2019 03 Network Security

Location: Room 1300 — Conrad Grebel University College, 140 Westmount Rd. N. · Waterloo, ON N2L 3G6 (bottom floor, in the hallway that connects the main building to the Chapel-Residence building)
Date: Monday, 11 March 2019
Time: 7:00-9:00PM

We’ve talked about Malware and the importance of Keeping Computers Up To Date, and even just about The Things We Should Fear. But what new hazards are unveiled when you connect two or more computers together? When some of those computers aren’t on your own network? When malusers are out there trying to break into your network? When you’re actually inviting everyone into your network by running servers and services? Should you just outsource everything? Or are there tools available for the Non-Profit SysAdmin to help secure your networks?

We’ll talk about the hazards of running a public network, and go over a list of tools and software.

–Marc Paré & Bob Jonkman

Resources

  • Firewalls
    • The most secure firewall: Nipper for Electronic Wire (Old).png
    • Another secure firewall: pfSense
  • Intrusion Detection Software
  • Pen Testing apps

Meeting Notes

Spoke about resources, war stories

  • Proprietary mail systems
    • Errors in implementation, makes mail inaccessible, or sends mail when unwanted.
    • Corporate culture prevents people from speaking of security flaws
  • Bugs in the software
  • Errors in procedures

The Cloud

  • “If the data was in the cloud it would have been safe”
  • What is The Cloud?
    • Somebody manages the servers, still subject to human error
    • But reduces the human interaction that is needed
    • Maybe if everything is run by robots…
      • But that’s not the way Nonprofits operate, engaging people to be more involved
  • Open Source groups want more interaction, so still room for error
    • eg. LibreOffice: Get a professional to manage website? Or keep local group involvement? No to robots
  • Robots have programmers too
    • One more level of abstraction
  • Problems solved?
    • Email spoofing, phishing schemes: Joe Jobs, third-party addressbooks breached
    • Could contact the apparent sender, but that person may not be involved in the message at all

Tour of pfSense

Multiple connections to isolate traffic

Posted in Past Meetings | Tagged | Leave a comment

2019 02 Gaming

Location: Room 1300 — Conrad Grebel University College, 140 Westmount Rd. N. · Waterloo, ON N2L 3G6 (bottom floor, in the hallway that connects the main building to the Chapel-Residence building)
Date: Monday, 11 February 2019
Time: 7:00-9:00PM

Are you a gamer? Wouldn’t it be great to play games during work? Are you a game designer? What role does gamification have in Non-Profit organizations? Can gamification make a SysAdmin’s life easier? What value do games have in the Non-Profit sector?

Join our round-table discussion on Gaming, and share your views.
–Bob Jonkman & Marc Paré

Resources

Meeting Notes

Encouraging Gaming
  • Gamification of Disaster Recovery
    • Playing a role playing game
    • Roll the dice “Your mail server has failed”
    • Good for scenarios
    • Needs a Dungeon Master who understands security
  • Gamification of server uptime
    • One SysAdmin has a server with 1000 days uptime
    • Challenge other SysAdmins to do it too
    • Ensures SysAdmins will coddle the server to ensure uptime
  • Movie effects for computer screens
    • Don’t look like reality, more like computer games
    • But tools are trying to look like games
    • Want more customers to use their products
      • Security products (eg) are hard to use
      • Making the UI easier, more exciting to use
      • Trying to keep the user on the device as much as possible
      • Targetting today’s users who are gamers
      • Try to concentrate attention on the things that need attention
  • 12 hour operator shifts
    • Very tiring, trying to spot “hacker” anomalies in gigabytes of data
    • The job doesn’t get done, staff doesn’t care after a few days
    • If the system had been gamified it might have made the job better
      • But mostly it seems a management problem for having 12 hour shifts
    • But gamers are in front of monitors that long, don’t have the apathy problem
  • Can World Of Warcraft design be used to analyze logs?
    • Players are unknowingly doing the work while playing the game
    • But what gets attention is based on what the player finds fun
  • May be similar to using spare CPU cycles to do bitcoin
  • Have a reward attached to success
    • But in some cases there’s no control, so success is not based on work but luck and gamification won’t work
  • Games are visually appealing and attractive
  • Competition is appealing
  • Re-Captcha has gamified proofreading
    • Spread out the work to millions, make it fun
    • Purpose for captcha owner may not be access control, but OCR improvement, traffic AI optimization
  • “Sex and violence moves the world forward”
    • Porn has driven technology: Hi-res, accurate skin tones; VHS technology; video streaming
    • And the military has pushed technology too
  • Sometimes gamification gets in the way
    • “You have won this case number 54321!” is just annoying
    • Trying to fool employees backfires, recognized by employees
  • But maybe if the gamification could be switched off
  • An experienced worker can do more without gamification
    • But his attitude was that life is one big game
  • Young people develop new skills that older people don’t have
    • This affects how they approach gamification
  • “War Games”
    • Using games to make serious tasks go better
    • Also, how much control do you turn over to the computer?
  • Has become reality – military drone operators
  • US Military had an RPG for recruiting
    • Very realistic, eg. speed for loading a rifle
    • Intent to get people familiar with army life before recruiting them
  • DARPA Challenge
    • Started as a monetary reward for specific goals
      • 100 metre autonomous vehicles in 2004
      • 100 km autonomous vehicles in 2005 (xxxxxx check dates!
  • People in finance and politics use gamification
    • eg. “First Past The Post” is a horse racing analogy
  • Different rewards are effective for different groups
    • eg. Grade 3 kids may be influenced by a reward of bubblegum, but not Grade 8 kids
  • Bread and Circuses
    • Roman Warriors went from lean survivalists to entertainment
    • Games became a distraction, so young people no longer wanted to be warriors
  • Games in any environment have limits and rules
    • The objective is to be attained by following those limits and rules
    • The effects games have on social cohesion and morale are defined by those limits and rules
    • Not just rote and repetition, but applying strategy
Preventing Gaming
  • User Friendly cartoons about Doom on the LAN
  • SysAdmins wanted to prevent smart phones, more work to provide bandwidth
  • Security concerns with using personal devices in work
    • Accessing corporate data with personal devices
  • But people found these devices made their work more fun
  • Is there any way to run a corporation without using some kind of gamification?
    • Boring, routine jobs need it
    • But some people just aren’t suited to that kind of work
    • People who can remain focussed on routine work are scarce, but may not benefit from gamification
    • People have to be interested in the objective
  • Gold Farmers are playing a capitalist metagame
  • It should be possible to roboticize the work to make gamification customized
    • But then it is probably possible to automate the work directly, no longer requiring a worker
  • There are programs to monitor online behaviour to identify mental health issues

