KWNPSA Meeting Notes

(KWNPSA Upcoming Events)

(KWNPSA Past Events)

(KWNPSA Meeting Notes on one page)

(KWNPSA Requested Topics)

All the NPSA Meeting Notes on one page

Project Management

Date

Monday, 18 September 2017 from 7:00pm to 8:30pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243066154/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What is Project Management? How do SysAdmins provide support to Project Managers? What kind of projects directly affect SysAdmins? Do Non-Profit SysAdmins manage projects? What tools are available for project management? What server-based software exists for project management? Who provides outsourced project management? What standards exist for project management? What certification?

Let's bring together SysAdmins and Project Managers to discuss the state of the art. As always, we'll have round table discussion to ask questions, provide expertise, and share stories of past experiences.

--Bob Jonkman & Marc Paré

• Project Management/Meeting Notes 2017-09-18

Resources

Project Management | Techsoup Canada

The Project Management Association of Canada

Canada's Technology Triangle Chapter | PMI | Project Management Institute

Wikipedia:Project Management

---

(unrelated) https://www.adminadminpodcast.co.uk/

These guys talk about being an IT administrator, whether thats a local
desktop engineer, a cloud-native specialist deploying to cloud hosting
platforms running Linux, or an enterprise Windows admin...

---

Meeting Notes

• Sponsorships
  • We like NetSquared and TechSoup, but don't want the KWNPSA direction dicated by the sponsors
  • Stickers were distributed!
• NaNoWriMo - National Novel Writing Month - good tie-in with Document Storage
  • Discussing backups and formatting and document semantics
• File Formats -- tie-in with Document Freedom Day in March
• Introductions - SysAdmins, Typesetters, Software Testers, Software Developers, Teachers
  • Not a single Project Manager, but all these projects!

What is Project Management?

• What is a project?
  • Has a start and deadline, must have a goal, and measure of success
  • Certain kinds of reports, eg. financial statistics, not part of the normal booking routine, eg. grant proposal, eg. special audit
  • Contrast with regular operations, which may still have a continuous improvement goal
• Always implies collaboration, eg. a book

• Tasks of project management
  • Eliminate Redundancies
  • Optimizing the whole project, costs, resources,
  • Set constraints and scope of the project
  • Scheduling
  • Distributing the responsibilities of labour and resources

SysAdmin role in Project Management

• Sometimes SysAdmin is the Project Manager
• Some projects start internally, others are imposed externally
  • Server upgrades, reports and time estimates for operations

• Small companies may not have large project teams, people wear many hats
• Sometimes no diff between PM, Team Leader, Department Head
  • Who are the "boots on the ground"?
  • Again, communication flows are important, making sure it happens smootly.
  • Avoid animosity by keeping communications open. There's not software for that
  • Even software like Slack doesn't achieve this, needs people-to-people communication. Needs change, software doesn't keep up.

• Time estimates are horrible to figure out in IT
  • Need buffer time,
  • SysAdmin will have a good idea of time needed to perform tasks.

Software

• Manual techniques like sticky notes and whiteboards
  • Gets transferred to software
  • Requires stakeholders in a meeting, maybe video conference, not asynchronous tools like e-mail
    • But getting contributions in a live meeting may be tough. After the meeting people finally got involved by sending e-mail
    • Keeping the tone collegial is everyone's task, but bridge-building is definitely a skill for PMs
• Concurrence: Multiple people may need to access (Read/Write) the project data
  • Is concurrence necessarily the best data management practice?
    • We had vigorous discussion on the merits of document concurrency
      • Good for managing sub-tasks, not good for overall project coherence
  • Lose focus of the project with too many simultaneous changes
• Software licencing can be onerous -- cost of software, seat licenses, and audits

Specific apps

• Symantec Timeline circa 1998.
• Microsoft Project
• Project Libre
  • Open Source has XML data format, anyone can read the data without having the software

• Cloud-based project management, eg. Basecamp
  • 10 Cloud-Based Project Management Tools to Serve Every Company's Needs
  • Google Drive?
  • Etherpad? Nextcloud?

Project Management Standards and Certification

(wasn't discussed in the time available)

Stories

• Management dictates timelines, despite project management best practices
• Management dictates "buy from the lowest bidder", not based on project requiremetns
• Management dictates "Put the dev stuff into production", not following proper dev-test-prod protocols
• There is a gap for project managers that have one foot in the software dev world and another foot in the communications field
  • PMs spend a lot of time speaking to both developers and management
  • Need to teach better communication skills to developers to speak to Management
    • although Management may not have the communications skills to listen to developers
• Discussion on the "Mythical Man Month", the book of project management gotchas
  • Skunkworks may be more efficient and effective than following the full Project Management procedures

---

---

Monetization

Date

Monday, 21 August 2017 from 7:00pm to 9:00pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/241820045/ iCal

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

How can a Non-Profit organization raise money from their services? Can a Not-For-Profit organization make a profit? Why do some NonProfit organizations have separate corporate entities for fundraising and their core business? How do NonProfit SysAdmins manage crowdfunding? How does monetization affect NonProfit status? How does monetization affect legislation concerning mailing lists? What does the NonProfit SysAdmin need to know to enable monetization on the Internet? What software exists to enable monetization?

Join us to discuss these and other ideas for monetization.

--Marc Paré & Bob Jonkman

• Monetization/Meeting Notes 2017-08-21

Resources

Which Crowdfunding Platform Is Best for Your Nonprofit? | TechSoup Canada

Canada's Law on Spam and Other Electronic Threats - Home - Canada's Anti-Spam Legislation

Meeting Notes

What NonProfit Organizations sell stuff?

• Publishing companies
• Food co-ops
• Musical societies (CDs, services)
• Event admission for political groups, rallies

Two companies?

• If activities don't fit within the mission statement, then CRA may consider it a separate, for-profit company
• Charitable companies are particularly vulnerable, hassled by CRA

Drawbacks to monetization

• Need End-of-year reports, tax knowledge
• Need an audit/auditor over a certain amount (maybe $100K?)
• Tricky to justify certain kinds of income, esp if there is significant profit
  • Need a budget that justifies certain expenses eg. equipment
• People don't have enough knowledge of IT systems to use them properly
  • Using spreadsheets that don't integrate with financial systems
    • But still better than a Word Document
  • Frustrating for SysAdmins, who need to provide support
  • No user knowledge of version control, journalling, &c.
• The Treasurer position of a NonProfit has frequent turnover, no continuity
  • Treasurer may be volunteer, unskilled for the task
• Some NonProfits deal with esoteric financials (book sales, royalties), may not have a system in packaged software
• Need specific information that the grant agency (that provides funds) wants to see
• Concerns with transparency, opening the books for the public
• Who maintains privacy of finances?
  • Need a designated Privacy Officer

Methods of monetization

• "Legacy Gifts": Larger groups (orchestras?) are pitching bequeathing estates as donations, triggered by a will.
  • Important to performance groups, as their audience ages
  • In Europe, cities a fraction of the size of KW get government funding for the arts, so fundraising not necessary
  • In Canada there are people hired by NonProfit art and performance organizations to do nothing but acquire funding through donations
• Integrate small NonProfit groups into the finances of a larger organization, eg. at a University
  • But the reporting needs may not be adequate.
• Need to know about methods for funding proposals
  • Software? Forms? Documents?
• http://career.publicoutreachgroup.com/ Facilitates fundraising for non-profits
• Community Foundations will organize the funding for NonProfits, eg. Kitchener-Waterloo Community Foundation
  • Other arts groups set up their own foundations, eg. KW Symphony
  • Or set up your own foundation, then the KW Community Foundation will provide the administration for it

What does a SysAdmin do to enable monetization?

• Not too interested in accounting
• Shopping carts on websites
  • Not done internally, this gets contracted out
• Point-of-sale systems?
  • Need to combine with sales data from other systems
• Provide integration to other systems
• Select and set up Crowdfunding platforms

Crowdfunding

• Has Crowdfunding passed its peak? It was the big thing two or three years ago.
• What criteria are used to select a Crowdfunding source?
• Techsoup: https://www.techsoupcanada.ca/en/community/blog/which-crowdfunding-platform-is-best-for-your-nonprofit
• Centre for Social Innovation in Toronto:
  • Bring your own audience, your own following, before starting the campaign
  • Pretty much everyone involved already needs to be in place
  • Crowdfunding sites don't necessarily increase your reach, or attract more contributors
  • Crowdfunding is good for devices, eg. Pebble Watch
• If you haven't reached your funding level in three months, it's not likely to fly
• There are "Crowdfunding Brokers"
  • providing Consultancy, advocacy,
  • Centre for Social Innovation trying to get social advocacy agencies involved (two or three years ago)
• City of Waterloo had a program to crowdfund Civic Improvements
  • Had their own website
  • People proposed their own projects, advocated for them, got the funding. Then the City would implement them.
    • Thorough failure... People did not want to give money for things they had already paid for through taxes
• Education: Raising money for supplies, program was halted by the Ministry of Education: "We already provide funding for that."

