[personal profile] mjg59
This is currently the top story on the Linux subreddit. It links to this Tweet which demonstrates using a System Management Mode backdoor to perform privilege escalation under Linux. This is not a story.

But first, some background. System Management Mode (SMM) is a feature in most x86 processors since the 386SL back in 1990. It allows for certain events to cause the CPU to stop executing the OS, jump to an area of hidden RAM and execute code there instead, and then hand off back to the OS without the OS knowing what just happened. This allows you to do things like hardware emulation (SMM is used to make USB keyboards look like PS/2 keyboards before the OS loads a USB driver), fan control (SMM will run even if the OS has crashed and lets you avoid the cost of an additional chip to turn the fan on and off) or even more complicated power management (some server vendors use SMM to read performance counters in the CPU and adjust the memory and CPU clocks without the OS interfering).

In summary, SMM is a way to run a bunch of non-free code that probably does a worse job than your OS does in most cases, but is occasionally helpful (it's how your laptop prevents random userspace from overwriting your firmware, for instance). And since the RAM that contains the SMM code is hidden from the OS, there's no way to audit what it does. Unsurprisingly, it's an interesting vector to insert malware into - you could configure it so that a process can trigger SMM and then have the resulting SMM code find that process's credentials structure and change it so it's running as root.

And that's what Dmytro has done - he's written code that sits in that hidden area of RAM and can be triggered to modify the state of the running OS. But he's modified his own firmware in order to do that, which isn't something that's possible without finding an existing vulnerability in either the OS or (or more recently, and) the firmware. It's an excellent demonstration that what we knew to be theoretically possible is practically possible, but it's not evidence of such a backdoor being widely deployed.

What would that evidence look like? It's more difficult to analyse binary code than source, but it would still be possible to trace firmware to observe everything that's dropped into the SMM RAM area and pull it apart. Sufficiently subtle backdoors would still be hard to find, but enough effort would probably uncover them. A PC motherboard vendor managed to leave the source code to their firmware on an open FTP server and copies leaked into the wild - if there's a ubiquitous backdoor, we'd expect to see it there.

But still, the fact that system firmware is mostly entirely closed is still a problem in engendering trust - the means to inspect large quantities binary code for vulnerabilities is still beyond the vast majority of skilled developers, let alone the average user. Free firmware such as Coreboot gets part way to solving this but still doesn't solve the case of the pre-flashed firmware being backdoored and then installing the backdoor into any new firmware you flash.

This specific case may be based on a misunderstanding of Dmytro's work, but figuring out ways to make it easier for users to trust that their firmware is tamper free is going to be increasingly important over the next few years. I have some ideas in that area and I hope to have them working in the near future.

Day of doing responsible things

May. 24th, 2015 07:30 pm
badgerbag: (Default)
[personal profile] badgerbag
This was my day!

Notary for passport form
handed off noisebridge docs
got z. his package
put all the jars of coins in the garage ready to be coinstarred
got my data off an old laptop onto a 1TB hard drive
hired a guy to come move the fridge and the kids' bunk bed
mopped behind fridge
scrubbed out freezer
bought cleaning supplies to scrub freezer etc
cleaned out the kids' beds, which were nastily full of trash, dust, cables, old socks
gathered up 5 loads of laundry
mailed c. to ask her to come do all the laundry tomorrow
ordered new checks
paid bills
threw away a lot of papers
looked for a.'s keys (failed to find)
looked for m's wallet (also failed)
z. came over
the guy who is treasurer for NB came over
a. came back home from her mom's and i fed her dinner
emailed people about work thing, worked a bit

A very responsible day. I think I did too much scrubbing and walking. I laid down in between doing everything at least. The house still overwhelmingly has crap all over the place.

I am trying to look for some WisCon posts and reading a bit of the tweets but am just too domestically overloaded to feel engaged.

The fabulous bit of the day is that I did get a lot of my old data. WHEW.

OMG james rhodes

May. 23rd, 2015 09:26 pm
badgerbag: (Default)
[personal profile] badgerbag
Listening to how he plays piano, blowing my mind. He makes glenn gould sound like a soulless prancing robot pony. I am listening again to beethoven sonata in d major (pastoral) which i played the hell out of in high school (painfully learning bar by bar so i know it really well to listen to) and rhodes is so brilliant with it that I am feeling embarrassed for my attempts to emotionally interpret it. crap! he plays bach so well i'm in tears! good stuff.

