So long, LISA

In 2010, I attended my first conference. My friend Matt—who I met because we read and commented on each other’s blogs—was leading the blog team for USENIX’s LISA conference. He wanted to add a few people and asked me to join. I was thrilled.

That fall, I went to San Jose not knowing what to expect. I was a system administrator (in a large installation, no less), but there were so many things I didn’t know. Would I fit in? Yes, as it turns out.

The community was large, but incredibly welcoming. I got to have dinner with some of the Big Names in system administration, all of whom were kind and gracious. For six days, I woke up early (because time zones), attended sessions all day, went to BoFs and social events in the evening, then stayed up late to write a couple of posts for the conference blog. By the end of the week I was exhausted, but having the time of my life.

For several years, I was a regular attendee and blogger. In 2016, I served as co co-chair of the Invited Talks track. In 2018, I was on the program committee. Since then, I haven’t been involved with LISA (except for a lightning talk this year) because my career has taken a different direction.

But even though my job is no longer system administration, I’m still friends with so many people I met through LISA. And it’s not a stretch to say that being on the LISA blog team set me up for success as a writer. Of course, it gave me a lot of practice writing on tight deadline. But it also helped connect me to people who have since given me a boost in my career. I doubt that I’d be working on a book right now if it weren’t for the LISA conference.

So you can imagine how sad I felt when I saw the news that the LISA conference has come to an end. All good things must end, of course. LISA had a terrific run. But the field—and the world around it—has changed. So we must bid goodbye to the conference that started me on conferences. I learned so much and met so many wonderful people. And I’ll always have that.

Open Source Leadership Summit 2019

Ed. note: my employer is a member of the Linux Foundation. The views in this post are — as are all posts on this site — my personal views and do not represent my employer or any other organizations. You knew this already, but I thought it would be good to remind you.

Last week, after leaving SCaLE, I headed to Half Moon Bay, California for the Open Source Leadership Summit. It’s an invitation-only conference run by the Linux Foundation. This year it was held at the Ritz-Carlton Half Moon Bay, a very nice resort hotel with an ocean view. This was dramatically different from most tech conferences I’ve attended previously. That difference was the source of some internal struggle I wrestled with. I’ll get to that momentarily, but first my more general thoughts.

This is clearly not a typical tech conference. The number of technical sessions was pretty low, with a greater focus on topics like marketing, balancing corporate & community interests, mentoring, et cetera. Given that the target audience is leaders of corporate open source efforts, this makes sense. The talks I attended were good, with Jim Perrin’s “Damaging your project with management (and leadership)” as my clear favorite. The downside is that with 30-minute time slots, I didn’t feel like there was ever enough time to really get deep into any of the topics. That might be better for the state my attention span was in after over a week of travel and conferences, but it’s not great for getting a lot of value out of the talks.

The marketing panel that I was on was well-received. I thought we did well. Panels can be terrific or terrible and I’d like to think we were closer to the terrific end of the spectrum. All of the panelists had different, complimentary experience, so we were able to give non-repetitive answers. And we all kept our answers pretty short so that the conversation could flow. The audience was into it, as well, which always helps. And I’m glad to say that “Jennifer”s outnumbered men.

So now for my internal struggle. I saw the conference referred to as “open source Davos” and it’s hard to disagree with that. Jessie Frazelle was unrestrained in her criticism:

Coming on the heels of Bradley Kuhn’s “It’s a Wonderful Life” analogy at SCaLE, this criticism really stuck out to me. Yes, I get paid well to work on an open source project, but I still live in a world where staying at a resort like the Ritz-Carlton Half Moon Bay leaves me wide-eyed. How many tech conference travels could we have funded with the budget for lunches? How much test gear could be provided for the cost of the evening socials? Why is it called “Open Source Leadership Summit” when the leaders of major open source projects aren’t invited to attend?

Well the answer to that question is “this isn’t the sort of leadership we meant”. A friend said this is the sort of event that corporate execs and senior management attend. If you want to get your message to them, that’s what you have to do. I understand that argument, and the practical side of me gets it. The ideological side of me says “well then we’ll do it without them!”

The Linux Foundation and similar foundations are trade associations, not charities. They’re not obligated to act in the public good. Maybe they could stand do to a little more of that, obligated or no. But ultimately, they’re doing what trade associations do. They advance their corporate interests in the way they see fit. If we want to redirect them toward community benefit, maybe pitching talks that give the message we want them to hear is the approach to take. Or maybe that’s just what I’ll tell myself to justify going on a junket.

SCaLE 17x

Last week, I attended the 17th annual Southern California Linux Expo (SCaLE 17x). SCaLE is a conference that I’ve wanted to go to for years, so I’m glad I finally made it. Located at the Pasadena Convention Center, it’s a short walk from nearby hotels, restaurants, and a huge independent bookstore. Plus the weather in southern California almost always beats Indiana — particularly in March.