Financial Software

Needs dedicated staff to manage privacy issues, but if your NonProfit Org has enough staff to maintain it, it's very effective

• Purchasing financial software also purchases the skills and expertise of building such a system (Lawyers, accountants)
  • A way of recording transactions without requiring the expertise of accountants
  • Avoid bitrot (spreadsheets may not be the same from one year to the next)
• QuickBooks?
  • Has a non-profit module
  • QuickBooks is common, but doesn't provide the detail for non-profits
    • eg. selling worldwide through Amazon, QuickBooks doesn't provide geographic customer data
  • Dedicated software provides more granularity in recording transactions.
  • with QuickBooks you still need other tools to record other data
• Spreadsheets are prone to user error, eg. changing or deleting a formula
• Orgs hold fundraisers to pay for events
  • Events themselves may raise funds through admission fees
• There exists fundraising software
  • Similar to contact management software, eg. CiviCRM, Sales Force Automation, Symantec ACT!
  • CiviCRM provides metrics, eg. number and amount of donations
    • Metrics are really important for donations and ticket sales
  • Good for larger NonProfit orgs, too complicated for small ones
  • And with a list of donors, privacy becomes a concern
  • Some integrates well with financial/accounting software
  • Detects patterns of donations, sends out requests only at the correct intervals, or when donors are ready
  • Coordinates with maturity of investments held by donors, when NonProfits can get a pledge.
  • Good software can snipe other NonProfits looking for donations

• "Grant Station" (subscription software, available through TechSoup)
  • TechSoup subscription is more flexible (cheaper) than purchasing directly from Grant Station
  • Provides a list of Canadian and American grant agencies
  • helps prepare online pitches for donations
  • Hones your skills in preparing grant applications

• "Canada Donates" is also useful for NonProfits

• TechSoup Canada: Constituent/Donor Relationship Management

Accounting software:

http://www.techsoupcanada.ca/en/taxonomy/term/287

• Newviews
• QuickBooks
• MYOB (Mind Your Own Business) (defunct? Only in Australia?)
• Microsoft Money
• GNUcash (Free Software)
• Scrooge (chequebook model, not really for NonProfits) (FS, KDE)
• FrontAccounting (ERP)

Tax Software

• LibrePlanet Ontario: Free Libre Canadian Tax Preparation Software Project https://libreplanet.org/wiki/Group:LibrePlanet_Ontario/FLCTPSP
• UFile: worked under WINE (Wine Is Not an Emulator) until Win10

"If you're looking to monetize your NonProfit group, joining TechSoup is very beneficial." (spontaneous endorsement from KWNPSA attendee)

---

---

(KWNPSA Upcoming Events)

(KWNPSA Past Events)

(KWNPSA Meeting Notes on one page)

(KWNPSA Requested Topics)

All the NPSA Meeting Notes on one page

Project Management

Date

Monday, 18 September 2017 from 7:00pm to 8:30pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243066154/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What is Project Management? How do SysAdmins provide support to Project Managers? What kind of projects directly affect SysAdmins? Do Non-Profit SysAdmins manage projects? What tools are available for project management? What server-based software exists for project management? Who provides outsourced project management? What standards exist for project management? What certification?

Let's bring together SysAdmins and Project Managers to discuss the state of the art. As always, we'll have round table discussion to ask questions, provide expertise, and share stories of past experiences.

--Bob Jonkman & Marc Paré

• Project Management/Meeting Notes 2017-09-18

Resources

Project Management | Techsoup Canada

The Project Management Association of Canada

Canada's Technology Triangle Chapter | PMI | Project Management Institute

Wikipedia:Project Management

---

(unrelated) https://www.adminadminpodcast.co.uk/

These guys talk about being an IT administrator, whether thats a local
desktop engineer, a cloud-native specialist deploying to cloud hosting
platforms running Linux, or an enterprise Windows admin...

---

Meeting Notes

• Sponsorships
  • We like NetSquared and TechSoup, but don't want the KWNPSA direction dicated by the sponsors
  • Stickers were distributed!
• NaNoWriMo - National Novel Writing Month - good tie-in with Document Storage
  • Discussing backups and formatting and document semantics
• File Formats -- tie-in with Document Freedom Day in March
• Introductions - SysAdmins, Typesetters, Software Testers, Software Developers, Teachers
  • Not a single Project Manager, but all these projects!

What is Project Management?

• What is a project?
  • Has a start and deadline, must have a goal, and measure of success
  • Certain kinds of reports, eg. financial statistics, not part of the normal booking routine, eg. grant proposal, eg. special audit
  • Contrast with regular operations, which may still have a continuous improvement goal
• Always implies collaboration, eg. a book

• Tasks of project management
  • Eliminate Redundancies
  • Optimizing the whole project, costs, resources,
  • Set constraints and scope of the project
  • Scheduling
  • Distributing the responsibilities of labour and resources

SysAdmin role in Project Management

• Sometimes SysAdmin is the Project Manager
• Some projects start internally, others are imposed externally
  • Server upgrades, reports and time estimates for operations

• Small companies may not have large project teams, people wear many hats
• Sometimes no diff between PM, Team Leader, Department Head
  • Who are the "boots on the ground"?
  • Again, communication flows are important, making sure it happens smootly.
  • Avoid animosity by keeping communications open. There's not software for that
  • Even software like Slack doesn't achieve this, needs people-to-people communication. Needs change, software doesn't keep up.

• Time estimates are horrible to figure out in IT
  • Need buffer time,
  • SysAdmin will have a good idea of time needed to perform tasks.

Software

• Manual techniques like sticky notes and whiteboards
  • Gets transferred to software
  • Requires stakeholders in a meeting, maybe video conference, not asynchronous tools like e-mail
    • But getting contributions in a live meeting may be tough. After the meeting people finally got involved by sending e-mail
    • Keeping the tone collegial is everyone's task, but bridge-building is definitely a skill for PMs
• Concurrence: Multiple people may need to access (Read/Write) the project data
  • Is concurrence necessarily the best data management practice?
    • We had vigorous discussion on the merits of document concurrency
      • Good for managing sub-tasks, not good for overall project coherence
  • Lose focus of the project with too many simultaneous changes
• Software licencing can be onerous -- cost of software, seat licenses, and audits

Specific apps

• Symantec Timeline circa 1998.
• Microsoft Project
• Project Libre
  • Open Source has XML data format, anyone can read the data without having the software

• Cloud-based project management, eg. Basecamp
  • 10 Cloud-Based Project Management Tools to Serve Every Company's Needs
  • Google Drive?
  • Etherpad? Nextcloud?

Project Management Standards and Certification

(wasn't discussed in the time available)

Stories

• Management dictates timelines, despite project management best practices
• Management dictates "buy from the lowest bidder", not based on project requiremetns
• Management dictates "Put the dev stuff into production", not following proper dev-test-prod protocols
• There is a gap for project managers that have one foot in the software dev world and another foot in the communications field
  • PMs spend a lot of time speaking to both developers and management
  • Need to teach better communication skills to developers to speak to Management
    • although Management may not have the communications skills to listen to developers
• Discussion on the "Mythical Man Month", the book of project management gotchas
  • Skunkworks may be more efficient and effective than following the full Project Management procedures

---

---

Monetization

Date

Monday, 21 August 2017 from 7:00pm to 9:00pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/241820045/ iCal

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

How can a Non-Profit organization raise money from their services? Can a Not-For-Profit organization make a profit? Why do some NonProfit organizations have separate corporate entities for fundraising and their core business? How do NonProfit SysAdmins manage crowdfunding? How does monetization affect NonProfit status? How does monetization affect legislation concerning mailing lists? What does the NonProfit SysAdmin need to know to enable monetization on the Internet? What software exists to enable monetization?

Join us to discuss these and other ideas for monetization.

--Marc Paré & Bob Jonkman

• Monetization/Meeting Notes 2017-08-21

Resources

Which Crowdfunding Platform Is Best for Your Nonprofit? | TechSoup Canada

Canada's Law on Spam and Other Electronic Threats - Home - Canada's Anti-Spam Legislation

Meeting Notes

What NonProfit Organizations sell stuff?

• Publishing companies
• Food co-ops
• Musical societies (CDs, services)
• Event admission for political groups, rallies

Two companies?

