OUCE 2015: Bad Voltage Live

Every year at the OpenNMS Users Conference (OUCE) we have a good time. In fact, learning a lot about OpenNMS goes hand in hand with having fun.

At this year’s SCaLE conference, the team behind the Bad Voltage podcast was there to do a live version of the show. You can watch it on-line and see it went pretty well, and this gave me the idea to invite the gang over to Germany to do it again at the OUCE.

Since there may be one or two of my three readers who are unaware of Bad Voltage, I thought I’d post this little primer to bring you up to speed.

Bad Voltage is a biweekly podcast focused on open source software, technology in general and pretty much anything else that comes across the sometimes twisted minds of the hosts. They deliver it in a funny manner, sometimes NSFW, and for four guys with big personalities they do a good job of sharing the stage with each other. As I write this they have done 47 episodes, which is actually quite a nice run. For anyone who has done one or thought about doing a periodic podcast or column, know that after the first few it can be hard to keep going. It is a testament to how well these guys work together that the show has endured. Believe it or not, I actually put time into these posts and even I find it hard to produce a steady amount of content. I can’t imagine the work needed to coordinate four busy guys to create what is usually a good hour or three of podcast. (grin)

Bad Voltage as The Beatles

Anyway, I want to introduce you to the four Bad Voltage team members, and I thought it would be a useful analogy to compare them to the Beatles. As I doubt anyone who finds this blog is too young to not know of the Beatles, it should aid in getting to understand the players.

Bad Voltage - Jono Bacon Jono Bacon is Paul. If you have heard of anyone from Bad Voltage, chances are it is Jono. He’s kind of like the Elvis of open source. He was a presenter for LugRadio but is probably best known for his time at Canonical where he served as the community manager for Ubuntu. He literally wrote the book on open source communities. He is now building communities for the XPRIZE foundation as well as writing articles for opensource.com and Forbes and occasionally making loud music. He’s Paul because is he one of the most recognizable people on the team, and he secretly wishes I had compared him to John.

Bad Voltage - Bryan Lunduke Bryan Lunduke is John. He gets to be John because he has heartfelt opinions about everything, and usually good arguments (well, arguments at least) to back them up. He has passion, much of which he puts into promoting OpenSUSE. I’ve never met Bryan in person, but we’ve missed each other on numerous occasions. I missed him at SCaLE, he missed the Bad Voltage show I was on, and I missed him again at OSCON. And I’ll miss him in Fulda, as his wife is due to deliver their second child about that time, but he will be there virtually. He adds depth the the team.

Bad Voltage - Jeremy Garcia Jeremy Garcia is George. Although none of these guys could be described as “quiet”, he is the most reserved of the bunch, but when he opens his mouth he always has something interesting to say. You can’t be part of this group and be a wallflower. I’m not sure if he has a day job, but fifteen (!) years ago he founded Linuxquestions.org and has been a supporter of open source software even longer. He adds a nice, rational balance to the group.

 

Bad Voltage - Stuart Langridge Stuart is Ringo, known to his friends as “Aq” (short for “Aquarius” – long story). He is pretty unfiltered and will hold forth on topics as wide ranging as works of science fiction or why there should be no fruit in beer. He was also a member of LugRadio as well as an employee of Canonical, and now codes and runs his own consulting firm (when he is not selling his body on the streets of Birmingham). If there was a Bad Voltage buzzword bingo, you could count on him to be the first to say “bollocks”. He adds a random element to the group that can often take the discussion in interesting directions.

They have been working hard behind the scenes to plan out a great show for the OUCE. Since many of the attendees tend not to be from the US or the UK, it is hoped that the show will translate well for the whole audience, and to make sure that happens we will be serving beer (if you are into that sort of thing). If you were thinking about coming to the conference, perhaps this will push you over the top and make you register.

But remember, you don’t have to attend the OUCE to see the show. We do ask that you register and pony up 5€. Why? Because we know you slackers all too well and you might sign up and then decide to blow it off to binge on Regular Ordinary Swedish Meal Time. Space is limited, and we don’t want to turn people away and then have space left open. Plus, you’ll be able to get that back in beer, and the show itself promises to be priceless and something you don’t want to miss.

If that isn’t enough, there is a non-zero chance that at least one of the performers will do something obscenely biological (and perhaps even illegal in Germany), and you could say “I was there”.

Convince Your Boss to Send You to the OUCE

With this year’s OpenNMS Users Conference a little over a month away, I plan to be writing about it more in the run up to the event. I figured I should probably start on why you should go and, better yet, how to convince your boss to pay for the trip.