Categories of motivation

  1. Mastery of skill
  2. Exploratoin/ Discovery
  3. Competition
  4. Cooperation
  • How does cooperation and collaboration help with work?
  • Competition:
    • Nobody wants to be the laggard in the group
    • Competition is a loaded word in our society
    • But a notion of competition, argumentation with the aim of improvement, everyone winning
  • Gamification needs a goal, objective
    • eg. politics – getting people informed
  • Gamification is not Learning
    • Competing against other players
    • Or against your previous score
      • Someone has to know all the answers in order to mark your score
      • How can we solve problems that have not already been solved?
      • That’s not gaming, that’s learning
    • If you’re moving into an unknown area you don’t know what rules apply, what the goal is
  • Self-directed, independent study courses are a form of gamification?
    • No, that’s exploring, learning challenge; vision quest
    • Minecraft: No predefined goal
      • Possible collaboration, also competition
      • Used in education, “kids learn without knowing they’re learning” (but not accepted by all educators)
      • Letting kids play games, and maybe learning, is too haphazard, it’s not education
  • “Everything is a game”, “Life is a game”
    • But that makes the idea of a game useless.
  • When outside things are gamified, are people just being conditioned? Or are people learning?
    • eg. the Army game
  • Making games highly addictive
    • Are people conditioned to play again and again, spend money
    • Are corporations just games? Employees buying into it again and again.
  • Being fooled into learning can lead to a real interest in the subject
    • Movies, books can lead to further research. Reality is more interesting than fiction.
Posted in Gaming, Past Meetings | Leave a comment

2019 01 GDPR

Location: Room 1300 — Conrad Grebel University College, 140 Westmount Rd. N. · Waterloo, ON N2L 3G6 (bottom floor, in the hallway that connects the main building to the Chapel-Residence building)
Date: Monday, 14 January 2019
Time: 7:00-9:00PM

Does your Non-Profit organization collect personal data on people? People in Europe? And what is Personal Data anyway? Does your organization have an office in Europe? Store data in Europe? Process data in Europe? What is the ”General Data Protection Regulation” (GDPR)? Does it apply to your organization? What policies does your organization need to have? What technical measures need to be in place? What’s the SysAdmin’s role in all this? Could a SysAdmin be liable?

Marc Paré will provide us with an overview of the GDPR, and outline some of the concerns for Non-Profit SysAdmins.

–Marc Paré & Bob Jonkman

Resources

  • Dutch government report says Microsoft Office telemetry collection breaks GDPR | ZDNet
    • Investigators said they’ve identified the “large scale and covert collection of personal data” through Office’s built-in telemetry collection capabilities.They said Microsoft engages in this telemetry collection covertly and without properly informing users.The report said investigators didn’t find any official documentation about what information Microsoft collects through Office and no way of turning Office telemetry off, raising a serious privacy concern for all current Office users, regardless of geographical location.

Talking Points

  • General Data Protection Regulation (GDPR)
    • European Commission
      • set the GDPR standards
    • Data Protection Agencies (DPA) (e.g. Information Commissioners Office ICO in the UK)
      • In charge of administering the GDPR in their respective countries
    • In force as of 25 May 2018
      • primarily applies to controllers and processors located in the European Economic Area (the EEA) with some exceptions
      • applies to any site servicing or selling goods to European users
      • all sites must adhere to GDPR except any personal websites
    • Types of data
      • clear reason for data collection
    • Consent
      • requires use of positive opt-in consent and NOT pre-ticked consent or use of double-opt-in
      • requires site’s statement of consent must be clear and explicit
        • cannot re-purpose consent to another statement
      • user ability to remove consent should be easily accomplished
      • requires storage of consent for possible future audit trails
    • Data Storage
      • clear defined use and length needed to store information
      • storage of personal data for longer if you are only keeping it for public interest archiving, scientific or historical research, or statistical purposes
      • data collection must be necessary
      • users have the right to access, rectify, erase, restrict, restrict portability of data
      • restricts the transfer of personal data to countries outside the EEA, or international organizations
    • Types of data collection groups (2)
      • Controllers and Processors
    • Data Protection Officers (DPO)
      • individual in charge of data storage and adherence/compliance to GDPR for companies over 250 employees or if collecting large personal sensitive data
      • DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level
      • DPO may be shared amongst multiple organizations
      • you must appoint a DPO if
        • your site requires large scale tracking
        • you are a public authority or body
        • your site collects data on criminal convictions/offences
        • appointing a DPO is suggested as best practice
    • Data Breaches
      • requires that data is stored securely
      • encryption is suggested
      • breaches reported withing 72hrs
      • keep record on any breaches
      • have breech policy
    • Non-compliance fines
      • up to 20 million euros or 4% of annual revenues
    • GDPR Certification
      • framework is still not available but forthcoming

GDPR and Canadian Privacy Laws

    • Personal Information Protection and Electronic Documents Act (PIPEDA)
      • aligns more or less with GDPR
      • updated as of 01 November 2018
      • mandatory reporting of breeches to users and to Privacy Commissioner
        • more fine grained reporting on breech policy and record keeping
      • fines up to $100,000
      • PIPEDA does not generally apply to not-for-profit and charity groups as well as political parties and associations
      • complaints may be sent to the organization in question or to the Privacy Commisioner
      • Privacy Commissioner may conduct audit if necessary

Resources

They said Microsoft engages in this telemetry collection covertly and without properly informing users.
The report said investigators didn’t find any official documentation about what information Microsoft collects through Office and no way of turning Office telemetry off, raising a serious privacy concern for all current Office users, regardless of geographical location.