• If activities don't fit within the mission statement, then CRA may consider it a separate, for-profit company
• Charitable companies are particularly vulnerable, hassled by CRA

Drawbacks to monetization

• Need End-of-year reports, tax knowledge
• Need an audit/auditor over a certain amount (maybe $100K?)
• Tricky to justify certain kinds of income, esp if there is significant profit
  • Need a budget that justifies certain expenses eg. equipment
• People don't have enough knowledge of IT systems to use them properly
  • Using spreadsheets that don't integrate with financial systems
    • But still better than a Word Document
  • Frustrating for SysAdmins, who need to provide support
  • No user knowledge of version control, journalling, &c.
• The Treasurer position of a NonProfit has frequent turnover, no continuity
  • Treasurer may be volunteer, unskilled for the task
• Some NonProfits deal with esoteric financials (book sales, royalties), may not have a system in packaged software
• Need specific information that the grant agency (that provides funds) wants to see
• Concerns with transparency, opening the books for the public
• Who maintains privacy of finances?
  • Need a designated Privacy Officer

Methods of monetization

• "Legacy Gifts": Larger groups (orchestras?) are pitching bequeathing estates as donations, triggered by a will.
  • Important to performance groups, as their audience ages
  • In Europe, cities a fraction of the size of KW get government funding for the arts, so fundraising not necessary
  • In Canada there are people hired by NonProfit art and performance organizations to do nothing but acquire funding through donations
• Integrate small NonProfit groups into the finances of a larger organization, eg. at a University
  • But the reporting needs may not be adequate.
• Need to know about methods for funding proposals
  • Software? Forms? Documents?
• http://career.publicoutreachgroup.com/ Facilitates fundraising for non-profits
• Community Foundations will organize the funding for NonProfits, eg. Kitchener-Waterloo Community Foundation
  • Other arts groups set up their own foundations, eg. KW Symphony
  • Or set up your own foundation, then the KW Community Foundation will provide the administration for it

What does a SysAdmin do to enable monetization?

• Not too interested in accounting
• Shopping carts on websites
  • Not done internally, this gets contracted out
• Point-of-sale systems?
  • Need to combine with sales data from other systems
• Provide integration to other systems
• Select and set up Crowdfunding platforms

Crowdfunding

• Has Crowdfunding passed its peak? It was the big thing two or three years ago.
• What criteria are used to select a Crowdfunding source?
• Techsoup: https://www.techsoupcanada.ca/en/community/blog/which-crowdfunding-platform-is-best-for-your-nonprofit
• Centre for Social Innovation in Toronto:
  • Bring your own audience, your own following, before starting the campaign
  • Pretty much everyone involved already needs to be in place
  • Crowdfunding sites don't necessarily increase your reach, or attract more contributors
  • Crowdfunding is good for devices, eg. Pebble Watch
• If you haven't reached your funding level in three months, it's not likely to fly
• There are "Crowdfunding Brokers"
  • providing Consultancy, advocacy,
  • Centre for Social Innovation trying to get social advocacy agencies involved (two or three years ago)
• City of Waterloo had a program to crowdfund Civic Improvements
  • Had their own website
  • People proposed their own projects, advocated for them, got the funding. Then the City would implement them.
    • Thorough failure... People did not want to give money for things they had already paid for through taxes
• Education: Raising money for supplies, program was halted by the Ministry of Education: "We already provide funding for that."

Financial Software

Needs dedicated staff to manage privacy issues, but if your NonProfit Org has enough staff to maintain it, it's very effective

• Purchasing financial software also purchases the skills and expertise of building such a system (Lawyers, accountants)
  • A way of recording transactions without requiring the expertise of accountants
  • Avoid bitrot (spreadsheets may not be the same from one year to the next)
• QuickBooks?
  • Has a non-profit module
  • QuickBooks is common, but doesn't provide the detail for non-profits
    • eg. selling worldwide through Amazon, QuickBooks doesn't provide geographic customer data
  • Dedicated software provides more granularity in recording transactions.
  • with QuickBooks you still need other tools to record other data
• Spreadsheets are prone to user error, eg. changing or deleting a formula
• Orgs hold fundraisers to pay for events
  • Events themselves may raise funds through admission fees
• There exists fundraising software
  • Similar to contact management software, eg. CiviCRM, Sales Force Automation, Symantec ACT!
  • CiviCRM provides metrics, eg. number and amount of donations
    • Metrics are really important for donations and ticket sales
  • Good for larger NonProfit orgs, too complicated for small ones
  • And with a list of donors, privacy becomes a concern
  • Some integrates well with financial/accounting software
  • Detects patterns of donations, sends out requests only at the correct intervals, or when donors are ready
  • Coordinates with maturity of investments held by donors, when NonProfits can get a pledge.
  • Good software can snipe other NonProfits looking for donations

• "Grant Station" (subscription software, available through TechSoup)
  • TechSoup subscription is more flexible (cheaper) than purchasing directly from Grant Station
  • Provides a list of Canadian and American grant agencies
  • helps prepare online pitches for donations
  • Hones your skills in preparing grant applications

• "Canada Donates" is also useful for NonProfits

• TechSoup Canada: Constituent/Donor Relationship Management

Accounting software:

http://www.techsoupcanada.ca/en/taxonomy/term/287

• Newviews
• QuickBooks
• MYOB (Mind Your Own Business) (defunct? Only in Australia?)
• Microsoft Money
• GNUcash (Free Software)
• Scrooge (chequebook model, not really for NonProfits) (FS, KDE)
• FrontAccounting (ERP)

Tax Software

• LibrePlanet Ontario: Free Libre Canadian Tax Preparation Software Project https://libreplanet.org/wiki/Group:LibrePlanet_Ontario/FLCTPSP
• UFile: worked under WINE (Wine Is Not an Emulator) until Win10

"If you're looking to monetize your NonProfit group, joining TechSoup is very beneficial." (spontaneous endorsement from KWNPSA attendee)

---

---

Template loop detected: Mail Management/Meeting Notes 2017-07-17

---

---

Malware

Date

Monday, 12 June 2017 from 7:00pm to 9:00pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/239940239/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Breaking News: Dozens of countries affected by ransomware cyberattack (CBC News, 12 May 2017)

Are you protected from malware? On your desktop computers? On your servers? Does your staff have malware protection at home? Is anti-virus software enough? What's "ransomware"? What's the difference between a virus, a trojan, and a phishing attack? Does it matter? How do you protect yourself from malware? What's the best way to react to a malware outbreak? How do you recover from a malware attack?

We'll share our experiences in a round table discussion, and perhaps have a guest from the industry to provide some of the answers.

--Marc Paré and Bob Jonkman

• Malware/Meeting Notes 2017-06-12

---

Video

Malware discussion at NetSquared KW meetup (courtesy of Gheorghe Curelet)

Guest: Scott Smith

• Tekkshare demonstration by guest Scott Smith
  • A Goods-and-Services marketplace for technical stuff based on Sharetribe
  • Invitation for KWNPSA members to sign up, will waive commission for first year

Meeting Notes

Malware experiences

• from the days of floppy drives

• WannaCry ransomware
  • seemed to be more prevalent on Win7, not so much WinXP
  • Video on encryption in WannaCrypt ransomware: How WanaCrypt Encrypts Your Files - Computerphile

• Malware vulnerability assessments
  • https://www.spacelabshealthcare.com/wp-content/uploads/2017/05/WannaCry-Malware-Assessment-and-Compatibility-Statement_23_May_2017.pdf
  • https://www.sans.org/ has vulnerability reports

• SSL Certificates and PKI
  • Anyone who pays enough money to browser vendors can be included as a Certificate Authority
  • Some CAs have issued invalid certs for well-known domains, eg. DigiNotar and google.com
  • Certificate Authority Authentication is designed to protect against that threat: An Introduction to Certification Authority Authorization (CAA) - SSL.com

Platforms

• Apple malware, adware
  • Nothing super malicious, but affects the browser, user libraries inc. user preferences
  • Backup with TimeMachine, but that takes malware with it
  • Free TV websites and proxy sites seem to be sources of malware
  • Manual restore (not Time Machine) to restore each file individually
  • AdAware bought by Malwareytes, good for Apple platform, free for home use: Malwarebytes | Malwarebytes Anti-Malware for Mac

• Android
  • Large platform, biggest vulnerability
  • Old, refurbished phones may be vulnerable, they don't get updates
  • Same for routers, security cams
  • Fragmentation in market, but providers (Samsung, Verizon) don't provide updates after a year or two
  • Reluctance to update phones because it takes too long (10 minutes!)
  • People are more likely to replace a device than upgrade it
    • Both on desktop and mobile devices
  • Change is scary, some people can't even deal with a moved icon on the desktop
  • SysAdmins are not able to meet the expectations of clients
  • Google is taking heat for lack of Android updates
    • Thought it might have been like GNU/Linux distros (stable, testing, Sid), didn't work out that way
    • Proprietary applications contribute to this, only Google can upgrade their apps
    • CopperheadOS tried to address this with a secure Android OS, but constantly battles Google and vendors

People believe things are secure because they've paid the vendor lots of money, they don't pay the vendor lots of money because the products are secure.