Liberty OpenStack Summit days 3-5

May. 23rd, 2015 07:15 pm
pleia2: (Default)
[personal profile] pleia2

Summiting continued! The final three days of the conference offered two days of OpenStack Design Summit discussions and working sessions on specific topics, and Friday was spent doing a contributors meetup so we could have face time with people we’re working with on projects.

Wednesday began with a team breakfast, where over 30 of us descended upon a breakfast restaurant and had a lively morning. Unfortunately it ran a bit long and made us a bit late for the beginning of summit stuff, but the next Infrastructure work session was fully attended! The session sought to take some next steps with our activity tracking mechanisms, none of which are currently part of the OpenStack Infrastructure. Currently there are several different types of stats being collected, from reviewstats which are hosted by a community member and focus specifically on reviews to those produced from Bitergia (here) that are somewhat generic but help compare OpenStack to other open source projects to Stackalytics which is crafted specifically for the OpenStack community. There seems to be value in hosting various metric types, mostly so comparisons can be made across platforms if they differ in any way. The consensus of the session was to first move forward with moving Stackalytics into our infrastructure, since so many projects find such value in it. Etherpad here: YVR-infra-activity-tracking


With this view from the work session room, it’s amazing we got anything done

Next up was QA: Testing Beyond the Gate. In OpenStack there is a test gate that all changes must pass in order for a change to be merged. In the past cycle periodic and post-merge tests have also been added, but it’s been found that if a code merging isn’t dependent upon these passing, not many people pay attention to these additional tests. The result of the session is a proposed dashboard for tracking these tests so that there’s an easier view into what they’re doing, whether they’re failing and so empower developers to fix them up. Tracking of third party testing in this, or a similar, tracker was also discussed as a proposal once the infra-run tests are being accounted for. Etherpad here: YVR-QA-testing-beyond-the-gate

The QA: DevStack Roadmap session covered some of the general cleanup that typically needs to be done in DevStack, but then also went into some of the broader action items, including improving the reliability of Centos tests run against it that are currently non-voting, pulling some things out of DevStack to support them as plugins as we move into a Big Tent world and work out how to move forward with Grenade. Etherpad here: YVR-QA-Devstack-Roadmap

I then attended QA: QA in the Big Tent. In the past cycle, OpenStack dropped the long process of being accepted into OpenStack as an official project and streamlined it so that competing technologies are now all in the mix, we’re calling it the Big Tent – as we’re now including everyone. This session focused on how to support the QA needs now that OpenStack is not just a slim core of a few projects. The general idea from a QA perspective is that they can continue to support the things-everyone-uses (nova, neutron, glance… an organically evolving list) and improve pluggable support for projects beyond that so they can help themselves to the QA tools at their disposal. Etherpad here: YVR-QA-in-the-big-tent

With sessions behind me, I boarded a bus for the Core Reviewer Party, hosted at the Museum of Anthropology at UBC. As party venues go, this was a great one. The museum was open for us to explore, and they also offered tours. The main event took place outside, where they served design-your-own curry seafood dishes, bison, cheeses and salmon. Of course no OpenStack event would be complete with a few bars around serving various wines and beer. There was an adjacent small building where live music was playing and there was a lot of space to walk around, catch the sunset and enjoy some gardens. I spent much of my early evening with friends from Time Warner Cable, and rounded things off with several of my buddies from HP. This ended up being a get-back-after-midnight event for me, but it was totally worth it to spend such a great time with everyone.

Thursday morning kicked off with a series of fishbowl sessions where the Infrastructure team was discussing projects we have in the works. First up was Infrastructure: Zuul v3. Zuul is our pipeline-oriented project gating system, which currently works by facilitating the of running tests and automated tasks in response to Gerrit events. Right now it sends jobs off to Gearman for launching via Jenkins to our fleet of waiting nodes, but we’re really using Jenkins as a shim here, not really taking advantage of the built in features that Jenkins offers. We’re also in need of a system that better supports multi-tenancy and multi-node jobs and which can scale as OpenStack continues to grow, particularly with Big Tent. This session discussed the end game of phasing out Jenkins in favor of a more Zuul-driven workflow and more immediate changes that may be made to Nodepool and smaller projects like Zuul-merger to drive our vision. Etherpad here: YVR-infra-zuulv3

