Fedora APAC budget FAD

Hello,

Last week I attended the Fedora APAC budget planning FAD for FY’18. Ie. planning for Fedora activities that we expect to conduct between Mar 2017 – Feb 2018 and requisite budget for the same. Last year with Fedora.next reforms, we adopted a new approach to regional budget planning with an aim to increase transparency in the process. In this, each geographical region(ex. APAC) elects three delegates who handle major regional responsibilities. The Treasurer manages regional finance. The Logistician takes care of swag/media/banner production, dispatch and general coordination for Fedora presence at various events. And the Storyteller would collate information about regional events/activities and their impact/benefits to the Fedora project and report the same to the Fedora Community Action and Impact Lead(FCL) and the Fedora Council.

FAD Kuala Lumpur 2016

The Fedora Community Action and Impact Lead(FCL) assimilates various regional budgets and presents a global Fedora project budget to our primary sponsor Red Hat Inc. You can learn about this budget process, schedule and reports from

        -> https://budget.fedoraproject.org/
        -> https://pagure.io/fedora-budget/

I reached the meeting venue early around 09:00 hrs with a lot(600) of Fedora 24 Workstation Live DVDs and stickers. We began the discussion with a review of our expenditure in the current year(FY’17). For the current year(FY’17), we are given much lesser budget than we’d proposed; Partly because we don’t spend all of the budget that we plan for. This must change. Fedora Ambassadors must ensure that Fedora presence is seen at various events in their region and raise budget requests in advance. While discussing about ways to increase Fedora reach, once again popularity of Ubuntu came up. Earlier this year, we participated in the Gnome Aisa Summit 2016, in Delhi, India. Our learning from there indicates that for most people Ubuntu is the first distribution that they used. A co-participant shared that Ubuntu is included in the school curriculum in his state and is used to introduce students to the Linux operating environment. We need to explore ways to implement Fedora university/school connect program across region.

We discussed about ways to increase our participation at Flock. This discussion naturally moved towards FUDCon, its benefits and lack of regular bids to organise FUDCon. We agree that hosting FUDCon is important. However, maybe we could organise FUDCon every two years and use that budget towards increasing our participation at Flock. Nevertheless, it was also observed that we need to vet all Flock proposals from APAC region and provide subsidy to the most deserving proposals. Next we processed the outstanding fedora-apac tickets and projected revised expenses for the next year.

We don’t have regular bids for organising FUDCon from different APAC countries. FUDCon venues mostly repeat without much diversity. One option is to quash the bidding process and collectively select a region wherein we want to increase Fedora reach, ex. Sri Lanka. It certainly wouldn’t be easy, but is worth consideration. Next we discussed about combining this budget planning FAD and FUDCon together around the same time. As per new Budget.next process, new budget proposals are expected by August of each year. We could host FUDCon and budget planning FAD together in June and save on some expenses.

Apart from these many other issues were discussed, like communicating the proposed and allocated regional budget details on the list. Supporting and encouraging fellow participants’ effort and initiatives to conduct events. Expanding our thought process to think and work towards building Fedora APAC community, than focusing on country specific small communities. This leads to create a country specific divide and disconnect between fellow contributors and participants of Fedora community. Such divide must be avoided at all costs.


[*] https://public.etherpad-mozilla.org/p/FADKL_2016

FAD Singapore 2015

Hello,

Last weekend I participated in the FAD Singapore 2015. Apart from the annual review of the last year’s expenses and budget planning for the coming year, the most important agenda for this meeting was – To develop a strategy for the Fedora community growth across APAC region. Fedora Ambassadors came from various countries(Singapore, India, Sri Lanka, China, Malaysia, Philippines, Cambodia) across the Asia pacific.

My preparations began weeks before the actual event. Because I was to produce and carry 1000 F23 Workstation DVDs(30kg) with me. This involved first collating the required quantity from each country, negotiating with the vendors, gathering the F23 DVD artwork and working with the vendor to produce these copies. As result we now have two reliable vendors who could produce the Fedora DVDs for us.

F23 Workstation DVD
F23 Workstation DVD

Armed with 1000 DVDs, I reached Singapore on the eve of the FAD. Next morning we reached the venue(Red Hat Singapore) quite early and after a round of introductions, jumped right to the agenda – How do we grow Fedora community across APAC region? First question was – What do we currently do towards it? What is not working? Each participant was asked to narrate their experiences. The answers were usual, we conduct events, use Fedora to teach Linux, distribute swag/DVDs etc. Yet, somehow it is not enough to convert the audience into Fedora users and/or contributors. It is observed that DVDs get varied responses, in Singapore nobody wants to have DVDs because they prefer USB media; Whereas in other regions DVDs get over within hours at an event. We need to capitalise both ways; We could not choose one over the other.

Many observations were made about Fedora adoption. The activities we do are not regular and recurring. They are not catering to the target audience, ex. running same old ‘How to become package maintainer’ track etc. Maybe that should not be an introductory track. Secondly, There is rarely a follow-up with the audiences after the event is over. Many participants shared that often they manage to get the audience started with a Fedora task, but after the initial excitement, they rarely ping back. Thus the regular follow-ups are needed and it is the event owner’s task to do the follow-ups or ensure that it’s done through other volunteers. While doing events, we also need to aim towards getting more users, not only contributors. We need to tell users how they could use Fedora for their tasks. ex. Designing, Writing, Administration, Gaming, Programming, etc. We need to have focused events considering the audience’s interests. To increase user base, it’s also important to make Fedora easily accessible. It is common observation that people identify Linux with Ubuntu, but Fedora is fairly unknown. It’ll help to have install fests at the release parties wherein we do the installations by setting up local/portable Fedora mirrors.

Next day, we began by asking each participant – what they could do to improve community participation in their region. Each region has ambassadors who have been inactive for years. Many became ambassador when they were students, but since then have been occupied with their jobs and/or have lost interest in Fedora. We need to prod them and involve them in future initiatives. Once again the DVD production issue came about, it’s observed that it’ll help to have Alternative Desktop DVDs, so that user can choose a desktop of his/her choice than having just Gnome shell. For conferences like ‘conf.kde.in’, it’ll help to distribute KDE Desktop DVDs than the Gnome ones. User interface could come in the way of Fedora adoption, we need to experiment with the available options to see which one works the best.

Next on the agenda was missing leadership across APAC region. It is observed that there is no targeted/planned approach to our activities. It is ad-hoc and mostly happens at the 11’th hour. Ex. Requesting DVDs/Swag/Banners few days before an event/release party. It is Ambassadors’ task to take control and help in such situations. They need to fill the leadership positions through initiative. But the major problem is that many Ambassadors don’t know their responsibilities well. We need to improve our communication with the Ambassadors and engage them better.

Other topics discussed were more general, ex. participants are not vocal across various Fedora channels, mailing lists, etc. It is extremely important that we voice our opinions/views across all channels. Another bigger issue is Ambassadors don’t always have a convincing argument for the audience about – Why they should use Fedora. Because in many environments it doesn’t matter which distribution they use. By this time we were close to the evening, next topic was about the new governing structure proposed by the Fedora council.

I’ve tried to include maximum details in the report above, there are more notes and discussion points available at

     -> http://piratepad.net/FAD-Sngapore-2015
     -> https://fedoraproject.org/wiki/FAD_Singapore_2015/Events
     -> http://ethercalc-izhar.rhcloud.com/62tau2cry9
     -> https://fedoraproject.org/wiki/Budget.next

Overall, I think we had good discussion/debate over various topics concerning Fedora. Now it’s time to take real measures towards growing Fedora community beyond current limits. If you have any questions/suggestions/inputs about this discussion, please leave a comment here or feel free to write to me.:)

GNU Pem: an amazing tool

Dear PEM developer,

First of all, thank you for this amazing tool!
I use it every day for my personal income/expense tracking, and it is
really easy to use. I really like it: a simple tool for a simple task.