Best defence: Make our purchasing decisions based on public data of vulnerabilities

• More security resources:
  • https://www.cisco.com/c/en/us/products/security/threat-grid/index.html
  • https://www.entrust.com/certification-authority-authorization/

Mitigation

• Software for Non-profit organizations available from TechSoup: Server & Security Software | TechSoup Canada

• Treat the end-user as an adversary
  • Focus on recovery instead of avoidance
  • But should we treat people as adversaries? Technical solutions are not a panacea
• Backups!!!
• Risk management -- given enough time, the probability of being affected approaches one
• Training is necessary, but not sufficient

Defence in Depth

• Backups, backup rotation, offsite backup
• Training
• Updates
• Offsite storage (Cloud), store deleted files for 90 days (version control)
  • But privacy issues with out-of-country routing and storage
• Buy-in from management to provide enough resources (money)
• Honeypot, canary - let SysAdmin know when certain files are being touched

Staff needs to know this Defence-in-Depth is being done, and when

Recovery

• Some people don't care about their data, just re-image the computer
• Shadowcopy in Window -- only Administrator has access, can't be encrypted by ransomware
  • But malware knows Shadowcopy is a good idea, and will try to bypass

• How can you tell your files are encrypted?
  • Applications can't open their data files
  • Some malware leaves messages "This folder is encrypted"

• Stiller software (c. 1995) to identify modified files with checksum appended to all files; won't open or execute compromised files

Meeting Administration

• Time limits? 8:30pm
  • Stay on topic
  • May start at 6:30pm? Consensus, not...

---

---

Offsite Hosting

Date

Monday, 8 May 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237779027/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Where are your servers? Are you self-hosting? Have you thought about professional hosting? What services does a professional hosting service offer? Do you need shared hosting? Do you need a VPS? What's a VPS? What's a colocation site? How much will all this cost?

Come share your experiences with self-hosting, shared hosting, and VPSes. Bob and Marc have the questions, and special guest Mark Steffen from indieServe Networks will have the answers.

See you at the meeting!

--Bob Jonkman and Marc Paré

• Offsite Hosting/Meeting Notes 2017-05-08

---

Video

Offsite Internet servers hosting - YouTube (courtesy of Gheorghe Curelet)

Meeting Notes

• Today's guest is Mark Steffen from indieServe Networks

Selecting a hosting provider

• There's no "One size fits all"
• What do you need?
  • Disaster recovery?
  • Microsoft licensing?
  • E-mail hosting?

What kinds of servers for a host?

• Dell servers at one place
• Had HPs, didn't mind them
  • indieServe has some HP servers for colocation
• Lenovo, but there was BIOS based malware
  • Liked IBM servers, anecdotally liked the reliability
  • indieServe has all Lenovo servers

Offsite Hosting Problems?

• Shared hosting was OK for a while, but host was asking for more money
• Another company seemed perfect shared hosting (using WordPress),
  • Works today, but lots of complaints on Facebook, so he no longer trusts
• Backups?
  • Yes, keeping your own backups in addition to using the hosts' backups

indieServe Networks

• indieServe is hosting for KWLUG, KWVoIP, FairvoteWRC, KWPeace, &c.
• About $10/month for shared host
  • No limits but on the honour system
  • Keep it to one company per shared host
  • Local non-profits may be able to get really good deal -- talk to Mark Steffen
• Also has VPS (Virtual Private Servers)
• Can do hosted Windows servers or domain
  • Good for small file sharing systems
  • Microsoft has a specific licensing arrangement for hosting providers
  • Cost based on cores and sockets, plus number of customers
  • Not cheap, $100's /month
  • Similar model to Azure or Amazon AWS

Offsite Backups

• Some customers use offsite hosting only for data replication (disaster recovery)
  • Do keep offsite backups encrypted
  • For any backup solution check with Legal for PIPEDA legislation
  • Cheap backup? 20¢/GiByte for storage is typical
• Backup software:
  • Duplicity for Linux
  • Cloud Berry for backup service
  • DupliCaddy for Windows (Open Source, Beta software,supports SQL, kinda slow)
    • For Windows, do full backup, then everything is incremental afterwards
    • But it keeps a synthetic "Full" in the background
  • With S3 or Azure, you can restore to EC2 -- get (almost) instant restore on external VPS -- really cheap disaster recovery
  • Back Blaze (personal backup for $5/month, also B2 backup storage, .02¢/Gibyte?, $10/month for 1 TByte?)

• indieServe keeps hard backups (USB drives stored offsite)

Backup horror stories

• Hijacked truck (backups not encrypted, nobody knows who now has access to backup data)
• Encrypted backups corrupted (physical disk damage corrupted one block of data, cypher block chaining made rest of backup inaccesible)
• Bulk files corrupted (backup file is OK, but contained invalid data, making rest of the backup invalid)
• Tape backup is still the most dense storage for immutable backups
• Mark Steffen has techniques for redundant backup storage (good for ransomware attacks, &c.)
• How much backup do you need?
  • How much data can you afford to lose?
  • Have at least one automated backup in place

Selfhosting?

• Run your own service on a VPS or shared host (XMPP, Wiki, Social media) instead of using Facebook, Google, Twitter)
• Manage your own server, colocated in a datacentre
• Getting a DSL line (with multi-link support), and running a server on premises
• Managed hosting - servers in house or colo, but contract out the SysAdmin

Webhosting Management

cPanel

• Set up WordPress, &c.
• Handles updates, patch management, backups, email
• Installatron for managing applications
• Varnish is a cache in front of Apache, for bursty traffic
• cPanel is pricey? $20/month for bare metal, less for a VPS
  • Keeping cPanel on a VPS makes it portable, allows cPanel admin to perform maintenance with no downtime

Zenserver

• A Virtual Machine host
• The free version is pretty unrestricted
• Use Zenserver to run cPanel

Cloud Linux

• uses CageFS,
• isolates users from each other

Other panels?

• CentOS Web Panel
• ISP Config
• Ubuntu MAAS
• WebMin, VirtualMin
• WHM is the management tool for cPanel
• WHMCS is a shopping cart / billing system for hosting
  • But these apps may have security issues (PHP doncha know)

Reseller hosting

• Perhaps for Web developers, who want to manage resources for their customers
• Can add multiple accounts, lets hosting provider manage growth and resources
• Could be unlimited accounts, but typically 300 GBytes, good for about 50 accounts

---

---

Blockchains

Date

Monday, 10 April 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778947/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What's a blockchain? Is this all about math? How do I make Bitcoin payments? How can I receive Bitcoin donations on my Website? Are there other blockchain currencies? What services exist for blockchain currency exchange? Is blockchain technology good for more than just Bitcoin? What blockchain tools exist for Non-Profit organizations?

Marc and Bob ask the questions, and special guest Kris Stinson will be on hand to provide the answers!

See you at the meeting!

--Marc and Bob.

• Blockchains/Meeting Notes 2017-04-10

Video

Familiarization with Bitcoin and other cryptocurrencies (courtesy of Gheorghe Curelet)

Meeting Notes

• Today we're joined by guest Kris Stinson (@StinsonKris on Twitter)
• Lots of media attention, "blockchain this, blockchain that", they're trying to sell you a database
  • Microsoft, IBM, governments (even Canada: Cancoin)
• Banks are threatened, unregulated currency (scary!)
• Japan has approved Bitcoin as a currency (legal tender)
• Legal (tax) ramifications: Capital Gains.

Video

• We watch a video with Andreas Antonopolis: Foremost educator on Bitcoin Blockchain for Beginners - YouTube

Types of blockchain currency

• CryptoCurrency Market Capitalizations
• Augur - a "betting" site; deals with contracts
• Based on Ethereum
• DAO - Decentralized Autonomous Organization
  • eg. Ethereum
  • A decision by this DAO split Ethereum into Ethereum and Ethereum Classic
  • Now there are miners working on both branches of the blockchain
  • "The mining network" determines whether a fork of the blockchain can happen

How does the blockchain determine "truth"?

• The longest chain wins
• "Rolling back the chain"
  • database
  • miners

Quantum computers?

• Will change the game!

• Winkelvoss brothers
  • Own over 50% of bitcoin?
  • This is a problem, they can determine the validity of transactions

Wallets

• Wallets are Public/Private Key encryption containers

• How to get a Bitcoin Donation buttton on our Non-Profit Organization website?
  • Just need to publish your wallet's Public Key, no "button" required
  • But Shifty Button | ShapeShift | The fastest way to swap cryptocurrencies. No account required
    • This will generate a button for multiple currencies;
    • Just copy 'n' paste your public wallet address

Other blockchain technologies

• Don't trust The Cloud?
  • Authentication
  • Filesystems

90 minutes was far too short to cover all aspects of Blockchain Technology; we'll invite Kris Stinson back someday.

---

---

Branding

Date

Monday, 13 March 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778855/

Location

Steve Izma's house, 35 Locust Street, Kitchener, Ontario Map

What's your brand? Do you have a brand? How do you choose a brand? Is branding important for NonProfit organizations? What is the value of a good brand? What is the cost of a bad brand? Have you ever changed your branding? How much work was it for the SysAdmins? Did you have re-do the Web site? The e-mail addresses? Business cards? Letterhead? What legal considerations are there for choosing a brand?

Bob and Marc have the questions, together all of us have the answers.

See you at the meeting!

--Bob and Marc

• Branding/Meeting Notes 2017-03-13

---

Meeting Notes

This meeting ended up being more about our own re-branding needs, and the business of running KWNPSA as a non-profit organization. We'll have another session in the future on Branding to discuss the experience and gather the advice of other organizations.