Everyone loves bug reporting and task tracking, right? In the next session, Infrastructure: Task tracking, that was our topic. We did an experiment with the creation of Storyboard as our homebrewed solution to bug and task tracking, but in spite of valiant efforts by the small team working on it, they were unable to gain more contributors and the job was simply too big for the size of the team doing the work. As a result, we’re now back to looking at solutions other than Canonical’s hosted Launchpad (which is currently used). The session went through some basic evaluation of a few tools, and at the end there was some consensus to work toward bringing up a more battle-hardened and Puppetized instance of Maniphest (from Phabricator) so that teams can see if it fits their needs. Etherpad here:YVR-infra-task-tracking

The morning continued with an Infrastructure: Infra-cloud session. The Infrastructure team has about 150 machines in a datacenter that have been donated to us by HP. The session focused on how we can put these to use as Nodepool instances by running OpenStack on our own and adding that “infra-cloud” to the providers in Nodepool. I’m particularly interested in this, given some of my history with getting TripleO into testing (so have deployed OpenStack many, many times!) and in general eager to learn even more about production OpenStack deployments. So it looks like I’ll be providing Infra-brains to Clint Byrum who is otherwise taking a lead here. To keep in sync with other things we host, we’ll be using Puppet to deploy OpenStack, so I’m thankful for the expertise of people like Colleen Murphy who just joined our team to help with that. Etherpad here: YVR-infra-cloud

Next up was the Infrastructure: Puppet testing session. It was great to have some of the OpenStack Puppet folks in the room so they could talk some about how they’re using beaker-rspec in our infra for testing the OpenStack modules themselves. Much of the discussion centered around whether we want to follow their lead, or do something else, leveraging our current system of node allocation to do our own module testing. We also have a much commented on spec up for proposal here. The result of the discussion was that it’s likely that we’ll just follow the lead of the OpenStack Puppet team. Etherpad here: kilo-infra-puppet-testing

That afternoon we had another Infrastructure: Work session where we focused on the refactor of portions of system-config OpenStack module puppet scripts, and some folks worked on getting the testing infrastructure that was talked about earlier. I took the opportunity to do some reviews of the related patches and help a new contributor do some review – she even submitted a patch that was merged the next morning! Etherpad for the work session here: YVR-infra-puppet-openstackci

The last session I attended that day was QA: Liberty Priorities. It wasn’t one I strictly needed to be in, but I hadn’t attended a session in room 306 yet, and it was the famous gosling room! The room had a glass wall that looked out onto a roof were a couple of geese had their babies and would routinely walk by and interrupt the session because everyone would stop, coo and take pictures of them. So I finally got to see the babies! The actual session collected the pile of to do list items generated at the summit, which I got roped into helping with, and prioritized them. Oh, and they gave me a task to help with. I just wanted to see the geese! Etherpad with the priorities is here: YVR-QA-Liberty-Priorities


Photo by Thierry Carrez (source)

Thursday night I ended up having dinner with the moderator of our women of OpenStack panel, Beth Cohen. We went down to Gastown to enjoy a dinner of oysters and seafood and had a wonderful time. It was great to swap tech (and women in tech) stories and chat about our work.

Friday! The OpenStack conference itself ended on Thursday, so it was just ATCs (Active Technical Contributors) attending for the final day of the Design Summit. So things were much quieter and the agenda was full of contributors meetups. I spent the day in the Infrastructure, QA and Release management contributors meetup. We had a long list of things to work on, but I focused on the election tooling, which I ended up following up with on list and then later had a chat with the author of the proposed tooling. My afternoon was spent working on the translations infrastructure with Steve Kowalik who works with me on OpenStack infra and Carlos Munoz of the Zanata team. We were able to work through the outstanding Zanata bugs and make some progress with how we’re going to tackle everything, it was a productive afternoon and always a pleasure to get together with the folks I work with online every day.

That evening, as we left the closing conference center, I met up with several colleagues for an amazing sushi dinner in downtown Vancouver. A perfect, low-key ending to an amazing event!

Originally published at pleia2's blog. You can comment here or there.

Saturday 23 May 2015

May. 23rd, 2015 10:38 pm
puzzlement: (jelly)
[personal profile] puzzlement
Originally posted at http://puzzling.org.

It’s been alternatively sunny and cloudy in our last week in our current house. Dark clouds gathered and thunder rumbled as we heard that second hand furniture buyers are booked up into June, and can’t come and help us with our nice wardrobes which we’d be sad to trash. The sun shone and birds sang when the friends we had over for dinner on Thursday turned out to be moving in the same week we are, only to an apartment with absolutely no storage whatsoever, and they would take our furniture from us. Little rainclouds descend every time some unreliable jerk from Gumtree fails to pick up stuff from our front porch. And so on.