Thank you again for this amazing tool!

I received this yesterday via GNU Pem mailing list. It is always encouraging to receive acknowledgement for your work; But it is truly inspiring when they go all the way to learn a new language(Perl), just to write a patch for your program.

Thank you so much Matthieu! I appreciate it!!

GNU Pem is a handy tool to help you keep track of your personal income and expenses. It is portable across all platforms GNU Linux, MS Windows, Apple OS X, FreeBSD, you name it. On Fedora it’s

        # dnf install pem

Give it a try if you want to know your monthly expenses.:)

FUDCon APAC 2015 – a Memoir

Hi,

This post has been long overdue. In fact a post here has been long overdue. Much has happened since the last time I wrote here. There are new DNS patches to be merged, the Docker & DNSSEC resolver interconnect, kernel & Qemu issues I’ve been analysing, Fedora Security Team(FST), huh..each would need a separate post. Anyway, it’s good to be back here.

It was this time last year that we began to have lunch table discussions about hosting FUDCon in India. The last time we did was in 2011. A lot had changed since 2011; Old-timers had moved on, new ones had joined hands, many of them with a distant view of the open source, Fedora and FUDCon. But what was still same was the excitement to participate and to host FUDCon. What started as a fond activity for me, had quite a thrilling climax wherein I ended up calling the India’s Ambassador to China in Beijing.:)

We began with scouting for a venue, as the bidding process required us to have confirmed venue & budget arrangements in place. Though FUDCon is a get-together for Fedora contributors, we wanted local community to benefit from this gathering. So a college or university campus was our preferred choice for the venue. All of the campuses we visited were more than welcoming; In fact they wanted us to setup ongoing programs for their students and teachers alike. My observation is, people are convinced of the power of Open Source principles and methodology, but they have no idea about how to participate and take advantage of it. After much deliberations we settled on the MIT College of Engineering for our venue and the bid was proposed.

Shortly after the bid was accepted, I left the city of Pune – the ground zero of FUDCon APAC 2015. And thus began the spell of weekly calls, meetings and updates. As soon as the bid was accepted, we sent out a call for volunteers. We broadly defined the tasks(travel, talks selection & scheduling, marketing, video recording, catering, FUDPub et. al.) and volunteers assumed their responsibilities. I picked to help the delegates with their travel requirements, amongst various other things. When I moved out, I half expected to have diminishing responsibilities towards FUDCon. But in retrospect, it’s intriguing how actively I was involved. I think the first step towards active participation in open source communities is to connect, to join the call, say hello and listen. In my case it was conference calls, but one could just as easily connect over email/IRC/twitter/hangout, either means of communication.

Through these weekly calls and meetings we assessed overall progress on each task, discussed and devised alternative solutions for issues, listened to individual inputs, argued and fought over it, pulled each-other’s legs and had fun all the way. Of course a huge team of volunteers were working relentlessly on ground zero to ensure that all the needed pieces(banners, recording gear, transport, accommodation, vendor billing,…) are put together at the right time. Before I knew, five months had passed and I was on my way to attend ‘FUDCon APAC 2015’.:) Excited to meet old friends, colleagues, and everybody that I’d been communicating with for the past few months. Meanwhile it had almost slipped my mind that I was to present a talk about – Local DNSSEC resolver: F23 Feature.

At FUDCon surroundings were brimming with a familiar energy. It started right at the hotel as delegates arrived from around the world. The peculiar excitement in the hotel lobby when delegates bump into each other is uniquely rewarding. On day one, I was to attend the registration desk and distribute swags. After the first half of doing that, I moved about different sessions catching glimpses at each. Day two was little easier, there was no mad rush of day one. I hitched a ride with a friend to the venue, found a corner in the speaker’s lounge and resorted to prepare for my talk. As the day concluded, it was time for the super electric FUDPub.:) Day three was of workshops, I jumped through couple of sessions and talks and was back again at the front desk to work with the volunteers as they were preparing to wrap-up. Three days went by so fast, before I knew, it was time for the concluding keynote and the vote of thanks. As the delegates bid their good byes, they made plans to catch-up again at the next conference.:)