• We started with a discussion on the different syntaxes used in markup languages, eg. Markdown, Mediawiki, PMWiki, MoinMoin...

Hosting Services

• Many Non-Profit organizations are migrating from CCj/Clearline (Steph Smith, Cedric Puddy) to IndieServe (Mark Steffen)
• Marc Paré will take over the hosting for KWNPSA
  • Marc is currently using 123EHost.com
  • This is for the interim, until Marc has his own server set up
  • The hosting OS will be Mageia
• Mailing Lists
  • Steve Izma will be the Mailing List Manager
  • We currently have our Discussion and Announcements mailing lists on CCj/Clearline
  • Steve will look after the mailing list migrations as soon as Marc has Mailman set up
• Wiki
  • Mediawiki is being used by everyone at this meeting,
  • Currently being hosted at http://sobac.com/kwnpsa by Bob Jonkman
  • Will be migrated after Marc has set up the Mageia server

Sponsorships

• CIRA - Has provided $100 for the previous and this meeting.
• TechSoup - provides low-cost Microsoft licenses to Non-Profit organizations
  • NetSquared (part of TechSoup) is an umbrella group for Non-Profit organizations' IT staff
    • If we get a venue without A/V facilities, can NetSquared sponsorship provide, say, a projector? Marc to ask Eli...
• Microsoft
  • We will gladly accept Microsoft sponsorhip and host an evening dedicated to Microsoft products
    • Perhaps have as a guest speaker a product specialist from Microsoft?
  • We will continue to focus on Free Software / Open Source solutions at other meetings
• Google
  • Apparently Google is a sponsor or a member of NetSquared
    • but we have not seen support from our local Google office, eg. request for a venue

Formalizing the KWNPSA group

• The formal structure of the group will consist only of a Treasurer
  • Marc Paré will be Treasurer, will take care of any finances received from sponsors, donations, &c.
  • Funds received from sponsorships &c. will be used for venues, hosting costs, domain name costs.
• Bob Jonkman will ask Eli van Giessen to re-brand the meetup.com group as KWNPSA - Kitchener Waterloo Non-Profit System Administrators -- a NetSquared Group

Marketing KWNPSA

• Business cards?
  • We need someone to design a KWNPSA logo
    • The KW part is important to our geographic locale; highlight or separate KW from NPSA
  • Marc Paré has found with other organizations that business cards are just as effective as posters
• Let more people know that KWNPSA exists
  • Marc has a list of local KW Non-Profit organizations List he has contacted about 100

Meeting format

• KWNPSA has a collegial Round Table Discussion format, which suits Non-Profit organizations
  • Contrast this with formal presentations at KWLUG
  • or the social restaurant meetings of KWVoIP

Mailing Lists

• How do we deal with badly configured MUAs (Mail clients) that try to reply to the Announcements list?
• Do we need two separate lists?
  • Steve Izma will investigate the use of "child lists" in Mailman
  • "Child lists" will allow "Discussion" to receive "Announcements" so people only have to subscribe to one list
• DMARC problems
  • Steve will activate "munging" on Mailman so badly configured mail hosts like Yahoo Mail will accept messages
• We will have KWNPSA branded e-mail addresses
  • To be seen if this helps or hinders the DMARC problem
  • Lends authority to Announcements; requests for venues, &c.
    • Marc Paré marc.pare@kwnpsa.ca
    • Steve Izma sizma@kwnpsa.ca
    • Bob Jonkman bobjonkman@kwnpsa.ca
  • Available to anyone who helps organize the group

Wiki

• Meetup.com is closing its Discussion Forums where we used to publish Meeting Notes
  • Paul Nijjar has a .gzip file of all meeting notes
  • Bob Jonkman will upload these to the Wiki (they're in the Public Folder as npsa.tar.bz2)
    • Public folder (RO): http://sobac.com/owncloud/s/CQr2YmVw6VZ91We
    • Upload folder (R/W): http://sobac.com/owncloud/s/35Gyy6yTOG5Ak9z (contact Bob Jonkman for the password)
  • Steve Izma will write a script to convert these from Markdown into Mediawiki syntax and upload them
• Bob has been testing different data structures on the Wiki, eg. transclusions for meeting announcements, sub-folders for meeting notes.

Branding

• Description of group: Resource Group for Information Technology in Non-Profit Organizations
  • Similar to a Mission Statement, if not identical
  • Also the Vision -- use one phrase for all
  • We will refine this description on the Discussion List with other members
• Are we KWNPSA or KW-NPSA?
  • It's a non-issue, we'll spell it out in full on posters and whenever we make announcements
  • Let's see what the Business Card designer does

Venue

• Marc Paré will pursue Communitech and the Downtown Community Centre for "venue sponsorship"
• A venue at Google may not be possible (high security facility)

Meeting notes taken by Bob Jonkman.

---

---

1. REDIRECT Social Media/Meeting Notes for 2017-02-13

---

---

Estimating Time and Resources

Date

Monday, 16 January 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260371/

Meeting Notes

https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50529155

In IT we are often asked to estimate the time and resources assorted tasks will take. Often these time/cost estimates are tied to funding, grants, and resource allocations. Unfortunately, many of us struggle at coming up with estimates more accurate than "it will take longer than expected". What are some strategies and best practices we can use to come up with better estimates? Under what circumstances does estimating things become easier? Harder? Under what conditions should we spend a lot of effort making estimates, and under what circumstances should we not?

When have you had good experiences making estimates? When have you struggled?

As always, bring your experiences and questions. Also, please spread the word about this meetup so that more people who do nonprofit systems administration will become aware of it.

• Estimating Time and Resources/Meeting Notes for 2017-01-16

---

Announcements

• Laptop Rescue Mission this Saturday, 21 February 2017, 4-8pm
• Does somebody want to take over the group?

Taking Over the Group

• Is there a venue available?
• QSC is noisy
• Other TWC spaces need staffing
• Meeting at Steve's house?
• Will anybody take the mailing lists?
• New organizers: Bob Jonkman, Marc Paré.
• Should we be on meetup?
  • mailman does some of this
  • NetSquared does not help with promotion
  • meetup has a large user base
  • there is a blog and a wiki already
  • there is a twitter account
• They want the group to be face to face
• Bob likes the peer to peer conversation

• March meeting's at Steve's house
• Marc will look for other venues
• Communitech has space available to tech groups: Marc

• Moving the mailing lists: Steve
• Marc can host on his server and get a domain name

• Future topic: Project management software

Meeting Notes

Discussion Points

• What are strategies and best practices to get better estimates?
• Under what circumstances does estimation become easier?
• Under what circumstances does estimation become harder?
• When should we spend a lot of effort making estimates?

Discussion

• Horror story: server installation
  • building a server room that needed dedicated cooling
  • he estimated power consumption of each device
  • UPSes only need to be sized for the running current (they are built to handle startup current already)
  • He ended up overestimating by three times
  • The air conditioner would freeze the pipes and everything would shut down
  • He looked up currents instead of measuring them
  • How do you deal with the exhaust heat?
  • The UPSes had meters for measuring electricity draw
  • But then they dismantled the server room for other reasons

• When is it easy?
  • Figuring out spending is easy?
    • In the horror story they sized based on existing equipment
    • Looking up specs can be difficult
  • Never?
  • When you have done this project before?
    • There are differences between software and hardware
    • But sometimes you make software similar to the stuff you made before
  • When you can look at projects similar organizations have done?
    • How do you get that information?

• Mythical man month comes into play
  • You cannot predict how managers will manage the project

• Example: replacing a network was the single largest line item

• It is harder than you think always

• There is always effort associated with making estimates
  • When is it worth the effort?
  • When projects are expensive
  • When projects are tied to specific grants

• Waterfall vs agile software methodologies
  • Don't estimate everything at the beginning
  • Can you make estimates a little at a time?
  • But budgets are always waterfall, not agile

• But we tend to overengineer things
  • But then your results are rejected

• Projects always have unanticipated things

• It is expedient to underestimate costs to win contracts and political support
  • What will future maintenence costs be?
  • If you lowball costs then you get approved
  • Who pays for the overage
  • But operational budgets are overestimated so that you get a surplus later
  • End of year rollovers are political
  • Surpluses are seen as weaknesses, not frugality
  • This applies to nonprofits as well
  • Bureaucrats look good when they give large amounts of money
  • There are not good incentives to share funds across departments/projects

• Does that mean IT is always having to convince management for funds?
  • IT is always a cost sink
  • But technologies can reduce labour costs and stop people waste time
  • Workers should enjoy the additional gains from productivity gains

• How do you position yourself so that you get buy-in?
  • Get the people who are affected to talk to management too

• Sometimes estimates are done to argue for funds and sometimes they are used to find projects that should not go ahead

• If you know that you are going to need something then just go and do it
  • But senior management does not trust the estimates, so they hire consultants, which causes conflicts

• It is less important to estimate when you have projects that can be done in small stages (instead of projects that need to be done all at once).
• If the project is small it makes less sense to make estimates
• Pilot projects can help figure out long term costs

