KW Non-Profit Sys-Admin (KWNPSA)

2016-10: Promoting Open Source

Posted on 1 October 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: October 17th, 2016
Time: 7:00 PM

Many of us use Free and Open Source software (FLOSS) in our daily lives. But promoting the use of FLOSS within our organizations can be a challenge. What FLOSS does your organization use? How did this come to pass?
What kinds of FLOSS is amenable to adoption by non-profit organizations? What is more challenging?
What are some of the advantages/selling points you have found successful in promoting FLOSS in your organization?
What have been some of the disadvantages/challenges you have faced in promoting FLOSS?

Announcements
————-

– Tue Oct 18, 7pm: Ruby FLOSS Contributions, Sweet Tooth
+ Boltmade was bought by Shopify!
+ Bring a laptop and a Ruby install
+ Goal: encourage FLOSS contributions and bring visibility to FLOSS
projects in the area
– Sat Oct 22, 4-8pm: Laptop Rescue Mission, Computer Recycling

How do you sell it?
——————-

– End users don’t care much about open source
+ They think you need to contribute code
+ Contributing might mean contributing financially or reporting bugs

– Lots of people using the code might make it better
+ But this did not work so well for OpenSSL
+ How do you make people aware of the code that they use?
+ How do you pick the projects to support?
* Apache
* Linux Foundation (they have a Core Infrastructure initiative)
* SPI: Software in the Public Interest

– Do endorsements from famous people matter?
+ Can you get the word out?
+ http://trustmeimlying…
+ Getting grassroots word of mouth matters a lot
+ Ask for reviews from reviewers

– Maybe it makes sense to throw money at infrastructure projects?
+ Pay somebody to maintain/develop the stuff instead of paying a propreitary software company
+ Again, SaaS has changed this landscape
* Would it even be feasible for SaaS providers to release their software as FLOSS?
* Maybe this is their “community editions”?
* Most community editions take out features

Arguments for Open Source
————————-

– Cheap to acquire the software (and nonprofits are cheapskates)
– FLOSS tends to be easier to debug and troubleshoot
+ eg looking through the source of Samba to troubleshoot a problem
+ You can get consultants to fix your software for you
* eg Zikula CMS has 2600 weblinks
* They did an upgrade and he paid somebody $50 to fix it
* eg OSCAR medical records system: we paid somebody to set it up
and customize it for us (OSCAR/CAISI)
– Data migration can be easier: the code is the template for migration
– It is possible for people to develop code coverage and test suites
after the fact
– What would the advantage be if our rollback software was open
source?
+ You could debug the software easier
+ You could see what it is trying to do

Arguments Against Open Source
—————————–

– Software might be unfamiliar from what people are used to/what they use in school.
– Privacy is important sometimes and you need to trust the code
+ Sometimes privacy is a concern
– Other providers need to use the same application, which is not in
use across the board
+ What about federation? This may not be the issue.

– Software as a Service has taken over the industry
+ Conceptually it is possible to make it FLOSS
+ In practice it usually is not
+ Failure to make SaaS FLOSSy is a failure of sales
* “If you can download the code then what are you selling?”
* Really you are paying people to take care of infrastructure for you

Considerations
————–

– How quickly can people pick up the software?
– Are we using it to contribute back or just to use it?

– What is the code quality?
+ In proprietary software the code quality may be bad, but hidden
– Are there developers? Is the project being supported.
– How good are the development leads? This is important for stability.
+ eg LibreOffice has good quality according to Coverity

– Who gets paid to develop the code and how?
+ Consultants?
+ Sometimes big companies sponsor developers?

– How friendly is the community?

– People are used to paying for proprietary software but not FLOSS?
+ But people are also used to not paying for online software unless
it is SaaS
+ Open source does not tend to nag people to pay for it
+ Patreon models are becoming more popular
+ Is it enough to fund only a few projects?
+ How do you crowdsource projects? How do you sell the software?
+ We pay for a pfSense gold membership for no reason
* But it is a kind of insurance so that pfSense continues to exist
* Maybe it is a sliding scale fee

– Trust is a huge factor
+ Can our organizations trust the product?
+ Does the website look nice?

– How much support can you get?
– What are your fellow companies using?

– Sometimes interoperability matters
+ TWC cannot use LibreOffice for resumes
(but how does Google Docs play into this?)

Other things
————

– Libreoffice Online is being developed and is running
+ Done with OwnCloud and Collabora
+ The goal is to sell to government and make sure that all the
government templates are available
+ Canadian requirements for accessibility are more stringent than
elsewhere
* And there are not that many developers working on it

– Is there any antivirus that is FLOSS?
+ There is Clam, which is good for email servers and terrible for
desktops

– Is there antiviruses for other operating systems?
+ It exists for Mac and Linux but is not widely used
+ Android is the new Windows and has lots of viruses
+ You don’t want to run everything as root
+ Software stores make this a little better
+ Android updates do not go out as quickly
+ Why is Android such a disaster?
* Too many users?
* Not enough quality control?
* Too many apps?
* Too much fragmentation?
+ Android good practices?
* Be careful about clicking links
* Look at how many people use the app
* There is antivirus software available for Android
+ If you root your phone do you run everything as root?
* No?