Meeting Notes

  • Don’t take our words as legal advice!
  • Some websites closed down rather than violate GDPR
  • Each country in EU needs to appoint its own GDPR Commissioner
  • Started last year (25 May 2018)
    • People had several years to comply before 2018
    • But European commission is not yet up-to-speed on everything, still working on enforcement and compliance
  • Personal websites don’t fall under GDPR
    • Unless you’re selling goods or services to European markets
    • If you don’t expect visitors from Europe you should be OK
    • But GDPR exceeds boundaries, even non-European sites need to follow that law
  • Controllers: Collect the data, set standards to determine what data to collect (eg. Google)
  • Processors: Websites that don’t necessarily use the data, but collects data from other sites (eg. banner ads)
  • Even temporary receipt of data falls under GDPR
    • KWNPSA site might be under GDPR, WordPress requires cookies
      • Marc has added a cookie disclaimer to https://kwnpsa.ca
      • The cookie form cannot be pre-checked
      • Newsletter subscriptions require double opt-in (subscribe, then confirm)
        • We can no longer add people’s names without written permission, or subscribing with an opt-in
        • Marc & Bob gave a demonstration of the Mailman subsription process
    • Fines might be 20,000,000 Euros, or 4% of your profits
  • Could one entity cause trouble for another entity by reporting them to GDPR?
    • Compliance is largely self-adhering
    • Getting a whole website shut down isn’t really possible, as long as that entity is responsive to GDPR
  • Is there an agency that reviews incoming complaints, and finds those entities that don’t comply?
    • Not really defined, still setting up the framework for that
    • The European Commission will not fine people, but the individual states’ Data Protection Agencies do the enforcement
    • Foreign policies affect relationships between all countries, might trigger or be triggered by other events
  • GDPR was an answer to privacy and anti-competitive incidents with Microsoft, Google, Facebook, and Yahoo
  • GDPR provides a clear policy on data collection
    • Gives users a right to see and have corrected the data collected on them
    • Only applies to e-mail (and websites) that affect European users, not e-mail that stays within Canadian borders
      • But Canada has rules of its own, not as strict as GDPR
      • Canadian fines aren’t as high, only $100,000
    • In the US the only state that’s updating its rules is California
      • But other states are expected to follow California
  • GDPR rules just make common sense for the user
    • For website developers it’s more onerous
    • Also onerous for those people running secure browsers that clear the cookies allowing cookies…
    • Compliance is built into some frameworks like WordPress.
      • But we (KWNPSA) still need to write and publish our policies on cookies and data retention.
      • The current disclaimer text is no longer adequate, even for Canadian rules
      • GDPR and Canadian rules are moving towards requiring encrypted collected data storage
      • Organizations with 250+ employees must have a full-time, certified GDPR Data Protection Officer
        • But there is as yet no framework for this certification
      • Will there be a standard for encryption?
        • Probably as part of the framework for certification
        • All the usual encryption problems apply (decryption in the server, decryption between storage and transmission)
    • Political organizations, Charities, and Non-Profits don’t have to follow the Canadian PIPEDA regulations for mailing lists
      • But CANSPAM still applies (but there are tools and services to check if your fundraising letters are conformant)
  • There are stringent rules about publishing policies, reporting breaches, timeline for reporting breaches
  • Organizations that are too small to have a dedicated Data Protection Officer can share one between them
  • Marc shows some sites that are GDPR conformant, eg. IBM
    • IBM in Germany does not have a cookie popup.
    • Shell has a nicer cookie popup than most (small, unobtrusive box at the bottom)
    • Volvo has every cookie itemized in their policy (GDPR encourages that, Canada is likely to follow)
  • There are sites with sample policy wording that can be followed.
    • Do analytics companies like Piwik offer their own sample polices? No, because they could not make it specific enough for all regulations, too much liability
  • In Canada:
    • PIPEDA is the equivalent of GDPR, updated in November 2018
  • Ultimate goal is to restore people’s confidence in spending money on the Web
Posted in GDPR, Past Meetings | Leave a comment

2019 Agile vs. Waterfall

Location: TBA
Date: TBA
Time: TBA

Description: TBA

— Bob, Steve and Marc

Posted in Uncategorized | Leave a comment

2018 12 Social Night 2018

Location: Abe Erb Restaurant and Brewery, 151 Charles Street, Kitchener, Ontario Map
Date: Monday, 10 December 2018
Time: 6:00-9:00PM

System Administrators have worked hard all year, with only a few brief hours off for SysAdminDay Dinner in July. Now it’s the Holiday Season again, so KWNPSA will be taking a holiday!

Join us for an evening of good food and fine beverages at the Abe Erb Restaurant and Brewery (http://abeerb.com/). Bring your family, friends and relations — Social Nights (like every other KWNPSA event) is open to everyone.

We’ll start this “meeting” an hour earlier than usual, at 6:00pm, to give us more time to enjoy the evening.