Overall, at the moment we are proving to be a cheap way for other people to furnish. Earlier today two weedy young removalists came today and effortlessly hefted our sofa bed, bookcase and barbecue to Julia’s place. (I got to assume the risk of transporting the gas bottle for the barbecue; that they don’t do.) Our older bikes are off to Bikes For Humanity. Our largesse is getting down to a cheap white cupboard and some plastic outdoor chairs. Thank goodness.

Tonight the up and down reached amusing proportions. Because we will now have a cross-suburb childcare run to do, we’re considering buying a car again after several delightful years car-free, and tonight Andrew did our first test drive for a car on sale by a private seller. All went well with the drive, fortunately, well enough that we took the vehicle identification in order to run the standard checks. And so we sat in a McDonalds running the history checks… to discover that it had a write-off history. I guess there are situations where I’d buy a repaired write-off, maybe (although for the last couple of years that hasn’t even been a thing that’s possible to do in NSW) but buying from a private seller who didn’t disclose it isn’t one of those times. Then on the way home, A had such a nasty cough that we had to stop the car so that Andrew could take her out and hold her up so she’d stop sounding like she was choking on a fully grown pig. She was overtired and frantic and he had to fight her back into her carseat. Then we made it another couple of kilometres before I shut V’s window using the driver controls… right onto his hand, which he’d stuck out the window.

V’s hand is fine. A can still inhale. We don’t have a car that’s a undisclosed repaired write-off. Sunny day.

Photo circle shots

May. 22nd, 2015 09:08 am
puzzlement: (jelly)
[personal profile] puzzlement
Originally posted at http://puzzling.org.

I recently ran a “photo circle”, consisting of a small group of people sending prints of their own photographs to each other. It was a fun way to prod myself to take non-kid photos.

My four photos were:

Photo circle: sun in the eucalypts

I took Sun in the eucalypts in the late afternoon of Easter Sunday, as the sun was sinking behind the eucalypts at Centennial Park’s children’s bike track. I tried to take one with the sun shining through the trees but didn’t get the lens flare right. I like the contrast between the sunlit tree and the dark tree in this one. It feels springlike, for an autumn scene.

The other three are a very different type of weather shot, taken during Sydney’s extreme rainfall of late April and very early May:

Photo circle: rainstorm

This one has the most post-processing by far: it was originally shot in portrait and in colour. I was messing around with either fast or slow shutter speeds while it poured with rain at my house; I have a number of similar photos where spheres of water are suspended in the air. None of them quite work but I will continue to play with photographing rain with a fast shutter speed. In the meantime, the slow shutter speed here works well. I made the image monochrome in order to make the rain stand out more. In the original image the green tree and the rich brown fencing and brick rather detract from showing exactly how rainy it was.

Photo circle: Sydney rain storm

This was shot from Gunners’ Barracks in Mosman (a historical barracks, not an active one) as a sudden rainstorm rolled over Sydney Harbour. The view was good enough, but my lens not wide enough, to see it raining on parts of the harbour and not on other parts. All the obscurity of the city skyline in this shot is due to rain, not fog.

Photo circle: ferry in the rain

This is the same rainstorm as the above shot; they were taken very close together. It may not be immediately obvious, but the saturation on this shot is close to maximum in order to make the colours of the ferry come up at all. I was the most worried about this shot on the camera, it was very dim. It comes up better in print than on screen, too. The obscurity is again entirely due to the rain, and results in the illusion that there is only one vessel on Sydney Harbour. Even in weather like this, that’s far from true. I felt very lucky to capture this just before the ferry vanished into the rain too.

Liberty OpenStack Summit day 2

May. 21st, 2015 03:03 pm
pleia2: (Default)
[personal profile] pleia2

My second day of the OpenStack summit came early with he Women of OpenStack working breakfast at 7AM. It kicked off with a series of lightning talks that talked about impostor syndrome, growing as a technical leader (get yourself out there, ask questions) and suggestions from a tech start-up founder about being an entrepreneur. From there we broke up into groups to discuss what we’d like to see from the Women of OpenStack group in the next year. The big take-aways were around mentoring of new women joining our community and starting to get involved with all the OpenStack tooling and more generally giving voice to the women in our community.

