 Hello Upscale, hello Upscale, welcome everyone. We're gonna get started here just a few minutes, so please come on in, grab some cupcakes, grab some ice cream, there's some drink tickets somewhere. We'll get started here in about three minutes. We're gonna get started with Upscale in a minute. Hello friends, welcome to Upscale. We're gonna get started in just a minute. I promise if you have a drink ticket, there will be a bar, they're setting it up, so there will be drinks, I promise. If you have not already gotten a cupcake, please do so as well. There's also ice cream in the back. Our speakers are gonna start in just a minute, but if you do not have a drink ticket, come find someone with a stack of them that looks like this, either the front door or me, and we'll get you one, and there will be drinks soon. All right, thanks. Hello, it's me again. Hi, it's me again. I have a twin. Welcome, again, to Upscale. We're gonna practice clapping a lot. Yeah, there we go. We love it. We have such a great speaker lineup this year, and I'm so excited to introduce these speakers and get it going. Again, if you haven't already grabbed some snacks, do so, the bar will be set up shortly. If you do get a drink while people are talking, please do so quietly and sit back down. We wanna give everyone undivided attention. They worked really hard on this. Before we get started, I'd love to introduce my co-host, Jason. Thanks, Hannah. I like to brag, yes, clapping, we love it. I like to brag about Jason, so he doesn't have to. Jason is our friend over at Red Hat and Open Source Way, which is one of their properties. Co-hosts Upscale with us, and they do a lot of work to help curate it, so big thank you to opensource.com. Yes. I did it right, right? And since we're here, if you're interested in blogging, just come talk to me, we can get you in the right direction. And then, as you probably noticed, we have cupcakes because we have a birthday, which we're gonna celebrate a little bit later, but we really wanna thank DataStacks for sponsoring the cupcakes for all of us to enjoy tonight, so let's give them a big round of applause. And just as a forewarning, we're gonna practice our singing voices later, so get comfortable with that. How does it go? La, la, la, la, la, la, la, la, la, la, la, la, la, la, la. Okay. Are you guys sick of us and ready to hear your first talk? I have one more thing. Oh, one more thing. In case anyone is new to Upscale, the forum is five minutes. Their slides are gonna auto advance, and at the end, we're gonna clap, right? If you're interested in being Upscale Speaker next year, talk to Hannah and myself afterwards and we'll get you on the wait list, I guess, I don't know, whatever list we have. Yeah, we make it up as we go. And I think we're ready, let's do it. Yeah, okay, so without further ado, our first speaker, unconventional path to tech, let's welcome up Carlos. I like the cheering, keep it up. This is the TLDR version of my journey into tech. As someone who felt like they did not belong here and had to overcome personal and societal challenges. Once upon a time, I was not a married man. I struggled with mental health issues, including depression and addiction. I ended up not graduating from high school. I did not even get a GED. A few years later, I was convicted of a felony, incarcerated, and at one point homeless. Society said I was a failure, I believed it. I thought I was unemployable, that there was no real options for me, and that my life as it was was hopeless. But things could not continue the way they were. First, I could realize I could not control what others thought of me. But at least maybe I could pursue tech as a hobby. So, I sought out new social circles at hacker spaces, user groups, community conferences. And to my surprise, they accepted me as one of them. In the open source community, I found my people. I was home. But to be honest, peopleing can be hard. I quickly noticed if I asked for an opinion, I quickly noticed if I asked for an opinion, or about someone's project, I didn't have to do any more of the talking. I also figured out that volunteering got me introduced to some amazing people. Plus, it got me a free pass to a conference when I didn't have any money. Still, I had to get a job. So, I talked to recruiters and hiring managers at conferences like this one. And talked to them when companies hosted meetups. And talked to my fellows within the community. I got interviews that I thought were out of my reach. Would give in my history. But to my surprise, I started to receive offers. Several of my jobs have our direct result of scale. Today, I have the privilege to be involved with programs such as Grills Who Code, and to speak and organize conferences. And I like to share a note about public speaking. It doesn't have to feel like a tribunal. Sharing what you've learned so far helps anyone who's starting after you. I have exceeded what I thought was possible for me. I never imagined I'd get to build internet infrastructure, present at conferences, teach kids. Today, I even get to live, to do the whole digital nomad thing. And now, I live out of my car by choice. I recognize that my lived experience is a superpower and not a handicap. It allows me to approach situations and solve problems from a unique perspective. But I did not get here alone. I need to thank the San Gabriel Valley Lug, my coworkers, mentors, anyone who's given me their time or took a chance on me, including Scale by letting me get up here. I had to leave out a lot of details. Connect with me if you have questions about my experience, about your journey. I will also be available at the Career Day Consultation. And there are a lot of opportunities here at Scale for all of us who network and grow, including Birds of a Feather, Game Night, Volunteering, just to name a few of the places that helped me connect to people here. There are also lots of other opportunities around town. Here in Pasadena, we also have Layer 1, who has a booth here as well. And, or attend the San Gabriel Valley Lug on the second Thursday of the month. And also, or check out Null Space Labs out in Burbank. And with that, I thank you all for being part of the open source community. Wow. Great job, Carlos, that was amazing. When I saw your slides, I knew we're gonna be in for a treat. So, up next, one of my favorite topics, open data. Riley, let's talk about web scraping. Welcome to a brief introduction to web scraping, quickly collecting data with Spatula. This is a true crash course, emphasis on the crash. But, we can get going. For those of you who may not be super familiar, what is web scraping? It is the acts of using bots to extract content and data from different websites. And it is fairly common, actually legal, so that's cool. My qualifications to speak about it, I currently run 100 plus subscribers a day, and I maintain over 200 of them for open states, which is a very cool open source project that aggregates legislative data across 50 states, and all that jazz. But, let's say you're interested in getting into scraping. Why would you use something super popular and community supported, like all of these things, when you could go super lightweight instead, and weirdly specific? So, enter Spatula, which was written by our founder at Open States