DORS/CLUC 2013

On May 15, 2013 by Željko Filipin

Day One

I think this is the first time I am doing live blogging. I am at DORS/CLUC 2013 conference. Coming to the conference, I was reminded how much I enjoy working from home. I have spent half an hour in a bus that was slowly crawling through the rush hour.

I got conference badge and a bag of marketing material that I will recycle as soon as possible. The t-shirt looks nice but low quality. I have found a nice place to sit with power cord nearby (there is really a lot of power cords around) and started the day. Looks like the venue has only open wireless so I have decided to use wireless tethering from my phone.

The conference is single track, my preferred number of tracks. I was surprised to see that there are no pauses between most of the talks. From my experience, there should be at least 5 minutes between talks.

DORS CLUC 2013 1

President of Croatia, Ivo Josipovic. (DORS/CLUC 2013 photo gallery hosted at Wikimedia Commons.)

This is 20th DORS/CLUC, so even the president of Croatia arrived. I do not usually go to conferences with such high profile guests. I have noticed unusual amount of the police outside of the conference venue. I even got my backpack checked when entering the conference room.

Introductions

The conference started with a few short talks from conference organisers. More interesting than I have expected. It was funny to hear everybody thanking the president for coming. I am really not used to such things.

The president had a really short and interesting talk, noticing a lot of people wearing jeans in the audience. He gave Open informatics award to Linux Za Sve (Linux for everybody) site. He left shortly after so the conference will probably continue in the usual casual way.

Karel De Vriendt: Interoperability, Enterprise Architecture and Public Procurement

Nothing much to say about it. It was not boring, but it was not really interesting to me too. Too long for my taste.

Darko Paric, Kristijan Zimmer: About work group for open source and open standards implementation

About the situation in the government. Looks like things are moving. They are implementing something similar to GOV.UK. Pilot projects for the future are increased usage of Open Document Format, moving to open solutions in general, translations of free software and similar.

Really interesting question from the audience came about the domain gov.hr. “gov” is the first three letters of Croatian word “govno”, shit. The answer was that it would be even funnier if the domain was gov.no. There were other really good questions, but unfortunately there was little time for the answers.

As I suspected, not having any buffer between talks lead to delays, about 30 minutes. There goes coffee break. I do not drink coffee, but I do need a break. I am not used to sitting still for such long time. There was time for a short break, after all.

Karsten Gerloff (Free Software Foundation Europe): All watched over by machines of loving grace?

He started with reading a poem. A thought he mentioned a few times during his talk is: general purpose computer is one that can do things it was not designed to do. He talked a lot about freedom and ended it saying: “Take the power back!”

Matija Šuklje (Free Software Foundation Europe): FSFE Legal and the Legal Network: what we do and how we can help you

He had a really short introduction on what they do and then started taking questions.

One of the questions was: “I wrote some code and put it on Github, what do I need to do to make it open source?” If you do not have any license, by default it is copyrighted. Just adding a license file could be enough, but it would be better to have a short comment at the top of every file pointing to the license.

Comment from the audience: “There are a lot of open source licenses, about 200.” There are even a few funny ones, like WTFPL or Chicken Dance License. A lot of licenses are there for historic reasons, or because every project or company wanted to have a license, just because they could.

“What to do if somebody violates your open source lincese?” If you have used BSD or MIT license, there is nothing to do. If you have used a stronger license, you can go to court with copyright violation. Good thing would be to stick with a license that is already tested in court, like GPL. FSFE can help you find a lawyer. Really interesting discussion.

Marko Rakar (Association Windmill): Two times more in a half of a less in public IT

DORS CLUC 2013 4

Marko Rakar (DORS/CLUC 2013 photo gallery hosted at Wikimedia Commons.)

I was really looking forward to the talk. He talked about the state of hardware and software in our government and how he managed to decrease the number of servers in a ministry server room from 50 to 4. It could be further reduced to 2 with OS upgrade. Another story was about configuring multi purpose machine to scan papers and send them via e-mail. Yet another story was about JOPPD form. It would simplify calculating taxes, making life simpler. The problem is that different government agencies never really collaborated, and it is hard for them to start doing it now. He mentioned software written in seventies that is still in use today and nobody dares to touch it, of course. The theme of the talk was how to do more with less, something that everybody is looking for.

Because the digital certificate law was written by translating it from German, a mistake was made during the translation and as a consequence no digital certificates are valid in Croatia. It should be fixed soon, or it is already fixed, I am not sure.