–Bob Jonkman & Marc Paré

Posted in Past Meetings, Social Night | Leave a comment

2018 11 Tech Wobblies

Location: Room 1301 — Conrad Grebel University College, 140 Westmount Rd. N. · Waterloo, ON N2L 3G6 (bottom floor, in the hallway that connects the main building to the Chapel-Residence building)
Date: Monday, 12 November 2018
Time: 7:00-9:00PM

Is automation taking over Systems Administration? Are highly skilled SysAdmin jobs (and their highly skilled SysAdmins) becoming obsolete? What is to become of the Non-Profit SysAdmin? Are we all going to become Mechanical Turks? Or should tech workers become Wobblies? Who are the Wobblies? Is the tech industry ready for collective action?

We’re joined by special guest Sean Howard at our round table to discuss the state of the tech industry, the working conditions for tech workers, and what can be done about it.

–Marc Paré & Bob Jonkman

Tech Wobblies/Meeting Notes 2018-11-12

Resources

Part of the CBC Ideas series Workshift.

Meeting Notes

  • Introductions
  • Steve has an IWW membership card from 1975!
    • and Sunny has a modern card, with self-adhesive stickers representing dues (from $11 – $33/month)
  • IWW goal is to be a self-funded union.
    • Money to do projects: training on workplace organizing, &c.
    • Having a budget is useful
    • No outside influence if self-funded.
    • Similar to a self-managed business or a co-op
    • all funding goes back into the IWW
    • kwiww.wordpress.com (needs some updating)
  • Techworkers Coalition is less formal, anyone can join
  • Orgininally, unions were based on trades
    • Now, divided by region (Toronto, Kitchener-Waterloo)
    • But tech workers have their own needs, so now splitting that off again
    • The larger techworkers union can encompass Toronto, KW, North Bay
  • IWW has general membership branches, divided by region, not by trade
    • Has strength in Ontario from lumber industry, based on migrant workers, who had no access to trade unions
  • With many workers working and living together they will (can?) self-organize
    • Talk things over about how employers are treating workers.
    • Most trade unions don’t accept contractors in their union, contractors == scabs
  • IWW accepts contractors in their union, any worker
  • The union will accept contractors, and negotiate for
    • But it’s different for off-site contractors, but the IWW could handle that
    • IWW also operates in areas where there’s no jurisdiction for trade unions
    • No framework for industrial organizing in Canada (or the States)
  • Union for a workplace is for collective bargaining; a trade union may provide union training
  • IWW puts techworkers under “Communications”
    • Setting standards for all techworkers in any workplace
    • Good for small, scattered workplaces
    • For techworkers, not so much for negotiating pay, but perhaps oncall or overtime hours
  • eg. Google walkout for sexual harrassment; influenced other corporations like Facebook
    • Making small changes in one place will filter to other places
  • But some grievances aren’t satisfied by one corporation; if one company doesn’t do it, another one will
  • This sounds more like a social justice action — and that’s the whole point.
  • Critical mass?
    • Needs 10 people to form a formal industrial union branch (IUB).
      • (that’s an IWW requirement)
  • Note that IWW is not Techworkers Coalition
    • Techworkers Coalition started in the California Bay area, from gameworker’s union.
    • Loose organization, no formal membership
    • Provides a place to discuss grievances, solutions, and expand that to larger nationwide discussions
    • “Low obligation” way to get involved,
    • Sign up for Techworker’s Coalition on their website, get access to their Slack channel
    • No dues, no voting…
  • Techworker’s Coalition Meetup on Sat 17 Nov from 3-6pm at East York Civic Centre
  • IWW and Techworker’s Coalition share values, but IWW has a budget, and “real union” power to back the workers
  • Labour laws require employers to negotiate with unions once there is sufficient membership
    • Some progress in Montreal in fast food industry, precarious work.
    • Has low union membership density, so a good target for organizing
    • In Montreal some demands were met wihtout a contract; in US formal contracts are in place.
    • But no contracts are preferred to avoid legal battles
    • Certification as a union? Get certain numbers of people to sign union cards; protection from dismissal for union activity
    • Improved working conditions, improved control over the work\
    • Building block for social change
  • Difficult co-op to get union affilliation
    • In order to get recognized there needs to be a boss and workers, but that’s not part of a co-op. Workaround: A board of directors.
  • But big unions (Unifor) is not interested in worker control
  • But worker control over labour is the point of IWW
  • Is Unifor subsuming the work of IWW?
    • Well! Not really, Unifor is not working for the workers, although their literature would say otherwise. There is antagonism between Unifor and other unions.
  • Unifor has left the CLC
    • CLC is a social justice organization
  • Unifor’s politics are not those of the IWW
    • The IWW locals are autonomous, the IWW is run by the locals from the bottom up (unlike other unions)
    • Other unions profit from the workers not knowing about the union
    • (discussion on union raiding, agitating, organizing)
  • IWW practices “solidarity unionism”, everyone signs on and becomes involved
    • Other unions dictate conditions to the workers
  • Many parallels to political parties: there are top-down, big-tent parties, and bottom-up, grass-roots parties
    • Maybe the trade unions did start off as bottom-up, but when they grew large that level of communication interfered with that model
    • How can IWW prevent that?
    • Direction the labour movement has taken in the last 50 years: different trade unions got amalgamated, and grew into monstrous beasts
  • Large unions are affected by back-to-work legislation: How does that provide protection to the workers? This is entrenched in Canadian labour legislation
    • “If you’re really big no-one wants to pick a fight with you”
    • Very little gains have been made in the last 50 years
    • When organizations get too large, the executive takes over
    • Now things are speedy and novel that organizations don’t have a chance to make mistakes — how to keep up the communications-expensive organizational model of IWW?
  • Local KW branch of IWW is try9ing to pull out tech workers based on their unique needs.
    • But that will grow and build bureaucracy
    • Ontario labour law has many exemptions for techworkers (12 hour days, no overtime protection, &c)
  • When a local organization gets large enough, the IWW fragments it into their own bureaucratic structure; fragmentation is built in to prevent over-size organizations
    • This model has been demonstrated many times, in many different sectors, throughout IWW existence
    • eg. Russian Bolsheviks, labour union in Spain
    • IWW has been doing this for 100 years
  • IU == Industrial Unions
  • CNTU == Quebec-based federation of unions
  • Closed union shops?
    • Based on legislation at the close of WWII
    • Everyone must pay dues to prevent the “free rider” problem
    • SysAdmins not well represented by, eg. Steelworkers union
    • Create a separate bargaining unit, in the same union?
    • When bargained contracts are unequal the Ontario Labour Relations board gets involved.
    • IWW allows membership in multiple unions!
    • But that may create more borders between workers, looks disorganized to the employers
    • Bargaining units could be as small as two or three people
    • eg. Waterloo Region example of shed-builders: Two people certified a union, now it’s a closed shop.
    • Politicians in WR are working to prevent the ill effects of closed shops and the bidding process.
  • Are we going to get bids as cheaply as possible, or are we going to ensure a fair wage for workers? This is determined by who we elect into office to set labour law. (but who gets to vote based on this one issue?)
  • In IWW there are people opposed to the closed shop model
    • Closed shops may be a trap for unions: “We’re done organizing now”
    • But that doesn’t provide flexibility when new classes of work appear, new workers are needed
    • Unions become unresponsive to needs of new workers in new work
    • Union amalagamation is not responsive to small changes
  • In some union elections the offices are almost always contested
    • because the workers are involved
  • Everyone informed, everyone involved, everyone having a say is the essence of solidarity unionism
  • Contracting out shouldn’t matter, as long as the workers have the same working conditions
    • But this may not work for off-site work, eg. contracted at-home workers
    • Need to be in contact with your fellow workers to keep up with the needs of workers
  • What kind of response has IWW got from the SysAdmin community?
    • People have been coming out to meetings!
    • Sunny looking to set up an Industrial Union, not a workplace union.
    • Lots of media attention to collective action, eg. Salesforce workers want the company to divest from ICE; sexual harrassment walkout; anti-war, peace work
    • Happening everywhere, but centered in the Bay Area
  • Want organizations that are not employer-centric or industry-centric
    • Want to be able to critize the hand that feeds us
    • eg. funding organizations don’t provide funding to non-profit organizations involved in well-off industries
  • Co-op sector is very much aligned with the values and philosophies of IWW
  • Why does IWW pursue the union model, not the worker-owned model?
    • IWW does both
    • Unions have a history of making radical, industry-wide changes, eg. invented the weekend
    • Co-ops may not make such big chagnes for workers
    • And co-op workers are workers too!
  • LibraInformation Systems is a co-op that is unionized; very big, lots of contracts
  • Maybe workers can buy their distressed companies and form a co-op
  • False dichotomy between co-ops and unions. Other countries with histories of worker-based actions are more open to co-op/union fusion

