Tech has a lot of buzzwords and acronyms that make it an exclusive club. Improvements relay on people from other parts of the business that aren’t in that club
These people have to care about it and understand it.
Had to use terms that everybody in the business understood and related to.
Case for change – What top orgs do:
208 times more frequent deployments
2604 times faster to recover from incidents
7 times lower change failure rate
What you need
High Priority -> Access to people to do the work
Needed tangible goal (weekly releases) to get people to focus (and pay)
Making change a reality
Risk Management
You can just stop doing the reports
You need to gain their trust in order to get influence
Have to take them along the way with the changes
Empathy
Influence
History at ANZ
First pipeline replace just one document
Explained to change managment team how the pipeline could replace the traditional plan
Rethink of Change Plan and Outcome Reports
Other teams needed these for confidence in the change
Found out what people actually cared about, found better ways to provide that information (confidence) it an automated way
Security Assessment
Traditionally required a big document filled in and signed off
Found that this was only required for “Significant” changes
Got a definition of what significant means so didn’t need to do this.
High Risk Change Records
Lots of paperwork for High Risk changes
Decided that these are not high risk changes so lots less work
Templated them so a lot easier to do
Charles Korn – Dockerised local build and testing environments made easy
Go Script – Single script that a consistence place in all you repos that does the basic function. install, help, run, deploy
batect – tool he wrote
dockerized dev environment plus a Go Script
Dev environment
Build env: code to an artifact
Testing Environments. Fake stuff, lots of different levels
Build Environment
Container with the build tools. Mount our code directory into this
Isolation brings consistency and repeatability. No more “works on my machine”
Clean container every single time we run a build
CI agents just need docker since teams will provide the container
Ease of Onboarding. Just get git and docker installed
Ease of change. Environment and tasks defined in yaml and versioned like everything else. New version downloaded. Kept in sync with actual code
Test Environments
You can run local tests
Consistently runs test on CI
Have to launch multiple containers for more complex tests, using built in docker definitions and health checks and networking
Path to Production
If deploying docker then can use same image
But works with stuff that isn’t deployed as docker too
What about docker compose?
Better performance
Model – tasks are a first class citizen – Doesn’t feel like you are fighting the too.
Better UI and developer experience. Updates managed automatically
Cleans up better after each run
It just works. Works with proxies better. Works with file permissions better.
How to get started?
start small, work incrementally
Start with the build enviroment
With the Test env work though one piece at a time.
Reuse components
Take advantage for other people’s images. Lots of mocks for cloud services.
Preventing the IoT Dystopia with Copyleft- Bradley M. Kuhn
Bradley M. Kuhn
The S in IoT stands for Security
Many stories of people hacking into baby monitors and home cameras
IoT Devices often phone home to manufactorers website in order that you can access then remotely. “I suppose there are Chinese hackers watching my Dogs all day, I hope they will call me if they need water etc”
Open source people have historically worked to get around problems like this.
1992 – If you wanted Linux, you downloaded the software onto floppies and installed it yourself. And Often had to work hard to make it work.
Today only a small percentage of laptops sold have Linux on it.
But Linux is commonly installed on IoT devices – 90% odd
But
No [easy] way to reinstall it yourself
Much worse than laptops
GPL includes “The scripts used to control the compilation and install of the executable”
“Freedom to Study” is not enough
Linksys Wifi router
OpenWRT Project
Release forced from Linksys and Cisco
“Source as received from Linksys from GPL enforcement”
Is OpenWRT a Unicorn
Few projects with serious alternative firmware project
Still sold new after 20 years
BusyBox Lawsuits
Before IoT was even a term
At least one model of Samsung TV -> samygo.tv
“Baffles me as to why do the manufactorers want us to buy more hardware”
Linux focuses to much on big corp users and ignores hobbyist users
Kernel peopel only care about the .c files. Don’t care about the install scripts etc.
People at top of Linux now got their start hacking on the devices in front of them.
The next generation of developers will be those hackers not from IBM and other big companies
You didn’t need anything but a computer and an internet connection to become and upstream developer in those days. This is becoming less true.
If the only thing you can install Linux on is a rackmount server, a cloud server or maybe a laptop and none of the IoT devices around you then things don’t look good….