There was a question would there be an API for JOPPD form? The answer was no. Marko continued talking about APIs and problems with implementing them in the government.

Lightning talks – free and open source communities in Croatia

After lunch the conference continued with lightning talks presenting smaller local open source communities: Linux Za Sve (leading local Linux portal), Slobodan softver Hrvatska (free software Croatia), SOK (sustavi otvorenog koda, open source systems), OpenStreetMap Croatia, Ubuntu-hr, Blender.hr. Nobody came from Sinbad and Drupal groups (and I could not find their sites).

Round table: “Internet of things”

DORS CLUC 2013 6

Round table. (DORS/CLUC 2013 photo gallery hosted at Wikimedia Commons.)

Moderator (Milan Rajacic, HULK) said the trend is to connect everything to the internet. The number of machines connected to the internet is bigger than number of people at the planet. That was in 2008, by he way. The number is way bigger now. The first panelist (I have forgot the name) talked about the cost, benefits, ease of use and drawbacks (loss of privacy, for example) of everything being connected. The internet of things is already here, he said.

The second panelist, Dobrica Pavlinusic, talked about hardware, Raspberry Pi, BeagleBone, Cubieboard and Arduino.

The next panelist, Robert Sedak, talked about Arduino and how to develop code for it. There is a GUI that is simple enough that kids could learn how to write code for traffic light in about an hour. Impressive. He also mentioned Arduino designed in Croatia, Croduino.

Somebody from the audience asked about robot kits and the panelists have mentioned multiplo, Seeed Studio and LEGO.com MINDSTORMS.

The final panelist (lost the name again, sorry) talked about Zipato smart home control, the idea, the implementation and how to use it. They also have GUI language inspired (or based on) Scratch. Dobrica asked about the problems and challenges. The biggest hardware problem is lack of production of hardware in Croatia and in the near. It is faster and cheaper to get the hardware from China.

During the break I have tested connecting my laptop to the projector. I have a talk tomorrow, so I wanted to make sure there are no technical problems.

Ivan Turcin (IBM): 4987 days after – Consolidation regardless on IT infrastructure size

I think this was the only sponsored talk. He talked about System z and Linux on System z. He tried to convince the audience that IBM solutions are actually cheaper. I have no idea how such big projects work, but I could hear people sitting around me saying they are not convinced.

Zoran Babic and Mila Kokotovic: Teachers’ and students’ digital competencies development project, first results

The project is about teaching kids in school how to use open source software. Both kids and their parents loved the pilot projects during Christmas and spring breaks.

Zlatko Papeš: Open healthcare in Croatia

He talked about using open source software in healthcare.

Andrej Dundovic: Crisium Code – free software in tourism promotion.

As far as I understood it, it is Python web application that generates QR codes.

Samuel Picek: Multipoint WebRTC (Web Real-Time Communication)

He started the talk with showing a video stream of audience. He explained problems and solutions trying to implement something like Google Hangout. The question from the audience was is it supported in browsers. It is supported in Chrome (and it has a lot of market share). It should be implemented in all major browsers by the end of the year. Really interesting talk.

Alex Malinovich (GitHub): GitHub – About company and selling to tradional companies.

I am not sure if there is a bug in the schedule, or the talk is really 60 minutes. I think that is the longest talk of the day. He said a few sentences in Serbian and then switched to English. The talk is about GitHub Enterprise. GitHub Enterprise uses the same code base as GitHub.com. They take dogfooding really seriously. Not only they use GitHub every day, but every GitHub developer has to pay for GitHub every month (micro plan, $7/month). It is a way of testing the billing. The talk was about selling GitHub Enterprise. It was more interesting than I would expect from a sales focused talk. Then he talked about how to apply the lessons they have learned selling GitHub Enterprise to selling your own product.

Igor Švarc (FOI): Accessibility revisited – new interfaces and new challenges

The last talk. Igor is blind. I think this is the first time I have listened to a talk given by a blind person. I am not sure why he had the talk in English, since he is Croatian, but his English was good enough so that was not a problem.

He started by talking about accessibility (or a11y) in general. He mentioned screen readers, speech synthesizers, braille displays. Then he talked about Linux a11y: AT-SPI, Orca, Speakup, eSpeak, Festival, SpeechHub, MBROLA and BRLTTY. Accessible Linux desktops are GNOME (GNOME 2 was accessible, but GNOME 3 was not until GNOME 3.4), Unity, Xfce, LXDE and Enlightenment. Linux distributions targeted to blind people are Vinux and Sonar. Mainstream distributions that care about a11y are openSUSE, Fedora and Arch.