Having done this a few times before, the SCaLE organizers know how to put on a good event. Code of Conduct information, including contacts, is prominently posted right as you walk in the door. Staff walk around with t-shirts that sport the WiFi information. The break between sessions is 30 minutes, which allows ample time to get from one to another without having to brush people aside if you meet them in the hallway. It was an incredibly-well run conference.

I ended up in the “mentoring” track most of the weekend, which I suppose indicates where I am in this point of my career. “Mentoring” may not be the right word, though. The talks in that room covered being a community organizer, developer advocacy, and a lot about mental health. Quite a bit about mental health, in fact. It’s probably a good thing that we’re discussing these topics more openly at conferences.

The talk that stuck with me the most, though, was one I saw on Sunday afternoon. Bradley Kuhn wondered “if open source isn’t sustainable, maybe free software is.” Bradley compared the budgets and the output of large corporate-backed foundations and smaller projects like phpMyAdmin. I’ll go deeper on that later, either when I recap the Open Source Leadership Summit or in a standalone post.

Bradley also used an “It’s a Wonderful Life” analogy, which is very much my kind of analogy. This may become a longer post at some point, but the general idea is that we have a lot of Sam Wainwrights in the world: people who are willing to throw money at a problem (perhaps with strings attached). Despite being well-meaning, they’re not actually doing that much to help. What we need is more George Baileys: people doing the small but critical work in their communities to help them thrive.

SCaLE was a terrific conference, and I’m looking forward to going back in the future. Especially now that I’ve learned my way around the food scene a little bit.

Come see me at these conferences in the next few months

I thought I should share some upcoming conference where I will be speaking or in attendance.

  • 9/16 — Indy DevOps Meetup (Indianapolis, IN) — It’s an informal meetup, but I’m speaking about how Cycle Computing does DevOps in cloud HPC
  • 10/1 — HackLafayette Thunder Talks (Lafayette, IN) — I organize this event, so I’ll be there. There are some great talks lined up.
  • 10/26-27 — All Things Open (Raleigh, NC) — I’m presenting the results of my M.S. thesis. This is a really great conference for open source, so if you can make it, you really should.
  • 11/14-18 — Supercomputing (Salt Lake City, UT) — I’ll be working the Cycle Computing booth most of the week.
  • 12/4-9 — LISA (Boston, MA) — The 30th version of the premier sysadmin conference looks to be a good one. I’m co-chairing the Invited Talks track, and we have a pretty awesome schedule put together if I do say so myself.

Bio-IT World recap

Last week I was in Boston for the annual Bio-IT World Conference and Expo. I spent most of the conference working the company booth. It was a lot of fun talking to people about what our software does. Even the conversations that won’t lead to a sale were interesting because I got to learn more about what other people are doing. Of course, there were some people who lit up when I gave a demo (and let’s be honest, it’s probably not just my charming personality).

My role wasn’t just limited to booth duty, though. On Thursday morning, I chaired a session in the cloud track. I was a little nervous chairing a session at a conference I’ve never attended in a domain that I know next-to-nothing about. Fortunately, it went very well. Perhaps too well, as we got so far ahead of schedule that we had to ad lib 10 minutes of Q&A before the last presentation. But it worked well enough, and the talks were really interesting.

When I was introduced ahead of the conference to the presenters, I asked all of them for guidance on how to pronounce their names in addition to the bio that the conference organizers asked them to send. The next time I chair a conference session, I’m also going to ask for a few questions in case there are none from the audience. Sometimes, the pump just has to be primed a bit, and I’d rather ask a question that the presenter thinks is relevant than whatever I come up with while listening to the talk.

 

Submit your LISA16 proposal!

I am co-chairing the Invited Talks for this year’s LISA Conference, alongside Patrick Cable. I’ve attended LISA since 2010 (with the exception of 2014) and it’s a great conference for systems administrators and other operationally-minded tech folks. I’ve enjoyed many great talks over the years, and as a co-chair, it’s up to me to help make sure that trend continues.

So here’s where you come in: it’s time for you to submit a proposal. The Call for Participation is open through 11:59 PM PDT on Monday, April 25. You may think “I have nothing worth sharing,” but you may be wrong. Patrick and I are particularly interested in finding talks that address cross-cutting topics, talks from new attendees, and generally interesting talks.

Talks don’t have to be about the cutting edge of technology to be interesting. Some of the best-received talks last year weren’t even technical in nature. So much of the job is cultural: the culture of your team and the larger organization. Alice Goldfuss’s “Scalable Meatfrastructure” talk may have broken the record for the amount of praise on social media channels.