Keynotes kicked off at 9AM with Mark Collier announcing the next OpenStack Summit venues: Austin for the spring 2016 summit and Barcelona for the fall 2016 summit. He then went into a series of chats and demos related to using containers, which may be the Next Big Thing in cloud computing. During the session we heard from a few companies who are already using OpenStack with containers (mostly Docker and Kubernetes) in production (video). The keynotes continued with one by Intel, where the speaker took time to talk about how valuable feedback from operators has been in the past year, and appreciation for the new diversity working group (video). The keynote from EBay/Paypal showed off the really amazing progress they’ve made with deploying OpenStack, with it now running on over 300k cores and pretty much powers Paypal at this point (video). Red Hat’s keynote focused on customer engagement as OpenStack matures (video). The keynotes wrapped up with one from NASA JPL, which mostly talked about the awesome Mars projects they’re working on and the massive data requirements therein (video).


OpenStack at EBay/Paypal

Following keynotes, Tuesday really kicked off the core OpenStack Design Summit sessions, where I focused on a series of Cross Project Workshops. First up was Moving our applications to Python 3. This session focused on the migration of Python 3 for functional and integration testing in OpenStack projects now that Oslo libraries are working in Python 3. The session mostly centered around strategy, how to incrementally move projects over and the requirements for the move (2.x dependencies, changes to Ubuntu required to effectively use Python 3.4 for gating, etc). Etherpad here: liberty-cross-project-python3. I then attended Functional Testing Show & Tell which was a great session where projects shared their stories about how they do functional (and some unit) testing in their projects. The Etherpad for this one is super valuable for seeing what everyone reports, it’s available here: liberty-functional-testing-show-tell.

My Design Summit sessions were broken up nicely with a lunch with my fellow panelists, and then the Standing Tall in the Room – Sponsored by the Women of OpenStack panel itself at 2PM (video). It was wonderful to finally meet my fellow panelists in person and the session itself was well-attended and we got a lot of positive feedback from it. I tackled a question about shyness with regard to giving presentations here at the OpenStack Summit, where I pointed at a webinar about submitting a proposal via the Women of OpenStack published in January. I also talked about difficulties related to the first time you write to the development mailing list, participate on IRC and submit code for review. I used an example of having to submit 28 patches for one of my early patches, and audience member Steve Martinelli helpfully tweeted about a 63 patch change. Diving in to all these things helps, as does supporting the ideas of and doing code review for others in your community. Of course my fellow panelists had great things to say too, watch the video!


Thanks to Lisa-Marie Namphy for the photo!

Panel selfie by Rainya Mosher

Following the panel, it was back to the Design Summit. The In-team scaling session was an interesting one with regard to metrics. We’ve learned that regardless of project size, socially within OpenStack it seems difficult for any projects to rise above 14 core reviewers, and keep enough common culture, focus and quality. The solutions presented during the session tended to be heavy on technology (changes to ACLs, splitting up the repo to trusted sub-groups). It’ll be interesting to see how the scaling actually pans out, as there seem to be many more social and leadership solutions to the problem of patches piling up and not having enough core folks to review them. There was also some discussion about the specs process, but the problems and solutions seem to heavily vary between teams, so it seemed unlikely that a unified solution to unprocessed specs would be universal, but it does seem like the process is often valuable for certain things. Etherpad here: liberty-cross-project-in-team-scaling.

My last session of the day was OpenStack release model(s). A time-based discussion required broader participation, so much of the discussion centered around the ability for projects to independently do intermediary releases outside of the release cycle and how that could be supported, but I think the jury is still out on a solution there. There was also talk about how to generally handle release tracking, as it’s difficult to predict what will land, so much so that people have stopped relying on the predictions and that bled into a discussion about release content reporting (release changelogs). In all, an interesting session with some good ideas about how to move forward, Etherpad here: liberty-cross-project-release-models.

I spent the evening with friends and colleagues at the HP+Scality hosted party at Rocky Mountaineer Station. BBQ, food trucks and getting to see non-Americans/non-Canadians try s’mores for the first time, all kinds of fun! Fortunately I managed to make it back to my hotel at a reasonable hour.

Originally published at pleia2's blog. You can comment here or there.