First off, if you aren’t using OpenNMS, why not? (grin)

In all seriousness, if you are happy with your network management solution you can stop reading now. But if you aren’t happy, are in the process of considering alternatives, or if you have a serious interest in discovering the benefits of an open source network management platform, the money you will spend to investigate OpenNMS through the Users Conference is a rounding error compared to the price of similar commercial solutions.

Second, OpenNMS is more of a platform than an application. I know of a number of organizations who manage billion dollar budgets using Microsoft Excel, but it didn’t work for them out of the box. They had to build the spreadsheets, integrate it with databases and other applications, but now they have a custom system that fits their needs. Most network management applications require the user to adapt their processes to fit the application. For most IT organizations those processes are what differentiate them from their competitors, so it makes more sense to use a platform like OpenNMS which can be customized to better complement them instead of the other way around.

Third, OpenNMS does have a steep learning curve. It is a broad and powerful tool but it does require an investment in time in order to realize its full potential. One way to get such knowledge would be to attend a week-long training class at the OpenNMS HQ. The cost would be US$2500 plus travel.

Contrast this with the OUCE. The full four day package runs 1000€, currently about US$1100, or less than half the price of the standard training course. Even with travel expenses (assuming you aren’t in Germany in particular or Europe in general) it should make more sense to go to the OUCE than to the usual training course (plus, the next one isn’t until January of next year). If you don’t have the need to go to the one day OpenNMS Bootcamp, it is even less expensive. It makes good financial sense.

Fourth, this is a *users* conference. If you come to training you will most likely get to listen to me for five days. At the OUCE you get to meet and talk with the people who *use* OpenNMS. Got a common problem? Find out how others solved it using OpenNMS. Got a weird problem? I can guarantee that someone at the conference will have a weirder one that they used OpenNMS to fix. The initial list of accepted talks is awesome and will only get better.

Fifth, a lot of the key people behind OpenNMS will be there as well (including yours truly) and so you can experience first hand what makes the OpenNMS community so special. Plus, since we don’t “unveil” new features, you can see first hand what is currently available in the development version of OpenNMS, including “big data” storage, new and improved graphing, elasticsearch integration and distributed polling via “minions”.

Finally, it’s a lot of fun. I can remember meeting Ian Norton during an OUCE several years ago. He had been forced to attend the conference by his (now previous) employer and was very unhappy about it. Not knowing who I was, he candidly ranted about issues he saw with the product. I assured him that we would work hard over the next two days to address them. Now he is one of our biggest supporters, and all it took was two days to “get it” and understand what makes OpenNMS so magical (in the interest of full disclosure, schnapps was involved).

In conclusion, if you are not using OpenNMS you are probably paying too much for a lesser solution. This may not be true in your particular case, but you should at least seriously investigate the possibility. It makes financial sense to do this at the Users Conference, even with travel expenses, plus you can see how real users, just like you, are getting the most value out of the tool. And even if you decide OpenNMS is not for you, you’ll have had some fun and can rest assured you did your due diligence when examining management options for your employer.

Hope to see you there.

Case Study: Why You Want OpenNMS Support

I wanted to share a story about a support case I worked on recently that might serve to justify the usefulness of commercial OpenNMS Support to folks thinking about it. As always, OpenNMS is published under an open source license and so commercial support is never a requirement, but as this story involves commercial software I thought it might be useful to share it.

We have a client that handles a lot of sensitive information, to the point that they have an extremely hardened network environment that makes it difficult to manage. They place a separate copy of OpenNMS into this “sphere” just to manage the machines inside it, and they have configured the webUI to be accessed over HTTPS as the only access from the outside.

Recently, a security audit turned up this message:


Red Hat Linux 6.6 weak-crypto-key
3 Weak Cryptographic Key Fail "The following TLS cipher suites use
Diffie-Hellman keys smaller than 1024 bits: *
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (768-bit DH key) *
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (768-bit DH key)" "Use a Stronger Key If
the weak key is used in an X.509 certificate (for example for an HTTPS
server), generate a longer key and recreate the certificate. Please also
refer to NIST's recommendations on cryptographic algorithms and key
lengths (http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
) ." Vulnerable

and they opened a support ticket asking for advice on how to fix it.

I had some issues with the error message right off the bat. The key used was 2048 bits, so my guess is that the algorithm is weak and not the key. The error message seems to suggest, however, that a longer key would fix the problem.