– How well has Drupal worked as a CMS?
+ We have been able to modify it.
+ The community is open and friendly
+ Developing core functionality has been hard
+ Major upgrades are difficult
+ Rails makes upgrades easier
* A bunch of modules were backported from Rails 4 to Rails 3

– Can you get university and college students to develop code as part of their coursework?
+ It is real code, not toy projects
+ Contributions that are accepted look good on resumes
+ If the project is organized properly this can still be valuable
+ A lot of student work looks rough
+ LibreOffice has a mentorship project for students

– In digital media programs they used FLOSS so the students could
continue using the software on their own afterwards
+ In the marketplace this software is less popular
+ But the skills are transferable

Posted in Open Source, Past Meetings | Leave a comment

2016-09: Smooth Succession

Posted on 23 September 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: September 19th, 2016
Time: 7:00 PM

Smooth Succession =================### Future session: Documentation – What do you document? – What tools do you use? ### Future session? Coming up with time/effort estimates? – How do you be realistic but efficient – How do you justify unanticipated difficulties ### Questions – Have you taken over from another person leaving? What was helpful? What was frustrating? – What preparations have you made so that future people can successfully transition into your work? – What barriers and challenges are there to smooth succession? – How do you transfer institutional/oral culture? – What best practices are there for documentation? Our IT hats ———– – Schoolteachers: often one person gets picked to wear the IT hat 50 staff, 300 students + He deals with tech support questions + The board has a regular IT department but the ratio is high: 1 person for thousands of users + Tickets take a lot of time to resolve from the IT department + Teachers often have to pick up the slack + The IT staff they get in now are younger + The software stack seems to work better now * Software compatibility would break when deployed * eg a network game would break everything else * Now they test deployments better * But this reduces spontaneity + What about interaction with the school boards? How do documents get passed around? * This is more centralized now * They were going to give all kids their own email accounts * Schools have logins for their kids now + Some school boards do BYOD (Bring Your Own Device) * This is cheaper for the school boards, which can’t keep up (and budgets are tight) * They use the same number of IT staff for the Catholic school board as they did for the entire high school system * This probably implies web interfaces for everything – Small non-for-profit, 25 staff + Prior to joining his director was the primary IT person + They signed a contract for hardware/software support + Now there is an IT committee + He made the mistake of admitting that he “knew about computers” + The organization decided to move to a cloud based service (Sharepoint) with a data migration * This was somewhat painful because the outside supplier did not tell them about their slow upload speeds + He does software/hardware problem solving + He does software upgrades: Office 2013/Office 365 + Does training on the Sharepoint move + They are trying to transfer knowledge from the director’s head to the collective + They have a local server + They also do BYOD + Getting information for connecting computers to the server is tough + How can staff do their jobs day to day + Do people prefer Office 2013 to Office 365? * There is more functionality in Office 2013 * eg they have a room booking spreadsheet that has pane-freezing problems + Do people have problems with file versioning? * Not really + They have had communications problems with outside tech support * Even doing hardware audits and internet connections was tough + Getting people up to speed in Sharepoint is a big issue + People have problems adjusting to change + Where is the storage? It is all on the Microsoft cloud * How do you deal with shared documents on Google Drive? * You can map your own drive to a drive letter but cannot access shared drives * OCAML FUSE driver under Linux for Google Drive * https://github.com/as… – Approaches to succession at a large company + There were procedures that were documented in a lot of detail * Important for time-sensitive stuff (eg batch jobs) * People did document well * You could search a spreadsheet for jobs to diagnose + Disaster recovery testing were documented in a lot of detail * He participated in disaster recovery one year * A coworker then started the next year, and he gave pointers * The documents were well-written and a good guide * Reviewing the documents well before is important + Management was invested in making sure that documented were well done – Another co-op job was not as smooth + A small one-person operation was not documented well — much of the knowledge was in this person’s head + Maybe this person should have done more documentation + The boss was very time-conscious, so he documented only the most complex issues + Writing things down is a good buffer for dealing with remembering stuff that is on screens + Is commenting code financially efficient? There is a short-term/long-term tradeoff. + Implementing better error tracing can be used by future people – He was working for a small startup where the emphasis was getting things as soon as possible with no succession of any kind + There ought to be good handoff procedures + This can be an issue with Google Summer of Code: people hang out for four months and leave * But sometimes there are good changelogs – Succession horror stories (small nonprofits) + He would like people to assign administrator access + Most organizations are staffed by nontechnical people – When going to new organizations + He had to explore how things are hooked up and why + Naming conventions were weird + He changed some of the printer names and got into trouble because it messed up the network documentation + Other places have been decomissioning jobs * He had to document everything before shutting things down + City of Toronto had a good disaster recovery plan * Nobody should have to think in order to get things back up + Problems: system change and then documentation goes out of date + One on one training is better than doing no documentation – He worked for an insurance company. Their disaster planning was based on insurance. + This is called “key man insurance”