to be easy to write, easy to read on the belief that iterative development of scrapers should be normalized, and also take advantage of Python 3 being fully type annotated. You can pick your page type, we support all of these different types of data pages, and also list or detail pages, depending on what you wanna start with. First, you would pass in a source, a URL, just a completely random one off of the internet, and then whatever kind of selector that you want. This is gonna be a list page, so we're gonna try and get each of the different rows of a table. You can play with whatever selectors you want, XPath, CSS, or similar. You can get comfy with them. I definitely default to XPath because I've been traumatized by CSS as a front-end developer, so, but you can pick your out what you want, and you can make some match. Wow, these formats really got screwed up. Developer tools are your best friend, especially if you're not comfortable on command line yet. It is an easy way to see what you're trying to get on the page, like this one here. We can see exactly what, you can see my selector down at the bottom, and what's gonna get highlighted during that, and how many are getting returned, so it's a very cool way to get the right information, and also you can just right-click on it, and it gives you the exact right thing. So here's an example of how you would have a speaker list. This gets the basic information, name, job, image if it's given, things like that. There's a bunch of nifty command line things you can run. If you want that, Shell starts a session to interact with on a particular page. Test runs a single scrape, and Scout runs the first step of the scrape, and outputs that data straight to a JSON file. If you want to do a detail page, which is more oriented, you can start from a list, then pass in a detail, and to get more information, that will yield that more detailed info. So this is a talk detail page. So this is how you'd actually run the scraper, the command format for that, and then actually seeing that output successfully writing a whole bunch of scraped data Let's see. So it does write to disk to a scrape folder that gets automatically created with the date, and you can see exactly how many attempts you've tried to run the scraper and potentially failed, and you can also see how the data is iterative with each of the improvements you make. This is an example of a full scrape JSON object, which is exactly the talk that I gave earlier and a little bit about me. So thought that would be a good example for you. You could import the JSON to wherever, go from there. That's actually not in the scope of this talk, so do whatever you want with it. But it is a good way to get started, and just a very easy to write library to use, if you want to get into that. It is also open source. It was written by our founder, as I said. So documentation is available, and you can edit the code as much as you would choose to as long as it gets passed. And if you want to see it in action in a professional sense, there are example scrapers on open states. We have a bunch of people in committee data that is, or we use spatula scrapers to get that. So if you want to check out, see a bunch of different page types, all that jazz. There's all my info. Best of luck, and hope you have fun with the rest of the conference. You're gonna work on keeping clapping till someone else comes up. I'm just gonna keep it going. Yeah, thank you, Tarioli. Thank you. Great job. All right, let's welcome up our next speaker, Karen, who's gonna talk about mobile DevOps. Did I do that right? Yeah, that's what I thought. Thank you. Thank you. Welcome, Karen. Thank you. Hi, everyone, I'm Karen, and I started a company to detect fraud in crypto and crypto related transactions and quickly found that fraud prevention and security were equally important. So that's why I wanna talk to you today about mobile apps and how to protect them. So why mobile apps? Well, first of all, mobile apps versus online web apps. Who wins? Mobile apps because more consumers prefer mobile apps over web. 90% of screen time is mobile app time. And what are the mobile app security challenges? Unique mobile app security challenges. But first of all, mobile apps and operating systems are updated frequently, multiple times a day. Or what our customers do to release new apps when they release new apps. And there are hundreds of combinations of mobile apps and OSs that cause and compound complexity of the updates. And there's sensitive data. Sorry, it should be data in the next slide, not logic, that is stored locally on the app. For example, session tokens and encryption keys. On top of that, many mobile apps have unique logic in the app. That's what makes the app sticky and fun to use, but that's also why there are big targets for attackers. And lastly, if the mobile app is not protected, then the backend is vulnerable. So in summary, mobile apps are not protected. That's what we found when we did a number of security assessments for our customers and prospects who gave us permission. And when you see that slide come up on the left-hand side, you might have to turn your head a little bit. Our examples of those security assessments and some of those issues are, for example, a lack of overlay defense, which led to synthetic fraud or APIs in the clear because there was an encryption or obfuscation. And on top of that, it doesn't take long for these attacks to start. As soon as there is a release, the attackers, the hackers are on it. And they'll start attacking a newly released app within minutes. And what are the attacks that they use? Well, first, these hackers don't give up. If the first time doesn't work, they keep going at it and keep doing it again. The other thing that attackers do is attack new releases right away. So a new operating system, whether it's iOS or Android, new app releases, because that's where the biggest opportunity is. And then attackers love doing what they call stack attacks, which is they use multiple tools at the same time. For example, jailbreak with jailbreak bypass, so you can't detect that there's jailbreak on the device and freedom in combination, which makes it not only harder to detect some of these attacks, but also makes them much worse. Now, reference attacks, so attackers have marketplaces they can go to. There's like a dark web for attackers to buy exploits from others and create new exploits and worse ones. And there's always dynamic malware, where attackers are using malware class tools basically to bypass the typical static defenses and mobile apps. So you're probably thinking, well, this is not good, but what if you had mobile app protection connected to your DevOps tool, your favorite DevOps tool, whether that's a CTHC system like GitHub or GitLab or Jenkins, you could build the app. And as you do that, automate the protection, certify that protection, and then go back and see the attacks. Now, how do you do that? Well, there's three parts to that. The first step is to select the protections that you wanna add so you can choose from any number of fraud, security protections, you can then, after you do that, certify that those protections have been added to the app, and then finally use an agent list, mobile XDR to see the attacks so that you can