Anyway, this should be simple to fix. The jetty.xml file in the OpenNMS configuration directory lets you exclude certain ciphers, so I just had the customer add these two to the list and restart OpenNMS.

And then we waited for the nightly scan to run.

This fixed the issue with the TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher but not the first one. Nothing we did seemed to help, so I installed sslscan on my test machine to try and duplicate the issue. I got a different list of ciphers, and since openssl uses different name for the ciphers than Java, and it was a bit of a pain to try and map them. I couldn’t get sslscan to show the same vulnerabilities as the tool they were using.

We finally found out that the tool was Nexpose by Rapid 7. I wasn’t familiar with the tool, but I found that I could download a trial version. So I set up a VM and installed the “Community Edition”.

Note: this has nothing to do with open core, which often refers to their “free” version as the “community” version. Nexpose is 100% commercial. They use “community” to mean “community supported”, but it is kind of confusing, like when Bertolli’s markets “light” olive oil which means “light tasting” and not low in calories.

I had to fill out a web form and wait about a day for the key to show up. I had installed the exact version of OpenNMS that the client was using on my VM, so my hope was that I could recreate the errors.

First, I had to increase the memory to the VM. Nexpose is written in Java and is a memory hog, but so is OpenNMS, and it was some work to get them to play nice together on the same machine. But once I got it running, it wasn’t too hard to recreate the problem.

The Nexpose user interface isn’t totally intuitive, but I was able to add the IP address of the local machine and get a scan to kick off without having to read any documentation. The output came as a CVS file, but you could also examine the output from within the UI.

The scan reported the same two errors, and just like before I was able to remove the “TLS_DHE_RSA_WITH_AES_128_CBC_SHA” one just by excluding it in jetty.xml, but the second one would not go away. I found a list of ciphers supported by Java, but nothing exactly matched “TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA” and I tried almost all of the combinations for similar TLS ciphers.

Then it dawned on me to try “SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA” and the error went away. I guess in retrospect it was obvious but I was pretty much focused on TLS based ciphers and it didn’t dawn on me that this would be the error with Nexpose.

It was extremely frustrating, but as my customer was being beat up about it I was glad that we could get the system to pass the audit. While this was totally an issue with the scanning software and not OpenNMS, it would have been hard to figure out without the help we were happy to give.

It may not surprise anyone that a large number of OpenNMS support issues tend to be related to products from other vendors. Usually most of them can be classified as a poor implementation of the SNMP standard, but occasionally we get something like this.

Our clients tend to be incredibly smart and good at their jobs, but having access to the folks that actually make OpenNMS can sometimes save enough time and headache to more than offset the cost of support.

Welcome Costa Rica! (Country 28)

While I have never been able to personally visit Costa Rica (it is on my list) I am happy to announce that we now have a commercial customer from their, making it the 28th unique country for OpenNMS.

They join the following countries:

Australia, Canada, Chile, China, Denmark, Egypt, Finland, France, Germany, Honduras, India, Ireland, Israel, Italy, Japan, Malta, Mexico, The Netherlands, Portugal, Singapore, Spain, Sweden, Switzerland, Trinidad, the UAE, the UK and the US.

2015 O’Reilly Open Source Conference

I think this year marks the eighth OSCON I’ve attended. I’m not sure of that, but I am sure that every year I can meet up with a number of interesting people that I just don’t see elsewhere.

I used to get the conference pass so I could see the presentations, and while they tend to be of a very high quality, I often found myself spending most of my time outside of those rooms, either on the Expo floor or just sitting and talking, so this year I just got the Expo pass.

OSCON 2015 - Entrance

I have a love/hate relationship with OSCON. It seems to be skewed toward large companies, and this year was no exception.

I got to see the jugglers at Paypal:

OSCON 2015 - Paypal

(Note: Jason, who used to work with us at OpenNMS, is now at Paypal and so I get to hear about some of the stuff they are doing around open source it is pretty exciting).

and Microsoft was back with the photo booth:

OSCON 2015 - Microsoft

There were also some smaller companies in attendance. I had to go by and say “hi” to the Atlassian team as we happily use a number of their products to make OpenNMS happen, such as Bamboo and Jira:

OSCON 2015 - Atlassian

and it was nice to run into Chris Aniszczyk, the open source guy at Twitter.

OSCON 2015 - Chris Aniszczyk

I had not talked to Chris since last year’s OSCON and it was cool to learn that he’s doing well.

