January 20-22, 2012, Hilton Los Angeles Airport Hotel


General Open Source / Free Software Advocacy and Technical Content.

Kyle Rankin

Practice Penetration Testing on Your Home Router

While it is fun to learn how to hack, sometimes it's tough to practice your skills without breaking any laws. It turns out if you have any consumer devices on your local network, you already have everything you need to practice penetration testing. In this talk I will discuss my experience with the Dlink DIR-685 Wireless N router and how with just a few basic skills I was able to find multiple exploits, including one that gave me root, all through the web interface. As I describe the attacks I'll demonstrate the exploits with a live demo. If you've ever wanted to get started with penetration testing of web services, this talk with introduce you to some basic concepts you can apply to all sorts of poorly-coded PHP sites. If you are interested in how to root consumer devices that don't already have special firmware, this talk will give you some pointers on how to break in via the web interface.

Link to the presentationhttp://greenfly.net/talks/security/practice_hacking.html


Colin Charles

The MySQL Diaspora

MySQL is a unique database in the sense that it is the only database out there that supports multiple storage engines. Varying storage engines have different on-disk formats, methods of indexing some are transactional and some are not, and so on. MySQL is also unique in the sense of creating a diaspora because it did not spawn but one fork, but many as it changed ownership.

Specific focus areas of the talk will include:

* A brief history of the MySQL trees at MySQL AB (MySQL 5.0, MySQL 5.1, MySQL 6.0). Microsoft Windows users tend to download the official releases from mysql.com but Unix users tend to get it from their distributions thus have myriad access to the varying solutions available

* A quick introduction to storage engines

* A look at Drizzle (a fork of the never-released MySQL 6.0 which targets the cloud) and how far it has diverged from MySQL. The aim is to be micro-kernel based with everything else as plugins. In recent times, it also has a forked InnoDB called HailDB. It is all 64-bit only, and only runs on modern Unix based operating systems

* A look at MariaDB, a branch of MySQL that constantly merges with "upstream" MySQL, but has more changes in the optimiser and kernel. It also includes more engines like Aria (crash-safe MyISAM), XtraDB (InnoDB fork from Percona), PBXT, FederatedX, SphinxSE and more. Feature-wise it has pool of threads support, table elimination (that Drizzle wanted), virtual columns, extended user statistics, segmented key caches, plugins and pluggable authentication and more including GIS and batched key access

* A look at Percona Performance Server, which is very close to MySQL mainline, but includes a forked-InnoDB called XtraDB, and some features that high performance environments and clients truly use like extended user statistics

* A look at the patches lying around from Tokutek, eBay, DeNA (HandlerSocket) and more. Where do distributions like OurDelta fit in?

* How are the InnoDB forks like XtraDB and HailDB performing? InnoDB gets so many changes from Oracle that it is truly hard to keep up

* How distributions package the various databases differently

* What does the commercial storage engine market look like?

* A short (really!) discussion on the birth of NoSQL databases and where they fit in to this entire ecosystem You're a busy DBA or developer. What solution do you choose? Which has sufficient support? Which has an active community behind it?

This talk will aim to answer that and more. Attendees will understand the whole ecosystem that is MySQL and its forks now and will leave empowered to know if they should use another branch or just stick to current Oracle-offered MySQL.


Jonathan Thomas

Create Stunning Videos with OpenShot!

Join us in exploring OpenShot Video Editor, and learn how to create your own stunning videos. In this presentation, we will create a short video which tells the story of Steve, a resident of Minecraft, who wakes up to find monsters invading his land. Steve looks for safety in an abandoned cave, and unknowingly stumbles into the real world. As I create this video, you will learn the techniques and tricks to create your own stunning videos with OpenShot. At the end of the presentation, we will watch the final video and upload it to YouTube.

OpenShot Video Editor is a free, open-source video editor for Linux licensed under the GPL version 3.0. OpenShot can take your videos, photos, and music files and help you create the film you have always dreamed of. Easily add sub-titles, transitions, and effects, and then export your film to DVD, YouTube, Vimeo, Xbox 360, and many other common formats.


Quim Gil

The Qt Project and the relevance of open development

In this session we will give an overview of the Qt framework and also of the Qt community developing and deploying it in multiple products used by hundreds of millions of people every day. We will give an overview of the Qt 5 plans and development status. We will also explain the motivations to move to fully open model where governance, roadmaping and development is decided by the contributors involved. SCALE 10x comes 3 months after the beginning of the Qt Project as a non-profit organization, a good time to offer a balance.


Deb Nicholson

Software Patents: What You Can Do

Who is getting sued and for what? What kinds of defensive strategies can help defend Linux, GNU and related projects? Of particular interest to free software contributors, this talk also has plenty of big picture to make it interesting for free software activists and users. I'll go over how the US patent system got to where it is and why it is such a problem for software in particular. We'll talk about what's already been tried and what's currently being done to protect free operating systems. Have you ever wondered what's at stake, how much money is changing hands or who's at risk? Perhaps you'd like to learn more about prior art and how that works? If so, then this talk is for you.