prioritize the protection you wanna add in the next release and start the process over again. So what does that do? That saves you time. 38 million hours saved by using this method, which has protected over a billion users, and that means 46 million attacks have been saved in just the last 30 days. And for app makers, that means reduce churn and increase advocacy. So if you have any questions and wanna see this report or this data in more detail, if you wanna talk any more about any of this stuff, please reach out to me. I'm Karen at appdom.com or just see me afterwards. Thank you very much for your time. Up next, we've got Timothy. He's gonna talk about some cool video stuff. I cannot tell you how many times my laptop tried to correct this word. I won't say it, but tonight, we're gonna learn about Jellyfin. Thank you. So yes, we're talking about open source streaming with Jellyfin. My name is Timothy Kidd, and I'm giving a longer version of this presentation tomorrow with my other two counterparts. So I go to DaVinci Science High School. I, unlike these other people, I have no qualifications, but I am on a robotics team. And I've taken some courses at El Camino College to help me prepare for this project. So what is Jellyfin? It's a free software media system, which is similar to those of Netflix, but this one's free, similar. I don't know if you guys are familiar with Plex and other things like that. So yes, it is open source. So in addition to what you can put on Netflix, you have movies, shows, but you can also put music, live TV, books, photos, and sync play, which is just I can be watching something and have the other users on there watch what I'm watching through Jellyfin. So there's different ways to set up Jellyfin, like OS, Windows, different containers, and then obviously there's Linux, and I chose Linux, because that's what this conference is for. So that's great. So I'm sure as you guys know, I feel like I don't need to explain this anymore, but there's Linux distros, and there's a ton of them. I decided to use Ubuntu 22.04, just because that's what I'm most comfortable with. But also, as you guys know, it's free. It's very easy to use, especially for new learners. Very simple updates as pre-installed softwares, which are super, super useful, and minimum hardware demands, which is important for what we're doing today. I'll be showing you how to do it tomorrow. So there's different ways to launch it. The Ubuntu server itself, there's AWS, which is Amazon Web Services. There's Oracle Cloud and Azure. Everything, I'm using AWS, but you can do everything on these other ones, but I'm just more comfortable with AWS. So we're gonna be using EC2, Elastic Cloud Compute, and also LB, which is just load balancing. EC2 is what we're opening up the server on and load balancing is to forget too much traffic. So in order to combine these two things, we're gonna be using AWS LightSale, which simplifies a lot of different backend things like simplified load balancers, containers, instances, manage databases, and then just access to the AWS services. So it makes this process a whole lot easier and a lot faster. So what we're using it for is the user is gonna go onto the Jellyfin and depending on how many people are on there, it will send them to different EC2 instances to help with lag and no more server backup, which is super useful. So fast forward, like a good, I don't know, 10 minutes, you put in all the programs and you have your Jellyfin server running on your virtual Ubuntu server, but now what you have to figure out is how to actually get access to this from a web browser. So you'll go back to AWS LightSale and you're gonna go to the networking where you'll have your public and private IPs and everything that you could literally every need to know. And if you scroll down a little bit, you will get to the, there we go, the firewall. And this is where, you can also do this on the server side, but this is just a little easier. So you have to have the custom TCP protocol for AD96 and then also AD and 22, if you're gonna connect to it through, like FileZilla. But you're gonna put your public IP address in a web like Google Chrome and then colon AD96 and it'll take you to Jellyfin. So it's super accessible. Side note, is that with LightSale, if you ever stop your instance and restart it, you get a new public IP. So you wanna be consistent with that. And then as an admin, you have the dashboard, you can see everyone who's logged on there. I blocked out the IP addresses. You can upload all the libraries and there's tons of things you can do. I haven't even explored them all. So it's really cool, it's super easy to use. So this is not mine, but these are some end products. As you can see, you can put almost anything on there. Make sure it's legal. We don't want any of that stuff. And there is some cool apps that you can do where Jellyfin will actually take care of putting on all the artwork and the descriptions, which makes it really easy. And as you can see here, you can also add the movies and music and TV shows and audio books, which you can't do on servers like Netflix and things like that, which makes it very versatile, which is super useful. So if you wanna know more of the open source streaming with Jellyfin presented by me, my counterparts tomorrow, 1.45 p.m., it's about 45 minutes long and it's gonna be in room 103. So yeah, I wanna once again thank you guys for this opportunity, for your five minutes of time. I hope to see you tomorrow at 1.45 p.m. in room 103. So I'll see y'all then. Go set up Jellyfin in their free time. Everyone, yeah? Or come to the talk? Awesome. All right, now I'd love to welcome Razelle, who's gonna talk about open coding and diverse coding. Yeah, awesome. Hi everyone. So today we're gonna talk about what G-Code House taught me about managing community. So let's start with what G-Code is. It's a place-based community for young women of color and non-binary people of color pursuing careers in tech. The vision was created by Bridget Wallace after meeting her at a conference. She informed me of her idea and she was like, I need your help in executing it. She essentially purchased this house in Boston in a hood in Boston. A lot of people tell me there's hoods in Boston, but yeah, there are, and it was being gentrified. So she wanted to preserve the community, but she also wanted G-Code House to be a co-learning, co-living center for women of color who have experienced housing insecurities. Essentially, boot camps cost money, but even if they're free, it's really hard for you to just quit your job and join a boot camp because you need money to survive. So why not have like your primary care or your primary needs taken care of and learn for free? So really quickly about me, my name's Rizal. I'm a developer advocate at GitHub and from 2018 to 2022, I served as the director of programs at G-Code. Yeah, but before that, I was someone who did experience housing insecurities and I also took a non-traditional path into tech by attending a free coding program. And once I was hired as a software engineer, I really didn't feel like I belonged. And that feeling of not belonging quickly turned my excitement about coding into like intense anxiety. So I'm a little bit ahead, but that's good. All right, and then as I