Tell us about a problem you had and how you solved it. Tell us about how you applied technology to improve life for your organization and users. Or propose a tutorial in order to share your deep knowledge.

Go out on a limb and propose a talk. If you get accepted, it’s a great way to attend the conference and expand your professional network. if you don’t get accepted, I promise it it’s okay (I’ve had several proposals to other conferences rejected). If you want some advice on how to make your proposal awesome, both Patrick and I are happy to talk to you.

I hope you’ll submit your proposed talk soon.

Supercomputing ’15

Last week, I spent a few days in Austin, Texas for the Supercomputing conference. Despite having worked in HPC for years, I’ve never been to SC. It’s a big conference. Since everyone heard I was going, they set a record this year with over 12,000 attendees. That’s roughly 10x the size of LISA, where I had been a few days ago.

I missed Alan Alda’s keynote, so my trip was basically ruined. That’s not true, actually. I spent most of the time in my company’s booth giving demos and talking to people. I had a lot of fun doing that. I’m sure the technical sessions were swell, but that’s okay. I look forward to going again next year, hopefully for the whole week and not immediately following another week-long conference.

20151117_103152

Ben with a minion

LISA Conference wrap-up

After a one-year hiatus, I returned to the LISA Conference as a member of the blog team. It was great to see old friends and make new ones. Continuing the theme from last year, the blog was less about daily summaries and more about telling stories. This was a lot more rewarding, but it was also more work. All told, I wrote 2822 words, which is less than normal, but I’d like to think the quality is better.

People stories

  • Alice Goldfuss — This year was Alice’s first LISA trip and first time presenting to a large conference. The reaction to her talk was overwhelmingly positive, and I’m sad I missed it.
  • Kyle Neumann — Kyle is another first-time attendee and loved his experience. He also gave me a lot of good ideas for how to make the first-timer experience better.
  • Jamie Riedesel — A long-time friend of this blog is recognized for contributions to the professional community.

Conference program

  • Government for better or for worse — The Wednesday keynote was delivered by the head of the US Digital Service and the Thursday keynote by a principal technologist at the ACLU. They provided contrasting perspectives on government.
  • The mini-tutorial experiment — Wednesday through Friday now has mini-tutorials interspersed with the conference program instead of being separate half- and full-day sessions.
  • Monday — Before I got into the groove of telling stories, I wrote what was basically a summary of my day.

Vendor articles

  • Midfin — This company just exited stealth and has an interesting product for making internal datacenters more nimble.
  • Xirrus — They donated equipment and engineering effort for the WiFi network.
  • JumpCloud — This company provides cloud-based Directory-as-a-Service, something I’ve been looking for at work.

CERIAS Recap: Featured Commentary and Tech Talk #3

Once again, I’ve attended the CERIAS Security Symposium held on the campus of Purdue University. This is the final post summarizing the talks I attended.

I’m combining the last two talks into a single post. The first was fairly short, and by the time the second one rolled around, my brain was too tired to focus.

Thursday afternoon included a featured commentary from The Honorable Mark Weatherford, Deputy Undersecretary of Cybersecurity at the U.S. Department of Homeland Security. Mr. Weatherford was originally scheduled to speak at the Symposium, but restrictions in federal travel budgets forced him to present via pre-recorded video. Mr. Weatherford opened with an observation that “99% secure means 100% vulnerable.” There are many cases where a single failure in security resulted in compromise.

The cyber threat is real. DHS Secretary Napolitano says infrastructure is dangerously vulnerable to cyber attack. Banks and other financial institution have been under sustained DDoS attack and it has become very predictable. In the future, there will be more attacks, they will be more disruptive, and they will be harder to defend against.

So what does DHS do in this space? DHS provides operational protection for the .gov domain. They work with the .com sector to improve protection, especially against critical infrastructure. DHS responds to national events and works with other agencies to foster international cooperation.

Cybersecurity got two paragraphs in President Obama’s 2013 State of the Union address. Obama’s recent cybersecurity executive order has goals of establishing an up-to-date cybersecurity network and enhancing information sharing among key stakeholders. DHS is involved in the Scholarship for Service student program which is working to create professionals to meet current and future needs.

The final session was a tech talk by Stephen Elliott, Associate Professor of Technology Leadership and Innovation at Purdue University, entitled “What is missing in biometric testing.” Traditional biometric testing is algorithmic, with well-established metrics and methodologies. Operation testing is harder to do because test methodologies are sometimes dependent on the test. Many papers have been written about the contributions of individual error on performance. Some papers have been written on the contribution of metadata error. Elliott is focused on training: how do users get accustomed to devices, how they remember how to use them, and how can training be provided to users with a consistent message.