Tom Callaway

Selling Free Software

There are many misconceptions around selling Free Software, even the name is confusing, how can you sell something that is free? One of the main reasons that the term "Open Source" was coined was to simplify the message, that Free Software is more about freedom, and less about price. But it isn't as simple as that. Price matters too, especially in a struggling economy. From 2001 to 2006, I was a Sales Engineer (now known as Solutions Architects) at Red Hat, awarded Sales Engineer of the Year in 2005 and 2006. I never really planned on being in sales, it just fell in my lap, but I saw it as a problem that could be solved. In working towards solutions with each new customer, I came to appreciate and understand Free Software better. Additionally, I learned that the foundations that are widely understood and accepted in the FOSS community are very foreign to most organizations. The trick is learning how to bridge that gap, how to act as a translator. With no roadmap, no sales training, only a hacker mindset and a passion for free software, I learned many things about how to (and how not to) sell Free Software within organizations, large and small. I'll share some tips about how I was successful and hopefully give you some ideas.


Sage Weil

Ceph distributed storage system

As the size and performance requirements of storage systems have increased, file system designers have looked to new architectures to facilitate system scalability. Ceph is a fully open source distributed object store, network block device, and file system designed for reliability, performance, and scalability from terabytes to exabytes. Ceph's architecture consists of two main components: an object storage layer, and a distributed file system that is constructed on top of this object store. The object store provides a generic, scalable storage platform with support for snapshots and distributed computation. This storage backend is used to provide a simple network block device (RBD) with thin provisioning and snapshots, or an S3 or Swift compatible RESTful object storage interface. It also forms the basis for a distributed file system, managed by a distributed metadata server cluster, which similarly provides advanced features like per-directory granularity snapshots, and a recursive accounting feature that provides a convenient view of how much data is stored beneath any directory in the system. This talk will describe the Ceph architecture and then focus on the current status and future of the project. This will include a discussion of Ceph's relationship with btrfs, the file system and RBD clients in the Linux kernel, RBD support for virtual block devices in Qemu/KVM and libvirt, and current engineering challenges.


Meghan Gill

The Care and Feeding of an Open Source Community

An open source project is only as strong as the developer community around it. The traditional marketing strategies may not be applicable when dealing with a more discerning developer audience in the age of social media. So how does an open source project gain traction and usage? How do you fight FUD to build community around new technology? How does a project gain respect and mindshare among opinionated and fickle geeks? This session will examine these questions through a case study of the MongoDB project. Released for the first time in 2009, downloads of the open source database now exceed 100,000 each month and dozens of MongoDB events around the world have consistently sold out. Through bottoms-up developer outreach, MongoDB is seeing broad adoption in both the web and enterprise arenas. Meghan Gill leads the marketing and community development efforts at 10gen, the company that develops and supports the MongoDB project. She’ll talk about how seeding local user groups, organizing meetups large and small, building a social media presence, identifying advocates, and handling critics. We’ll also discuss the challenges of balancing the growth of a commercial ecosystem alongside free adoption.


Alison Chaiken

Automotive: the Next Frontier for Mobile Linux

The days when automotive software hacking meant trying to get MP3 music to play on a car's audio system are long behind us. The real-time fuel efficiency display of the Prius ably illustrates the driver empowerment that improved information can bring. Tata Motors, which owns Land Rover and Jaguar, has developed lane-departure warning systems that it is planning to deploy. BMW and Tesla already upgrade system firmware when cars are taken into the shop. DARPA Grand Challenge contenders from Stanford and CMU illustrate the potential for self-driving vehicles. Geely and Hawtai in China are already shipping cars running Moblin, a GNU/Linux variant based on Gnome and X11. The GENIVI Alliance, which has been formed in order to promulgate Linux-based automotive software standards, has well over 100 members, including familiar names like Delphi, ARM, Intel, Renault, Alpine, Mitsubishi, Samsung and Canonical. Along with new opportunities, there are new dangers in the auto software space. Do we *want* mechanics to be able to install new firmware in our cars? Can SELinux and iptables, or maybe Android's token-based sandboxing system, address the new security problems? How will we architect "multiseat" installations so that misbehaving applications don't overwhelm critical functions, or perhaps just distract the driver? Many questions remain unanswered, such as what kind of input devices drivers need (touchscreen, voice recognition, video-captured gestures, joysticks, other?) and which information should be presented when to which passengers. Safety aside, avoidance of motion sickness will bring a whole new dimension to Linux user interface design. But what about 2012? The unfortunately named "in-vehicle infotainment" (IVI) space is growing fast, so the field presents opportunities for job-seekers as well as hardware hackers. I'll demonstrate how hobbyists of limited means can display real-time fuel efficiency data in their own cars using open-source software running Linux on readily available hardware.


Bradley Kuhn

12 Years of FLOSS License Compliance: A Historical Perspective

Kuhn began working on GPL enforcement in 1999 by doing C&CS (complete and corresponding source) checks for the Free Software Foundation (FSF). Over the next 12 years, Kuhn was involved with every major effort to enforce the GPL in the USA. Kuhn's talk starts even earlier than that: with the first-ever GPL violation in history in 1989, and continues with GPL violations through the era of big iron computing to the current standard of embedded device GPL violations that are widely prevalent. Kuhn will explain the conditions in the industry that cause violations and how non-profit organizations like the FSF and Software Freedom Conservancy have worked to ensure that developers' copyleft license choices have been upheld and defended throughout the last decade. 

Link to the presentationhttp://ebb.org/bkuhn/talks/SCALE-2012/compliance.html

Source code is here: https://gitorious.org/bkuhn/talks/trees/master/SCALE-2012/



Subscribe to RSS - General