talked to other developers, they told me they had this similar experience. They were like, oh yeah, I've had this like disenchanting experience of me being a black woman in tech and me just not feeling like I fit in. So I agreed with Bridget that I should build out G-Code with her and my goal was more to not only just help people break into the tech industry and succeed, but also for them to have a sense of belonging. Yeah. So essentially the house needed a lot of like renovations and permits. I was like, I don't not know if I could help with that. So instead, in the meantime, I joined like partnership with my friend Bailey and we started something called Intro to G-Code. We essentially met on Sundays and we thought that was a good time because that's when people don't usually work and we introduced women of color and non-binary people of color to code then. We started meeting in the Boston Public Library and then we moved to an online setting once the pandemic hit. So during that time, I ran like four cohorts of 15 to 20 individuals each and when I was teaching them, I realized I learned a few great lessons myself. So we're gonna talk about some of those. So the first one is I learned that community provides a sense of belonging and that ends up reducing imposter syndrome. A lot of times like imposter syndrome is rampant in tech but I feel like once you feel like you're not an imposter in a community, sorry. When you feel less like an imposter in a community, it's because your values are shared. So in a community, you realize you don't know, if you don't, you don't have to know everything because someone else might and you don't have to do everything because someone else can. So in communities, we're learning to solve problems together rather than alone. Also, I learned that as a leader, vulnerability is key. Tech is really rooted in elitism and academia so we're used to pretending we know it all but as community members, that doesn't really create psychological safety and belonging so oftentimes, I would just be the person that will be like, I don't know, let's Google it or I'll tell an embarrassing story about myself to help lower the barriers. The hardest lesson I learned, thank you, I'm like really behind but the hardest lesson I learned was to let go of ego. A lot of times I would be really ready to help people and they would be like, oh, that's not really my problem so I had to learn to listen before I speak. Another thing I learned is like, it's not about me. I built G-Code for people like me so I thought of every person as me but later on I realized it's not about me at all. And then I also realized that I need to take a step back. I'm a little over time, right? All right, cool. But I also realized I need to take a step back and I need to let go. I was always doing G-Code and a second job and I told my therapist, I was like, nobody else can do this job except for me and he was like, just quit, they're gonna find this replacement and it was actually really helpful for me to take a step back and the new person that took the role ended up taking G-Code to the next step. So that's all I had for y'all, thank you very much and sorry I went over time. I know it's hard. If you don't have a cupcake yet, now would be a good time to get the cupcake. All right, this is our brief, shameless embarrassment. We've locked the door so you can't get out. Actually that's against FireCode, that's just joke. All right, we have Stefano from the Opus Source Initiative here and it's their 25 year anniversary. So it's a birthday, we're gonna celebrate today. Before we get to the presentation, I think we should embark in some song and some lyrics. It is a birthday and there's cupcakes so we have to sing and I'm not a singer and neither is Jason so please don't make us do it alone because it'll be very embarrassing. We're gonna crowd source this. This is gonna take all of us together. Yes, it's only a community effort. And real quickly, again, thank you so much to DataStacks who wanted to celebrate with OSI and bring us all cupcakes. So big thanks to them. Tell them thank you on Twitter if you like free food. All right, are you all ready to sing? Are you ready? Okay. Ready? Happy birthday to you. OSI. Cha cha cha. Happy birthday to you. Happy birthday OSI. Open Source Initiative. Thank you. It's a big celebration for all of us. All right, with that we'll let Stefano share. Stefano. Stefano, sorry, I apologize. Oh Stefano. Stefano share with us some of his experience at OSI. Wonderful, thank you very much. So this is a challenge. I accepted five minutes to cover 25 years of history and talk about what's coming next at OSI. We're a charitable nonprofit organization. We started in 1998. That's exactly when the term open source was first used to refer to what was known until then as free software, free as in freedom. And that 1998, that was a good time. Nokia was cranking out phones, Google started to appear, Windows 98 was a joke of an operating system. And you've heard of OSI as the stewards of the open source definition. That's the legal framework, the ethical framework that governs the development and distribution of open source software. Like a gardener, OSI has nurtured the open source definition for a quarter century. We helped the open source ecosystem blossom at this point and the organization itself went from being a small group to a global organization. And we've been a substantial part of the growing ecosystem of all software, not just open source. And the principles behind open source have inspired a lot of other initiatives, including open data, open knowledge, open government, open hardware, open education, open access, and even spreading into agriculture. And our starting point was the creation of this popular list of open source approved licenses. The developers, companies, governments all around the world, they rely and trust on this list to simplify compliance and procurement. But as an organization, we never stop developing to better serve the interests of the public. In 2012, we opened participation to individuals, members, and affiliate organizations, and they elect the board. And in 2021, I joined after another change. And today, our professional staff focuses on three main programs. This is the legal program for managing the licenses and clearly defined, but also very important, the policy program, because there is an historic number of new regulation coming into force, and we need to be able to monitor and evaluate its impact. And then we have the advocacy and education program to understand how open source is affecting the world and run our event, and also research about what's coming next. Because as the organization grew and modernized, its governance structure, we have been working consistently for 25 years to protect open source software and to promote it. But we also been looking at the adapting to changes and challenges that come from new technology too. When open source was still young, it was easy to rally and corral community around the common threat of Microsoft because that was the clear enemy. And after that, we kept on winning and open source software has started to eat the world, but the user's rights did not make as fast progress. If you think about it, the challenges that have been coming from the outside of