Author: simon

Open source can have friends everywhere by Emma Davidson

• Large Business Benifit a lot from unpaid open source volenteers
• But when they burn out unmaintained open source becomes a risk
• 0.3% of the AUKUS Budget ($1b) would cover 15,000 Open Source software Internships
• Lots of other stuff in talk but I didn’t really get good notes

Books-As-Code by Alec Clews

• https://books-as-code.gitlab.io/
• Main Book “Staying Safe Online” is targetted at Seniors so will be printed and sold in bookshops
• Start writing your book. Don’t delay
• Planning and High Level Design
  • Who are your readers?
  • What will you book teach them?
  • How are they going to buy your book?
• The reader
  • Experience and background
  • Problems
  • How do they consume knowledge ( offline for older people, online for technical readers)
  • Where do they find your book
• Plan the book content
  • List is ever evolving
  • Just a list of all the comment and topics
  • Ask AI to create a high level outline to get yourself starts rather than a blank page
  • Can use a mind-map to do outline
  • Elevator Pitch. Needed for traditional publisher. Useful for others
• How Wlll you Write?
  • Capture notes and research
  • Formats to create
    • epub3 for ebooks
    • Prepress PDF for print
    • Display PDF for screen
    • HTML Online
  • Need a toolchain to create
• Docs as Code
  • Lightweight Text Format – eg Markdown
  • Developer Style workflow
  • Automation
  • Simple Publication tools and platforms
  • This is not new. “The Unix Programming Environment” was done this way in 1984
• What does Alex use
  • Asciidoctor – supports all the formats. Markdown is not enough
  • M4 pre-processor
  • sed, pandoc, ripgrep, sheel scripts
  • Gnu Make plus scripts
  • Graphics editors. Freeplane, GIMP
• Writing Style
  • Follow best practices
  • Simple English. Use US English
  • Make content accessible. Alt text, good colours
• Web vs Books
  • Web is non-linear. Books are not
  • Structure Book for easy-of-use and discovery
• Create the Best Possible Book
  • You can’t see you own mistakes
• QA Tools
  • Vale or TextLink style guide
  • Link Checks – lychee
  • epubcheck
  • Unit tests for code examples
  • Ai can review and suggest improvements in text. Gemini Write Extension
• Human QA Resources
  • Beta Readers. Not all will do a good job. Social networks, local writers group
  • Find professional copy editor service. Will cost $$$
  • Get human editors to raise tickets
  • Update linter to spot previous problems
• Publishing
  • Check the IP is all good
  • Copyright and License
  • ISBN
  • Legal Deposit
• Traditional vs Self-publishing
  • Check exact what trad will do. Varies
  • Trans looks good on resume but might sell more
  • They will take more money, will own some rights
  • Never pay a trandional publish. Asking for money indicates a scam
• Self Publishing
  • Responsibility for everything
  • You need all the skills
  • Keep more of the income
• Typesetting
  • Consistent style
  • KDP is cheap for preview copies
• Sales Tools
  • Need Book Description and Back Jacket Blurb. Hook Sentence, clear value proposition
  • Book Cover
    • Self-designed for free book
    • DesignDusk Premade for $200 odd
    • Bespoke is $700+. Consider ROI
  • Keywords and Categories. SEO
• Kindle Direct Publish – KDP
  • Amazon’s Print on Demand
  • No Distribution to bookstores and libraries
  • Supports ebooks
  • No standard colour printing in Au Market
• Print and Distribution
  • Looks at other books and genre and size sell for to decide price.
  • Looks at overheads and costs
  • See try.books.by and bookvault.app
  • Ingramspark as POD allows Retails Bookstores
• Online Marketing and Newsletters
  • Better to create a Book Specific profile on Social media
  • Maybe create a seperate persona
  • Worth the work if you plan multiple books