FUDCon APAC 2015 album:
  -> https://www.flickr.com/photos/pjps/albums/72157659591987932

Going to FUDCon APAC 2015

It’s less than 72 hours to go for the much awaited FUDCon APAC 2015 kick off. International delegates are boarding flights as we speak, while others are packing bags and preparing for the take off. The organising team on ground zero is running full throttle and leaving no stones unturned to ensure smooth sailing.:)

I’m packing my bags and gearing up for my talk “Introduction to DNSSEC – F22 feature“. Do drop in and join the conversation.

See you there…!!!:)

Report – FAD 1 Nov 2014 – theme security

Hello,

Last weekend I participated in a Fedora Activity Day(FAD) aimed at introducing participants to the Fedora Security Team, its mission and activities. This post is a retrospective review of the day and lessons learned.

Day began with me introducing the participants to the Fedora Security Team, the current security features offered by Fedora and why we need to do much more to make sure that Fedora users are secure by default.

    See -> https://pjp.fedorapeople.org/fedorasec.html

This introductory talk was followed by triaging of open security bugs; There are more than 500 of them. Security bugs are marked by Keywords: Security. It means the said bug might have security implications and could facilitate unauthorised/undue access to users. I started triaging with the oldest bugs to figure out why were they open. This in turn leads us to see possible lapses which allow such bugs to remain unattended for longer than they should be.

Why do security bugs stay open and unattended…?

  • Appropriate fixes are unavailable, ie. patches do not exist at all. BZ#864897
  • Appropriate fixes are available, but the maintainer does not know. BZ#782620, BZ#851773, BZ#887451
  • Appropriate fixes are available, but the package is due its retirement, thus ignored BZ#838162. The package is _not_ retired.

These bugs were unattended for more than 2 years and have severe implications like Man in The Middle (MiTM) attack, Arbitrary Code Execution(ACE) and Denial of Service(DoS).

How do we address these lapses…?

The 2’nd and 3’rd case above, wherein the due patches are available, I think we can address them by hounding the maintainers with periodic ‘[NEEDINFO]’ pings till the time they push an update. It won’t be as easy as it sounds, but is an option nonetheless.

It is the 1st case, wherein the due patches are not available, that intrigues and interests me more. So, why aren’t these patches made available? One of the comment BZ#864897#c12 says the fix requires a functionality from OpenSSL 1.1 to be back ported to currently used versions – OpenSSL 1.0.1i. I opened a bug against OpenSSL BZ#1160172, but it was closed(deferred) saying it is not likely to happen any time soon. So the only option is for application to do the TLS certificate validation by itself, which the package maintainer is unable to do. This leads me to an another _grave_ concern that has been cropping up in recent times ie. – dwindling contributor base for some of the widely used & deployed FOSS projects.

This was discussed at Linuxcon last year or the year before; As the average age of subsystem maintainers is rising towards late 30s. At this stage they are likely to be occupied with families and other things in life and hence are unable to spend as much time on their projects. Siddhesh recently mentioned that becoming a parent could drop your productive time by as much as 30%. In yet another conversation I heard this applies to OpenSSL too. Upstream OpenSSL maintainers are well in their 40s and are a close-knit group, which is not welcoming enough to the new entrants(reminds me of Mr drepper and glibc few years ago).

It is high time that we(Fedora) start taking measures towards grooming new contributors and package maintainers. In corporate parlance it is known as succession planning. It should be done by each individual project leader. As for the bugs and tasks that I come across, I have started posting them to the dgplug students list

    See -> http://lists.dgplug.org/pipermail/users-dgplug.org/2014-November/thread.html

It has a lesser hit ratio, but I hope it improves going forward. If not, we’ll keep dousing the same fire again and again.

    See -> Cybersecurity experts discover lapses in Heartbleed bug fix.