One thing I’ve been looking at for OpenNMS is the best configuration platform with which to integrate. It is hard to choose between Puppet, Chef, Ansible and Salt (and we should probably do all four) but if the choice was solely based on the friendliest staff Chef would probably win.

OSCON 2015 - Chef

I never did get the full story on what happened with their booth.

Right around the corner was the Kaltura booth with its incredibly shy and withdrawn Director of Marketing, Meytal:

OSCON 2015 - Meytal Burstein

She was also at CLS and our paths crossed a lot, and I’m certain I’ll run into her in the future. Oh, and if you want her opinion, you’ll have to drag it out of her.

(Note: some of the above is not true)

OSCON 2015 - CDK Global

It was also cool to see a booth for CDK Global. CDK was formed by merging Cobalt and ADP Dealer Services, and the latter uses OpenNMS. Sam (the guy in the middle) was also a Frontalot fan, so we got along well.

I spent most of my time off to the side of the Expo floor on a row I called the “Geek Ghetto”. These are booths that OSCON offers to open source projects and organizations. It was cool to see that it was almost always packed with people.

OSCON 2015 - Geek Ghetto

I got to talk to the team at the Linuxfest Northwest. This is one conference I have yet to attend but I’m going to make an effort to get there next year. I’m hoping to convince the Bad Voltage guys to come along and do a live show (they will be with us at the OUCE this September in Germany)

OSCON 2015 - Linuxfest Northwest

Next to them was a booth from the EFF. Maggie, who was at the anniversary show in San Francisco, was also doing booth duty at OSCON.

OSCON 2015 - EFF

I believe in what the EFF is doing so it was nice to get to talk with them.

Last year I spent a lot of time learning about Free Geek:

OSCON 2015 - Free Geek

and it was nice to chat with them again. If you are in a Free Geek city, you should get involved.

It was good to see a large number of women in attendance, although it was still not reflective of the population as a whole. One group working to change that is Chicktech:

OSCON 2015 - Chicktech

Note that my picture got photobombed by “Open Source Man”.

Also in the Geek Ghetto was the Software Freedom Conservancy, run in part by Bradley Kuhn and Karen Sandler. I think highly of them both and enjoyed the time I got to spend with them.

OSCON 2015 - Karen Sandler

Now, I should probably explain my shirt.

Bryan Lunduke is one-fourth of the Bad Voltage team. While I have known Jono Bacon for some time, I didn’t get to meet Jeremy Garcia or Stuart Langridge until this year’s SCaLE conference. I never got to meet Bryan. To be honest, a lot of these “meetings” happened in bars and Bryan doesn’t drink, and I did try to get his attention on the show floor but he obviously didn’t hear me.

Then I was on the Bad Voltage podcast talking about OpenNMS. This was an episode where Bryan was ill, so outside of signing in to say he couldn’t do the show, I didn’t see much of him.

Finally, we are planning on having Bad Voltage come out to the OpenNMS User’s Conference this September. Bryan is expecting the arrival of his second child, so he had to beg off.

Now I just see these things as coincidences, but the guys in the office suggested the real reason is that Bryan hates me. Jessica, our graphic designer, took the bait and made up a graphic, and my friend Jason at Princredible printed a few really nice shirts.

I wanted to meet up with him in Portland, but he was only at CLS the second day (I was there the first). He was at OSCON on Wednesday. I wandered around the Expo floor trying to find him but we could never meet up.

It started to become amusing. People would stop me and say “Bryan was just here looking for you”. After awhile I thought it might be even funnier if we never met, just circled each other at the conference and to this day we still haven’t stood next to each other (he and Jono did call me later in the day, but I had already left).

Anyway, if you think Bryan Lunduke hates you too, you can get a nifty shirt just like mine. Jason will take orders until 10 August. These are high quality shirts that are actually printed – the image is dyed into the fabric and not screened on top were it is likely to crack and peel.

OSCON 2015 - Jono Bacon

Speaking of Jono, he did an “Ask Me Anything” session and I was very eager to get some of the burning questions off my chest. Unfortunately, it was subtitled to limit the questions to things like “community management” and “leadership”. Mine were, to a fault, all obscenely biological.

I want to end this note with a picture of one of my favorite people, within or outside of open source, Stephen Walli.

OSCON 2015 - Stephen Walli

I usually only see him at OSCON, and while in his sunset years he has quieted down a bit (grin), I always welcome the time I get to spend with him.