the community have challenged when mobile and cloud appear at the horizon, has a new way to use software to distribute software that has not really given us much chances to think about how we were doing. So we need to keep on looking at the technology landscape as it changes. And if you think about how machine learning has changes, has introduced new artifacts at the horizon. These artifacts like datasets or trained models or self-learning models, these don't have a clear legal definition. And by not having a clear legal definition, we don't have also licenses that apply clearly to these new artifacts. And that's one of the reasons why the open source initiative has been looking at the AI in order to improve our world and to improve our understanding of these new technologies. So we are really scanning the terrain to see what's coming next. And as the technology continues to evolve, we want you to be involved. We want you to join the open source initiative to be a member. We want to support your efforts to understand technology and the world and to keep on being relevant for another 25 years and more. So I'm gonna give a talk about AI tomorrow in the evening. I don't remember exactly six, I think it is. And please join us and this QR code will take you to the member joining page. So thank you very much. Thank you so much, Stefano. Real quick housekeeping before we bring our next speaker up. If you're in line for drinks, please, please don't be talking. We wanna give a lot of respect to these people who spent a lot of time working on these presentations. So no problem if you're in line, but please keep the side chatter down. Otherwise I will close the bar. You don't wanna see dark Hannah. All right, with that, let's welcome our next speaker, Harlan, who's gonna be talking to us about the NTF. So big round of applause for Harlan. Thank you much. I'm Harlan. Network Time Foundation is the home of the NTP project and several other network time related projects. And this is the exciting part of the slide where I wait for it to change into the next one. Yay. So in the beginning there was NTP and most folks don't understand or care that NTP is really all about a well-defined response to a time impulse. They think it's just making sure that the clocks match, which it is, but that's the easy part. The trick is how does it behave if things go badly? NTP started going through a bunch of releases starting in the early 1980s and here we have the exciting 90s and you can tell that the version numbers are kinda gross. And we kept making incremental changes of the version numbers and they got incrementally better but they're still horribly gross. So once we got near the year 2000, which is almost 20 years into it, we finished NTP version three and we're starting with 3.5, there was 3.6. Then in 99 to the early 2000s we were going to NTP version four. This was before the standardization process really got off the ground. But due to the fact we have such exciting version numbers, nobody knows what a major release of NTP really is. So as we get into 2010, that's when we ended up with 4.26, which was another major release and they're starting to work on the standards for this thing that we've been running the code for almost 10 years already but the standard hasn't caught up to it. And since the NTP project didn't have any organization on it, we couldn't get any money. And so I decided it was time to start a 501C3 and oh look, I can see what I'm doing right there. Now that we're in December of 14, it started another major release 4.28 and that's been carrying us for about 10 years now. We're expecting another major release of NTP later this year. In 2011 when I started Network Time Foundation, we also had PTP projects, Rad Clock, a rewrite of NTP called NTIMEDY. And recently we've had a LibPTP management, Chronos and several SynCy projects join us. So NTF have some consortia which institutions can join to help support our efforts. And now I'll take this off because I figure it'll be easier for everybody. Yay! The Chronos project is kind of interesting. I'm going to say when I first saw it, I said this is a solution looking for a problem. But what they're trying to do is come up with cryptographically provable bounds on time so you can make sure nobody's launching a time shifting attack against you. So in terms of consortia, we've got NTP related efforts which is NTP, NTIMEDY and the Chronos project. We're adding PTP reference clocks to NTP so you can use a PTP time source. For PTP efforts, Richard Cochran, the project manager is about to come up with the Linux PTP for release. Ares Giva in Germany is working on LibPTP management which is all about communicating with IEEE PTP clocks. SynCy is, I don't want to call it PTP light, it's about distributing frequency, not frequency in time. And we have three projects. Each of whom think they do a better job than the other guys. I'm not biased, I don't care. So we've got three vendors trying to show that they're SynCy is the one people want to use. We're happy to support all of them. General timestamp API has to do with the fact that, I'm gonna say it, timestamps suck. There isn't enough information in them to do anything and you need to use them in places and if you can't, and as soon as you move a timestamp to a different system, things start to fall apart. As soon as you get too far away from the moment you struck the timestamp, things start falling apart. So since I've been paying attention to this stuff since the mid-70s, I started thinking about what do we need for a better timestamp and talking to a bunch of folks and that's what we came up with and there's a whole bunch of things you need to have and a better timestamp and it's bigger. But I remember when I had a Fujitsu 474 sitting on the table in my living room and nowadays I can buy a terabyte disk drive and it's tiny. So who cares if a timestamp goes from 32 or 64 bits into even 100 bytes? There's just not an issue. So we can do a whole lot better with general timestamps and I have a lot of help with what I'm doing and before you think about it, we do not have 19 cats. That would be ridiculous. We also have a dog. But these are only four of them and all the fosters and so that's a bit about Network Time Foundation and what we're doing. I've got a bof session that starts in about an hour and a half if I'm not mistaken. We're happy to chat about any and all of these things. We're in the exhibitors room at number 219 and there are ways you can reach us and thank you very much. All right. Great job. Our next speaker, Salona. We're gonna talk about standards. So I'm the executive director of IEEE SA Open. SA stands for standards. So take all of this tongue-in-cheek because it's basically making fun of myself. All right, next. Great. So I'm pretty sure every single one of you have all seen this before. Is there anyone who hasn't seen this before? Please raise your hand. Yeah, all right. I thought so. There ends up being so many different standards. Why and how do they proliferate? And I just have to poke fun at the fact that even in the dictionary, there's no real coherent definition as to what is a standard. So I just wanna bring people in general in regards to this because the very first thing that it talks about is actually flags. The next