Paul N.	Posted 9/19/16 9:47 PM Link to reply
user 183842616 Kitchener, ON Post #: 17	– Worked for a university press + He kept the job for 30 years + He had a lot of autonomy in writing his job descriptions + Early on they had their own UNIX system and some people on Windows using UNIX tools * User training was not difficult because typographers know how to type to get stuff done + But in 1999 things changed. Kids these days! They only know how to use word processors + Passing on old skills was hard + When he went on leave he hired a friend who knew the same skills + When he was getting closer to retiring there were a lot of meetings about the stuff he did. Other people were learning this but others didn’t think they could handle the whole thing. * The people who took his job have good communication skills and could change things to their preferences * He found that his meetings were collaborative and good for problem solving + Things are going well but are slower * eg there are fewer spreadsheet manipulation abilities + There is documentation in wikis. People can read them but not write to them easily. + Have others dismantled your work since you left? * Yes * They were thinking of shutting down the Linux servers * They were going to migrate the functionality to a virtual machine * The server ran for a year without being rebooted and continued to work + Working with text files on local servers can be simpler than the cloud, because of black boxes * He had a lot of discipline to the structure of the data * black box: you have a promise of input and output, but you don’t know what is happening inside * If the input data changes then everything can get messed up * Can you troubleshoot problems when they come up * Black boxes mean you can change the inputs and examine the outputs, but this is trial and error- Is there good software for putting bounding box information on EPS information. He found a script that worked that was made of Perl and shell script. – At TWC + Lots of complicated infrastructre + Some of it is documented but documentation goes out of date + People come and go * Understand everything about everything + Oral culture (both positive and negative) + Documentation is like survivalist training * Documentation that gets used stays up to date + Some documents are used frequently * Write down passwords in a shared (encrypted!) document * Multiple people working on a door system means documentation gets written + Documentation that is hard to write and hard to update does not get written (or gets written and is useless) * Text only * No screenshots unless absolutely necessary * Trivial update mechanisms * DRY : Don’t repeat yourself * Trivial to search – OneNote – Plain text – Documents with good search – Email (yes, really) + Write documentation as you go * Too much documentation is kind of better than too little * If you learn things twice then document carefully the second time + Some people consider lack of documentation as job insurance + HOWTO files can be helpful + Make things as self-documenting as feasible * Drop README files in source folders * Inline comments * Documentation as file names + Log files and version control are forms of documentation (if you have the discipline) * etckeeper is good for Linux systems Best Practices ————– – Mind the bus factor and stay away from public transportation + Don’t store documents in someone’s personal folders – Having good documentation is helpful. How does it get created? – Never admit you know computers – How do you keep documentation up to date as things change? – Make documentation accessible – Get good at trawling other people’s work – Do regular training for staff and volunteers + Forcing people’s hands can help – Start people small if you can + This way you can assess their skills and commitment – Make new people do documentation as they work + This helps them learn the systems Worries and Challenges ———————- – Being the person who gets hit by the bus + How do you spread information? + Continuous learning by staff — raising everybody’s level of knowledge + Management may not be on board + Do people understand that not having long-term planning leaves them vulnerable? + You can’t boss around volunteers as much – People think that the cloud solves backups and IT administration – How hard will it be to step into a new position? + When we are unemployed because we don’t have the tools + Money becomes a huge issue + Getting access to hardware is an issue – How many times will you be called after you left? + Will you remember your old work + There is a sense of liability — who is responsible when things break? – Choosing the wrong successor could be a disaster – Finding time/resources to transfer knowledge + Sometimes you need to be inefficient to be effiencent + Letting other people do the thing even though you could do it faster and more efficiently * Letting other people do the thing in ways you would not do it * Giving people good base levels of knowledge helps – How do you learn the system while being careful and not destroying everything in a burning ball of flame + How do you make a good impression and getting things done both quickly and correctly – Sometimes contractors get commissions with promises they cannot keep

Posted in Past Meetings, Succession | Leave a comment

2016-07: The CLOUD

Posted on 1 July 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: July 11th, 2016
Time: 7:00 PM

Every single meeting we mention “The Cloud” but it has never been a formal topic of discussion. What do you trust on the cloud? What do you not trust? Why? How how the cloud made your life easier? How has it made it harder? What criteria do you use when deciding to use cloud services? Are there feasible alternatives to the cloud? What are their plusses and minuses? Are IT admins who don’t like the cloud dinosaurs who will be unemployed dinosaurs within a few months or years?