(mondregon in spain?)

  • Co-ops have been failing because of lack of capital & cashflow
  • IWW has facilitated communication between different unions in the same sector where employer was pitting one union against the other
  • Unionizing the trade unions? Union workers are workers too!
Posted in Past Meetings, Tech Wobblies | Leave a comment

2018 10 Training

Location: Parlour Room”, First United Church, 16 William St W, Waterloo, ON N2L 1J3 (enter from church back parking lot door, follow the signs — https://osm.org/go/ZXna93PBA)
Date: Monday, 15 October 2018
Time: 7:00-9:00PM

How complex is your Non-Profit organization? Does your newly hired staff need training on your policies and procedures? On your products and services? On your software and hardware? What happens when you change procedures, get new products, update your software? Does your existing staff need training? How do you supply the training? On the job? In the classroom? Online learning courses? And how do you manage the training administration? Keep track of results? Determine who is eligible for additional training?

At this months’ round table discussion let’s talk about our experiences in providing training to staff, or receiving training to be better SysAdmins. How can the Non-Profit SysAdmin help deliver and track training for our organizations’ training requirements?

In a future session we’ll discuss providing education to the clients of our organizations; this month let’s focus on internal training.

–Bob Jonkman & Marc Paré

Resources

Meeting Notes

Legacy codes
  • People inherit old legacy code, eg. spreadsheets
  • Nobody want to admit to knowing Excel for fear of having to fix someone’s code
Techsoup Catalogue
  • Zoom
    • but that’s just conferencing software, not training management software
  • Desire To Learn is no longer in the catalogue
Using Moodle
  • Marc shows off his French Language Moodle installation http://frenchasasecondlanguage.org
  • Need to build your own content on Moodle
  • Danger of copyright infringement if you’re not using your own content
  • Universities are more likely to contract out for content creation
  • Marc has used Hot Potatoes to create Moodle content
  • Hot Potatoes might be good for internal training; evaluation doesn’t work in all educational settings
  • Looked at some Moodle testimonials for internal staff training
Other notes
  • Discussed evaluation methods, and the efficacy of teachers
  • Also the ideology imposed on the curriculum by different governments
  • Talked about the university model of teaching: Should be two separate streams? One for research, one for teaching (researchers aren’t necessarily good teachers)
    • 400 students in a lecture hall? 10-15 students with teaching assistants? Where does best learning take place?
    • More than 25 students makes a teacher a “classroom manager” rather than an “educator”
Posted in Past Meetings, Training | Leave a comment

2018 09 Purchasing and Procurement

Location: Bonfire, 121 Charles St W, Kitchener, on N2G 1H7  Directions
Date: Monday, 17 September 2018
Time: 7:00-9:00PM

Does your organization buy things? Do you go to the local store? Or do you issue Requests for Information, Quotes, or Proposals? How do you evaluate those RFIs, RFQs, and RFPs? How do you find suppliers? Contractors? Vendors? Does your organization have minimum standards for vendors? How can you ensure vendors making bids meet these standards? Isn’t there some software that can help with all this?