one that they talk about, and once again this is poking fun at myself, usable but not of top quality. I don't know if you all have seen this meme yet, but this is the Microsoft building? Not really. But making fun of the kerning in Microsoft Word. But the main reason is because of the recognized value, and that's why we actually commit time and volunteer and do all of those different things. And it does help with business conformity and a lot of other different portions of that sector. And so that's yet another reason why people participate. But we all need to consider why do we want standards? Do you want consistency? Do you want to reduce waste? Do you want cut costs? Do you want interoperability? Do you want quality? Do you want safety? All of those things need to be considered in regards to when you're creating them. And sometimes because of how they're made, not all of those things come into the picture when they are being created. And so that's one big reason for the proliferation of it is the fact that they do that. Also, all the other standards groups, we all think that we have the special sauce, all right? So what motivates our participants? Once again, joke, ha ha ha, we're 501c3, there's no money taking place. But really, there's a lot that has to do with power and ownership and things of that nature. And that's one of the things that we struggle with. I feel like an open source. So what do the participants bring? Well, hopefully the biggest one that we care about is expertise. But at the same time, to keep from having that proliferation, you really do need the diversity aspects or else you're not actually going to get all those use cases like we were talking about earlier. And then SMRT, way too often, I think sometimes we think of ourselves as being too much of an expert and we're not willing to compromise and work with everyone else. And that's another reason for the proliferation. And then of course, sometimes we also have so different knowledge, different processes and different goals in regards to what we're striving for. And so that's another reason for the proliferation of so many different standards out there. So one of the things that I would like to stress is making sure that you have everyone there when you start to work on the standard. And so a big part of it is getting everyone to the table and making sure that everyone can come in and participate. At IEEE, we do things called open standards, which means that everybody can come in and participate. And then the other thing to remember about standards is they evolve. I don't know if any of y'all have ever seen these memes but the go-home evolution you're drunk are hilarious. But it is because change is a constant in the process and you have to be aware of that. There's also problems, oftentimes I find with the tooling. Tooling can let some people shout other people down if you haven't gone and constructed things correctly, especially with a nose towards consensus. In fact, one of the things that I've seen a lot is saboteurs. This is a hilarious book from the CIA about how to sabotage organizations. And I've seen every single tactic used, every single one. I think my favorite one is let's take it to committee. So there's also a lot, and that ends up being derived out of the competition thing. Because standards can help business and there can be financial rewards in regards to it, sometimes you can have too much competition which results in corporate domination and we don't want that. So us, what can we do? What can open source do? Well, we need to bring it. So we need to help all of these different entities and I know that it's not the most fun thing for all of us to do, but going in and helping with some of those standards. But we need to realize that things like open standards and open source are not the same thing. We're working at IEEE to figure out how to do more free and open standards. We are 501c3 and we don't want to go away. So often we charge for things, but now we're working at other models to make sure that we can still make things free. A really great way to help is we've got the OSS-PG, the open source software project governance standards. Is Stephen Wally in the audience? He was here just out, there he is, there he is with hat. He's leading that, woohoo! But of course, he works at Microsoft, so I have to make a Microsoft joke. Um. Ha ha ha. Sorry Stephen, you didn't know we were gonna get roasted, did you? Ha ha ha ha. But in the end, together we can do all of this. Come and talk to one of us about it so that you can come and participate and welcome aboard. Thank you so much, Solona. And come on, Microsoft has been giving us a lot of money in the open source world. So as much as we love to roast them, which I do, thanks for the drinks, Microsoft in general. But up next, I'd love to welcome Sage, who will be speaking on formality and open source. So big round of applause again for Sage. Thank you. Hey, I'm Sage McTager. I use they, them, pronouns, and I work at IBM. And by formality, I don't mean manners. I mean formal methods, logic, the theoretical side of computer science as you'll see when we get into it. And sort of one question that I have for everybody is how can we use these in our open source projects? Cause sometimes we're at a loss. And yeah. So what exactly do I mean when I say formality? Well, we're talking about formal methods and verification, lots of things within those sorts of sub-domains. This came out of a community of practice at Red Hat and some of the things that we might wanna be thinking about are does a program do what we specify? Lots of other questions there. And in answering those questions, we have a lot of academic work and relatively little industry work. We have stuff like proof assistance, model checkers, domain specific languages, compiler theory, hardware, all this other stuff, all sorts of rigorous mathematics, some relaxed and formal versions that use these but aren't necessarily as accurate and stuff like that. So you know, proof assistance. Who's here wants to go prove things and make our program provably correct? You know, that seems like a great idea but it's definitely used more for mathematics. You can't really write a large code base in these. There is an operating system that's been formally proven but in general it's almost spell check for your proofs and automating that. And they're definitely really useful but you're doing a lot of manual labor still. Next, we might think about a model checker. Does our code necessarily need a model? Well you actually have to specify out that model in great detail so that isn't necessarily the most helpful thing but they are commonly, they're gaining traction in the hardware community and hopefully we'll see them in software. We do sometimes see a little bit of overlap with things like TLA plus that some people would say are proof assistance, some people would say it's model checker but if you can specify your model, it's useful. If you wanna be really fancy, you can write your own language. You can write a language in Java, you can write a language in C. It's still a whole new language when you define it according to your parser, your AST, all those sorts of lovely details that I won't go into here. There's tools that can make this easier, it has limited