One way to improve biometrics is understanding the stability of the user’s response. If we know how stable a subject is, we can reduce the transaction time by requiring fewer measurements. Many factors, including the user, the agent, and system usability affect the performance of biometeric systems. Improving performance is not a matter of simply improving the algorithms, but improving the entire system.

Other posts from this event:

CERIAS Recap: Panel #3

Once again, I’ve attended the CERIAS Security Symposium held on the campus of Purdue University. This is one of several posts summarizing the talks I attended.

The “E” in CERIAS stands for “Education”, so it comes as no surprise that the Symposium would have at least one event on the topic. On Thursday afternoon, a panel addressed issues in security education and training. I found this session particularly interesting because it paralleled many discussions I have had about education and training for system administrators.

Interestingly, the panel consisted entirely of academics. That’s not particularly a surprise, but it does bias the discussion toward higher education issues and not vocational-type training. This is often a contentious issue in operations education discussions. I’m not sure if such a divide exists in the infosec world. Three Purdue professors sat on the panel: Allen Gray, Professor of Agriculture; Melissa Dark, Professor of Computer & Information Technology and Associate Directory of Educational Programs at CERIAS; and Marcus Rogers, Professor of Computer & Information Technology. They were joined by Ray Davidson, Dean of Academic Affairs at the SANS Technology Institute; and Diana Burley, Associate Professor of Human and Organizational Learning at The George Washington University.

Professor Gray began the opening remarks by telling the audience he had no cyber security experience. His expertise is in distance learning, as he is the Director of a MS/MBA distance program in food and agribusiness management. The rise of MOOCs has made information more available than ever before, but Gray notes that merely providing the information is not education. The MS/MBA program offers a curriculum, not just a collection of courses, and requires interaction between students and instructors.

Dean Davidson is in charge of the master’s degree programs offered by the SANS Technology Institute. This is a new offering and they are still working on accreditation. Although it incorporates many of the SANS training courses, it goes beyond those. “The old days of protocol vulnerabilities are starting to go away, but people still need to know the basics,” he said. “Vulnerabilities are going up the stack. We’re at layers 9 and 10 now.” Students need training in legal issues and organizational dynamics in order to become truly effective practitioners.

Professor Dark joined CERIAS without any experience in providing cybersecurity education. In her opening remarks, she talked about the appropriate use of language: “We always talk about the war on defending ourselves, the war on blah. We’re not using the language right. We should reserve ‘professionalization’ for people who deal with a lot of uncertainty and a lot of complexity.” Professor Burley also discussed vocabulary. We need to consider who is the cybersecurity workforce. Most cybersecurity professionals are in hybrid roles, so it’s not appropriate to focus on the small number who have roles entirely focused on cybersecurity.

Professor Rogers drew parallels to other professions. Historically, professionals of any type have been developed through training, certification, education, apprenticeship or some combination of those. In cybersecurity, all of these methods are used. Educators need to consider what a professional in the field should know, and there’s currently no clear-cut answer. How should education respond? “Better than we currently are.” Rogers advocates abandoning the stove pipe approach. Despite talk of being multidisciplinary, programs are often still very traditional.”We need to bring back apprenticeship and mentoring.”

The opening question addressed differences between education and training. Gray reiterated that disseminating information is not necessarily education; education is about changing behavior. Universities tend to focus on theory, but professionalization is about applying that theory. As the talk drifted toward certifications, which are often the result of training, Rogers said “we’re facing the watering-down of certifications. If everybody has a certification, how valuable is it?” Dark launched a tangent when she observed that cybersecurity is in the same space as medicine: there’s so much that practitioners can’t know. This lead to a distinction being made (by Spafford, if I recall correctly) between EMTs and brain surgeons as an analogy for various cybersecurity roles. Rogers said we need both.They are different professions, Burley noted, but they both consider themselves professionals.

One member of the audience said we have a great talent pool entering the work force, but they’re all working on same problems. How many professionals do we need? Davidson said “we need to change the whole ecosystem.” When the barn is on fire, everyone’s a part of the bucket brigade; nobody has time to design a better barn or better fire fighting equipment. Burley pointed out that the NSF’s funding of scholarships in cybersecurity is shifting toward broader areas, not just computer science. This point was reinforced by Spafford’s observation that none of the panelists have their terminal degree in computer science. “If we focus on the job openings that we have right now,” Rogers said, “we’re never going to catch up with the gaps in education.” One of the panelists, in regard to NSF and other efforts, said “you can’t rely on the government to be visionary. You might be able to get the government to fund vision,” but not set it.

The final question was “how do you ensure that ethical hackers do not become unethical hackers?” Rogers said “in education, we don’t just give you knowledge, we give you context to that knowledge.” Burley drew a parallel to the Hippocratic Oath and stressed the importance of socialization and culturalization processes. Davidson said the jobs have to be there as well. “If people get hungry, things change.”

Other posts from this event: