«

Oct 06

Ohio LinuxFest 2017

I made the trek to Columbus yet again for my annual visit to Ohio LinuxFest, and once again I was impressed by a good event. I took the afternoon off from work to drive down from Michigan (about a 3 hour drive) and made sure to get there on time for the opening Keynote, which was Karen Sandler from the Software Freedom Conservancy on “The Battle Over Our Technology”. By an interesting coincidence I had brought her up in a discussion the day before on why I would never trust IoT security if the code was not available. Karen has always been very open about sharing her experience with getting a pacemaker installed, and trying to get a look at the code (which she couldn’t, because it is proprietary). And we have since had a recall that made about 500,000 people go the their doctor’s offices to get a code update because the proprietary code was very insecure. In talking about the importance of Open Source Karen brought up the meta-issue that it is not just about the practical issues of efficiency, but also about moral and ethical issues.

After that we had a nice happy hour sponsored by Fusion Storm that took place in the vendor room, and I got spend some time with 5150, Verbal, and John Miller while enjoying the Nacho bar, and eventually made my way to my room for the night.

Saturday started off strong with a keynote from Máirín Duffy, “Who Cares if the Code is Free? User Experience & Open Source”. Máirín is a UX expert working on the Fedora Project, and really got into the design issues with Open Source, and made a strong pitch for getting people involved outside of coding, and in particular how to get involved in UX. I appreciated this because a healthy Open Source ecosystem requires a lot of different skills, and in my view the idea that coders are the only ones who matter is a kind of sickness in our ranks. After that, there were 4 tracks:

  • Sysadmin and Development
  • /dev/random
  • Career
  • Security

As you might expect, the Security track got most of my attention, and I have to say I was impressed by the speakers there. The first was Kent Adams from SIP.US on VoIP Security Basics. As is usual in the area of Security, none of this was exactly rocket science, but when your phone service comes via Internet Protocol you have all of the usual security issues, such as how your firewall is configured, who might be sending packets your way, and is your software patched and up-to-date. It was a good talk, and Kent was a very engaging speaker. After that, Tom Kopchak from Hurricane Labs  had a talk called “Building a Malware Analysis Lab With Open Source Software”. He talked about using open source tools like Squid, Snort/Suricata, and pfSense, and tying them together with some scripting. Then it was time to break for lunch.

After lunch I started with Roberto Sanchez. Last year he did a very good talk about how he prepares his CS students by getting them involved in tools and practices like using GitHub, making pull requests, and so on. which I really loved. This year, his talk was “Secure Cloud: Linode with Full Disk Encryption”. Linode is a provider that offers inexpensive Linux virtual servers, and Roberto took us through how to do this securely by setting up your virtual server in an encrypted manner. I think a lot of what he discussed would apply in other areas as well, but taking us through the process step-by-step was valuable. Following that I decided to move over to the /dev/random track to hear Dru Lavigne discuss the new features in FreeNAS 11. Dru is someone I have talked to a variety of conferences over the years, including having breakfast together at Indiana LinuxFest a few years back, so I has glad to see her here.

But I went back to the Security track for an excellent talk called “Top 10 Easy Cybersecurity Wins for Linux Environments” by Michael Contino. This was an excellent talk by a very knowledgeable speaker. some of his tips were things I was aware of, but he also brought up some things that were new to me, and I want to follow up on those sometime. After his talk I met up with Joel McLaughlin and Allan Metzler of The Linux Link Tech Show for a little hallway conversation before Joel left, did a pass through the vendor room, then got into a hallway conversation with Michael Contino and a couple of other folks who were at his talk. Then my final Security Track talk was by Cody Hofstetter from Sovereign Cyber Industries, called “Getting Hit by an 18-Wheeler: Privacy and Anonymity in the Modern Age”. Most of what he talked about I knew, but he was such an engaging speaker that I was glad I was there.

The final keynote was Tarus Balog of The OpenNMS Group, who gave us the history of how he came to be the CEO of a successful company that sells free software, and the lessons he learned along the way. I first met Tarus when he gave the very first keynote at Indiana LinuxFest some years back, and he is both a great speaker and a great Free Software advocate. His talk was wonderful, and fitting way to round out the talks for day. We then retired to the ballroom for the after-party, and for me an unexpected finish when I won the raffle for a 3-D Printer. I am planning to donate it to a useful charity such a e-nable, which makes hands for children who lack them.

Overall, it was a very good conference, and I really enjoyed the speakers. But there is a problem here with diversity. Outside of the Keynoters, the only woman I could see presenting was Dru Lavigne, and I did not see any people of color. And based on my experience programming for Penguicon the last 4 years, this is probably because they just waited to see what proposals happened to come in. I have found that you need to pursue people to get the diversity you need, for whatever reason (I suspect “impostor syndrome” plays a role in at least some cases). For example, last spring I had a great presentation to a packed room by Connie Sieh, who created Scientific Linux. What you might not have known is that I was looking for her over a two year period before I found her (she had retired, old addresses no longer valid, etc.) And there were other people I made a point of going after because I knew what they could do. Another example is Ruth Suehle from Red Hat, who I contacted every year to get a presentation. I talked to the person at OLF who will be booking speakers for the coming year and offered to pass along some of my contacts to help in this.