 Oh Hello, hello Yeah, it works. So so guys guys lighting lighting torques are starting, but please And Where is my first speaker? Charles come Hello, hello Such a huge excited audience Could tell that please make your seats. Okay I'm gonna talk about a very exciting topic today one of the most exciting things that Anyone can ever think of and that is documentation. Oh, yeah, I went there We all use it. We all love it. We all want to improve it We're all we're all there so just as a wave of hands Who uses? documentation here on a regular basis just wave at me Wow, that's pretty much everyone That's good. So what I'm gonna talk today is about how I think we can make Contributing to documentation easier I'm gonna talk about three things and then we'll see what happens. So that'll be cool So first of all You're there you're frustrated with the rubbish documentation you're reading. It's wrong It's wrong and you know it's wrong and you would just like to fix it. You just like to change a word so I think the first thing that we need is If you want to get involved in documentation you need a guide you need some a teacher the great Teacher who takes you along the path tells you where things are Guides you through your first change because I tell you what Every documentation system as a different tool chain has different rules So you've got not much chance of getting involved unless you've got a passionate teacher Who's willing to hold your hand and help you when you get stuck tell you what to do and You know at the end of the day It's you know good to build that kind of relationship it and I was in that position a Year ago six months ago I wanted to contribute to documentation and you get to somewhere and then you're stuck because the tool chain is so difficult You're like you just want to make this change, but you can't So a teacher can show you the way. So that's always awesome The next thing that I think we need to do to make documentation even more accessible and great is document slash make Videos of how to contribute to the documentation because You want to know how to contribute to the documentation, but you don't know how to you're sitting there. How do I do it? I don't know so I think there should be clear guidelines clear layouts clear ABC this is what you do to make a change. This is the commands you do if you're using some kind of You know gits or something like that Make it easy for people so they don't have to think reinvent the wheel. What do I do here? How do I do it? If you make things difficult People don't want to know people don't get stuck people get demotivated so many want to be Documented to people get stuck. They're like, I wish I wish I could get get involved Or I'm not saying everyone but you just want to make that change even just that one change that would improve the documentation and you can't do it so if we have a ABC 1 2 3 system, whether it's I think video whether it's documentation showing people how to do it that would just be so cool and Finally getting on to my favorite subject ever ever ever Who here knows about doc book or XML wave your hands? less hands, okay Imagine dark dark place Something like HTML with loads and loads of tags If you miss a tag your book breaks If you push that you break the whole book and you make everyone unhappy. It's very easy to do this and It's very Unusr friendly so what I envision in documentation is using simpler formats and what we're looking What I'm personally looking at is things like ASCII doc anyone heard of ASCII doc Whoa Not so many Imagine ASCII doc is very very simple, you know if you want to write bold You just put star bold star. You don't do any tags or something. It's the kind of Language that anyone can read intuitively because you just look at how the other Parts of the layout have been put if that makes any sense and you can work it out so Do you want to be presented by tag hell where you can break anything by you know doing? You know pretty much any change or do you want it to be really easy and I think in documentation we have to make things a lot easier so Myself and other people are pushing Certainly in the red hat world and the upstream kind of world to all of that fedora sent us To get everything to ASCII doc So whoever you are if you encounter a problem You can make that change. It's not going to be a hard process. It's going to be a simple process and You can get involved and that's very exciting Those are the most three points that I've covered. I don't have any more so that's kind of sad Can I have a big? Well, let me rephrase that Is this the kind of documentation world that you could get involved in what do you think? Here are some like yeah, maybe I wanted to be food for thought right because good documentation helps us all I mean we had the show of hands at the beginning and you almost all use documentation so bad documentation slows us down and you personally can have an impact and Hopefully step by step We're making it easier for everyone to have a stake in that Perfect. Okay. Thanks While the second speaker is preparing there is a Guided tour Which we'll start in the Morovskan amnesty in the in the center 730 or there will be a group living here around 657 ish, but And so in case you're interested You can join it it will last until 9 9 30 or something like that Hi Okay Since technology is failing me, I guess I'm just talking Neither of the laptops wants me Nevertheless, um, so I wanted to talk about database ransomware and since I work for elastic with elastic search We have been plagued by some bad stuff recently Even though Technically, it's kind of people are not securing their date stores So the idea what I wanted to show you is It's working now That is Yes, can I Yeah, okay so I just wanted to show you how easy it is to find a vulnerable database and What people have done with that? So all I need is a browser and a bash or something that can do curl Yeah That is good. Yeah, thanks Okay, so So we