Episode: 2410
Title: HPR2410: OLF 2017 Report
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2410/hpr2410.mp3
Transcribed: 2025-10-19 02:27:38

---

This is an HBR episode 2,410 entitled OLLF 2017 Report.
It is hosted by AYUKA and is about 23 minutes long and can remain an explicit flag.
The summer is off 2017, a free and open source software conference took place on September
20, October 1, 2017.
This episode of HBR is brought to you by AnanasThost.com.
At 15% discount on all shared hosting with the offer code HBR15, that's HBR15.
Better web hosting that's honest and fair at AnanasThost.com.
Hello, this is AYUKA, welcoming you to Hacker Public Radio and another exciting episode.
What I'd like to do this time is tell you a little bit about my experience of Ohio Linux
Fest 2017, which happened over the first weekend of October or last weekend of September,
so September 29, 30 October 1.
I was there for the Friday and Saturday and had a great time, so I want to tell you about
it.
I made the trek to Columbus yet again, and I was impressed by the fact that it was really
a good event.
I took the afternoon off from work to drive down from Michigan, and that's about a three-hour
drive, and made sure to get there on time for the opening keynote on Friday evening,
which was Karen Sandler from the software freedom conservancy, who gave a talk called
the battle over our technology.
I thought there was an interesting coincidence because I was at another conference the day
before, that would be Thursday the 28th, talking to some people about internet of things and
security and stuff like that, and I made the argument that if the code was not available,
I was not going to believe they had security, and I got a lot of pushback about if we make
our code available, other people will steal our work, and this is our proprietary advantage
Yadda Yada, and I brought up Karen as an example, because she's always been very open about
sharing her experience of getting a pacemaker installed, and she, in fact, talked about
that as part of this talk, and when they were installing the pacemaker, she tried to get
a look at the code, and was, first of all, they kind of stared at her like she was a three-headed
drag and all of a sudden, and then, no, you're not going to see the code, that's our proprietary
advantage, we can't do that, and now we've seen several things since then, one I recall
was that our former Vice President Dick Cheney, who has a pacemaker, and let us just say,
we live in very polarized times, they thought, okay, we've got to take steps to make sure no
one can hack his pacemaker, interesting sign of where we are, and then really just within
the last few weeks in this country, we had a recall that, and I don't know if it was just
the United States or worldwide, it may well be worldwide, but about half a million people
had to go to their doctor's offices to get a code update because the proprietary code in
their pacemaker was very insecure. So in talking about the importance of open source, that's
something Karen brought up, but she then went on to say, there's two different things here,
there's efficiency, and I think very often when we talk about open source, we focus on the
efficiency, right? So yeah, if the code is open, more people can work on it, more eyes on it,
easier to catch bugs, things like that, but Karen took it a step further and said, no, there's
also moral and ethical issues involved, and talked about her engineering, she initially got a
degree in engineering, and was a member of an engineering society that really promoted this idea
of social responsibility, when you build something, and this engineering society would look at some
of the great engineering disasters, bridges that collapsed and things like that, and say, yeah, if
you don't do your job right, this is what can happen. So it was interesting to see that moral
dimension brought in, and that made it, I think, a really great kickoff to the whole weekend.
So after her opening keynote, we had a happy hour, sponsored by a company called Fusion Storm,
and that was in the vendor room, and that's the same as they did last year, and it worked
up very nicely, so I got to do my first pass through there, talk to a number of people in the
vendor room. EFF was there, of course, and the Free Software Foundation, and so I'm a member of
both of those, so we just kind of chatted a little bit. They weren't able to sell me on anything,
because I've already bought it. But while I was there, I got to spend some time with 5150,
who was at Ohio Linux Fest Verbal, and John Miller, and they had a nice nacho bar, and so
a nice evening, and once I was finished with that, I decided to make my way to my room for the night,
because I knew the next day was going to be busy and tiring. So Saturday, great start,
strong start, a keynote from Marion Duffy, and her talk was, who cares if the code is free,
user experience, and open source. Now Marion is a UX expert, user experience, and she's working
on the Fedora project, and what she was doing was looking into the design issues with open source,
and then talking about how to get more people involved, which I think is really important.
If your software is technically good, but it sucks to use it, what have you done, really?
If you want people to use the software, it has to be, to some degree, user friendly.
And she was making the point that open source projects, the whole open source ecosystem,
requires a lot of different skills, and to be successful, we need all of these skills.
Now there is a mindset among some people, not everyone, but I've seen it that says,
coders are the only ones that really matter. So if you write code, you get to have a say,
if you don't write code, you know, you don't count for anything. I think that is a kind of a sickness
in our ranks. Oddly enough, the people who believe that are all coders, the astonishing coincidence
that. So it was a good talk, really appreciated it. After that, they had basically four tracks
in four different rooms, going through the rest of the day. So the first one was
Siss admin and development. You could have called that two half tracks, maybe. Then one called
Dev random, and that was the kind of the miscellaneous for anything that didn't fit any other category.