New vid: "Pipeline"

May. 23rd, 2015 10:35 pm
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
Title: Pipeline
Vidder: Sumana Harihareswara ("brainwane")
Fandom: Multi (documentaries, movies, TV, comics, coding bootcamp ads, and more)
Music: "Blank Space", Taylor Swift
Length: 3 minutes, 11 seconds
Summary: The tech industry has a blank space, and is quite eager to write your name.
Content notes: Implied verbal/emotional abuse, a few seconds of very fast cutting around 1:50
License: Creative Commons Attribution-Sharealike (CC BY-SA)
Download: on Google Drive (165 MB high-res MP4, 23 MB low-res MP4, 98 MB AVI), or at Critical Commons with login (high- and low-res MP4 and WebM files)
Stream: at Critical Commons (choose View High Quality for best experience)
Subtitles file: http://www.harihareswara.net/vids/pipeline.srt

Premiered just now at WisCon 2015 (the vid party).

Embedded video below:

Sources:
50 sources (28 video, 22 still) )


Thank you to my betas:


  • Skud
  • seekingferret
  • were_duck
  • Leonard Richardson
  • Teresa Nielsen Hayden
  • and others.

Feelings and interpretation:
You don't need to read this )
Making-of:
About 75 hours over 2 months )

This vid is under CC BY-SA and I hope people feel free to remix it, redistribute it, and otherwise enjoy it, as long as they attribute me as the vidder.

Some vids I learned from

May. 23rd, 2015 10:32 pm
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
I started watching fanvids at WisCon 2009, thanks to Skud, and particularly loved a few, such as "What About", "Starships!" and its monochromatic remix, "Grapevine Fires", "Hey Ho", and "Us". Once I decided to make "Pipeline", I started rewatching and seeking out vids with a political message, multifandom/multisource vids, ambitious vids, and vids that used still photos, screencasts, comics, and similar material well. I took notes, sometimes brief and sometimes detailed, of lessons I took from those vids (especially particularly fine-grained "how do you do that" bits of technique). This feels like something to share.

With some arbitrary categorization for ease of skimming, here are some vids I learned from:

Using stills well
three vids )


Ambition
four and a half vids )


Multisource/multifandom
six vids )


Message
two vids )


Other

And of course I learned from a ton of other sources, like a ton of meta about vidding, and Tony Zhou's "Every Frame a Painting" video series, and the scores of vids I've watched over the years. Anyway, hope someone finds this of interest.

Liberty OpenStack Summit day 1

May. 20th, 2015 04:26 pm
pleia2: (Default)
[personal profile] pleia2

This week I’m at the OpenStack Summit. It’s the most wonderful, exhausting and valuable-to-my-job event I go to, and it happens twice a year. This time it’s being held in the beautiful city of Vancouver, BC, and the conference venue is right on the water, so we get to enjoy astonishing views throughout the day.


OpenStack Summit: Clouds inside and outside!

Jonathan Bryce Executive Director of the OpenStack Foundation kicked off the event with an introduction to the summit, success that OpenStack has built in the Process, Store and Move digital economy, and some announcements, among which was the success found with federated identity support in Keystone where Morgan Fainberg, PTL of Keystone, helped show off a demonstration. The first company keynote was presented by Digitalfilm Tree who did a really fun live demo of shooting video at the summit here in Vancouver, using their OpenStack-powered cloud so it was accessible in Los Angeles for editorial review and then retrieving and playing the resulting video. They shared that a recent show that was shot in Vancouver used this very process for the daily editing and that they had previously used courier services and staff-hopping-on-planes to do the physical moving of digital content because it was too much for their previous systems. Finally, Comcast employees rolled onto the stage on a couch to chat about how they’ve expanded their use of OpenStack since presenting at the summit in Portland, Oregon Video of the all of this available here.

Next up for keynotes was Walmart, who talked about how they moved to OpenStack and used it for all the load on their sites experienced over the 2014 holiday season and how OpenStack has met their needs, video here. Then came HP’s keynote, which really focused on the community and choices available aspect of OpenStack, where speaker Mark Interrante said “OpenStack should be simpler, you shouldn’t need a PhD to run it.” Bravo! He also pointed out that HP’s booth had a demonstration of OpenStack running on various hardware at the booth, an impressively inclusive step for a company that also sells hardware. Video for HP’s keynote here (I dig the Star Wars reference). Keynotes continued with one from TD Bank, which I became familiar with when they bought up the Commerce branches in the Philadelphia region, but have since learned are a major Canadian Bank (oooh, TD stands for Toronto Dominion!). The most fascinating thing about their moved to the cloud for me is how they’ve imposed a cloud-first policy across their infrastructure, where teams must have a really good reason and approval in order to do more traditional bare-metal, one off deployments for their applications, so it’s rare, video. Cybera was the next keynote and perhaps the most inspiring from a humanitarian standpoint. As one of the earliest OpenStack adopters, Cybera is a non-profit that seeks to improve access to the internet and valuable resources therein, which presented Robin Winsor stressed in his keynote was now as the physical infrastructure that was built in North America in the 19th and 20th centuries (railroads, highways, etc), video here. The final keynote was from Solidfire who discussed the importance of solid storage as a basis of a successful deployment, video here.