want to find something that has That is vulnerable. I'm sure so we go to shodan. I'll They continuous these can the internet and just find everything that is vulnerable So if you for example type in elastic search here It should find quite some instances The ones with 401 authorization authorization required Those have a proper proxy in front of them. So they are probably not vulnerable So I'm just going for 200 Um, those that are just replying Hey, I'm reachable And we'll just take this one. It's any random one and let's see what is going on with that one So, um, let's see what we have here. That is a different keyboard layout as well Okay, so that is the instance we have Let's see what is in there. I Need an underscore Under score that is very disappointing because that one is not hacked There's like probably the only one on the internet that is work Let's try Probably Europe at the match Don't disappoint me now Yes, if you have something like please read That is the the sure sign that you have been hacked and every everything else has been removed from your data store And if we actually query that it will tell you what you need to pay to get your data back Is it is it readable? Yes So we've just there's just one single document in there and that tells you That they want bitcoins So in the beginning it was 0.1 bitcoins and they switched to 0.2 and now they're at 0.5 bitcoins bad thing is I Have heard from multiple sources that they just delete the data and put in the message They do not have a backup. So even if you pay you will not get your data back But it might depend and this is a very common message that people will just leave there and say hey pay up So first off by default elastic search MongoDB any other data store normally just binds to local host So you will need to explicitly bind it to all the interfaces to be Vulnerable to that if you do that Either set up a firewall in front of it put it on a private network or use something like a proxy in front of it For example any HTTP proxy which does basic auth or we have commercial extensions for security as well But don't just expose your database to the internet though I assume that 90% of the stuff you can find there are either forgotten test instances or honeypots by now So I don't think too many people are affected But we had some people in our discussion forums who complained that their data was removed and some said well Two days in a row all my data was removed from my cluster What is going on and it's kind of Astonishing that people are in charge of somebody else's data with that approach, but yeah, that's it Don't get hacked. Thanks So I'm going to talk about something as exciting as the documentation I'm going to talk about quality engineering My name is Preeti Thomas and I work as a quality engineer for Red Hat and I work on an open source project So today I'm going to talk about some of the advantages of open source and quality assurance and the role that community plays in open source quality assurance and Hopefully I'll get to something show some examples. It's a 40 minutes talk that I'm trying to get to done in 10 minutes. So let's see how that goes. I asked my daughter how what it means when I say quality assurance or software quality and She said when the software doesn't work We'd have angry customers and that are kind of sums up what quality assurance is for me Before so some of the difference between an open source and close source develop and model so the couple of one that stands out for me is in Close source we have assigned resources while in open source. We have assigned as well as voluntary contributors and There is formal quality assurance process in close source while in open source we depend mostly on the Community for software testing so the open source philosophy of release early release often Results in a large number of changes often and then the voluntary contributors and the assigned resources makes enhancement bug fixes and a new features but the need to Make the code or the Software available to the community early and often makes the quality Engineering process slightly challenging and interesting but the biggest advantages of advantage of the open source quality as its Open source is its community and it's actually simple one of the key objectives of the open source is To maintain a sustainable community the open source rely or software relies on the community to develop code rapidly Debug code effectively and build new features a common model used to represent a Sustainable community is an onion model I'm an Indian mom and onion is something that I cannot do without so the layers of onion is kind of something that I Can relate with so the onion in the onion model for sustainable community. It has the the inner layer of core team which usually is small with the outer layer of contributing developers And bug reporters and the outermost layer of users in an engaged community the user assumes the role of bug reporters and that is the kind of Engagement the core team needs to enable an open source quality engineering our open source relies on a different variety of techniques to To maintain quality the biggest one are so code modularity pure review Are all part of that and Continuous integration and automation is heavily relied upon and required to keep up the pace of release early release often philosophy and system testing is usually done by the community or Unleashing the power of the community is one of the the biggest need in open source in maintaining a open source quality some of the examples include one is a pulp is a I want to pop is a project that I work as a quality engineer on so there were some of the ways that pulp relies or depends on the community or engages the community is A pulp Have you has anyone gone to the the table pulp table here? Yeah, so what pulp is a Project that manages repositories of content and it supports many content content types and it is a web application written in