Hope to see everyone in Austin in 2016, if not sooner.

Review: MC Frontalot with The Doubleclicks

Best OSCON after-party ever! – Satisfied Customer

Even though OpenNMS has been around for over 15 years now, a lot of people, including open source people, don’t know we exist. In an attempt to fix that, we’ve been experimenting with various marketing efforts, and in keeping with our mission statement of “Help Customers – Have Fun – Make Money” we also want them to be fun.

I have a love/hate relationship with the O’Reilly Open Source Conference (OSCON) but I can be assured that many of my friends who are into free and open source software will be there. This year I thought it would be fun to host a concert featuring MC Frontalot. Not only is his music awesome, it should appeal to many of the attendees. We lined up a venue (the amazing Dante’s) and an opening act, The Doubleclicks.

My one fear was that no one would show up, so I was relieved when I rushed from a previous meeting to Dante’s to find the place full, and by the time the show started it was packed.

Prior to setting this up, I had not heard of The Doubleclicks. Angela and Aubrey Webber are sisters who sing about geek things. Prior to the show I listened to a lot of their music, and since I was paying for this gig they even did one of my favorites, “This Fantasy World (Dungeons and Dragons)“. When they sang the lyric “and their primarily Windows-based computers” it got a big laugh.

The Doubleclicks

One thing we struggle with in the tech world in general and open source communities in particular is how to encourage more women to get involved. As a male dominated industry, women can face particular challenges. When The Doubleclicks sang “Nothing to Prove” I realized I couldn’t have asked for a better set list if I’d tried:

We read books, we played games, we made art, we watched Lost
We said things like “D20”, “shipping” and “Mana cost”
It felt good to be myself, not being mocked
Still self-conscious, though, we whispered things about jocks

But one day, you grow up, come into your own
Now geek’s not rejection – it’s a label I own
Then ignorant haters come to prove me wrong
Tell me I’m not nerdy enough to belong

I’ve got nothing to prove
I’ve got nothing to prove
I’ve got nothing to prove

This rang particularly true due to OSCON being hit with a “gamergate“-like attack for having Randi Harper speak. Considering the number of women at the show, I think we succeeded in promoting an all-inclusive environment.

After their great set, MC Frontalot and the band prepared to take the stage. This was the fourth Frontalot show I’d organized but the first with the band. The reason I hadn’t hired the whole band before was simple: it’s more expensive. Plus, from the videos I’d seen on the Intertoobz, I didn’t think they added all that much.

I was so wrong.

It’s hard to capture on video the energy these four gentlemen bring to the stage. The man driving the beat on drums is The Sturgenius (aka Sturgis Cunningham). Blak Lotus (aka Brandon Patton) is the whirling dervish on bass. I sat an watched him spin from stage left, often winding the cord to his bass around his legs and then unwinding it just in time to avoid tripping. Vic-20 (aka Ken Flagg) played wireless keytar, and while everyone was mic’d, turns out he has the voice of an angel and did the most duty on backup vocals.

MC Frontalot and Band

They played all of my favorites, such as “Critical Hit” and “Stoop Sale“, and while Front has always given 110% at my shows, being with the band brought out something more.

When I walked around OSCON inviting people to the show, a lot of people were psyched but I still got that weird “Nerdcore Hip Hop?” look from many. I don’t think that anyone who has seen them live could mistake them for anything other than truly original musical artists.

OCSON is moving to May and to Austin, Texas, next year, and my hope is to bring the band out again. And I do actually plan to write up my thoughts on OSCON itself, but as I got almost no sleep in the last week that will have to wait. The fourteen and a half hours I slept last night seemed to have helped a lot, though.

2015 OSCON MC Frontalot and Doubleclicks Party

I just wanted to post a short note about tonight’s concert.

WHAT: MC Frontalot and The Doubleclicks
WHERE: Dante’s, Portland, OR, USA
WHY: To give back to our Free and Open Source Software Friends, and to promote OpenNMS
WHEN: Doors open at 8pm, Doubleclicks sometime after 9pm, Frontalot around 10pm

If you are still reading, OpenNMS has been able to get Frontalot to perform at a number of Linux conferences, but this is the first time we’ve been able to bring out the whole band (2015 is shaping up to be a good year). So in addition to the man himself, we have Blak Lotus on bass, The Sturgenius on drums and Vic-20 on the key-tar. This promises to explode with awesomeness.