A question from the audience was: “Is Linux more or less accessible than other operating systems?” Linux, Windows and Mac OS all rely on their accessibility platforms. Mac OS has accessibility built in. There was a question: “Are web sites accessible?” I have asked if he can work on a computer by himself, or does he need help in everyday tasks. (I was surprisingly nervous when asking the question. I felt my hart pounding like crazy. It will be fun giving the talk tomorrow.) Unfortunately, none of the answers were clear to me. I do not think he answered any of the questions.


Day Two

DORS CLUC 2013 10

Branko Radojevic’s talk from backstage. (DORS/CLUC 2013 photo gallery hosted at Wikimedia Commons.)

A slightly smaller room today.

Karsten Gerloff (Free Software Foundation Europe): Breaking chains, building bridges: The Free Software Foundation Europe

What does The Free Software Foundation Europe do? Public awareness projects, like running campaigns: Document Freedom Day, Free Your Android!, PDFreaders.org; talks on software patents, competition (making sure that free software projects can compete in the market), open standards, public procurement… Need legal help? Developers of free software get legal advice for free.

The last part of the talk was brainstorming with the audience on main issues for Free Software in Croatia. Some identified issues were: funding for projects, support, education, trust in Free Software licenses & help with licensing, awareness of Free Software, procurement: procurers believe that proprietary solutions are cheaper than Free Software.

Ivo Lukac (NetGen): Building a successful Enterprise Opensource product: eZ Publish CMS as an example

Not all software that we need today could be written for free (as in beer), since we need a lot of software. Somebody needs to earn money making open source software. There are a few big companies that earn money on open source, for example Red Hat and Automattic. He also talked about eZ Publish CMS and it’s history. It has community and enterprise versions. 90% of the revenue comes from enterprise subscriptions. There is also an active community.

Should you release your core software as open source or not? It is a hard decision to make, especially if you want to earn money selling it. There are severals risks: forks, commoditization, conflict with implementation partners, license risks. If you can not build the community, then there is no point in open sourcing a piece of software. Good documentation is crucial. The project should be developed at consistent pace. Partners need to have good incentive to be a sales channel and/or contribute back.

Nikola Stjelja (Penta Id Sistemi): Opensource in the .NET ecosystem

Nikola was not there (strange, right?) so we had a long break.

Bojan Mrkobrad (Altus-IT): MooseFS – Distributed file system

Altus-IT is leading data center in Croatia. They also provide cloud services. For cloud they use KVM, VMware, MooseFS… He talked how MooseFS is implemented in general and how they use it. Mostly boring.

Igor Vuk, Vedran Živicnjak (Nimium): Red Hat storage

Igor Vuk started the talk. Red Hat storage is scale-out storage (as opposed to scale-up storage). It is used for private, public and hybrid cloud. It is used for unstructured and semi structured data (multimedia, backup, file sharing…). One of the technologies it uses is GlusterFS distributed file system. It’s components are node, brick and volume.

Vedran Živicnjak continued the talk. The underlying operating system is Red Hat® Enterprise Linux®. He showed how to use Red Hat storage from the command line and using RHS Console. Supported hardware is the usual commodity hardware. Companies that use RHS: Pandora (redirects me to pandora.com/restricted :( ), Brightcove and NASA – Mars Science Laboratory, the Next Mars Rover.

Nenad Merdanovic (Crossvallia): MySQL cluster is web scale

He explained how MySQL cluster works, and mentioned where it works the same as MySQL and where it works differently. The documentation says one billion transactions per second, but his experience is that the performance is not so good. The conclusion was “one does not simply scale writes”. His experience with MySQL cluster were bad, there were a lot of problems.

Similar product is Postgres-XC but it works as bad as MySQL cluster. Another one is Percona XtraDB Cluster (Galera). This one could be useful.

Conclusion: If you are a sysadmin, you should not be doing databases. If you are a database administrator, do not even think about this. If you are a programmer, you do not know shit about database design. Read the documentation, think and use Percona/MariaDB.