scope but this can be really accurate. You can specify exactly what you want a section of code to do and check that it does that in that section. And that sort of goes into the rabbit hole of compiler theory. You can maybe even write your own compiler for your domain specific language. You can write your own language that does exactly what you want it to do. Compile it down, interpret it out, whatever. Or you could maybe start thinking about picking a language that does what you want. We see this a lot with people saying we're gonna switch from C++ to REST and you might wanna think about why you're doing that. It's not just because it's cool and trendy, it's because there's uses. And you can even going back to hardware, you can think, well, how can we verify that our hardware does exactly what we want? And this is commonly done with formal methods because proving your hardware does exactly what you want it to do in terms of the gates and all that is actually a huge pain. So you wanna check your model before you actually start building and shipping hardware. I know much less about this. But again, so all these things exist that seem like we could actually know what the heck our code's doing and if it does exactly what we want it to. Why aren't we just using this all the time? Why are we still doing unit tests in 2023? Well, if you're actually formally proving stuff, your code can be slow and bulky. Defining the program's hard. This requires a lot of background knowledge also that people won't necessarily know like how many of us have written a language. And you actually then have to convince your company that it's useful. So at Red Hat, we had a formal methods, well, we have a formal methods community of practice where we brainstorm ideas. One such idea was creating a game that taught people about the structure of a language. You define a wizard that goes to different towers and can do different things depending upon the rules that you define in it. That was one notion that we came up with. Another thing that came up was maybe it doesn't all have to be formally proven and things like that. So there were all sorts of other examples and I would love to sort of hear where people feel free to talk to me. I'm here tomorrow as well about where you think it might be useful. Ideas that you have. I'm giving a talk on general security for Seth at 6 p.m. But feel free to talk with me about your ideas there. And big shout out to my colleagues at Red Hat, Chuck Marshall, David Van Duzer, and Chris Samms. Thanks, Sage. All right, our next talk, if we could get this title slide. I'm gonna say this, I'm gonna read the title so that he could save about 20 seconds on the slide. CJ, come on up to the stage and we're gonna go into revolutionizing critical infrastructure connectivity, the power of open source cloud native wireless networking. CJ, it's all yours. Thank you. Yeah, hi, good to everyone. I'm here to really share with every one of you what I'm really excited about, how we can actually revolutionize critical infrastructure connectivity by leveraging open source wireless networking. My name is Chijio K. Jamuda. I currently work for a man organization. Before I dive into my slides, I really want to get out the legalities. So this presentation represents my own personal opinion and none of any of my employers. Just to give you a sense of feel of what critical infrastructures are in terms of like it could be in the form of utilities. So your water utility, your gas utility, I mean electricity. Essentially the electricity we're getting here went through a transmission line. Also if some of us came here with the rail system, we also went through the rail system. So essentially the transportation system are also one of those critical infrastructure. Next is also it could be in the form of like your wind farms or your solar farms. Those also represent critical infrastructures as well. Okay. I think I'm, I guess I'm doing good with time. Okay. However, and last but not the least, oil and gas. That's also energy. But what's unique among, I mean, this critical infrastructure is that they all run on what they call skater networks, which have a lot more high latency. The reason being that why they run at a high latency is that these critical infrastructures are located in the remote environments. As a result, it's inaccessible. They can assess like an LTE network that offers a more higher trip with a lower latency and they're really expensive. Can someone guess the trend I'm about to share with you all here? Okay. The interesting thing is, you know, we all started from the age of, you know, dial up phones and also, I mean, no-care devices for our GSM handsets. However, each and every, so many of us here have, you know, smartphones that run even cloud-native applications. Guess what the trend is? You guys don't know yet? Okay. Okay. So interestingly enough, this same trend is also happening within the telecom space. As you can see, this is like the LTE site equipment. This represents the huge CapEx cost that really makes it expensive for those critical industries to use. But, interestingly, thank God for Open Source. With Open Source, we can actually what, deploy a smaller cell site that can be able to provide us a more flexible and lower cost and scalable network. So, essentially, the Linux Foundation project called MATMA project is really what, at the back end, really driving this innovation. The exciting thing about it is that, it can support LTE networks, Wi-Fi networks, and also 5G networks. But, again, the next question is, okay, when the amount of users are more than, I mean, 10 to 1,000 people in the community, how can they actually scale? The exciting thing about the MATMA network is that it was built with that in mind. As you can see, the rectangle line described there gives you a sense of feel that the MATMA network was built in such a way where you can actually deploy to private and public networks, cloud networks. Guess what? Why this is really exciting, and I'm really, I have to share this with you all, is that even the public cloud providers are really deploying services already, launching services. So, at the very popular industry trade show called Mobile World Congress, the three key public cloud providers already announced numerous services that will be supporting these open source network. Interestingly enough, it's even beyond the public cloud providers, the OEMs, the device OEMs too, as well, announce different services that really can help organizations in this critical infrastructure organizations to deploy a private 5G wireless. This just gives you an image of a presentation being given at that same Mobile World Congress, sharing a demo of the private 5G device by a company called Rock Wireless. I really want to leave every one of you here in the room that with a very popular quote from a famous VC in the Bay Area, it's time for all of us here to build, since we all love open source, I wanna believe since we're here, let's all leverage the power of open source wireless network and to revolutionize the critical infrastructure industry. That's all from me, thank you all. All right, thank you CJ. We've got one last talk, so I'd love to welcome up our final speaker, Pankaj, who's gonna be talking about SRE tools. Big round of