python available Release standard gpl v2 and There are many customers that relies on Pulp so the quality is very important for maintaining the quality is very important for pulp Pulp smash is a test suite that we use And it is run in continuous integration with the latest pulp commits and the what how we have designed pop smash is Such that any anyone can use because it is available on It is gpl license by the python library as well. So anyone can contribute to the test automation as well so the test cases are written in as a get a GitHub issue, so it does it's in the backlog and prioritized and Automated so and the user can submit to the To the automation test suite as well So any contribute how any contribution to pulp is a contribution Or any contribution to pulp smash is a contribution to pulp as well. So Anywhere that you want to contribute so a pulp or pop smash and pulp pulp smash actually has Heavily written documentation as well So anyone it is it it has made it very simple for anyone to contribute to the the automation test suite Any anyone here participated has participated in the Fedora chess days that is another way that Fedora engages the community test days are are Conducted to test specific component for upcoming Fedora release and it is usually conducted between alpha and GA and Anyone can participate in test days so there are by well-written Steps that is available with the Fedora documentation Fedora QA documentation. It's very easy for anyone anyone who's interested in any features or any parts of Fedora to participate in test days so all you all you need to do is follow the documentation and make sure that the the feature that you want to test is close to complete and Creating the wiki page which is which has a template as well So one of the very important role part is in hosting your test day is getting people on board. So make sure to get getting the word out to have people participate in the test day is Very is much needed for For a successful Test day a third project who you Anyone attend anyone went to the foreman desk here and There are there were many for mental talks as well So for men engage the community in In something called bug triage or bug bug day in which so while community test days in Fedora are done to To test a new feature bug day is community bug day was conducted to Go through it already existing bugs. So so that To verify the ones that are already fixed or closed or closed closed out stale or duplicate bugs Or even encouraging the users to submit pull requests so there We saw three different ways that you can engage the community so to improve quality. So in Pops case the test automation itself is Open source so anyone can and well documented so anyone can contribute to the To the test speed it as well in Fedora's case. You saw how you can Participate or organize your own test days and in And in the case of foreman you saw how you can engage the community in and verify or participate by Or look at the already existing bugs and how you can Prioritize them or triage of them So these are multiple ways that you can participate in Open source you don't have to be so the best part of open source is anyone can Contribute and You don't have to be a developer if you're a developer. Please contribute to the code base Otherwise, there are multiple ways contribute to the quality in improving the quality or documentation Thank you. Hi everyone I Will be I'm Cine and I will be talking about live Abigail and Before that, I would like to know if someone already heard about it At least few of them. That's good. So Leave Abigail is is will help you to keep your ABI stable in your CNC plus plus application It will help you to maintain the compatibility of the ABI so Before that going to in into the live Abigail will see why really a be a compatibility matter and It's example is always easy right to explain. So like suppose you have a package full and it provides your library called leave food at SO and Leave food at SO has a Function called F which is publicly can be used by other applications. So Like a number of packages is relying on the live full live on the full package and it uses actually the if function API in their code base, so So, yeah, so now what happens in the future? like you do some bug fixes and Or maybe some new feature and do you thought that? Function F is not needed or maybe due to some other reason you changed it and You bumped a new version and made a new update So what will happen? All the end packages were relying on that function F. So now all of them will break and Maybe that maintenance don't even know that their their packages are breaking because That full full package foo has been changed. So it's really very important and They will all have to fix their code base and to a new rebuild with the fix. So it's Which all realize so a be a compatibility really matters and this is a very generic Example, there are a lot of other cases where a bi can Can change and it can impact all the packages which depends on them and like if the function type has been changed or the subtype It changed or the return type chains, etc. So it it can really change the a bi compatibility so live Abigail it's a library which reads the ELF and the draft information from the binary and builds an internal representation of the a bi artifacts So the a bi artifacts Whatever relevant for like functions variables and the type these are all really important, right? Which gets exported and other applications uses it. So On the on the on you are using the live Abigail Library there are no tools all also created which are Which can be used to Keep the application a be a compatible and it's really very very helpful. You don't have to really Know that which all can break your a bi of your applications. You can just run these tools and And you can really it will tell you what all can have a be a compatibility change Breakage can I can happen So these are some tools One is a bi dw. It