Since this is Portland, we wanted to get a local group to open and The Doubleclicks were kind enough to join us. They are the sister duo of Angela and Aubrey Webber, who will entertain with their particular brand of nerd folk. I was introduced to their work just recently, and I think it will be the perfect way to start the evening.

We also want to thank O’Reilly for continuing to produce OSCON. In many cases, it is the only time in a year where I get to see friends of mine in person, and they bring together all different type of people from the free and open source community.

Finally, last but not least is Dante’s itself. The venue was kind enough to let us schedule this free event there, and while I’ve never been, I’ve only heard great things. The only downside is that I’ve been told it is somewhat small. Since we are not selling tickets, I have no idea how many people are showing up, but from the feedback I’ve been getting from OSCON attendees, we’ll probably pack the place.

To guarantee you get to see the show, doors open a 8pm, but since some of you might still be enjoying OSCON events at that time, please note that the show won’t start until sometime after 9pm, so we hope you can make it.

Oh, if you do come and like it, please give a nod to @opennms as we are working hard to correct the fact that it is the greatest open source project you have never heard of.

See you there.

Solution for One Trackpad Issue for the XPS 13

My new laptop is the beautiful new Dell XPS 13 running Ubuntu Gnome 15.04.

It is not perfect, but it is getting close. Lightweight, beautiful screen and awesome battery life (nearly 8 hours the way I use it).

One thing that was killing me, though, was that after a certain amount of time (on the order of tens of minutes and not hours), the trackpad/clickpad thingie would start misbehaving under Gnome Shell, registering bogus clicks. There wasn’t an easy way to fix it outside of a) reboot or b) use an external mouse.

It seems that this issue has been addressed in the 4.1 kernel, so I decided to try it. I’m not sure if Ubuntu is going to support the 4 kernel series officially before 15.10 so I didn’t want to wait.

I downloaded the 4.1.1 kernel here (you’ll need three debs: the “all” headers deb and the image and headers debs for your CPU – I used “generic” and “amd64”), installed them with “sudo dpkg -i” and rebooted. The problem seems to be fixed.

But, my Broadcom wireless driver wouldn’t work. I had to download one more deb from here (via my phone – never play with kernels when you are on a long road trip), install it and now wireless is back.

Now if we could just get palm detection fixed …

2015 Community Leadership Summit

I’ve been working full time with open source software for fourteen years, and I can remember a time when we were pretty much making everything up. No one had experience with this market which most of us now take for granted, and there were a lot of questions about dealing with an open source “community” versus paying customers for open source related software and services.

Out of this arose a role, for lack of a better word, called a “Community Manager”. It doesn’t quite fit since “manage” isn’t accurate. It is hard to apply old school management techniques to a group of sometimes anonymous volunteers, many of whom you might only know by a name such as “Zaxxon476”.

One of the first people to document this role was Jono Bacon. He was one of the leaders of the Ubuntu community, one of the larger of such communities in existence. He wrote a book called The Art of Community and he also founded the Community Leadership Summit (CLS) which meets the weekend before OSCON. Due to scheduling I have never been able to be there, but OpenNMS has been a sponsor every year it has been around.

CLS - Sponsors

This year I was finally able to attend, and I wasn’t disappointed. A large, eager group of people showed up, and I really enjoyed the diversity. Not only were women strongly represented (in both attendees and session leaders) there were many people from outside of the United States.

Jono kicked off the conference:

CLS - Jono Bacon, the delicious meat

with help from another amazing fellow, Stephen Walli:

CLS - Stephen Walli, the other white meat

The format was in the “unconference” style, meaning that the attendees set the agenda. After an initial group of planned 15-minute presentations, those people wanting to host a session would write a short description on a card, get up in front of everyone and announce the session, and then go post it on a large schedule “wall” in the main hallway.

I’ve been to a number of such conferences but rarely seen such participation levels. We actually ran out of Saturday spots, but in the true cooperative style a number of people were able to combine sessions so I think it all worked out.

CLS - Schedule

The whole event had a really good vibe. It wasn’t just open source people, either. The “open source way” can be applied to a number of different fields, and it had to be stressed that in any given session you couldn’t make assumptions about the open source knowledge of the people in the room. One woman discussed how she was dealing with mental illness, and an on-line community was key to her becoming healthy. Another woman was discussing how concepts from the formal study of psychology could be applied to make communities stronger. Even proprietary companies such as New Relic were there because the user community has become key to the success of almost any technology endeavor.