Then there's one called career track, and that's something OALF has been doing for a number of
years now, and it still is very popular. And then finally, one on security. If you followed any of
the things that I've done on Hacker Public Radio, it probably won't surprise you terribly much to
find that the security track got most of my attention. So I'm going to be talking about what I saw.
If someone else wants to maybe 51-50 wants to do something, his experience would be very different
from mine. I don't recall being in one of those rooms with him off the top of my head. He probably
saw things very differently. Within the security track, I really liked the speakers. I was impressed.
It really seemed to be a pretty high quality to the average talk that we saw there.
To kick it off was a fellow named Kent Adams from a company called SIP.us and talking about voice
over IP security basics. This is a useful thing to take a look at that people often don't think of,
because, oh, it's just telephone. What does telephone have to do with security? Well, IP, right?
So basically, your telephone service is coming in via internet protocol. That's what VEO over IP means.
So you have all of those security issues that come with the fact that you're connected to the internet.
You're sending and receiving packets. So we got to start thinking about, well, how is your
firewall configured? Who is it sending packets your way? Is your software patched and up to date?
So listening to what Kent said, if you came in there with the mindset of network security,
it would have sounded very much like a network security talk, because essentially that's
what it was. You have all of the same issues. It was a really good talk. Kent was a very engaging speaker.
So I really enjoyed that. I would certainly go to another talk by Kent.
Then after that, there was a fellow named Tom Kopchak. I hope I'm pronouncing all these names
right from a company called Hurricane Labs. He had a talk called building a malware analysis lab
with open source software. Now, in the course of that, he talked about open source tools like
squid, snort, surakata, PF sense, et cetera, and then tying them together with some scripting
and how you can use that to start analyzing some of the malware. That's an important thing. You
need to be monitoring what's going on on your network and these tools are very good for that.
After that, it was the lunch break. So I wandered over to Subway to get a salad and then came back
and the first talk after lunch was a fellow named Roberto Sanchez. I remembered him from last year
because I was at his talk last year. He did a wonderful talk about how he prepares his computer
science students. He's a professor at a local university. Instead of just getting them the right,
the 1 millionth hello world print script, he was getting them involved in the tools and practices
of actual software development, like getting GitHub accounts, making pull requests, things like that.
And what he found in doing that was that he was really giving his students a leg up when it
came time to hit the market because when they went interviewing for a position, it wasn't just,
yeah, I have a degree. Here's what my grades look like, but they could go into the interview and
saying, oh, yeah, I've done GitHub. I've done pull requests. I've done all of these things.
So, you know, it was a wonderful way to look at it. So I had a high opinion of Roberto going in.
He did not disappoint. So this year his talk was on the Secure Cloud, Linode with full disk
encryption. Now, Linode is a provider that offers inexpensive Linux virtual servers. It's not
the only company out there, but it was one of the vendors at Ohio Linux Fest and they seem to
offer pretty decent inexpensive service if you want a virtual server. Roberto took us through how
to do this securely by showing how you could set up your virtual server in an encrypted manner.
Now, probably 90% of what he talked about would apply anytime you're setting up the server.
But taking us through the process step by step was valuable and seeing that, yeah, you know, even if
even if you're on a virtual server that is being controlled by an outside company, you can still
bring in these kinds of security issues. And I think that's great. After that, I made my one break
from following the security track to go here, my old friend Drew Levine talked about the new
features in FreeNAS 11. Drew and I have talked at a variety of conferences over the years,
including one year having breakfast together at Indiana Linux Fest. So I usually make time to
find out what she's been up to. FreeNAS 11 is an interesting product and she just kind of walked
through current state of the product. And of course, anytime you're looking at things involving
BSD, which is the root of FreeNAS, you're probably going to find Drew involved somewhere. She's one
of the big BSD gurus. But after that, I did go back to the security track for an excellent talk
called Top 10 Easy Cybersecurity Wins for Linux Environments. By following a Michael Contino,
an excellent talk, very knowledgeable speaker. Some of his tips were things I was aware of.
But he also brought up some things that were new to me and I want to follow up on those some time.
So it really was a lot of just little quick wins. Easy wins was the whole thing. If you just do
this thing, I mentioned some of the things I knew of, for instance, lock down your temp
directory. Don't allow executables. We all know that, but do we always take the time to do it?
So after that, I got up to stretch my legs and ran into Joel McLaughlin and Alan Metzler of the
Linux link tech show for a little hallway conversation. And in fact, Joel was about getting ready
to leave at that point and did another pass through the vendor room. Then got into a hallway
conversation with Michael Contino, the speaker of the 10 Easy Cybersecurity Wins and a couple of the
other folks that were in his talk. Then my final security track talk was by Cody Hofstadter from
a company called Sovereign Cyber Industries, called getting hit by an 18-wheeler, privacy and
anonymity in the modern age. I can't say that he told me a whole lot. I didn't already know,
but he was a very engaging speaker. I was glad to be there. And I would, again, it's one of those
people and this is true pretty much most of the people of the security track. I would go to see them
again. So if they're at Ohio Linux next year, I would probably go to see them.