Yes! Local company Bonfire (https://gobonfire.com/) creates purchasing and Procurement software. Special guests Danielle McCormack and Ethan Driedger will give us an overview of what a Non-Profit organization should look for in purchasing and procurement software, and will give us a demonstration of the Bonfire software.
–Marc Paré & Bob Jonkman

Resources

Meeting Notes

  • Introductions
    • Danielle McCormack, Account Manager for the Not For Profit market
    • Ethan Driedger, Account Manager and technical advisor
  • Presentation was recorded, hope to have video available shortly
  • What concerns do people have?
    • Spend time and effort to evaluate RFPs, only to have management choose the lowest bid
    • What is the relationship between purchasing and making grant/funding applications?
      • “Purchasing” is not always commercial. Grant application tools help to make decisions, similar to satisfying an RFP
  • Q: Does Bonfire help an RFP respondent?
    • A: Yes. Vendors can use Bonfire to submit online responses
    • Vendors can subscribe to notifications to learn about new RFPs
  • Danielle recognizes the resource constraints experienced by Not-For-Profit organizations
    • NFP funders require accountability and transparency in the purchasing process
    • Need to know the why and how of decision making
  • Interesting stats: 15% of the workforce is employed by Not-For-Profit organizations
  • 7.1% of the GDP is generated by NFPs
  • Q: How easy is it to “divorce” Bonfire? How is the data portability? Is there integration to other applications? Databases?
    • A: Yes, Bonfire has an open API. Glue apps (middleware) are not provided, but Bonfire can be hired to create them
    • May be out of reach for Non-Profit organizations
    • There was some discussion on data structures and interoperability
  • Q: Integration with financial applications?
    • A: Bonfire can import legacy purchasing data from spreadsheets, &c.
    • Other integrations can be done via the API
  • Q: Project management software?
    • A: No direct integration
  • Q: Existing purchasing departments?
    • A: Bonfire software facilitates communication between purchasing agents and the end-user requiring the purchase
  • More discussion on data exchange. How is the data structured for different sectors?
  • Vendors submit the outcome of their bids, used to build knowledgebase of successful strategies
  • Q: Integrations with MERX? (online database of government RFPs)
    • A: No direct connection
  • Q: Conversion from hard data?
  • Bonfire provides alerts to Not-For-Profit organizations of new grant available for application
    • NFPs can apply to these grants for free
    • Sort of “purchasing in reverse”; Bonfire clients are the grant providers, respondents are the NFPs applying
  • Subscribe to different categories for notification (for vendors?)
    • eg. based on geographic location: “Any RFP in Ontario”
    • eg. based on industry codes (SIC, UKSIC)
  • Municipalities (technically Not-For-Profit organizations) have additional constraints imposed by legislation
  • The purchasing process doesn’t allow innovation in responses
    • eg. software company loses bid because they’re not offering a tangible solution to a traditional problem
    • The solution offered by the respondent isn’t compliant because purchasing requirements are too rigid
  • Bonfire recommends multi-stage RFPs
    • This means stakeholders don’t need to answer all the questions
    • eg. a Chief Technical Officer doesn’t need to answer financial questions
  • Bonfire scales well to small respondents (vendors)
    • Q: Does it also scale to small customers? (purchasers)
      • A: Perhaps. Bonfire removes the arduous tasks of the purchasing process, freeing resources at the NFP
  • Classification discussion
    • Steve employed librarians to classify books for University courses
    • Bonfire has search functions for both classification codes (well-defined) and keywords (arbitrary, free-format)
  • Revenue model: Annual subscription
    • Contract management option?
    • Vendor management option?
    • Bonfire is entirely cloud-based (on AWS infrastructure), not software purchase or licence
  • Q: Is there a short-term subsciption? ie. 1 or 2 months?
    • A: Future availability
  • Q: Real estate?
    • A: Technically, it’s no different from any other purchase
    • Bonfire can help in advertising the bid (less reliance on real estate agents)
  • Pricing
    • For Not-For-Profit organizations, work with grant providing organizations who can purchase a blanket subscription for the NFPs they provide grants to
    • Q: Have vendors purchase the subscription, allow NFPs free access as purchaser?
      • A: Vendor-pay may be not be legal for government and public sector organizations
    • Q: Pro Bono subscription to Bonfire for Not-For-Profit orgs?
      • A: Bonfire is still a startup.
      • Perhaps as a charitable donation?
  • Hope to have links soon to videos demonstrating the use of the Bonfire software

Many thanks to the Danielle McCormack, Ethan Driedger, and all the staff at Bonfire for hosting the KWNPSA meetup on Purchasing and Procurement!

 

Posted in Past Meetings, Purchasing and Procurement | Leave a comment

2019 08 Scripting Languages

Location: Room 1301 — Conrad Grebel University College, 140 Westmount Rd. N. · Waterloo, ON N2L 3G6 (bottom floor, in the hallway that connects the main building to the Chapel-Residence building)
Date: Monday, 20 August 2018
Time: 7:00-9:00PM

Do you need to do the same thing again and again? Have you automated those repetitive tasks? What software tools do you use? Keyboard macros? Programmable keyboard macros? A scripting language? Which scripting language? What makes a scripting language different from a programming language? Is a scripting language Turing-complete? Can’t you just do everything in PowerShell or Bash?