Linux was successful because users could install it on their own devices
Linux won’t remain the most important GPL program if users can’t install their modifications. Tinkering is what makes Free software great.
Upstream matters of course, but downstream matters more.
There may be 1000s of Linux developers
Put 2 billion people have Linux on their phone – Which is locked down and they can’t reinstall
We don’t need a revolution to liberate IoT devices
because the words are already there in the GPL
We just have to take up our rights
What you can do.
Request Linux sources on every device you own – Companies have figured out people almost never ask
Try to build and install them. If you can’t ask a friend or ask Conservancy for help
If it doesn’t build/install it is a GPL violation, report it Conservancy
Step up as a leader of a project devices that matter to you.
Why this will work
The problem seems insurmountable now, only because we have been led astray
First and absolutely necessary step towards privacy and scurity on those devices
When the user controls the OS again, the balance of power can be restored
Questions
Best way to ask for source code? Try email, the manual should say.
How to get the new code on the device? Needs some push onto industry
What if writing requires expensive equipment? Fairly rare, many devices allow over-the-air upgrades, we should be able to go the same way.
Is there a list of compliant devices? – Proposed in past. Want to go softly at first in many cases
Am I exposed to liability if I modify and distribute code I receive? – Almost certainly note, contact Conservatory if you are threatened.
Web Security 2019 – James Bromberger
James Bromberger
History of browser
No images
Images
Netscape with crappy ‘International Security”
https takeup is growing
Chrome is hitting 60-70%
82% of browser are “modern”, crossover of chrome users to new version is about 3 months.
PCI
Remove early TLS in mid 2018
TLS 1.1 and higher allowed
The legacy browser has gone in the real world
Some envs still behind, but moving ahead
What can we do with as little changes as possible?
0. Don’t use http, use https
Use letsencrypt
Stds reducing max length of certs from 5 years
1. TLS protocols
7 versions out there (old ones SSL).
Most over 10+ years old
Only 6 in the wild
3 not-known to be comprimised ( 1.1 1.2 1.3 )
Very few clients only support 1.1 and not 1.2 (small gap in 2006-2008 ). IE supports 1.2. So maybe disable 1.1
Log the protocol being used so you have data on your users
OTOH not much supports 1.3 yet
Use 1.2 and 1.3
Turn off on the Browsers to
Looks at which libraries you are using in code that makes https connections
2. Cypher Suite Optimisation
New EC certs for key exchange
New certs getting changed to ECDSA
AES is standard for bulk encryption. GCM mode is best although windows 9 can’t do (Upgrade to 10!)
Hung around a bunch of top guys in Linux talked about added SMP to Linux
Talk on porting Linux to Sparc by David Miller & Miguel de Icaza. Going into improvements and showing how Linux port to sparc bet Solaris in the Lmbench benchmarks on same hardware.
Relaized lived in a world where students could create and port OS that bet the original OS from the vendor
1997 – 1998
Wrote (with another guy) and got ipchains added to Linux
“I woke up one morning and I was kernel firewall maintainer”
Got job people paid to work on Linux firewall code
1998
Decided needed an Australian Linux conference
Oct-Nov visited a bunch of LUGS to invite people and find person to collect money.
People not sure what they wanted to go to a Linux conference ( $380 bucks)
Invited John Maddog Hall
Created and ran a slashdot ad
Created card got into $14k negative
Last session of the 3rd day, reran the 3 best talks
Three stories from 1998
Tutorial Books for each of the tutorials- Couldn’t get photocopies from commercial facility, so had to make 400 copies of books via 4 coin operated photocopiers
Tridge bought up a triple-CD burner. People ran it in relays
Somebody said. “I can’t believe you don’t have conference tshirts”. He bought white tshirts, got them screen printed and sold them.
End of conference Tridge organised a gift from the Speakers to Rusty. Pewter Beer mug
Linux.conf.au after 1999
2001 scheduled 3 talks from Rusty. At the same time
Met Tridge at LCA – Moved to Canberra they did AusLabs
How Great Projects
Smart and Capable enough to complete them
They are Dumb enough to try
When somebody tells you about a project?