So You’ve Decided to Build It Yourself by Leesa Ward

• Definition for “from scratch”
  • WordPress Plugins
  • Anything from a small script to a full plugin or library
• The Seven Sins
• Envy
  • Want a feature yourself
  • Or you “assume” your clients really want a feature
  • Focus and what is important. Talk to the client. What is essential.
  • Build things as requested. Don’t spend time making something have options unless client asks for them. At least don’t too early
• Lust
  • Allow buffer time to explore ideas
  • Or maybe create time outside the project
• Greed
  • Maybe there are better uses for your time
  • Try create something bit-by-bit rather than a long term project that doesn’t deliver till the end
  • Develop common patterns and conventions
• Gluttony
  • Sometimes you have to say no
  • Make sure reusable. Automate things. Create change logs and release numbers
• Sloth
  • Just build the MVP
  • Shipping something that is messy but “just works”
  • Create automation and doc manual steps so you can sorta work with it next time you see it.
  • At least have a decent README file
  • Future is going to forget why you have done something this weird way and if you document it you’ll learn it again the hard way
• Wrath
  • Frustrated Developers. Was harder than we expected. Other delays. AI gets stuck
  • Add buffer time. Get better at predicting timeline. Communicate well with clients. Don’t rely too much on AI
• Pride
  • Assuming your way is the best way. Doesn’t document.
  • It’s not about the code it is about solving problems
  • Accept that sometimes things are the way it is. Work with what the company uses and knows
  • Don’t get stuck with sunk-cost if you have gone the wrong way
• Takeaways
  • Be Proactive in communication
  • Document everything
  • First milestone should be an extensible MVP. Start small but build to grow and build to last
  • Treat all {non personal) projects as those other devs will be using and working on them
• github.com/doubleedesign

My degoogled life by Joshua Hesketh

• Part personal journey, part reflection, part advice
• Why?
  • Applies to any SaaS software where you are giving up data
  • If you are not paying for it you are the product
  • Different threat levels for different people
  • Privacy vs Secrecy
  • Situations can change. You share information now with a good company but their policy could change, they could have leaks or the law could change
• Almost impossible to completely cut yourself off from Google
• Tradeoffs
  • Self hosted software is often worse than the SaaS equivs
  • A lot more effort
  • SaaS services have full time staff looking after it, patching it etc
  • SaaS services are bigger targets than the personal setup
• GraphereOS replacing Android
  • Ironically available mostly for Pixels
  • Many Apps worked via the website, just bookmark
  • Installed some Apps from Apps Store.
• Youtube
  • Subscribe to channels via RSS
  • Watch in incognito and regularly close and reopen window
  • Few recommendations “Fantastic if you want to avoid doomscrooling”
• Email Hosting
  • Have important stuff going to a SaaS provider email
  • Switched everything to a provider (fastmail)

Peak Text: AI and the Golden Age of Libraries and Archives by Keir Winesmith

• Finished “EGOT of GLAMs” with latest job
• Mapping Brisbane
  • 1957 Tram network: based on older tracks, evolved into suburbs. River is fixed
  • Averaged with AI = River + Tramlines
• Maps of Queensland
  • Merged many maps of Queensland with Model that knows birds.
• NFSA (National Film and Sound Archive), Machine Learning and AI
  • Pilot to have AI transcribe etc material in the archive
  • Internal Transparency
• Principals of NFSA AI project
  • Maintain Trust – Train only on stuff they have copyright
  • Build effectively and Transparently
  • Create Public Value
• AI = Archival Intelligence
  • or maybe “Average Inputs”
• Stereograms created by AI
  • Defaults to the small subset that is online
  • Previously was 1900 colonial pictures
  • Now still colonial but Google products a Sanfran street scene
• The perfect Training Data is what archives have been putting out for years with lots of metadata
• OpenAi Whisper trained on lots of youtube videos it turns mumbles into “Like and subscribe” and music fade outs turn into “Than you for watching”
• The new golden age
  • Previous Golden Age was films explosion between the wars
  • 1980s and 1990s of Video games
• Australian stories are no longer being made on celleloid and now being on social media
• Thinks as boomers die off Facebook is dying off.
  • Other platforms my die in the next few years
  • New sites just algorithmically created content, not stuff shared by friends etc
• What does NFSA do in response to how things change
• Ability to search transcripts mean they can find people taking about something or someone, not just titles
• Mass Transcript + Graph. References to cultural things like movies, quotes in unrelated documents.
• Transcribed 18.7 years of content
• Hope to open up more later in 2026
• But don’t forget openness got us in this mess in the first place
  • Need to think before publishing stuff, since now it will be ingested by everyone

The Evolution of the OCI Artifact Revolution by Andrew Block

• Modern Eras of Computing
• What technologies came out of the cloud native era – Containers
• The power of containers
  • Resource Management
  • Consistency
  • Speed
• The Container format wars – docker vs rkt
  • Docker Ecosystem tied closely to Docker Inc
• The Open Container Initiative
  • Image Spec, Runtime Spec, Distribution Spec
  • “Containers are just fancy files and fancy processes”
• Image Manifest
  • Just a json file
  • Media Type header will come up later
• Expanding beyond Container images
  • OCI can store Artifacts which are content types other than container images
  • Registry must explicitly support it (most of them do now)
• New stuff you can store
  • Signature
  • Software packages ( .jar, rpm )
• OCI Image and Distribution Spec 1.1
  • Released 2024
  • artifactType or mediaType
  • Can refer to other artifacts (ie signature for container) and API supports both directions to discover
• Benefits of OCI Artifacts
  • Standard
  • Centralised Management
  • Reuse existing tools
  • Evolve existing practices
• What Projects use it
  • Helm and Homebrew both use it.
  • Notary, Sigstore, etc use it to store signations etc of other Containers
  • Argo CD and Flux CD store manifests within OCI artifacts. Easier to give prod servers access to OCI registry rather than git repo
  • Kubernetes OCI Image Volume – Not exactly a OCI Artifact
• Tooling
  • skopeo and crane let us inspect OCI metadata
  • ORAS – Create and manipulate OCI artifacts
  • The Evolution of the OCI Artifact Revolution by Andrew Block
• AI
  • Currently uses git, hugging face, Object Storage to store stuff
  • Challenges. Several types of content, lack of standards ways to store and use
  • ModelPack is potential standard solution
  • Leverages stuff already in OCI
• Demo with helm (using report software called “zot”)
  • Can push chart to oci: url
• ORAS
  • ORAS can push a simple artifact . Even a simple plain text file

README: The Developer’s forgotten love letter by Swapnil Ogale

• Technical Writer at AWS
• “Customers will jump straight to the README, not to your comprehensive docs” – A Senior Developer
• Story about how a powerful tool with no documentation doesn’t get any traction. A better documented tool that is less powerful gets more traction.
• It is the first impression of your product. Sometimes the only impression
• Anatomy of a good README
  • The Hook
  • Getting Started
  • Examples
  • Beyond the Basics
  • Building Trust
• The Hook
  • Start with user’s pain point, not your technical achievement
  • Problem Solver not Technical Jargon
• Getting Started
  • What do I install, what version, command that wroks, One good example, where to get help
• Beyond the Basics
  • Full Docs, How to contribute
• Building Trust
  • License information
  • Maybe Contributor list
• Readme driven development
  • Design for users first
  • Think like a user
• The User Journey
  • What is this?
  • Will it solve my problem?
  • Can I try it easily?
  • What if I get stuck?
• The first 30 seconds
  • What makes them stay
  • Clear problem statement
  • Easy setup instructions
  • One problem example
• What works for users?
  • Write like explaining to a friend
  • Use Screenshots and gifs when helpful
  • Break up walls of text
  • Test on fresh machine
  • update when things change
• What frustrates users – anti-patterns
  • “It is easy, just”
  • Assuming I know the jargon
  • “See the source for details”
  • Installation steps that don’t work
  • No examples
• Some Templates and Tools
  • https://www.thegooddocsproject.dev/template/readme
  • https://github.com/matiassingers/awesome-readme
  • https://www.writethedocs.org/topics/#readmes
• AI Tools
  • Loses personality
  • Make sure it has examples
  • Has example AI prompt and wrapper script that we will share
• Key Takeaways
  • Users are not lazy, they’re busy solving problems
  • “Obvious” is not obvious to them
  • Examples > Explanations
  • Test instructions ohttp://joinbookwyrm.com/n real users
  • README Maintenance is feature work

The unreasonable cost of open source contribution by Rob Norris

• Slides: https://despairlabs.com/presentations/open-source-cost/
• Link to Chris Neugebauer’s Monktoberfest talk in 2024
  • XZ attack: Maintainer burnout as a weapon
  • https://www.youtube.com/watch?v=bf_6EVTlZOY
• The xkcd diagram is about projects and their funding. Not so much about the people and what they need
• People talk about: Projects, Foundation, Company, Government, Charity or non profit, Grants
  • The above are not people
  • Who is the “Random person in Nebraska” and what are their wants and needs?
• I can tell you about my story
  • 30 years of “non-mainstream” computing
  • 20+ years as sysadmin, programmer, etc
  • Overview of family situation. Partner and semi-adult children. 5 people total.
• Monthly Expanses. All in $AU
  • Rent $2400/month
  • Groceries $2500
  • Utilities $850
  • 2x cars $3100
  • Heath: $2800
  • Total $12,000/month average in 2025
• Income
  • $14,500 /month
  • Enough to cover month to month but not to to large items
  • $22k/month before Tax
• This is a lot more than Patreon or similar will support for just about anyone.
• Set up as a business
  • Set up a business
  • Invoicing
    • Local and International requirements
  • Tax of various types
  • Things a normal person doesn’t have to think about like Insurance, Office Space, Loans, Equipment
  • Contracts. Agreements, IP, Disputes
  • Charging for hours
• Customers
  • Go off your profile/reputation
  • Grant applications, advertising?
  • Customer relationship management
• What have we learned
  • Lot of software out there doing critical things
  • It needs to be maintained
  • We don’t value maintenance work
  • We have set up maintainers to fail.
• “I’m not taking any questions, cause I don’t have any answers”

Roll for initiative: The battle against the beast of AI Slop by J Rosenbaum

• How to recognise AI Images
  • Zoom in and look for details between elements, especially in the background
  • For video look at it frame by frame, doesn’t stuff jump around
  • Look at facts presented, google the name.
  • Look up the place or objects in it. Do they look like real versions?
• AI Text
  • Hidden Unicode
  • Weird case, Bold, lists
  • Messed up facts.
  • Lack of an opinion
• Music
  • Wobble in sustained notes
  • Safe, Homogeneous
• Protecting yourself against AI slop
  • Duck Duck Go
  • Swearing and -Noai in google doesn’t work anymore
  • Don’t interact with it
  • Tell people who are sharing it
• Running locally
• Find Ethical tools. eg “Fairly Trained” , “Mitsua”
• Protecting your Work
  • Tarpits
  • Glaze, Mist, protects your style from being trained
  • NSFW brushes
  • opt-out
• People have been hired to tidy up Ai-generated content and make it look less sloppy.

Is it even worthwhile to self-host these days? by Steven Ellis

• User Personas
  • FAF “Family Acceptance Factor”
    • Some of them have no technical skills
    • Some of them use phones, windows, android, etc
    • Some use facebook for phones, some use instgram
• How: The Dream vs reality
  • Start with an old laptop maybe
  • Network is critical. Start Clean
• Focus Technologies vs the nice to haves
• Why?
  • Cost? – Often a fallacy
  • Security / Privacy – What do I want to share?
  • The Hoster can be compelled to turn data off by government?
  • Maybe beteer buying a service that we trust rather than trying to run ourselves
• Domain
  • Don’t host your own domain
  • Don’t buy too many domains
  • Small biz should own their own domain
  • Big companies should own all the domains and variations
• Email
  • Use your domain
  • Have a backup for things like the email bill
  • Self host – Stalwart , Docker Mailserver / Mailcow
• Family Mail / Small Business
  • Do they need all the features?
  • But need to support multiple devices
  • Hard to scale small to very large business
  • Doesn’t you family need exchange features?
• Photos
  • Lots of self-hosting options
  • Immich, Photoprism, Pcgallery, Powigo, NextCloud
  • Default Providers
  • Hosting Service
  • Gallery/ Sharing
  • Backups
  • Google One Account
    • Which has local NAS backup
    • and more backups
  • Sync out of Google is getting harder
• Media
  • 1000s of DVDS, Critical Documents
  • Family videos
  • Accessing the Media
  • Stephen’s approach
    • TrueNas
    • unraid, proxmox, openmedia vault
    • containers for most services
    • Regular offsite backups
• Iot
  • Matter seems to be the platform of the future
  • Use the Tuya App
  • Alternative Firmwares – ESPHome,
  • IOT vlan so can’t see home network
• AI
  • Sucks down Power and high spec HW. $$$
  • Self Host home automation, private voice service
  • Can work with older GPUs . Integrated GPU in chips can do enough
• Self hosting Journey
  • Almost everything in containers
  • Efficient Power supply unit is worth it.
  • Fresh tomato – Firewall on Netgear R7000
  • GigE is probably fast enough
• Take Aways
  • Not everything scales up or down
  • Automate everything
  • FAF is critical
    • Can your partner / kids / parents use it?
    • Appliance / Containers are very effective
  • Backup everything, regularly
  • Do you want to Provide 24×7 support for the whole family
• Make sure you document everything?
  • Have an offline copy
• Hardware redundancy?
  • None but bought better hardware
  • Backups and procedure to recover quickly
• Network over Power
  • Can sometimes work but try all other options first

Breaking to Build: What Security Teaches Us About Openness by Kylie McDevitt

• Works in Security. Founder of company called Infosec
• Vulnerability research, Linux devices, Organising various Security events and Confs
• Why Breaking things matter
  • You can only improve what you can say, security and openness both rely on clarity
• IoT Code of Practice – 13 Principles, released 2020
• Code of Practice Project
  • Test approx 50 consumer IoT devices
  • Goal: Practical evidence-based vendor advice
  • Focus common patterns, not single vendor
  • Cameras, doorbells, tops, smart speakers, home automation devices
• Testing Methodology
  • DUT = Device under test
  • Dynamic analysis of DUT. How it boots, what it seems to do, contact, etc
  • Firmware acquisition
  • Dynamic and static analysis of Firmware
  • Triage results, Look for interesting results to follow further
  • Create exploit to “prove harm”
• Dynamic Analysis
  • Look at network traffic. websites it connects to. s3 buckets
  • Port scans (may change at different stages)
  • Obtain console access
  • http MITM if poss
• Firmware acquisition
  • Meta: Had some computer problems here. Unable to record notes
• Assumptions that break everything
  • Trusted Firmware Sources
  • Local-Only Interfaces
  • One-way trust relationships
  • Hidden features never removed from production
• What Breaking Teaches Us
  • Patterns show where to focus
  • Fragile assumptions are the real threat
  • Feedback loops make Systems Stronger
    • Clear, constructive guidance for vendors
• Openness
  • Sharing, Reproducible results, Community standards, Public Education – all feed off each other
  • Intersect Government, Community and Industry
• Looking Forward
  • Systems are getting more complex going forward
  • More attack surfaces
  • More reliance on shared codebases ( frameworks, open source, vendor common code )
  • Great need for open collaborative defence
• How we keep improving
  • Keep breaking things – systematically and legally
  • Keep sharing what we have learned
  • Keep building community capacity
  • Keep helping each other succeed
• “Breaking is the first Step, Understanding is the second, Sharing is what makes the ecosystem stronger”

Encouraging democratic participation with software by Vanessa Teague

• Slides downloadable
• Democracy Developers – https://www.democracydevelopers.org.au/
  • Build software that supports democracy
  • Australian based but works worldwide
• What projects can we do we’d be proud of?
  • Get people of social media and engaging more effectively
  • Inoculate people against misinformation
  • A politician asks a question prompted by a user of our software
• Projects they have tried
• Ask Parliament
  • List of questions for MPs or that MPs could ask at committees
  • People could up-vote or down-vote. Show which questions were popular (and media etc could pick up)
  • Never really took off. On the backburner
• Age Verification Feedback Form that messaged Politicians
  • https://ageofreason.democracydevelopers.org.au/
  • Whole bill was rushed so not really time for it to get live
  • Working to expand it more generally
  • Has a better system to find representatives based on address compared to official site
  • Q: Is this too late in the process to influence actual changes?
• Explain That Election
  • Note quite live
• Where did my STV vote go?
  • https://vote.andrewconway.org/
  • Data only available in some areas/elections
  • You put in a sample vote ordering and you can see how that vote was shuffled in that election though the various rounds.

Neighbourhood-First Software: How we roll-out the open web without expecting everyone to self-host by Jade Ambrose

• https://www.merri-bek.tech/
• Co-Op Cloud
• https://coopcloud.tech/
• Software for p2p communication to a low-res node: p2panda
• https://github.com/merri-bek-tech/