NLUUG 2019 Najaarsconferentie

As the title states (in dutch sorry it’s the original name, but you can translate it to: autumn conference NLUUG2019), I was at the NLUUG 2019. My last visit with Snow (now Sue) was when it was still in “De Reehorst” in Ede. Which appeared to have been a few years ago. One of the reasons for not visiting it more often is that I was soo much into FreeBSD that I didn’t look around that much. That changed this year when I stopped volunteering for FreeBSD. I got my RHCSA and RHCE this year and as technical field manager I decided to show my face and talk with people (and learn something myself as well).

To quickly summarize the day: It was great but exhausting :-).. numberous talks with coworkers but also old friends (Hi Johan, Rene, Ronny, Alain, Cor, I mean you for example!). For me this was a first time as technical field manager at a conference. The SUE team was the biggest team of them all I think so that was great to see. Thank you all coworkers for your visit and your big enthusiasm. I hope that we can visit many more of these conferences!

About the talks:

The keynote (by David Blank-Edelman) at first was very interesting and eye-opening. Not only because of the talk, but also because of the employer of David, Microsoft. A while ago I found that MS was seen more and more on open-source territory and I think this demonstrates that I am right about that. Nevertheless we got a serious talk about Site Reliability Engineering and what angles you can look at it. The main thing that David demonstrated is that “it depends”. You need to find a way to first describe your company and wishes, but also your clients. Reliability in this regard is measured at the client instead of internal monitoring/metric gathering. For example if you have 100 servers and a few of them go down, are you in panic ? It depends! If the customer doesn’t notice anything, just keep chilling. If the client does notice anything, like not being able to access your site, or add items to the shopping cart.. then make sure it starts working again! You need to define SLI and SLO’s (Service Level indicators, which metrics at what “item” in the business chain and Service Level Objectives: How do you want things to perform, what is your goal). I think you can do that with proper setup monitoring that not only checks availability but also does an actual login, or an actual shopping cart experience. When I worked for a major ISP in .NL they did that with Selenium. The setup replicated a user login from various remote places.

My next talk was about making scripts better by my old coworker and friend Michael Boelen. I enjoyed this talk, I am experienced in writing shell scripts, but still I learned a few things that I didnt know before. I also understand better on how to approach creating new scripts and what the caveats are for being posix compliant. Michael had the crowd on his hand, he got a very interactive talk and still keeping track on the objective from his talk. It was appreciated Michael!

After that I visited the talk about “treating documentation as code” by Hagen Bauer. I visited that with in my huge documentation experience from FreeBSD. Hagen has a setup where he uses asciidoctor and some modifications to print his documentation in various formats. It can use external input as well as just regular ‘md’ kind of files. So once prepared, you can more easily write documentation just in ascci/plain text and if you have set it up with a CI/CD pipeline for example you can auto generate new documentation when you have a commit or change in your GIT repo. I think this lowers the barrier if there is a template and all you need to do is fill in an text file (With some markup). If I ever have time, this is really interesting to understand better!

After Hagen’s talk we had lunch. There were many things to choose from, a dangerous approach because of an after lunch dip risk.

Next up after the lunch was a talk from Koen de Jonge, board member for NLUUG. His talk was about a dream or idea: Community Hosted Open Source Infrastructure. (CHOSI.org). This dream started with how we (I include myself there) used to learn and do things, touch real hardware, modify kernels, wait ages for an kernel or program compilation completed and noticing that you made a mistake. Where nowadays people “take care” of you. The educational value of having in-depth knowledge about products is going away. The cloud offers items that you dont have to touch at all. Ofcourse the cloud infra people need to do so, but that group of people is being reduced in the world. See for example RHCE8, you learn ansible.. which is a great and fun thing to do, but you dont learn in-depth technical hacks on the commandline anymore. With this talk Koen tried to take the audience to a world which we knew from the past and bring that back. The general idea is to have at least one or more racks with own equipment which you can use to start all kinds of vm’s, from linux to a bsd to solaris. With a “bierviltje” calculation he noticed the required funding which would be approx 12 euro per user. I am very much interested!

Further down the road I visited the XS4all moet blijven talk from Anco Scholte ter Horst, current CEO of “Freedom Internet” (The new XS4all). Anco took us down the road which was followed after announcing that XS4all needs to be assimilated by KPN. He told us about the fight they have put up to save the company, to see alternatives and finally after another reply from KPN that they were going to assimilate XS4all and drop the company behind it, the birth of Freedom Internet. A very nice and driven talk from Anco, the crowd was very interested including myself. Lets see where this is heading and hopefully they can do what they want to do!

Next in line I visited “what does vNUMA actually mean?” by Wim ten Have. Wim appears to be extremely technical and possesses knowledge that not many people have. During this track I was from time to time very lost. Not because Wim didn’t explain, but because I didn’t cope the in depth knowledge. NUMA is known for making processors able to directly access memory regions. In order to use that effectively you should combine CPU’s that are near each other and share the same NUMA domain. vNUMA is an addition to QEMU / KVM and enables automatic mapping of NUMA within a VM basically. (Someone correct me if I am wrong ;-)). Sadly, if you are not that experienced you will loose much of the information presented.

Just before attending the last talk, I joined Martin Geusebroek’s talk about “Counter Social Engineering”. Martin is an experienced HUMINT officer and extremely knowledgeable about this subject. He gave multiple examples on how things work. There were a few demo’s / recordings of social engineering stuff that actually worked. Next to that he also did a “remember the given names”, where he did try to influence your brain. In the recap we were presented the given names. One of them was not in the list but your head thought it was, because a lot of the words shared the same topic. Your brain fills in the details. That makes social engineers able to influence you without you actually realising. When I worked at ING we had such trainings periodically and then for entire days. Always think who asks what and why. Try to properly verify someone’s identity and when in doubt, just get help from senior management. Even if the director is giving you a hard time, it’s in his companies best interest if you are very firm and solid in your work. Thanks Martin for bringing this topic to NLUUG!

and finally the closing keynote: Tales (Fails) from the trenches… by Edwin den Andel. Edwin is a very classic hacker, in the sense that the name hacker was actually ment. Edwin is creative and thinks out of the box to try and obtain information. Not for the worse but for the better. Nowadays hackers are seen as nerds that break into computers and steal stuff. Edwin and Zerocopter behind him try to address that. They want to receive vulnerability information and highly suggest that you do not download entire datasets, but just one or two rows to proof that you can access data. Else you will get into the dark mazes of the law and you might even be prosecuted. Next to advocating the right thing, Edwin also gave numberous examples on how companies failed. I felt really connected with this topic and I think a lot of people found this the best talk of the day. Edwin easily presents his knowledge and is easy to follow. Edwin, I enjoyed your talk a lot, thank you!

After all these talks people needed drinks and beverages. My employer SUE sponsored these and a lot of people stayed until it was time to wrap up. Together with a few coworkers from SUE, we were the last ones to leave the conference. I hope to be able to rejoin the NLUUG conference next year, either in my current role or in a new role.