That sounds Great, Tell me more
What can I do to help
Enable people’s enthusiasms
Collaboration is a super Power
Get along with people is a skill
“Constructive absenteeism”
Headwinds to collaboration
Signs are welcoming to some people
Other people get signs that they are not so welcoming
Good are seeing them when they are aimed at them, not so good are even seeing they exist when they are not aimed at them.
Open Source Tools for Publishing and Processing Earth Observation Imagery – Paul Haesler
Paul Haesler
Golden age of satelite imagery
Geostationary – One area – Good for weather
Circum-polar orbits – all over earth every 10-16 days
Data processing Chain
Level 0 – Raw
Level 1 – Geo rectify – Measure surface radience
Level 2 – Curroect for sun, sat angle, atmostphere – ARD – Records surface reflectance
Landsat-8 (25-30m , 8-16 day cycle, data since 1982 ) Sentinel-2 ( better, 5 day cycle, 10m resolution)
Digital Earth Australia
The Problem
Open Data Cube
Python, based on xarry
Postgres for metadata
Actual satellite sata from local or network repo (transparently)
GUI maintained by CEOS
Nationalmap.govt.au
Aims to publish all Aus OpenData that can be mapped
Based on TerriaJS
Some DEA data was already being publish but need for additional stuff
COGs – Cloud Optimised GeoTIFFs
DataCube_ows
Lightweight web application server
Developed by Datda61 for GA
WMS
OGC Web Map service
Good for general-usage web apps
Returns standard images (eg png)
Support 1.3 well, works with most clients
Styles for band-mapping
on-the-fly solar angle correction
WCS
Version 1 supported
Works well with TerriaJS , works okay with QGIS or ArcGIS
Next Steps
WPS for on-the-fly processing is regularly discussed
Better ingegration with datacube-core
More recent WCS versions inc WCS-2EO
Sparse Data problems
The Tragedy of systemd – Benno Rice
References to Contempt Culture
Ancestry of Systemd
Unix: Happy accident, place, time, reaction to the previous thing
housekeeping functions – “mounting filesystems and starting daemons”
inetd – Super Daemon for all sockets – “worked well until The Internet Happened”
Then the Internet happened
forking a process per connection doesn’t scale
Lots of persistent state for things like databases
Service
Might be a bunch of processors
Init starts but doesn’t manage
initab can restart things in SystemV
System Config vs Service bootstrap
Mixed in togeather
Service management needs more
Windows NT
Service model there from beginning
MacOs
Application Model means lot richer interaction with the host
Application delegate
launchd
The Idea of Systemd
launchd
Service handling in MacOS
Took over init, inetd, cron
Can listen on ports. Start stuff. doesn’t need to start on boot, boot gets faster, power reduced, security improved
Move system services to daemons, then start daemons as needed
From Launchd to systemd
upstart
event driven
shell based
Rethinking PID 1 – Lennart
“Start less” , “Start more in parallel” , “listen to hardware and software changes”
cites launchd
System management
Everything is a lot more dynamic
Hotplug , DHCP , etc
Don’t install 15 different packages that all behave differently
But systemd will have to do things in a different way to those 15 other things
The reality of systemd
Widely adopted ( 2011 – 2015 )
Arguments
Violates the unix philosphy – actually systemd actually is many binaries
It is bloated and monolithic – Well it does do a lot of thing
It is buggy – So is all software, actually a good failure mode
I can’t stand Lennart Poettering – He’s delivered. “I won’t defend his community interaction”
It is not portable – UNIX is dead – Posix isn’t really a thing anymore, there are not a bunch of crazy Linux variations. “These days you have Linux and some rounding errors”
cgroups
User-Level units
Change – System is a lot of disruptive change
The Tragedy of Change
Nerds love change as long as we are the ones doing it
System boot ups using shell script interaction is like the old blanky we should of got rid of 20 years ago
The Knee-jerk – Abuse is not Cool
The Next Generation
They See a lot more APIs
Thinking in Containers is different from thinking in not-containers
What does Systemd have that FreeBSD (or even future Linux) could use, or could do better
Message Transport
RPC Framework
Kernel and Use-space services should look similarly to the services above them
Service Lifescycle
Automation via API – Easier for vendors to write appliances
Containers
The System Layer
Doesn’t have to be the only implementation of theis
Consistent Device Naming
Better Log/Event/Audit Handling
A new model of an application ( a bunch of things managed as a Unit, See the MacOS model)
Questions
Launchd option – Too MacOS specific
Dynamic Libraries = DLL Hell – Containers avoid, different problems
Is reaction to systemd scaring other big changes off – Possible, hard to write, very hard to handle the social issues to push though
Where is FreeBSD at? – A long way away, no consensus this sort of change needed
Should everything have been swallowed up – Thought experiment, If systemd had instead defined an API for separate projects instead of writing them itself, would that have worked? And now we do know what is needed could we switch to a separate model with APIs?