Branko Radojevic (CARNet): Sys.backup – centralized open source backup system for CARNet’s members

He started by asking do we need backup at all. He split the users into three groups, end users (that use Facebook, Dropbox, Google Drive…), cloud providers (they should take care of our data, we are not sure if the data is safe there, how private it is) and traditional users (non cloud users, companies, they have to take care of their data). CARNet is between cloud provider and traditional users, and their users are traditional users.

It all started in 1992 with the first internet connections (gopher, e-mail). The amount of data was small and the data was not really important. In 1994 CARNet pushes institutions towards internet usage (web, e-mail). The first servers are ordered. In 1997 the usage of internet services increased. CARNet acquires servers for itself and other institutions. The backup was on tape. There was no automation, everything was manual. Today all institutions have they own commodity hardware.

They use IBM hardware and Bacula open source software. The data center is in Osijek, since earthquakes are rare there. The data is stored in the central location, it is encrypted and the user has the only key. They do backup for 51 server and they host about 3 TB of data. They use CARNet Debian distribution.

Željko Filipin (Wikimedia Foundation Inc.): How MediaWiki, software that runs Wikipedia, is tested

DORS CLUC 2013 9

The audience just before my talk. (DORS/CLUC 2013 photo gallery hosted at Wikimedia Commons.)

I was pretty happy with my talk, I have covered almost everything I wanted to say, but it was ten minutes too long. I have to practice more. Surprisingly, compared to yesterday when I just asked a question, I was less nervous during the talk. I have wrote a blog post documenting the talk.

Hrvoje Matijakovic (Percona): How to solve MySQL problems with 5 Percona Toolkit tools

The talk title says it all. And I needed a few minutes to recover from my talk. (And to upload the first photos today.)

Jakov Šošic (SRCE): Puppet – resource management automation

Automation is replacing human labor with automated systems. People do not like to do the same thing over and over, not to mention that we are all somewhat lazy. In the past, the majority of the people were working on the land, then introduced animals and then machines.

Two types of computer automation: pull (Puppet, Chef, Cfengine) and push (MCollective, Capistrano, c3-powertools). Puppet has big user base. It is doing configuration management. He showed and example file and package definition. What Puppet can help you with? To install and configure a service, to install LAMP stack, server reinstallation, server documentation… There are problems in introducing Puppet. The bigest one is that people do not want to learn a new tool, the price for initial implementation is high, it is hard to implement it in heterogeneous environment, security (if master server is compromised, for example).

Puppet script is about 3 times longer to develop than doing the same task manually, but in the long run it saves the time.

Marian Marinov (1H Ltd.): Automate your car and home with open source

During the pause and this talk I was handing out t-shirts, pens, stickers, badges and talking with people about my talk and related things. Marian drove for 8 hours from Bulgaria to give the talk. He got probably the biggest applause. Unfortunately, I have missed almost the entire talk.

Dobrica Pavlinušic (HULK): GNU/Linux on ARM for 50-100 USD

Dobrica always has interesting talks. I was looking forward to it. He usually talks about hardware, not my favorite topic, but he is really good speaker. The goal of the talk is to get unbrickable device that you can install a normal Linux distribution on. He mentioned Raspberry Pi ($35), Cubieboard ($55), MK808 ($42), GK802 ($89) and UDOO ($109/$129).

Vlatko Košturjak (Diverto/HULK): Opening closed code

People push source code to web sites by mistake. It is easy to find such repositories using Google. He mentioned a few tools that could help you, DVCS-Pillage and his tool dvcs-ripper.

Tonimir Kišasondi (Faculty of organization and informatics): Security tips and tricks, part 0×01

The last talk of the day and the last talk of the conference. The talk started with Advanced persistent threat (APT). You should tighten up your attack surface. Trends: automated scanners / script kiddie hack tools keep getting better and more effective, and there is black market for it. He suggested to disable Java and mentioned istherejava0day.com, but java-0day.com looks interesting too.

Time to patch a server is 48 days for internal servers, 19 days for external servers. He mentioned Linux/Cdorked.A.

Tips: do not wait for compromise to happen (prepare for the worst: backup, backup, backup…); Use rootkit detectors rkhunter and chrootkit (monitor the logs); password security is important, ssh keys for remote logins are better than username/password; Fail2ban, Sshguard.

Attacks are getting more and more targeted.

Good baselines are Information Assurance Guidance – NSA/CSS, OWASP, CIS Security Benchmarks, Google is your friend.

He ended the talk saying we should educate yourself and your users, prepare your systems.

Trackbacks & Pings

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>