Let’s talk about what can be solved with scripting languages, and what can’t. Bring your laptop to give a demonstration of your favourite scripting languages, and maybe we can help solve some of your most annoying repetitive problems.
–Bob Jonkman & Marc Paré

Resources

Introductions

  • Testers, programmers, SysAdmins, and some non-scripting users

Meeting Notes

  • Programming vs. Scripting
    • “Programs” are compiled, “Scripts” are interpreted
    • But mostly there’s no differences in syntax
  • Use a scripting language to prototype a concept
  • Non-programmers using scripts to do application installation
    • Useful for installing applications without a GUI to get that app installed to the GUI level
    • eg. Mail-In-A-Box, installed with a script
  • Vagrant written in RUBY, but has its own scripting language
  • Lots of variation in scripting language syntax, even within the same language
    • “semicolons forever!”
    • Brackets, or no brackets
    • Is whitespace significant?
    • Indenting
  • many of these are tradeoffs
    • Optimizing for speed, time to program, robustness
  • LLVM (originally Low Level Virtual Machine) is used to create programming language
    • take input intermediate language, p-code, generates machine language
    • Needs research. Bob can’t figure out what this does (Wikipedia:LLVM may be helpful}
    • LLVM is embedded in CLANG, RUST, other scripting languages
    • way to create code generation for your software
  • “If all scripting languages were combined, could we create a universal scripting language?”
    • Probably not — semantic ambiguity, eg. use of semicolons is different in different languages, other syntax doesn’t match
  • Using one language is comfortable, so you tend to do everything in that language, appropriate or not
    • What is the lifespan of a language? Depends on the domain — AWK has been around for 25 years, RUST has not
  • How do you keep up with all the new languages?
    • Need to decide what to give up
    • How much spare time do you have
    • How do you know what new tech to embrace
    • Depends on the lifespan of the project, don’t spend 3 months to learn a language for a 2 month project
  • Lambda the ultimate on programming language design
    • There is a formal science to language design
  • Still worth learning C?
    • Yes, it’s still efficient, has installed base, still close to the hardware
    • C makes it tolerable to understand what is happening in your computer
    • High level languages have many layers of abstraction
    • Knowing C leads to understanding
  • “Scripting is a gateway drug to programming”
  • How do we learn scripting?
    • Get a raspberry pi
    • JavaScript
    • You need a project to solve!
    • Find something on GitHub
    • Python is considered the preferred entry-level language
    • App Inventor allows people with no programming experience to create apps on Android
    • Scratch is another drag’n’drop learning app
    • Marc taught Logo to a kindergarten class
    • NetLogo used for serious science application, complexity science at Santa Fe Institute
    • Other applications like Docker are written in GO, so worth learning
  • Is scripting a desirable skill in job applications?
    • Python is one of the most requested skills
    • But shell scripting is difficult
    • For security eg. Wireshark, SNORT, &c need scripting to identify network traffic
LUA
  • Kirk wrote in LUA to access the Linux encryption keyring subsystem
    • was using GUILE (FSF’s SCHEME), not so good for encryption
    • LUA is “Python for millennials”
  • Written in ANSI C
  • Very embeddable, no linking,
  • Comiles to a Virtual Machine
  • Two flavours, LUA and LUAJIT (Just-In-Time compiler)
  • Seen in XMPP server, used for real-time application
  • Came from Brazil, university project, released “into the wild”
  • Has facility for OOP, but needs your own OOP tools
  • Has co-routines, program in loops that are interruptible; daisychain them together
  • Functions are first-class entities, so can do functional programming
  • There’s a modLUA for Apache server; handle data in blocks without touching the Apache system
    • Rather than create a web backend, it lets you create the entire web server
  • “Embeddable extension language”
  • There’s a bootloader LUA for use before the OS loads in SysLinux
  • Kirk has used LUA as a conversion layer for allowing Apache to work with encryption sysstyem
  • Definitely a good language for testing
  • Built into Wireshark for decoding packets
  • How popular is LUA? People make stuff available on GitHub
  • LUA is used in games for event handling
  • Many apps have LUA built-in (on the LUA site)
AWK
  • Brian Kernighan still uses AWK,
  • “If you want to compile AWK, just re-write it in C”
  • Associative arrays in AWK,
    • Mainstay of Python
    • C only has enumerative arrays, difficult to simulate associative arrays
  • Conrad Grebel prof Dave Huron used AWK to create a catalogue of music for Hewlett-Packard
    • HumDrum Toolkit” is the app name
    • Trying to analyze music, determine patterns among composer
    • Find out if people would be happy if music was two tones up or down
    • Two minutes of this analysis is equal to a human analysis of years
    • Dave Huron one of the first
  • Raymond cleans the data before processing it with AWK
    • Uses BASH to insert parameters begore printing.
  • Bob used AWK to parse log files
    • Poor programming practices – AWK lends itself to quick&dirty hacks, but the scripts grew; good programming practices at the outset would have been beneficial later
    • Much better if data is available though an API, but these scripts were created because there were no APIs
    • Bob implemented a standardized CSV file, but not according to the RFC 4180 specification
    • Human readable: https://sobac.com/sobac/groupwise/code2html/
    • Downloadable: https://sobac.com/bin/awk/
List of scripting languages
Other tools
  • Keystroke macros
    • Record and playback keystrokes
    • Bob wants this to be programmable, depending on input processed
    • AutoIT does this on Windows
    • Not many keystroke macro tools in Linux

Future Topics

 

Posted in Past Meetings, Scripting Languages | Leave a comment

2018 07 Web Stores and Shopping Carts

Location: Room 1301 — Conrad Grebel University College,140 Westmount Rd. N. · Waterloo, ON N2L 3G6
Date: Monday, July 16, 2018
Time: 7:00-9:00PM

Does your NonProfit organization sell things? Does it provide paid services? Do you need a web presence for your sales? Will you need a separate server for your web store? Or can you add a shopping cart to your existing web site? Or is it better to outsource all online commerce?