• Projects can be broken down by scope

• Sometimes estimates are not honest, but designed to underbid the competition
  • Who pays for the overruns?
  • There can be penalty clauses in these contracts
  • Getting the lowest contract can be a problem
  • If you incur penalties you get taken off the list of approved contractors, but you just change your name and try again
  • This can result in lawsuits
  • There can be completion bonds, etc
  • As soon as lawyers get involved costs go up dramatically

• It can be a problem when sales team promise things without telling engineering

• Doing estimates can give you a ballpark about the costs
  • but now you may have to have consultants vetting other consultants

• To some extent you can play vendors off against each other
  • Big software companies will have pre-sales engineering teams to help you figure out your costs
  • They can also outbid you if they want

• How do you deal with projects where you have blown the time constraints?
  • You can hire subcontractors
  • Drop parts of the project

• RFPs can tell you what they have to offer
  • They can help you anticipate some of the pitfalls

• Do requirements documents of what you need
  • Talk with the vendors/engineers from the companies
  • But the vendors will not tell you the horror stories

• People's behaviours can change once the ystem changes
  • eg people beginning to use email as file storage

• Breaking down projects into chunks
  • This shows you things that you are missing
  • Then you can better understand what the project is
  • Start aspects of the project that you can learn from and what different tasks are involved
  • But you cannot do this with monolithic systems

• Fixing technical debt is more work than starting fresh

• Don't be tempted to give the estimate right away
  • Be prepared to charge extra when the estimates increase

• Sometimes competitive bids boil down to who you know?
  • This is not necessarily bad because of trust
  • But the well-known vendors have more experience winning these bids
  • If you start out at a big vendor and branch out on your own you can receive trust

• Talk to other people who have done the same thing

---

---

Documenting Things

Date

Monday, 12 December 2016

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260323/

Much of our September meeting revolved around documentation. How do we ensure it gets written when there are so many other priorities? How is it maintained so it does not go out of date? How do we index it so that it is easy to find the information we need when we need it? What tools have we found most helpful in creating and maintaining documentation? What things are important to document, and what things can be skipped? As always, bring your experiences and questions.

• Documenting Things/Meeting Notes for 2016-12-12

---

Meeting Notes

(Notes by Martin Edmonds)

Best Practices

• Create documentation for users: “How To” & “FAQ” documents on Wiki so it can be self-serve or you can pass on links when users ask questions
• Consider formats for defining requirements:
  • Consider: security, auditor controls, speed, backups, file permissions
  • Ask client where data coming from
• Weigh balance between: need for documentation versus the effort that it requires to develop
• Don’t document same info in multiple places or it is more work to maintain
  • Get data into a structured format that data can be entered once and it will ripple through to every relevant place
• Too much documentation may never be used; Keep it simple with what is most important
• Know your audience
• Videos have advantages, but you can’t scan through or search to find what you want
  • Short instructional video on a specific topics can be helpful
• Consider security: are multiple levels of access required to documentation
• Consider paper versus electronic forms of documentation
• Think about what someone would need and how they would find it, if you are not around to show them.
• Keep it in a standard place. Don’t keep documentation on your personal computer or account, because other people won’t be able to find it.
• Keep in a place where you can give access to someone else but is not accessible to people who should not get it
• Include examples in the documentation
• Include why you did something (not just what you did)
• How do we make sure that it is done
  • Make it easy to document
  • Allocate more time to do documentation
  • Set aside time at the end of each day to update documentation based on what you worked on that day
  • Document as you do it

What to Document

• Enough to get a person started (in case person with knowledge is no longer available)
• Overview of where documentation is. (big picture view)
• Explanation of what is done on repeated basis at certain times (eg. Holiday posting done each year)
• Document characteristics of users. For example: user expectations, knowledge, tendencies, tolerance for flaws, etc.

Tools

• Word processor is not ideal since the documentation should be structured so that it can be queried
• Wiki: forces you to think of structure; easy to create new links to new pages; good for collaborative authoring; manages revisions;
  • A wiki is not as simple to use as a word processor, but non-programmers can update document using wiki
  • Using a wiki may discourage some people from commenting because of learning curve
  • Requires a good editor
  • Can preview documentation through wiki
  • Wiki is not great for multiple security levels of access to documentation
• Tools to consider
  • OneNote
  • “Remarkable” use on a tablet for taking notes at a meeting
  • Data Base: such as Access
  • Cloud based: Eg. Google Keep, Google Docs
  • Sharepoint
• Video and screen capture: eg. SnagIt or Jing or
• Tools that come with Windows: “Recording Steps” or “Snipping Tool”
• Word processor or spreadsheet are very easy to use, That is what people know how to use. Those are not ideal, but any documentation is better than no documentation
• Ticket system which will capture what you did to resolve issue
• For documenting Network: “Lan Sweeper” or “nmap”

---

---

Thanks to Martin Edmonds for moderating this month.

Event announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Meeting notes: https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50337067

Regulatory Compliance

Date

Monday, 14 November 2016

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow? How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission? How do the SysAdmins get along with the Lawyers? When is encryption required? What do you encrypt and when?

• NPSA Meeting Notes for 2016-11-14

---

Meeting Notes

• Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
• In addition to govt regulations, must consider industry practices & standards
• Following of the Ont. Non-Profit Corporations Act (ONCA
• Maintenance of email lists:
  • use double opt-in
  • using email lists only for stated purpose
  • offer mechanism for requesting to be removed
• On website for incorporated organization (In Europe, but not yet in North America)
  • need to specify if cookies will be saved
  • need to specify physical address (required in Europe)
• Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
• Adherence to Copyrights laws when photocopying
• What responsibilities does organization have when providing internet access to public
• Audits from organizations that grant non-profit status or organizations that provide grants
• Software audits (Eg Microsoft ensuring license adherence)
• Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person

Storage

How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?

• LotusNotes used to route a document and get sign-offs along the way
• Block chain systems (discuss further in future meeting)
• Electronic forms on secure file server or encrypted device
• Encrypted data.
  • TrueCrypt
    • There are some known vulnerabilities in the Windows version.
    • Veracrypt is a fork of TrueCrypt).
  • Luks container
  • Offsite (using send command)
  • ZFS (a file system)
• Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
• Encrypted email systems eg. Enigmail (a thunderbird plug-in)
• Online service to encrypt mail eg. Proton Mail, and Tutanota
• Signal, Telegraph, and WhatsApp for encrypting instant messages

Potential topics for future meetings

• Block chain systems
  • Book: London Review of Books had two stories by the same author Andrew O’Hagen
  • Ethereum (a programming environment built on top of Block Chain)
• Accessibility rules
• Document storage formats (ODS, etc.) could be combined with document management systems

---

---

KWNPSA Meeting Notes for 2016-10-17

---

---

KWNPSA Meeting Notes for 2016-09-19

---

---

Financial Software

Date

Monday, 15 August 2016

Event Announcement

http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/232234165/

What kinds of financial software are appropriate for nonprofits? What does your organization use? What work is involved in supporting it?

• Financial Software/Meeting Notes for 2016-08-15

Meeting notes

https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50064445

Questions

• What financial software does your organization use?
• How do you migrate between software?
• What considerations do you factor in?
• How do you support this software?

Announcements

• Upcoming meetings? Fold the group?
  • Free software for nonprofits

• What do we want out of the group?
  • Proselytize free software? How do we get others to adopt free software?
  • What makes people use free software vs proprietary?
• Hiring policies. Windows people are replacable?

• Recruitment drive?

Meeting Notes

• It was difficult to get accounting software for Linux without paying a fortune.

• We should be concerned about financial software
  • Writing different interfaces (eg for batch jobs) is difficult

• Sysadmins usually do not decide this software. Accountants do.
  • There are specific needs for payroll, HST, auditing
  • There is a high learning curve

• Brendan uses SAGE because of payroll
  • Quickbooks requires a service to deal with payroll
  • Personally Brendan uses GNUCash

• NewViews
  • hierarchical accounting that looks like a spreadsheet
  • It was made for DOS and Windows
  • It has a high learning curve
  • TWC moved from the DOS version to Windows

• People at banks prefer correctness over efficiency

• Brendan keeps tracks of accounts for several nonprofits
  • They were both using some ancient DOS program
  • They migrated their infrastructure to Access databases
  • They have multiple systems that have to manually reconcile things?!!!??!!?!!

• It is possible to use TeX as an accounting system
  • With spreadsheets as input
  • Who else maintains this?

• Why can't some Drupally solution come in and take over this space?
  • There are consulting companies: eg http://www.parit.ca/

• The core of financial software are:
  • Sales
  • Financial transactions
  • Different accounts

• The non-cores:
  • Reports to funders
  • Payroll

• (ObTopic) Is the cloud going to eat everyone's lunch?
  • Freshbooks is on all the podcasts

• Integrating with banks is not so easy with GNUCash
  • You also have to make sure the cheques have been written correctly

• How about hledger/ledger?
  • https://gitlab.com/egh/ledger-autosync
  • http://captin411.github.io/ofxclient/

• Why can't this all be federated?
  • IIF : Intuit Interchange Format (proprietary)
  • OFX : open standard used by Microsoft Money : http://www.ofx.net/
• Not an API thing?