Posted in Cloud, Past Meetings | Leave a comment

2016-06: External Services and Consultants

Posted on 14 June 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: June 13th, 2016
Time: 7:00 PM

What sources do you provide in-house? What do you outsource and why? Office 365? Web services? Email? Phone services? Other things?
What are the pros and cons of hosting these services internally versus getting somebody else to do them? What factors do you consider when outsourcing a service?

How do you deal with people providing external IT services to your organization? How do you interact with consultants and other external service providers effectively?

Announcements
————-

July 29: System Administrator Self-Appreciation Day

Locking Down Lab Machines
————————-

– Use Group Policy to prevent what users can do?
+ Group Policy Orchestrators (there is one by Symantec?)
– Software Restriction Policies
– Virtual machine rollbacks?
– System Restore on a regular basis?
– Reimaging machines?

What do you outsource? Why?
—————————

– Bringing in expertise we are not familiar with
+ Active Directory health
– Services that should be on the Internet
+ Hosting web servers
+ Running email servers on the Internet

– Switching from internal Exchange to Office 365
+ Offload responsibility from local server
+ Makes it easier to maintain
+ Free for nonprofits and featureful (Exchange, Sharepoint)
+ Easy to deploy
+ Good spam filtering
+ Can use it with Outlook
+ E1 gives you 1000 users
+ But you have to get on-premise Office if you don’t want to use the webapps
+ Skype for Business
+ The host does updates
+ Has backups built in (but you may have to contact Microsoft for restores)
+ Can you divorce? Can you switch providers?
+ OneDrive for Business had some issues initially
+ Workers can work from home using a single login
+ You can have one copy of a document with many different versions (so that you don’t have copies floating around)
+ Maybe you can dissuade people from emailing documents around?

– Web hosting
+ Better uptime
+ Can use shared hosting or VPS services
+ Outsource content management

– Web design
+ REEP had somebody design their CMS (WordPress)
+ Was on budget and people were happy
+ Their website designer does maintenance
+ Regular communications people can do updates

– How to choose a website designer?
+ Have a matrix of criteria, brought together by staff
+ They found designers via word of mouth?
+ All the designers were local
+ Who does the wordpress updates? It is internal?

– Cellphones/phone service outsourcing
+ Some people do phone service in house
+ Brendan supports people getting email on their cellphones
+ Windows 10 wants to unite all devices
+ It will allow you to wipe specific company content (and leave the rest?)

– LibreOffice is releasing an online version
+ It is released by Collabora
+ The official release is a month from now?

– There is also https://wiki.enterpri…
+ Requires lots of resources to run the server

– OwnCloud is having a schism!
+ They are making NextCloud
+ NextCloud will be distributed instead of monolithic

– Outsourcing developers (web, databases, …)
+ Most things we develop tend to be web apps
+ How do you open up permissions?
+ Do you want to give the keys to everything?
+ You want access controls
+ What data do they get access to?
+ How do you deal with people leaving? Who does the maintenance?
+ You want a culture of collaboration so that developers can talk to in-house staff
+ Maybe distributed workflow (version control, pull requests) can help
* But who sets this infrastructure up?
+ How can outsiders contribute to the infrastructure safely?

– When you outsource, the contractor can’t make big systematic changes and the internal people have outsourced the work
+ Cleaning up technological debt takes planning and could cost a lot

Posted in Past Meetings, Services and Consulting | Leave a comment

2016-05: Acquiring Hardware

Posted on 10 May 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: May 9th, 2016
Time: 7:00 PM

Nonprofits tend to have different budget constraints than other organizations, and often different requirements. Let’s talk about them.

What kinds of constraints do you deal with? What kinds of hardware do you purchase? How have those purchases changed with new technology (eg the Cloud?) Do you get equipment new? Used? Donated? What factors do you consider when getting new hardware? How long does hardware get used in your organization?

Posted in Hardware Acquisition, Past Meetings | Leave a comment

2016-04: What to Celebrate

Posted on 12 April 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: April 11th, 2016
Time: 7:00 PM

As a counterpoint to last month’s terrifying meeting, let’s discuss the ways that system administration has gotten easier and more effective. We can share tools and techniques that have made a big difference in our systems administration practices, and talk about our glorious utopian future.