Following the keynotes, I headed over to the Virtual Networking in OpenStack: Neutron 101 (video) where Kyle Mestery and Mark McClain gave a great overview of how Neutron works with various diagrams showing of the agents and improvements made in Kilo with various new drivers and plugins. The video is well worth the watch.

A chunk of my day was then reserved for translations. My role here is as the Infrastructure team contact for the translations tooling, so it’s also been a crash course in learning about translations workflows since I only speak English. Each session, even unrelated to the actual infrastructure-focused tooling has been valuable to learning. In the first translation team working session the focus was translations glossaries, which are used to help give context/meaning to certain English words where the meaning can be unclear or otherwise needs to be defined in terms of the project. There was representation from the Documentation team, which was valuable as they maintain a docs-focused glossary (here) which is more maintained and has a bigger team than the proposed separate translations glossary would have. Interesting discussion, particularly as my knowledge of translations glossaries was limited. Etherpad here: Vancouver-I18n-WG-session.

I hosted the afternoon session on Building Translation Platform. We’re migrating the team to Zanata have been fortunate to have Carlos Munoz, one of the developers on Zanata, join us at every summit since Atlanta. They’ve been one of the most supportive upstreams I’ve ever worked with, prioritizing our bug reports and really working with us to make sure our adoption is a success. The session itself reviewed the progress of our migration and set some deadlines for having translators begin the testing/feedback cycle. We also talked about hosting a Horizon instance in infra, refreshed daily, so that translators can actually see where translations are most needed via the UI and can prioritize appropriately. Finally, it was a great opportunity to get feedback from translators about what they need from the new workflow and have Carlos there to answer questions and help prioritize bugs. Etherpad here: Vancouver-I18n-Translation-platform-session.

My last translations-related thing of the day was Here be dragons – Translating OpenStack (slides). This was a great talk by Łukasz Jernaś that began with some benefits of translations work and then went into best practices and tips for working with open source translations and OpenStack specifically. It was another valuable session for me as the tooling contact because it gave me insight into some of the pain points and how appropriate it would be to address these with tooling vs. social changes to translations workflows.

From there I went back to general talks, attending Building Clouds with OpenStack Puppet Modules by Emilien Macchi, Mike Dorman and Matt Fischer (video). The OpenStack Infrastructure team is looking at building our own infra-cloud (we have a session on it later this week) and the workflows and tips that this presentation gave would also be helpful to me in other work I’ve been focusing on.

The final session I wandered into was a series of Lightning Talks, put together by HP. They had a great lineup of speakers from various companies and organizations. My evening was then spent at an HP employee gathering, but given my energy level and planned attendance at the Women of OpenStack breakfast at 7AM the following morning I headed back to my hotel around 9PM.

Originally published at pleia2's blog. You can comment here or there.

WisCon Schedule

May. 20th, 2015 02:55 pm
brainwane: My smiling face in front of a brick wall, May 2015. (Default)
[personal profile] brainwane
I'll be at WisCon starting tomorrow and leaving on Tuesday. I am scheduled to participate in these sessions:

  1. Imaginary Book Club, Fri, 4:00-5:15 pm in Conference 2. Five panelists discuss books that don't exist, improvising critiques and responses. I proposed this panel a few years ago (you can see video of its debut) and it has continued, which is cool!
  2. Lighthearted Shorthand Sans Fail, Sat, 8:30-9:45 am in Capitol A. What are your go-to phrasings to avoid sexism, ableism, etc. while getting your point across in casual conversation? I hope to walk out of this with some new vocabulary to replace bad habits.
  3. Vid Party, Saturday night 9:00 pm-Sun, 3:00 am in room 629. I am premiering a fanvid. Once it's premiered, I'll hit Post on blog posts to announce it publicly as well.
  4. Call Out Culture II: Follow-up to the Discussion Held at WisCon 38, Sun, 10:00-11:15 am in Senate A. Meta-discussion around discourse in social justice movements. I predict this session will be pretty intense.
  5. Vid Party Discussion, Sun, 1:00-2:15 pm in Assembly. We will discuss some of the vids shown at the vid party, and fan vids in general. This will be the first time I've engaged in public realtime conversation about fanvids. Before this panel I hope to publish some notes about what I learned from watching several vids that drew from multiple sources (including stills), made a political point, or were otherwise particularly ambitious. I'll probably reference those lessons during the panel.