• Companies vary in what their expenses are and their categories?

• In publishing:
  • There is some key information in invoices
  • People need to respond to invoices from printers
  • Different industries have come up with their own standards (EDI)
  • EDI: Electonic Data Interchange
• Used for Business to Business transactions
  • Banks have worked out how to exhange data amongst themselves

• In libraries: somebody wrote http://www.libraryelf.com/Default.aspx­ that requires you to give your credentials, and it tells you when your books are due.

• Companies decide WHEN to pay invoices to maximize their cash flows
  • If you pay early then maybe you get a discount
  • Can computers help with some of these problems?
  • You favour certain relationships over others

• Quickbooks works under Linux using WINE?

• Studio Tax and UFile will work for tax returns in WINE
  • http://studiotax.com/en/

Considerations

• What people know
  • People like their Word and Excel
  • Migration costs are very high -- there has to be lots of benefit

• There are a bunch of updates to payroll and HST
  • The software is always under development

• Upgrade costs are very high -- once you make a choice you are kind of stuck

• Accounting software needs to be customized to the particular needs of the organization

• Internal formatting is different from reports
  • If internal structure is good then maybe making add-ons is feasible

• Humans will have to input most of the transactions?
  • But there are point of sales
  • Accountants need to verify the receipts
  • Robust interfaces are important to avoid input errors

• Can the bookkeepers use the software?
• Does the software interface with the services (ADP) that the organization uses?

• What are the security implications of data breaches?
  • Information leakage about things?
  • Corporate surveillance? Future products?
  • Know what your prices are?
  • Know what different employees are paid?
  • Medical/dental data

• Maybe you can't have plugins because that has the potential of violating integrity
  • Can't proper transaction logging fix this?

• You close books at the end of the fiscal year
  • This freezes accounts

• https://sfconservancy.org/npoacct/

Migration

• Take an end of year fiscal snapshot
• Move the summary to the new program

• Quickbooks will let you upload your desktop information to the cloud
  • But you can't get the data back!
  • Maybe the competitors will let you upload to THEIR clouds
  • But Quickbooks does not support backwards compatibility on the desktop either

Back to: KWNPSA Meeting Notes

---

---

KWNPSA Meeting Notes for 2016-06-13

---

---

KWNPSA Meeting Notes for 2016-05-09

---

---

KWNPSA Meeting Notes for 2016-04-11

---

---

KWNPSA Meeting Notes for 2016-03-14

---

---

KWNPSA Meeting Notes for 2016-02-08

---

---

Estimating Time and Resources/Meeting notes for 2016-01-11

---

---

Collaborative Editing Tools

Date

Monday, 14 December 2015

Event Announcement

http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223909896/

How do people work together? How do you deal with privacy concerns? What tools work and what have problems?

• OneNote
• Etherpad and friends
• WebEx

• Collaborative Editing Tools/Meeting notes for 2015-12-14

Meeting notes

for 14 December 2015: 

Many users want to use collaborative editing tools.

• What do you use?
• How do you deal with privacy concerns?
• How do you manage backups?
• What are the strengths and weaknesses of these systems?
• When are they best used?

Options

• Wikis
• OneNote
• Etherpad
• WebEx
• Slack (Mattermost?)
• Sharepoint
• Google Hangouts
• Google docs

Observations

• GoToMeeting is better than WebEx
  • WebEx: poor audio
  • Pretty expensive? ($50/month)
  • Like Skype for 1-many

• There are different classes? Wikis are different from WebEx

• Wikis: collaborative editing
• GoToMeeting: realtime conferencing/interacting

• How can people work together on documents?

• LibreOffice tends to use Google Hangouts
  • Hangouts allow multiple video and sound
  • LibreOffice will also use IRC
  • This is for discussions
  • The kids use Google for everything

• Google docs allow you to edit simultaneously and chat
  • They have versioning
  • Marc backs up Google docs once a month into a zipfile
• You can choose the format
  • Should we all embrace the Google?
• LibreOffice is trying to work on OneCloud
• This could be released next spring
• The internal file structure is well known
  • Google Drive will let you mount a drive for Google Docs

• LibreOffice will let you edit files from Dropbox
  • This is different than having documents mirrored on local drives?
  • LibreOffice is a "do what you like" community
  • eg there is little interest for any Android devs to develop an Android version, so they are contracting out the work.

• OwnCloud lets you edit LibreOffice collaboratively (without locking)
  • This is like Etherpad
  • But you cannot do spreadsheets

• Wikis are for structured text; Google docs are not (necessarily?)
  • You need guidelines to put documentation into reasonable shape
  • You need to handle your backups yourself
  • Images have to be handled differently
  • Back up each database separately
• Bob generated a 300MB --all-databases file
• He cannot restore the database properly
• Does that mean his file is toast?
• No, because he can chunk it apart
• But that is difficult

What do we want for collaboration?

Why is it more helpful to have multiple people collaborating?

• Conference organizing: You can have 5-6 people on a conference call all looking at the same spreadsheet.
• How do you decide who is taking care of each part? You play nice.
• The editing is not completely random
• Do you need to have a meeting? Not necessarily
  • eg Agenda items
  • eg collaborative web page editing (Etherpad/UbuntuPad) with text chatting

What is a typical number people who can play nice?

• Maybe 10?
• Sometimes a few people dominate
• Some people can't work like this; they have to take the document home
  • But some people think they want to take the document home and then are won over to collaborative meetings
• Some people wreck everything and thus have to be limited to commenting

Grammar skills can be an issue. Can you assume good grammar?

• As they type content you can follow behind and edit
• It is most important for people to get their ideas out

This is similar to a writer's group

• Comments should be constructive
• This works best face to face (because criticism is hard)

People don't go into technical writing because you like creative writing

• Clarity is important in both, however
• Marc's group was reticent to use Google Docs at first, but they were won over
• They found chat to be efficient while editing the document
• He found the visual (Skype) harder

Marc worked on mumble for voice chat

• It is low resource

Is face to face or messaging easier? It depends on the group.

How do you choose the right tool for the job?

It is easy to put bullet points into a document and then organize after

How do you come up with protocols for collaboration?

• Marc's group was ad-hoc, but roles (leader, secretaries) tend to emerge
• There is trust involved

LibreOffice uses a lot of wikis

• Marc thinks they need WYSIWYG because the barrier to editing is too high
• You don't get good content so people get frustrated and leave
• The people LibreOffice is trying to support people who do not necessarily have good editing skills
• Do people who learn office software learn good styles?
  • It does not matter. The ideas are important
• What is the bridge between thoughts and markup?
  • Wikipedia is working on WYSIWYG tools
• Is Wikimedia not receptive to this?
  • Drupal 8 has in-line editing now?

Should people have the right to NOT learn markup?

• If you force people to learn then you raise the barrier to entry
• That makes people elitist
• If the barrier to entry was lower then more people would end up learning the system
• Should people be forced to edit in Word?
  • Smart people have the ability to learn it

(Oh no! Markup!)

Marc doesn't like Mediawiki because it is hard to are able to edit it in his group.

• People use all kinds of other tools
• What about eating our own dogfood?
  • The initial documentation was not published in ODT

• Should people be forced to edit in Word?
  • Smart people have the ability to learn it

Slack???

• Everybody loves slack
• Slack is the email killer?
  • Easier to search (with group chat?)
  • It is like a searchable newsgroup? mailing list?
• Do you have to go to the site in order to get the content?
• Conversations are collected chronologically so it is easier to go through them than on email chains

Gmail labels deduplicates messages into pointers to folders

How do you avoid the standards problem? Having yet another place to look for stuff.

Finding stuff on Etherpad and Ubuntupad is difficult unless you bookmark items with useful labels

It is impossible to search across Etherpad documents

Redmine can also be used for collaborative work

• Less useful for collaborative work?
• Ticketing assigns work to people : less good for volunteering
• Closing abandoned tickets is difficult (and frustrating!)

Matching employers to job-seekers?

• Use a dating site?
• Donor management software?

progress.com : Database company

• Record-oriented (vs set-oriented)
• It is its own language
• eg Home Hardware point of sale
• http://www.progress.com/customers/

Moodle

• Tim uses it
• It has a learning curve

VPSes

• DigitalOcean
• CloudAtCost
• Linode

Factors in collaboration

• Concurrent or not?
• Are you producing a document out of the tool or not?
• Does the document need to be exported or not?

Sidetrack: community foundation for the arts

• They are in every city?
• This is different from CEI
• The community foundation was giving CEI some money too

Back to: KWNPSA Meeting Notes

---

---

KWNPSA Meeting Notes for 2015-11-09

---

---

KWNPSA Meeting Notes for 2015-10-19

---

---

KWNPSA Meeting Notes for 2015-09-21

---

---

1. REDIRECT All About VoIP/Meeting notes for 2015-08-17

---

---

Keeping Remote Sites Up To Date

Date

Monday, 13 July 2015 from 7:00pm to 9:00pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223189124/

Location

The Working Centre, 58 Queen Street South, Kitchener Map

This month we will be talking about how to deal with multiple locations within an organization. We will be discussing things like file sharing setups for more than one location, communications between locations, different router types for VPN and such, etc....