====================================

Announcements
————-

– Ubuntu Release Party: April 23?
+ not enough interest?
+ Sign up at https://framadate.org…

– Laptop Rescue Mission: April 16, 4-8pm

Media Manipulation
– John Berger: Ways of Seeing
– ORLAN: Plastic surgery as performance art

What Should We Celebrate?
————————-

Open source

– It has lasted long
– Many companies have put FLOSS into hardware: TVs, fax machines
+ But these devices are locked up tightly
– Free Software movement wants to make the software reusable for anybody
+ But Android apps are often not FLOSS
+ Google has a layer on top of the kernel that is proprietary

– Kik controversy?
+ There were some tools on a server including “Left-Pad”. He had one application called “kik”. The company Kik got mad.
+ The guy took down his repo
+ Then all the tools went away
+ But then Kik went down too!
+ Lessons: everybody is dependent on everything else on the Internet
* But now other people’s code need to be accessible
+ Lesson: Big companies can bully small companies
+ It was a trademark issue, not a copyright issue
+ Should free software include being able to use the name you want?

Virtualization

– Makes lots of experimentation possible
– Software defined networking
– Can be done on small/cheap machines
– eg Virtualbox
– The software is available for no cost
+ This is an outcome of FLOSS

Computer Recycling

– Some people on limited incomes are running Linux?
– MRR program: Windows + Office for cheap (low income only)
– Linux machines running Xubuntu (for everybody)
– The cost ranges: $60 – 120 for desktops, $30 – 75 for laptops

– Now people on limited incomes have phones

– Desktops are cheaper and good for creating things

Microsoft is less evil now

– More responsive to customers
– Powershell is good
– Microsoft is not FUDding FLOSS any more
+ you will be able to run Bash
+ .NET is being open sourced

Looking up information

– Open forums
– Open bugtrackers
– Stack Exchange : superuser, stackoverflow
+ Sometimes the moderators are jerks, though
+ They are getting less good
– Technet is often good
– ss64.com for DOS commands

You still need to weed out the garbage.

Alternatives to Google

– startpage, duckduckgo: alternatives to search
+ Ixquick is dead

Technology

– Cost is getting lower
– Storage is cheap enough that tapes are less necessary

Remote access

– You can access a lot of servers remotely
– Communication: videoconferencing
– Collaboration tools

IndieWeb, Self-hosting

– Mumble servers

Maker culture

– Cheap computer (RaspPis, Arduinos)
– Kids are learning to hack and modify stuff
– Coding as basic literacy
– Easy programming languages like Python

Demise of Flash and Java

– There are still diminishing but HTML5 is coming

Package management

– Everybody has learned the lesson of apt
– Every application includes its set of dependencies?

Accessibility of apps

– ninite.com
– App stores with thousands of apps
– Chocolatey, nuget
– WPKG
– Configuration management: Puppet, Chef, Ansible, Saltstack

Software is cheap for nonprofits

– Techsoup
– Office 365

Cheaper phone stuff

– VoIP
– Asterisk
– Alternatives to Bell/Rogers
– Fongo

Grand Conclusion
—————-

Everything is all bad

Posted in Past Meetings, Sys Admin Best Practices | Leave a comment

2016-03: What Should We Fear?

Posted on 17 March 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: March 14th, 2016
Time: 7:00 PM

Ransomware. Spear-phishing. Botnets. Dirty USB attacks. Protecting our users and data has always been scary, but things appear to be getting scarier. What threats do you worry about the most? How have you changed your approach to deal with them? What threats can we do something about? How do we deal with the threats that are beyond our control?

As always, we will be sharing experiences and stories.

Meeting Notes

Announcements

Document Freedom Day: March 30
http://documentfreedom.org/
Interested: Bob, Marc, Steve?
North American attendance tends to be bad? Compared to Europe?
Software Freedom Day: Sept 17