Meet our guest speaker Sam Nabi, developer of Shopkit (https://shopkit.samnabi.com/) and let’s discuss what a System Administrator needs to join a NonProfit organization to the world of web commerce.

–Marc Paré & Bob Jonkman

Resources

Meeting Notes

Introductions
  • Where is everyone coming from? Sam Nabi will tailor his tour to our needs.
    • Nonprofit org wants online registrations with payment
    • Bookseller
    • Online donations
    • Goods and Services
    • Media Production (rental of cameras, lights, &c)
  • People want to make things easier for sellers and buyers
  • Sam started as a city planner, moved to a startup doing web development
    • Then, Sam bought a retail store, Full Circle Foods
    • …the inherited system is a series of linked spreadsheets :/
    • Full Circle Foods has 90 suppliers. Seems a lot, but many are small, local businesses
    • Lots to be done digitizing the order system of Full Circle Foods
Shopkit
  • Self-hosted PHP-based solution
    • Sold as a subscription service
    • Sam would hold the code and provides the online webhosting
  • Sam provides the code, and can work it into the design of an existing web page
  • Had an idea to pool resources for pooled shipping, delivery, advertising
    • (not sure if this is a feature of ShopKit –Bob.)
  • Sam is part of the Kirby CMS community
    • Didn’t have an ecommerce plugin, but there was an appetite for it
    • Working over three years to develop Shopkit with the Kirby developers
    • Kirby is a file-based PHP CMS (we like that)
      • Files are written in Markdown, still accessible if Web connection goes down
      • But there is a good GUI as well (good for marketers)
      • UI is decoupled from the data
  • Sam gives a quick tour of a sample installation on GitHub
    • https://github.com/samnabi/shopkit-sample-content/
    • Kirby has multi-language support, i18n, l10n
    • Also has categories, which Shopkit links to
    • It’s a system of API hooks, launched from the plugin to Kirby
    • but Shopkit has all the templates for, eg. slideshows, created by Sam
  • Purchasing flow:
    • Select product, increase/decrease quantity, totals are updated
    • Uses AJAX, but the site is not Javascript dependent
      • Jeremy Keith is Sam’s inspiration, he knows about good design.
    • There can be different shipping rules, different tax rates for different localities
    • Add personal details (name, e-mail)
  • Tour of the back end
    • Resetting passwords 🙂
    • Sam has tried to make it easy for front-end users
    • Adding products, adding categories
      • Products have variants with different prices, options that don’t affect price
        • Small oversight: Options don’t have different SKUs, no separate inventory
      • Changing the use of SKUs is not dependent on the purchasing process
    • A “Featured Product” is displayed in the sidebar
    • Feature request by developers: “Items Remaining In Stock”
    • Another request: Individual e-mails for restocking
    • Shipping Rules:
      • Can be different for all countries, one country,
      • Shipping rules UI created by Sam, but as part of the plugin (even though it shows in the Kirby UI)
      • Tax and shipping rules can be defined by the developer, but not through the WebUI
      • Sam take us for a deep dive into the shipping selection code
  • Reporting in Shopkit
    • Done from the Shopkit backend
    • Invoices are created by PHP into PDF files using “dompdf” https://github.com/dompdf/dompdf
    • Report invoices are generated dynamically every time, but from a static “transactions” file
    • Added some widgets on the dashboard, eg. “Abandoned, Pending, Paid/Shipped”
    • There are also site stats based on another Kirby plugin
  • Payment Processing
    • Implemented at “gateways” in Shopkit
      • Each gateway has a “process” and a “callback”
    • Some processors (Square) expect money values to be in cents
      • Performing only integer operations on cents seems to be best practice
    • There are thousands of processors, so Sam has created an open system for processor gateways
      • This separates the payment processing from Shopkit itself, absolving Sam of dealing with payment issues
    • Payment processors provide an SDK for the gateway code
      • Each payment processor has its own API, unique for each installation.
  • Testing
    • No formal testing methodology
    • Tries new code on a test site, Sam’s own site
    • Most bugs are caught by end-users (developers)
  • Shopkit and Kirby aren’t quite Free Software: Code is available for inspection, modification, but not necessarily for redistribution. But payment is on the honour system.
  • There have been 200 issues logged in the Shopkit issue tracker; most are from Sam himself.
    • Top question: Can I add Shopkit to an existing (Kirby) site?
      • Not really, Shopkit is a standalone application,
      • Shopkit is a good intermediate between a simple button, and a full-fledged e-commerce system.
  • Shopkit’s changes to Kirby are mostly in the “snippets”, which might conflict with another Kirby installation’s snippets
  • Shopkit is a full point version behind the Kirby, always on the stable version.
  • A look at the data: Order file
    • A YAML file that builds up as order information is entereed
    • Based on server’s session ID (uniqueness?)
    • File locking? Kirby has some file locking built in
    • Sessions are now the same across tabs, but that may break with new Chrome tab isolation

Shopkit is a kit, a standalone, turnkey application

  • Kirby developer, Bastian Allgeier, is known for Zootool, and is making a living off Kirby

General Business

  • SysAdminDay Dinner – 6:00pm on Friday, 27 July 2018 at Abe Erb Restaurant in Kitchener
    • All System Administrators, Non-Profit, For-Profit, and their friends and relations are invited!

Future Topics

Posted in Past Meetings | Leave a comment