I got to make new friends and catch up with old ones, so I have to admit like many conferences I spent more time chatting in the hallway than in actual sessions (as some of those session were in the hallway, I had to be reminded that my voice carries. Ooops and sorry).

For high school I went to the North Carolina School of Science and Mathematics, and I constantly run into alumni in this field. OpenNMS’s own Seth Leger went there, as did Spot Callaway and Gina Likins from Red Hat. I got a cute picture of Gina (pronounced “Jenna”) with Ulf.

CLS - Gina Likins

It looks like the second day might even be stronger than the first, but unfortunately I won’t be able to make it. As OSCON is moving to Austin next year, it will be interesting to see how that changes CLS, and I plan to make every effort to be there.

The EFF Turns 25

In 1990, when the Internet was much smaller and slower than it is today, a bunch of forward-thinking people realized that this new technological wonder would create some unique issues for our society, and they formed the Electronic Frontier Foundation to protect people from its negative effects.

I can’t remember the first time I got involved with the EFF, but for years I’ve followed their efforts and cheered them on. Before I wore it to shreads, my “Protect Bloggers Rights” T-shirt was one of my favorites, and I still carry my passport in an EFF-badged wallet that blocks RFID transmission.

Earlier this year, the animator Chad Essley auctioned off the chance to be added to his video for the MC Frontalot song “Shudders” with all proceeds going to the EFF. The result was that the OpenNMS mascot Ulf gets a few seconds of much deserved fame and I got an invitation to the EFF’s 25th anniversary party.

I wasn’t going to make it (I don’t live in the Bay Area) but when I decided to attend this week’s Community Leadership Summit followed by OSCON up in Portland, it turned out that it wasn’t much more expensive to fly here first before heading up to Oregon. I know several people in the area and I figured I could find something to do before the party, but then the EFF created a half-day “minicon” so I decided to attend that as well.

EFF - DNA Lounge

The minicon consisted of three panel discussions. It was held at a nightclub called the DNA Lounge and when I got there just before noon the line to get in was already stretching down the block. When I did get in, there was a stage set up for the panels (a moderator’s podium and a table with four chairs for the panelists) as well as two banners describing what the EFF does.

EFF Banner

I thought the left one was pretty succinct: Free Speech, Privacy, Innovation, Transparency, Fair Use, International. Yup, that about covers it.

I didn’t take any pictures of the attendees (this group does attract a contingent from the “black helicopters” crowd) so while I probably had the right to take pictures as part of a public gathering it would have been rude. It was nice to see a fairly even split between men and women, and for once I wasn’t the oldest person in the room. It was mainly Caucasian and Asian faces that I saw (hey, that’s pretty much Silicon Valley) and I did see people with colorful hair (bright pink, electric blue, etc.) That part was similar to the open source conferences I attend, but there wasn’t a single utilikilt. The vibe was also different. Whereas FOSS conferences also attract technical people with a strong libertarian bent, this crowd included a lot more people concerned with social activism.

Which brings us to the first panel: Activism.

EFF - Panel 1

Not only does the EFF identify threats to liberty brought on by new technology, one of their pillars is to mobilize people to effect change, so this panel discussed ways to more effectively do just that. Should you call your Congressional Representative or e-mail them? Is publicly tweeting about them better than a private correspondence? One panelist commented on the fact that you can’t A/B test reality so it can be hard to determine the best action. Plus, if a particular effort is successful, such as with SOPA, the bar is set high for the next one, which can cause its own problems.

It was the first time I had been introduced to Annalee Newitz, and I really liked her comments. Yet another person to follow on the Twitters.

They also announced a project by Sina Khanifar called democracy.io which is supposed to make it easier for people to contact those in government.

The second panel focused on Copyright.

EFF - Panel 2

I am not an anti-copyright person. Copyright law is what makes free and open source software possible. However, it is obvious that it is broken. As a process created to mainly protect things like the written word, it doesn’t lend itself well to computer code. Plus, some copyright holders have a track record of abuse. I’ve even experienced it in such things as bogus DMCA takedown notices.

Part of this discussion focused on the concept of “fair use”. If I am given something or I pay for something, does the person from whom I got that something have a right to set limits on what I can do with it? It’s a tricky question. If I use someone’s song in a television commercial, it seems obvious that I should have to pay the owner of that song, especially since it may imply that the creator of the music endorses my product or service. But what if I invite 30 people over for a party and put on some music? Does that count as a “public performance”? It’s tricky.