Threats

Lock-in with proprietary formats.
eg Wordperfect 5.1 documents, but now LibreOffice does a conversion
KDE had a word processor? (KWrite? Kate?) that could do Wordperfect
LibreOffice has a team to convert popular formats
Old binary formats were fragile, so repairing documents was hard.
Many of the older document formats were simpler and easier to reverse engineer.
Desktop layout programs had more complicated documents
Forgetting the UNIX philosophy is bad
- You don’t need word processors
Things becoming obsolete? This is not a threat.
There is a need for people to decipher technology. There are many people who do not have deciphering skills.
How many organizations rely on proprietary document formats?
Fear: not having support communities for software we use.
Missing important information in the volume of alerts.
eg webserver alerts based on databases
Log analysis tools can help
How do you deal with the unknown unknowns?
The tools require a lot of tweaking
Tools: splunk, ELK stack (Elasticsearch, Logstash, Kibana), Graphite, cacti, darkstat, Nagios, bandwidthd, Intel Systems Management, OpenNMS, Spiceworks
OpenNMS was self-configuring
Needed too much processing power to run
Little Snitch: monitors outward network connections
- You can allow and deny different traffic
AVG for business gives you alerts (not just for viruses)
How do you deal with root causes of problems?
Rabbit holes are scary
At what point are we willing to deal with band-aid solutions and at what time do we need to find root causes?
Dealing with licensing and license audits
What happens when licenses expire?
GroupWise under Novell were tolerant of small excesses but now the new company (AttachMate) is harsh
But they audited school boards
Keep rough counts and stay on board
For GroupWise people would use resource mailboxes for people, because resource mailboxes were not licenses
What happens if there are huge expenses because of licensing infractions
How much blame gets shifted to the sysadmin as a result?
Keeping track of licenses is a headache
Monopolization is a fear
Should we be afraid of IT audits?
Audits are done by the finance departments
Security audits are scary too
Making things work sometimes require violating best practices
Hacking, compromises, ransomware
Cryptowall, Cryptolocker
Don’t let daily accounts disable UAC or be admins
Security holes
How do you educate users about phishing vectors?
How do we trust our antivirus tools?
Losing remote access to customer sites
How deep should you go with educating users?
What are the key things to let people to know
Don’t open any attachment you didn’t ask for
Be as accessible to users
- Wander around and ask people what is happening
- Have a help phone
Make users scared by giving demos
Show users visually what is going bad
What tools can protect us?
AVG desktop support was good. But commercial antivirus was not any better than Microsoft Security Essentials.
The phishing attacks are the real threats.
Antivirus consoles want to become centralized network tools
- They tend to be poorly implemented and duplicate existing tools poorly
You have to explicitly tell BitDefender to update itself (!?)
Kaspersky for Business works well
- They had a scare campaign about viruses to sell product
Someone liked the paid version of AVG
Clam does a good job of scanning offline
tronscript is an attempt to automate virus cleaning
How can you find zero-day exploits or monitor your system for weird behaviour?
- Stiller. It takes a baseline of your computer and then prevented execution of anything that is not authorized.
- Tripwire, rkhunter is available for Linux.
- This does not protect you against browser code
- Software Restriction Policies in Windows
Advertising is scary
Sales agents harass us (it is annoying)
Email account hijacks
Protections: NoScript, Privacy Badger, Request Policy, UBlock Origin, UBlock Edge, turn off CSS styles, Self-destructing cookies
AdBlock Plus now allows some advertising
But you need to tweak your blockers to be able to use the web
Drive by attacks, cross-site scripting,
Use multiple web browsers for different JS/non-JS
- GNU IceCat
- Chromium
- Midori : finances
1/3 work okay, 1/3 are degraded, 1/4 are unusable without other action, rest are unusable
Make the user agent Internet Explorer 3
Fear: bad web development practices
A lot of processing is done in the browser
Even management tools are written in Javascript
Password managers: KeePassX
Linux containers: people distribute images on the internet easily
Should we trust the people who make these images?
How do we verify this trust?
Are signatures good enough? Linux Mint got changed and so did the executables.
Ken Thompson: how do you trust trust?
- Reputation is a factor as well.

Posted in Data Protection, Past Meetings | Leave a comment

2016-02: Organizational Databases

Posted on 17 February 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: February 8th, 2016
Time: 7:00 PM

How do we migrate data from insane database systems to better ones? How do we back them up? What are some best practices to dealing with internal databases? What kinds of databases have you dealt with, and what approaches have worked for you?

Posted in Data Migration, Databases, Past Meetings | Leave a comment

2016-01: Disaster Recovery

Posted on 10 January 2016 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: January 11, 2016
Time: 7:00 PM

Sometimes, disaster strikes: lightning, fire, floods or other traumas can wipe out our IT infrastructure. How can we protect against losing everything?

Have you put together disaster recovery plans? Have you conducted disaster recovery exercises? What things are most important to consider? What things are trickiest? What best practices have you learned? Bring your experiences and stories.

Meeting Notes

– How can we protect against losing everything?
– Have you conducted disaster recovery exercises?
– What is most important to consider?
– What is trickiest?
– What best practices have you learned?

Why do disaster recovery?
————————-
– Sometimes external regulatory bodies require disaster recovery exercises
– Large customers might demand this
– Deal with: Corruption, Partial Loss, Complete loss
– Deal with hardware issues: damage, partial, complete hardware loss
– Recovering softwarer after a loss

– How do we manage this for small organizations?

### Convincing management
– How much will it cost if there is a disaster?
– How frequently will this happen?
– How much will this cost in terms of reputation and business continuity?

What to protect against?
————————

### Fires, Floods
– Offsite backups

### Natural vs non-natural disasters

### Hardware failure (especially unrecognized)

– How do we test the integrity of backups in a sane way?
– How do you set up a separate environment independent of the real one?
+ eg Microsoft Exchange restore (needs a domain!)
– Test restores into a virtual machine?

How do we get a test environment set up?

