proud of?
    • Get people of social media and engaging more effectively
    • Inoculate people against misinformation
    • A politician asks a question prompted by a user of our software
  • Projects they have tried
  • Ask Parliament
    • List of questions for MPs or that MPs could ask at committees
    • People could up-vote or down-vote. Show which questions were popular (and media etc could pick up)
    • Never really took off. On the backburner
  • Age Verification Feedback Form that messaged Politicians
    • https://ageofreason.democracydevelopers.org.au/
    • Whole bill was rushed so not really time for it to get live
    • Working to expand it more generally
    • Has a better system to find representatives based on address compared to official site
    • Q: Is this too late in the process to influence actual changes?
  • Explain That Election
    • Note quite live
  • Where did my STV vote go?
    • https://vote.andrewconway.org/
    • Data only available in some areas/elections
    • You put in a sample vote ordering and you can see how that vote was shuffled in that election though the various rounds.

Neighbourhood-First Software: How we roll-out the open web without expecting everyone to self-host by Jade Ambrose

Share