Enbeded Devices need systemd – Anything Dynamic needs it
What Push back from FreeBSD – Something like that but not systemd. Some like launchd
What needs to change in community and systemd team to make things better – See Adam Harvey’s talk on language changes. Hard since everythign is asking for different stuff, systemd people.
What should systemd go further into – Messageing and RPC stuff more pervasive and more thought about. Something into the kernel.
First contribution of source code was almost 40 years ago
Used Vax BSD at CMU – HAd the deal with an obscure priesthood
KA9Q TCP/IP stack for amateur radio in the 80s
Appearance of RMS in my world
GNU Manifesto
4 Freedoms
GPL
Debian
Worked as LInux CTO from one of the largest IT companies in the world
Collaborative Development Model
Spread out besides just making FOSS
No one company in charge
Diverse range of contributors, massively different motivations
We get a software commons we all get to benifit from
Free Software means Freedom of Choice
Reduced barriers between users and producers of software
Any user can be a dev, or pay someone to dev
If upsteams goes bad, things can be forked
What it means to be successful when you are operating in an open and collaborative model?
The goal of a trad company is for investment to yeld technological control points
First mover advantage
Differentiated features, preferably patentable
Collaborative dev model allows us to recognise the benifit of collaroation on all the non-differentialting elements. Leavign more value to the users / customers
Thinks less about control points, more about points of affinity. What is it that would make a customer want to user you products or services?
Innovation these days largely takes place in the open space
Wrights/Goddard – They didn’t get told to to the next new thing, they just started it as a hobby
Free Software enables people who we don’t know exist to create innovation and invent things we can’t imagine
Long Tail of Contribution
Example: People who did one Linux Kernel contribution, often to fix on specific thing that was causing them problems.
No company on earth that can hire that resource
Needs to be easy for people to access the code and make contributions
Attributed of Successful Communities
Active contribution and collaboration
Diverse participation
Solid core of code
Recognizable mainline trunk
Unified, cohesive structure
Low barriers to entry
Choosing the right license
Businesses can only be successful with permissive licenses
The most successful projects seems to be communities built around open contribution
Share-alike licenses stop possible problem of Closed Corporate fork while the original project withers
Beach Wreck Ignition: Challenges in open source voice – Kathy Reid
Kathy Reid
MycroftAI – One of the few open source voice stacks
Introduction to a Voice Stack
Wake Word – eg “Hey Alexie”
Utterance – Phrase of command
Speech2text processor
Looks for keywords etc
Runs a command
Dialog – acknowledger + response
Wake Word
PocketPhinx, Snowbox, Mycroft Ai Precise
Some use Phonemes (smallest units of sounce in a language)
Hard to tell differences between all words
Always listening, connected to internet
Some use Use Neural networks
Low accuracy can cause frustration
Bias towards male speaker (10:1 male:female in dataset). Also more with American than other accents
To unbias the sample had to tag the samples with ethnicity, gender etc. Which was a problem with ethics of taggign samples/speakers
Speech to Test
Kaldi – no network needed, compute heavy
Deep Speech – From mozilla
Challenges
Lots of accents out there. Hard
Only trained for most common accents
Also problem with regional slang
Need to train on individual speaker
But need lots of data to understand a speaker
Endangered Languages
No commercial imperative to cover them
Mycroft Translate using Pootle to translate command words to 40 languages
Issues for gendered languages, formality
Intent Parsers
Rasa, Mycroft Adapt, Mycroft Padatious
Intent Collisions – Use confidence scoring depending on how explicit the request is.
Text to Speech
Mary TTS, Espeak, Mycroft Mimic, Mycroft Mimic 2
Mimic recording studio, Need 40-60 hours audio
Challenges
Natural sounding voice – making the voice sounds not robotics