applause. Hello guys, hopefully you got your drinks and all relaxed right now. So I'm gonna be talking about a day in the life of SRE or SRE teams and how it's evolving from what I'm talking to customers, what we have seen, where the obsolete is headed. I'm a co-founder of a company called CloudFuse and we're a small set of people. So okay, let's start. So day two, day one we wrote that, you're not gonna talk about that, but we're gonna write logs because that's our debug applications. And I'm gonna put elastic search because that's the only thing available in the open source. It's kind of a square-hole round-peck situation. I'm happy my costs are low, I'm gonna go ahead. My app grows, I'm gonna do some metrics and Prometheus open source, really great. It works and my friends and I am writing my app and it's going fine. My happiness a bit down, I have to manage a bit more. My complexity is a bit more. It's okay, cost is okay, my MTTR is manageable. So I keep going. And now the company grows, we have some SaaS solutions come in. The third team is really powerful so they wanna do more stuff. So they actually ended up picking some commercial SaaS vendor, let's say Datadog. And my thing are going, by the way, the elastic search has become an open search. Prometheus didn't scale for me so I moved to Thanos and my complexity still keeps on growing. And now there's another team who's trying to use Tracing, they got another SaaS vendor. And by the way, the Thanos I used didn't work out so I moved to Cortex, which became Mimir. This is the problem. And I have cloud observability going on. My happiness has been growing down, my cost has been going up. And now the company decided we need to unify everything so they unified everything and they brought the observability team. The red guy's the observability team. And he doesn't have a happy job. He has to tell me, do this, don't do this. So he doesn't like that, but he has to do that. But hey, at least we got a common thing and the costs are coming to low. And now he would tell me what to filter, what not to filter. And also he has to deal with the fact the SaaS service can go down. The complexity keeps on going, the cost keeps on growing, my happiness keeps on going low, my MTTRs keeps on going high. And the volume keeps on going higher and higher. And by the way, this is still day 13, right? So we are still on day 13. And now I have to introduce pipelines because my volume is growing so high I can't do anything. So I have to introduce pipelines which actually filter some of my data, logs become metrics, some of the logs go thrown away, some logs go to S3. And the things just keep on going. And hey, let's introduce Kubernetes. Oh, why not? Let's do that, right? So this is day 13. And my MTTR is this high, my happiness is this low, and my cost is through the roof. But hey, you know, we're still holding the site up. So everybody's kind of happy. And what's the story till now? So we got the fractured observability, which is really, really complex. It's very costly. It's built up of closed interfaces, but I got copious amount of pipeline and platform. My MTTR is here, my happiness is here. So what do we really need here, right? That's a question. All right, so observability needs a reboot. That's what we believe. And we're gonna define what that reboot is. All right, let's take a breather. All right, so. And what better to represent a reboot by Phoenix, right? So we're gonna rise from the ashes, right? We're gonna rebuild what we just broke, kind of. It really didn't break, but it did break. So Phoenix is gonna come, and we're gonna say how we're gonna reboot this thing, right? So let's start. All right, step one, so we're rebooting, right? So first thing is we need a unified database. We're gonna call it MeltDB. So that's actually a metrics events log traces. Right, now I don't need like four stacks. I need a single database to actually hold all my data, right? But it's easy to manage, install, upgrade, all of that stuff. So that's the first requirement we need to have. The second is we need to have open standards. I don't want vendor lock-in. I want to move around. I want to expand. So open standards, prom kill, lock kill. Even SQL, because sometimes these things don't just work. I just want SQL. It's been working for 20 years. I want that, right? The next thing after we have open standards, what we need is a polyagent support, right? I don't want a vendor agent. You're gonna have everything on the left. It's just a mix. You're gonna have commercial vendors. You're gonna have your open source agents. You're gonna have standard agents like Hotel. It just needs to work, because when things go wrong, you just need everything, right? You're not gonna change everything. That never works out. And then we need a pipeline, right? The pipeline just needs to build into the observatory platform, right? I don't want to manage it outside. It needs to do enrichment. It needs to do summarization. Like, take them in logs, put them into metrics, send them out if I want to. So that's what I need. And then, moving forward, analytics, right? And it should just work out of the box, right? Yes, Sarima is good. Mad is good. The new things like Robust Random Crossforest don't make me do the work what the machine can do, right? So the analytics should work out of the box. And more importantly, what we need is, I want to be able to define my own analytics, right? Because that is really important. This data belongs to me, but today you cannot access it because it's locked behind the SaaS vendors. I want to define my own analytics and automation on top of that, right? So now once we have all these things, we think what we have is observatory data lake. That's the best way to describe it. Should have built for the modern app, unified, scalable, easy to manage, open standard base, open data access. It should be extensible and importantly, it should be cost efficient because the cost keeps going high. And that's what we believe in. That's what we're trying to build. So we're gonna have a bird of feather at eight o'clock in exhibit, sorry, room C. So please come join us for that. There's some brownies and all. Please help yourself. We are in the booth for the next two days at booth 317. There's a free software download available at that link over there and you can just play with yourself. Thank you for your time. Enjoy the rest of your conference. All right, that concludes our speakers for upscale. We're gonna invite them up so we can clap for them, but I still have some drink tickets, which never happens. So if you come chat with us, tell us something you liked about upscale or something you wanna see next. I might have an extra drink ticket for you. The bar is gonna be open for an hour. Come hang out and let's thank all of our speakers and opensource.com. We got it. We need like two rows. Yeah, yeah, we'll do a two row situation. Hi, Elaine. We're gonna need like a panoramic at this time. Just need a moment. All right, keep clapping. They worked really hard for this, yeah. All right, thanks all. We'll see you next year. Thanks everyone, you're a great audience. And if you wanna be on the stage next year, come talk to Hannah and I. We'd love to have what your thoughts are. Have a great evening. Have a great Scale 20X.