Horror stories?
—————
### Cryptolocker/cryptowall

– Has been recoverable with previous versions/shadow copies
– But you had better not disable UAC
– Use Shadow Explorer
– This will lock your OneDrive as well

### Infected machines
– Home users with malware connecting into the staff network
– Access to machines by careless nephews

### Recover from bad hard drives
– ddrescue, photorec, foremost, testdisk
– RAID disk dies as there is a rebuild

### Loss of webserver
– bad kernel install
– loss of power. On reboot there was a kernel update
– Bob decided to upgrade Ubuntu
– The new version of Ubuntu was not compatible with old /var
– His last backups were from August
– LVM did not have enough room to expand /var
– He put in a new hard drive for LVM
– But his new drive went bad
– He saved his databases with mysqldump –all-databases
+ This was too big
+ There was a logical error in the dump
+ He has to chop up his database file to recover one DB by DB
– He used MariaDB as a “drop-in” replacement, but the file formats are not compatible
– “Oh no! Not another learning experience!”

### Cloud credentials
– Is this different from being locked out of physical systems?
– If your data is in the cloud are you more vulnerable
– But your local systems can be hacked as well
– Should you worry more or less about this?
– eg other people access deleted tweets via the API key
+ API keys can be revoked as well
+ Similar to being blacklisted on email servers, by Rogers

### Identity
– Establishing identities face to face is easier than with strangers
+ Web of Trust

Past Experiences
—————-
### Y2k switchover to another site
– The entire site was to be moved to another site
– This is good for testing the plan
– It took a month of planning
– At Ontario Hydro they had two different locations

### Famous disasters and recoveries
– RIM had some bad things happen
– Insurance companies would have a good sense of this (disaster theory)
– 2003 power failure

Strategies
———-
– Use redundancy for backups
+ Back up more than you need incrementally
+ eg back up to DVD and rsync to another host

– Don’t compress/encrypt backups?

– Back up your passwords someplace offsite and separate

– Choose products that are easier to back up
+ But nonprofits like cheap stuff, and if the proprietary software is cheap then they will use it
+ Organizational reputation has a high dollar value

– Backups need to be easy
+ eg cheap NASes with rsync (eg Synology, Qnap)
+ Having the ability to use the underlying Linux is good

– Auditing backups
+ Use btree file systems (btrfs) with checksums and snapshots
+ Spot checks of data

– High availability systems

– Fireproof safes for removable media

– Testing backups
+ Databases are hard
+ Exchange is hard
+ File shares should be easier? Random restores?

– Most data people had does not change much. Separate static from dynamic data.
+ But this requires user compliance
+ Incremental backups does this to some extent
+ Doing this for nonprofits is even harder because volunteers cannot be trained so well

– Integrated practices vs one-time practices
+ One time: restore to bare metal
+ Integrated: password lists, shadow copies, redundant locations

### Windows backups?

– How to back up personal files on a system
– Installing stuff on Windows will put files all over the place
– Use Windows Backup and Restore
+ This works but your backup drive can be backed up
– Norton Ghost 15 (but this turns off the machine)
– Clonezilla (same)
– Use Restore points
– ShadowProtect from StorageCraft

### Mobile backups
– Use protection software (eg Blackberry protect)
– Google sync
– A bunch of stuff is stored on the server
– (but what about pictures?)
– Syncthing with a one-way sync

Posted in Disaster Recovery, Past Meetings | Leave a comment

2015-12 : Collaborative Editing Tools

Posted on 10 December 2015 by Marc

Location: The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 14 Dec 2015

Many organizations have internal data that they want to track. What tools do we use to store this data? Hateful Microsoft Access? MySQL? A web framework like Django? Complicated, brittle spreadsheets? Some cloud solution?How do we migrate data from insane database systems to better ones? How do we back them up? What are some best practices to dealing with internal databases? What kinds of databases have you dealt with, and what approaches have worked for you?

Meeting Notes

Many users want to use collaborative editing tools.

– What do you use?
– How do you deal with privacy concerns?
– How do you manage backups?
– What are the strengths and weaknesses of these systems?
– When are they best used?

Options
——-

– Wikis
– OneNote
– Etherpad
– WebEx
– Slack (Mattermost?)
– Sharepoint
– Google Hangouts
– Google docs

Observations
————

– GoToMeeting is better than WebEx
+ WebEx: poor audio
+ Pretty expensive? ($50/month)
+ Like Skype for 1-many

– There are different classes? Wikis are different from WebEx

– Wikis: collaborative editing
– GoToMeeting: realtime conferencing/interacting

– How can people work together on documents?