I also proposed "What Does Feminist Tech Education Look Like?", "Impostor Syndrome Training Exercise", and "Entry Level Discussion Group", but am not a panelist or presenter for those sessions; I bet they'll be interesting, though, and you could do worse than to check them out. You can read Entry Level ahead of time for free online.

I look like the photo to the left. I am often bad with names, and will remember 5 minutes into our conversation that we had an awesome deep conversation three years prior. I apologize in advance.

If you are good at clothes, consider joining me at the Clothing Swap portion of the Gathering on Friday afternoon to help me find pieces that suit me. I'm introducing two old pals to WisCon and spending a lot of time with them (we live in different cities), and they're both white, so I might not be able to come to the People of Color dinner on Friday night. And sadly, The Floomp dance party on Saturday happens during the Vid Party so I probably can't attend that. I did buy a ticket for the Dessert Salon and will attend the Guest of Honor and Tiptree Award speeches on Sunday, and maybe you will be at my table!

One of my pals who's coming to WisCon is Beth Lerman, an artist who will be displaying and selling her work in the art show. Check it out!

Also I am open to doing a small room performance of my half-hour geeky stand-up comedy routine if several people ask for it. I don't know when or where it would be; Monday night would be easiest. Speak up in comments or some other medium if you'd be interested.


[Cross-posted from Cogito, Ergo Sumana]

Thought of the Day

May. 18th, 2015 04:34 pm
beable: (gonzo journalism)
[personal profile] beable
Imagine if the aliens from Galaxy Quest had watched the Mad Max movies instead.
pleia2: (Default)
[personal profile] pleia2

People like shirts, stickers and goodies to show support of their favorite operation system, and though the Xubuntu project has been slower than our friends over at Kubuntu at offering them, we now have a decent line-up offered by companies we’re friendly with. Several months ago the Xubuntu team was contacted by Gabor Kum of HELLOTUX to see if we’d be interested in offering shirts through their site. We were indeed interested! So after he graciously sent our project lead a polo shirt to evaluate, we agreed to start offering his products on our site, alongside the others. See all products here.

Polos aren’t really my thing, so when the Xubuntu shirts went live I ordered the Xubuntu sweater. Now a language difference may be in play here, since I’d call it a sweatshirt with a zipper, or a light jacket, or a hoodie without a hood. But it’s a great shirt, I’ve been wearing it regularly since I got it in my often-chilly city of San Francisco. It fits wonderfully and the embroidery is top notch.

Xubuntu sweatshirt
Close-up of HELLOTUX Xubuntu embroidery

In other Ubuntu things, given my travel schedule Peter Ganthavorn has started hosting some of the San Francisco Ubuntu Hours. He hosted one last month that I wasn’t available for, and then another this week which I did attend. Wearing my trusty new Xubuntu sweatshirt, I also brought along my Wily Werewolf to his first Ubuntu Hour! I picked up this fluffy-yet-fearsome werewolf from Squishable.com, which is also where I found my Natty Narwhal.

When we wrapped up the Ubuntu Hour, we headed down the street to our favorite Chinese place for Linux meetings where I was hosting a Bay Area Debian Meeting and Jessie Release Party! I was pretty excited about doing this, since the Toy Story character Jessie is a popular one, I jumped at the opportunity to pick up some party supplies to mark the occasion, and ended up with a collection of party hats and notepads:

There were a total of 5 of us there, long time BAD member Michael Paoli being particularly generous with his support of my ridiculous hats:

We had a fun time, welcoming a couple of new folks to our meeting as well. A few more photos from the evening here: https://www.flickr.com/photos/pleia2/sets/72157650542082473

Now I just need to actually upgrade my servers to Jessie!

Originally published at pleia2's blog. You can comment here or there.

Today in Conversations with my Mother

May. 14th, 2015 10:34 am
beable: (perfectly angelic)
[personal profile] beable
*My cell rings, and I answer*

Me: Hi mom.
Mom: Did you know that this week is palindrome week?
Me: ... uh, why are we on the phone again?
Mom: Goodbye!

Yes, "Why are we on the phone again" is a family meme.
Although usually the conversations involve dogs, not palindromes.
Page generated May. 28th, 2015 07:52 am
Powered by Dreamwidth Studios