can it just basically gives you XML representation of all the a bi artifacts Which is really important for Which can which which is important for maintaining the a bi of of the applications and there is also Comments written in that so you can really read those XML file if you want to If you really like because actually some folks from GCC and glipsy they really want to do that. So it's really important and a bi diff so it will basically run on two binary and it will give you Give you the a bi changes which all possible. Maybe some added function added variables removed variables So and you can verify it whether these changes can really break the break the a bi of other applications or not and a bi pick a diff it runs on the package level for now we support Deb and rpm and it also takes directory where you can keep the binary and The tar format as well Other is the Fed pick a bi pick a diff this tool basically Right now come confined to the to the Fedora stuff So basically you can give and we are off any package which is our living federal it will pull it and it will give you the a bi changes So there is also an upcoming interesting tool called KMI diff This this will be Running on the kernel between the two kernel trees which will include we we have Linux boundary and the kernel different kernel modules so these are different tools and Depending upon your use case you can use any of them So like you can run on a particular binary or if you are like package or you can directly run on the on the package and the Lea Babigal package is Available in most of the distros so Suze or open Suze or the Fedora or Ubuntu or anywhere you can find it Just do yeah, I'm install at least in Fedora and you can use start using the tools or you can Building them. Also. It's very easy from the source code so As a live example, I will tell you in Fedora that we have started using the ABA checking At least for noise in the crit path packages, which are like very critical, which like Fedora QA generally Make sure that they shouldn't break because these are all which are part of the of the When Fedora new releases happen these packages never should break or something like that so it at least run on those and We use task a drone ABA check task to do that What else so in Fedora? We would like to increase it to all the packages C plus C and C plus plus or not limited to just Crit path that's because we are we started with crit path because we first want to see if everything works fine and Nothing is breaking and so it's pretty stable and We can extend it to all packages Also, we'd like to integrate it to bothy. It's already in the discussion and on the base of ABA changes we can give plus one or minus one karma and we can stop shipping it directly and You and the packages maintainer will be notified and they have to verify it or Give the justification why they need to do the ABA changes. Also, it would be nice to Have find a way how we should basically notify all the n number of Package maintainers whose packages might get affected due to this ABA changes if it's going to be shipped So these are all in lined up for the features and this will really help in making the Fedora stable That's it and these are the references the first one is really related to Libabigl if you're really interested all the bugs and documentation or Tools more details everything is available links are available in this first link and the second link will give you the live Run of the Taskatron ABA check task where you can see How the packages which all packages are failing on the ABI or Passing so it's really important. You can check the like recently phonon got Failed due to a function change and these are two other important and two links which you can read more about it That's it. If anyone is really interested to know more about this Libabigl You can talk to me later after the talk or maybe in the part in the upcoming two days. Thank you Okay, so Sydney told us how to ensure that Compatibility is not broken and now I am going to break some compatibility Yes My name is Raphael. I'd like to tell you about One bug which which I have been fighting for for some time already This title is a little misleading because if you want to know how to display a genitive months Vice Esther of time the answer is you cannot do it. It doesn't work in Linux I Have a little problem here because I thought that This problem also applies to check language back about just one hour ago I was told that in check language. It doesn't this problem doesn't exist. So there's just Please ignore Whatever is here about check language other languages are still affected So I just cut this I have a question. How many people use those desktops in their native languages? some of these Okay Does it look familiar to you? These are default lock screens in several languages and question is what's what's wrong here? Somebody know what's wrong. No, really Okay, so I was told that the check is okay, but other languages are broken. There should be different forms The problem is that Several Eastern European languages need the genitive cases here to display dates It applies to most Slavic languages, but also some Baltic also finish Greek and also a similar thing appears in some Western European languages which need There to create the genitive case and sometimes they need the apostrophe and this is also not handled in Linux This is a rough List of languages About 20 of them may be more. I don't know somebody wants to add more languages here No This is a map of those those languages where they are located again check is not not Affected Some some people might ask if it's a problem at all. Maybe you should ignore it In my opinion, it's we shouldn't because this makes Linux desktops unsuitable for schools Because they promote a bad grammar in local languages So some people may say if we need genitive cases and let's just reward our months into genitive and we will have it but it's not the correct way