After that, we had the final keynote. And that was Terrace Baylog of the Open NMS Group,
who gave us the history of how he came to be the CEO of a successful company that sells pretty
software and the lessons he learned along the way. Now, I first met Terrace when he gave the very
first keynote at Indiana Linux Fest some years back. And since then, I've seen him at Ohio Linux
Fest in similar events. He's a great speaker and a great free software advocate. His talk was
wonderful. A great way to round out the talks for the day. And, you know, he had a lot of useful
lessons. You know, if you're, if you want to set up a company and that was one of the things is
that he wanted to establish a company and he wanted it to be in free software. And obviously,
there are some challenges. Now, it is possible to do that. Red Hat has been very successful doing it.
And I hope they continue to be because I own a few shares. And Terrace's Open NMS Group
is doing very well. So, good talk. After that, we had the after party, which was in one of the
ballrooms. And unexpected finish for me was the fact that I won the raffle for a 3D printer.
Now, I thought about it. I don't really, I tried to imagine if I had a 3D printer what it would
do. And I figured I would probably play around with it for a week or two and then it would gather
dust. And I thought, well, that's really stupid. And I remembered that we had a charity at
Penguin, a couple of years back called Enable, which uses 3D printers to make hands for children
who are missing them. And I thought, that's a much better. So, I'm waiting to hear back, but I did
contact someone involved with that organization to say, hey, you know, I'd like to donate a 3D
printer to you guys. So, we'll, we'll see how that works. But that's, that's my thinking. And I
talked to her over with my wife and she agreed that it was probably the best way to go. Overall,
great conference. I really enjoyed the speakers. There is a problem. And the problem is diversity.
Outside of the, we had two women doing keynotes. And outside of that, the only woman I could see
presenting was Drew Levine. I did not see any people of color. And based on my experience
programming for Penguin Con in the last four years, this is probably because they just waited
to see what proposals happened to come in. Now, my experience is, if that happens, you will,
you know, you get a lot of white guys. For a variety of reasons, you need to pursue people. And I
think there's, there's this, you may have heard of something called imposter syndrome. And I think
that has something to do with it. That, you know, a lot of people who could give awesome talks
don't have the self-confidence about, you know, oh, what I'm doing isn't that significant or
important. But for whatever reason, I found I had it, you know, actively pursue. So for instance,
last this past spring, I had a great presentation to a packed room by a woman named Connie C,
who created scientific Linux. Now, what people might not have known is that I was looking for her
over a two-year period before I found her. I mean, I knew her name. I knew what she had done.
And I'm doing Google searches and, you know, sending emails. And nothing happened because she
had retired. And the old addresses were not valid anymore. And so I mean, eventually I did track
her down, but it took some effort. I was really glad I did, because it was a great presentation.
You know, another example, someone that I, you know, when I was at Penguin Con, I would contact
every year was Ruth C. Lee from Red Hat. Now, Ruth was a keynote at Ohio Linux Fest a few years ago.
But, you know, I would just, as a matter of course, would, would contact her every year to say,
hey, you know, I want you to do a presentation for me. You know, I almost didn't care what it was,
because I know Ruth well enough to know that any presentation she does, it's going to be awesome.
So, you know, I didn't worry about that. And there were other people, okay.
You know, I went to companies. You know, there were companies that were interested in being
represented. And I could go to them and say, okay, you know, what do you got? You know,
and I would, you know, say, give me a list of speakers. And I could go through and, you know,
try and pick some people that I thought would help round out the speaker pool.
So, that's just, that's my observation. And, you know, maybe on entirely off base, but this is how I
approach it. I did talk to the person that Ohio Linux Fest will be booking speakers for the coming
year and said, hey, you know, I'm happy to share my contacts with you. And, you know, gave him the
advice that, yeah, you know, you need to be active. I mean, at Penguin Con, if I just waited to see
who happened to submit proposals, I would have had exactly that same outcome. I know that.
I would have had a whole lot of white guys. And I just, I didn't want that. I wanted something
that, you know, I wanted the speakers to more or less represent the community. And that's
important. Ohio Linux Fest is community, Penguin Con is community. So, you want to have that
representation. So, that's my report on this year's Ohio Linux Fest. This is Huka signing off
and reminding you as always to support free software. Bye-bye.
You've been listening to Hacker Public Radio at Hacker Public Radio. We are a community podcast
network that releases shows every weekday Monday through Friday. Today's show, like all our shows,
was contributed by an HPR listener like yourself. If you ever thought of recording a podcast,
then click on our contribute link to find out how easy it really is. Hacker Public Radio was
founded by the digital dog pound and the infonomicum computer club. And it's part of the binary
revolution at binrev.com. If you have comments on today's show, please email the host directly,
leave a comment on the website or record a follow-up episode yourself. Unless otherwise status,
today's show is released under creative comments, attribution, share a light 3.0 license.