– LibreOffice tends to use Google Hangouts
+ Hangouts allow multiple video and sound
+ LibreOffice will also use IRC
+ This is for discussions
+ The kids use Google for everything

– Google docs allow you to edit simultaneously and chat
+ They have versioning
+ Marc backs up Google docs once a month into a zipfile
* You can choose the format
+ Should we all embrace the Google?
* LibreOffice is trying to work on OneCloud
* This could be released next spring
* The internal file structure is well known
+ Google Drive will let you mount a drive for Google Docs

– LibreOffice will let you edit files from Dropbox
+ This is different than having documents mirrored on local drives?
+ LibreOffice is a “do what you like” community
+ eg there is little interest for any Android devs to develop
an Android version, so they are contracting out the work.

– OwnCloud lets you edit LibreOffice collaboratively (without locking)
+ This is like Etherpad
+ But you cannot do spreadsheets

– Wikis are for structured text; Google docs are not (necessarily?)
+ You need guidelines to put documentation into reasonable shape
+ You need to handle your backups yourself
+ Images have to be handled differently
+ Back up each database separately
* Bob generated a 300MB –all-databases file
* He cannot restore the database properly
* Does that mean his file is toast?
– No, because he can chunk it apart
– But that is difficult

### What do we want for collaboration?

Why is it more helpful to have multiple people collaborating?

– Conference organizing: You can have 5-6 people on a conference call all looking at the same spreadsheet.
– How do you decide who is taking care of each part? You play nice.
– The editing is not completely random
– Do you need to have a meeting? Not necessarily
+ eg Agenda items
+ eg collaborative web page editing (Etherpad/UbuntuPad) with text chatting

What is a typical number people who can play nice?

– Maybe 10?
– Sometimes a few people dominate
– Some people can’t work like this; they have to take the document home
+ But some people think they want to take the document home and then
are won over to collaborative meetings
– Some people wreck everything and thus have to be limited to commenting

Grammar skills can be an issue. Can you assume good grammar?
– As they type content you can follow behind and edit
– It is most important for people to get their ideas out

This is similar to a writer’s group
– Comments should be constructive
– This works best face to face (because criticism is hard)

People don’t go into technical writing because you like creative writing
– Clarity is important in both, however
– Marc’s group was reticent to use Google Docs at first, but they were won over
– They found chat to be efficient while editing the document
– He found the visual (Skype) harder

Marc worked on mumble for voice chat
– It is low resource

Is face to face or messaging easier? It depends on the group.

How do you choose the right tool for the job?

It is easy to put bullet points into a document and then organize after

How do you come up with protocols for collaboration?

– Marc’s group was ad-hoc, but roles (leader, secretaries) tend to emerge
– There is trust involved

LibreOffice uses a lot of wikis

– Marc thinks they need WYSIWYG because the barrier to editing is too high
– You don’t get good content so people get frustrated and leave
– The people LibreOffice is trying to support people who do not necessarily have good editing skills
– Do people who learn office software learn good styles?
+ It does not matter. The ideas are important
– What is the bridge between thoughts and markup?
+ Wikipedia is working on WYSIWYG tools
* Is Wikimedia not receptive to this?
+ Drupal 8 has in-line editing now?

Should people have the right to NOT learn markup?
– If you force people to learn then you raise the barrier to entry
– That makes people elitist
– If the barrier to entry was lower then more people would end up learning the system
– Should people be forced to edit in Word?
+ Smart people have the ability to learn it

(Oh no! Markup!)

Marc doesn’t like Mediawiki because it is hard to are able to edit it in his group.
– People use all kinds of other tools
– What about eating our own dogfood?
+ The initial documentation was not published in ODT

– Should people be forced to edit in Word?
+ Smart people have the ability to learn it

### Slack???

– Everybody loves slack
– Slack is the email killer?
+ Easier to search (with group chat?)
+ It is like a searchable newsgroup? mailing list?
– Do you have to go to the site in order to get the content?
– Conversations are collected chronologically so it is easier to go through them than on email chains

Gmail labels deduplicates messages into pointers to folders

How do you avoid the standards problem? Having yet another place to look for stuff.

Finding stuff on Etherpad and Ubuntupad is difficult unless you bookmark items with useful labels

It is impossible to search across Etherpad documents

Redmine can also be used for collaborative work
– Less useful for collaborative work?
– Ticketing assigns work to people : less good for volunteering
– Closing abandoned tickets is difficult (and frustrating!)

Matching employers to job-seekers?
– Use a dating site?
– Donor management software?

progress.com : Database company
– Record-oriented (vs set-oriented)
– It is its own language
– eg Home Hardware point of sale
– http://www.progress.c…

Moodle
– Tim uses it
– It has a learning curve

VPSes
– DigitalOcean
– CloudAtCost
– Linode

### Factors in collaboration

– Concurrent or not?
– Are you producing a document out of the tool or not?
– Does the document need to be exported or not?

### Sidetrack: community foundation for the arts

– They are in every city?
– This is different from CEI
– The community foundation was giving CEI some money too

https://www.kwcf.ca/

Posted in Collaborative Editing Tools, Past Meetings | Leave a comment