The EFF is very concerned with transparency, and quite naturally has issues with secret negotiations such as the Trans-Pacific Partnership agreement (TPP). Proponents of keeping trade negotiations secret will claim that they don’t want the discussion to disrupt markets. For example, if the discussion was about whether or not to place tariffs on corn exports, whether or not they would actually come about, this could cause undue fluctuations in the market for corn.

As one of the panelists noted: Copyright is not corn.

The TPP has a focus on intellectual property rights which will have far reaching repercussions for users of technology. Without oversight, the government’s zeal to protect, say, the movie and music industry, may result in actions that are detrimental to end users. People in government don’t tend to have strong technical experience, so it is important that these discussion take place in the open.

Privacy was the topic of the final panel.

EFF - Panel 3

This panel included Bruce Schneier. This was the first time I had seen him speak, and I was not disappointed. One of the questions was to predict privacy challenges due to technology 25 years from now. Bruce pointed out that it was harder to predict the impact of new tech on society than the tech itself. For example, we now have flying robots that kill people. On the one hand this is very frightening, and on the other hand, in a way, it is really, really cool.

He was referring to drones of course, and I couldn’t help but think of the trauma some drone operators are now facing even though they are thousands of miles from actual combat. Tech has also created an “interrupt driven” culture that may be fostering short attention spans. Heck, I’ll be surprised if even one of my three blog readers makes it this far in this long post, and we’ve had to come up with tags like “TL;DR” to deal with things like this. I can’t imagine what changes this will bring about in 25 years.

I was also impressed by panelist Parisa Tabriz. She is the “Security Princess” at Google and a solid public speaker. She pointed out that at Google they sometimes struggle with security versus privacy, in that certain security tech can leave a fingerprint that might weaken anonymity.

It is hard to talk about Google without bringing up Apple, and it was pointed out that Apple fails miserably on the transparency front but does do a good job when it comes to privacy. The argument goes that since Apple makes money on hardware (compared to Google’s model) they have less motivation to look at their users’ data. It would have been nice to have someone from Apple on the panel, but I’m not sure if they were asked. I did ask the EFF via a tweet, but didn’t get a response.

While most panel discussions suck, I enjoyed these, and I’m glad I went. The minicon ended around 4pm and since the party didn’t start until 8pm I decided to head back to the hotel, work on some e-mail and take a nap.

That was a mistake.

When my alarm went off at 7pm, I was so tired I considered blowing off the party entirely. I decided to go because Maggie had managed to find another RFID blocking passport wallet, as my EFF-branded one is pretty tattered, and I need another. It doesn’t have the EFF logo on it, but I hope they make more in the future.

EFF Passport Holder

My passport has had RFID technology embedded in it for years, but in all my travels it has never been legitimately accessed. It is just another example of technology being chosen because it exists without a firm plan on how to use it. I like knowing that I now can chose when to enable it or not (and yes, I know I could nuke it in the microwave but I’m not ready to go that far, yet).

Another thing I wish the EFF would do is advertise more about Amazon Smile. If you shop on Amazon Smile you can choose to have a portion of your purchase benefit a specific organization. It doesn’t cost you anything, and while I can’t find an actual total, since I shop on Amazon a lot I feel that I’ve probably sent a significant amount of money to the EFF. Of course, I can’t imagine that they are happy with things like Amazon Echo, so perhaps there is a conflict of interest, but I still wanted to make people aware of it.

EFF - Party Stage

So, I grabbed an Uber, went to the party, met Maggie and got my new passport holder. I then made a pass around the club but didn’t really feel comfortable. These were my people but then again not my people. It was obvious many knew each other, and while I’ve never been one to have a problem with a room full of strangers (in most situations I make new friends) the environment was pretty loud and not conducive to conversation. I just didn’t have the energy so I left.

This means I missed seeing Wil Wheaton and Cory Doctorow, two more people I’ve never seen in person but would like to one day. From social media it seems like it was a good time, but I just wanted to grab some dinner and sleep.

EFF - Wil Wheaton

Overall, I had a good time with the EFF. It is rare that I agree with everything even people I like do, but I can’t think of something the EFF has done in the last 25 years that bothered me or pissed me off. It is one of the few organizations that I regularly donate to, and I plan to leave them some money in my estate (if there is any left, I also plan to live for another 100 years and die after I’ve spent my last dime). If you haven’t supported them yet, I’d like to suggest that you do so.

Today I’m off to Portland for the CLS and OSCON, and these really are my people. I’ll let you know how it goes.