Multiple locations may mean more than one office building, or other situations like employees who work from home or other remote locations.

• Keeping Remote Sites Up To Date/Meeting notes for 2015-07-13

Meeting Notes

What kinds of remote sites do you need to support/connect?

• Second location
  • public facing location at one site
• People working remotely without having an office

What things do remote users need to do?

• File sharing: spreadsheets, word documents, PDFs
• Database use

What tools do you do to enable them?

• Sharepoint site for sharing documents
  • Brendan uses an older version
• Syncing files between file shares
• Windows Server Remote App
  • Small Business Server and Essentials
• Moving files to the cloud
  • hosted server
• Syncing with dropbox
• Office 365 transitions workflow to the cloud
• VPNs
  • Complicated for users
  • SecurePoint client makes it easier
• Cisco mobility to connect (forwards all traffic via the VPN?)
  • Local storage with encrypted storage
  • files are stored remotely
• Windows BranchCache?
• Bittorrent sync, Dropbox, Syncthing
• Caching servers that sync overnight
• Microsoft DFS Replication (don't bother!)
  • OneDrive for Business is still not working
• OpenVPN over OpenWRT
• Hamachi
• SSH tunnelling for remote access
• Remote support: SSH tunnelling, VNC, Fuse and SSHFS
• ownCloud with WebDAV
  • ownCloud does not do symbolic links very well (OK on synchronized clients, not on WebUI or WebDAV mounts)
• WebEx (free for first three clients)
  • http://www.webex.com/products/remote-support.html
• http://www.remoteutilities.com/download/ : free for 10 clients
• AWS cloud?
• Using git for synchronization

What clouds are easy to set up?

• ownCloud on VPSes or your own servers

What is painful?

• Attaching remote files to local email
• Syncing multimedia files (photos)
• Downloading things from the VPN is slow
• People want things to work without learning anything
• Initially contact to a remote client: how do you get them setup?
  • join.me, bomgar, TeamViewer, screensharing with Skype (slow)
• Users do not provide enough detail
• Slow connections on the remote end
• ADSL connections with slow uploads
• Can we stop the cloud?
• Synchronizing calendars
  • ownCloud WebUI does not provide all the tools to manage appointments
  • What webdav clients exist for Android? acal, solcalendar don't stay synchronized
  • SunRise calendar: https://play.google.com/store/apps/details?id=am.sunrise.android.calendar
  • business calendar: https://play.google.com/store/apps/details?id=netgenius.bizcal
  • There is an Exchange connector for Android

Troubleshooting mobile devices?

• Remote support viewing on smartphones? WebEx, LogMeIn

Other considerations

• syncing over DSL
• online collaborative systems for sharing documents
• newer versions of Sharepoint allow concurrent editing of documents
• confidential/sensitive information being uploaded to The Cloud (tm)
  • But any computer that is online is on the Cloud
• Storing medical information on the Cloud?
• VPN routers?
  • They have VPN servers themselves (IPSec and PPTP)
  • How do they find the clients? They use a road warrior setup
• German company: SoftMaker (word processor software)

ISPs

• Execulink supports vDSL now?
  • http://www.execulink.ca/business/internet/vdsl/
• Teksavvy has business offerings
  • They have good support
• Yak
• Eyesurf : okay but limited
• Acanac ?

Back to: KWNPSA Meeting Notes

---

---

Keeping Computers Up To Date

Date

Monday, 8 June 2015 from 7:00pm to 9:00pm

Event Announcement 

Keeping Computers Up To Date/Meeting Announcement 2015-06-08

Location

The Working Centre, 58 Queen Street South, Kitchener Map

Updating Desktops

You thought it would never happen again, but we are in fact holding a second Nonprofit Sysadmin meeting this Monday, June 8. As we did introductions last month I tried to collect some themes as future discussion topics. Somewhat arbitrarily, I propose that Monday's meeting be about keeping systems (specifically desktops) up to date:

• What tools do you use to keep desktops up to date? (Windows or Linux, or other)
• What tools do you use for third party updates (Flash? Adobe Reader? Hateful Java?)
• What tools do you use to monitor and ensure that updates are happening?
• How do you prevent desktops from filling up with spyware and other nonsense?
• For Windows people: what are you doing about the Windows 10 upgrade offer?

We will meet starting at 7pm at the main Working Centre building, 58 Queen Street South. Bill says that there is free parking kitty-corner from the Working Centre, on the other side of Charles.

If you know of interested sysadmins who might be interested in our conversation, please invite them to the meeting.

- Paul

• Keeping Computers Up To Date/Meeting notes for 2015-06-08

Upcoming meeting topics

• July: Administrating remote locations and people who work from home
• August: All about VoIP

Here are the bullet-point notes I took from tonight's meeting. (Paul Nijjar)

Someone needs to remind the list about how to get information for logging into the wiki.

Meeting Notes

Updating Computers

Linux

• Run apt-get manually
• apticron: emails when there are updates
• unattended-upgrades: does security updates automatically
• apt-dater: run updates in parallel
• rkhunter
• chkrootkit

Windows

• Download and ask to install
• WSUS updates
• Download updates and shut down

Third Party Updates

• ninite.com
• wpkg.org
• chocolatey.org
• wsusoffline.net

Restoring computers

• DriveVaccine (SUCKS)
• SteadyState (RIP)
• SteadierState
• Faronics DeepFreeze
• Virtual terminal servers (Multipoint server)
• Ubuntu with guest account
  • PlayOnLinux: install Wine easier
• DelProf

---

---

KWNPSA Meeting notes for 2015-05-11

---

---

(KWNPSA Upcoming Events)

(KWNPSA Past Events)

(KWNPSA Meeting Notes on one page)

(KWNPSA Requested Topics)

Meeting Notes

Alternatives to E-mail

• Aren't we all on Slack by now?
  • Slack has some free options, also paid ones
  • eg. voice and video options
  • E-mail threads have messages and reply text, but slack has just the continuous stream-of-consciousness
  • Bots: "What's my schedule on Thursday?", "Bot, book me lunch with Kirk on Tuesday"
    • Regular expression bots, "human in the loop" bots, and "IBM Watson" hyperintelligent bots
    • Bots really made it, turned Slack into a marketable product (opened the platform, API)
  • But whatever happened to Google Wave and Google Buzz?
  • Is there a Slack-to-Email bridge? Maybe on Rocket.Chat
    • Privacy and datamanagment concerns: who stores your chats? streams? e-mail?
  • Spammers on Slack? It's a closed environment, you know your spammer (unlike e-mail)
  • But there can be public "Talk to a sales rep" windows
• Kik also opened their platform
• Rocket.Chat - "Slack-alike"
  • web client & phone apps
  • e-mail gateway, LDAP gateway
  • Drag'n'drop filesharing
  • Self-hosted, on Ubuntu as a Snap
  • Self-hosted, so you have control over your own data
  • kwvoip.ca may set this up...
• XMPP - Cisco bought Jabber.com (now Cisco Jabber)
• Matrix / Riot

Ease-of-Use

E-mail is so easy to use, people use it for everything

• File storage
• Instant messaging
• Archival storage
• Operating System?
  • Heard of people who use git as a mail repository

Difficulty-of-Admin

• Struggle with Exchange and Outlook
  • Weird problems, eg. indexes
  • Would weird problems like indexing exist on Office365?
• Large systems are constrained only by the time and effort of the SysAdmin
  • Or sufficient funds to purchase vendor support

Spam Mitigation

• Large mail providers silently drop some mail, receivers and senders have no idea it's not delivered
• Need to bring mail filtering inhouse
  • Opinion that the only effective filters are Bayesian filters on content, not geo-blocks, IP-blocks, or domainname-blocks

• DMARC and DKIM (both broken for mailing list use)

• Dealing with blocklists
  • Blocklists are reputation managers
  • Small orgs sending mail are incorrectly identified as spammers
  • Blocklist providers have no incentive to lift blocks based on the requests of senders (otherwise every spammer would make that request)
  • Recipients of failed messages need to contact their mail providers to stop the mail providers from subscribing to bad blocklists
  • Filter provider needs to hold the spam for subsequent retraining (problems with privacy and data control)

• Organizations block access to external mail providers
  • (block ports for SMTP:25, MSP:587, IMAP:143, &c.)
  • Must use smarthosts on ISPs
  • Web clients to read/send e-mail from external providers
    • Horde
    • Squirrel Mail
    • RoundCube
    • Nextcloud mail app (based on Horde)

• New legislation for mass-mail (starting 1 July 2017?)
  • Canada's Law on Spam and Other Electronic Threats - Home - Canada's Anti-Spam Legislation
  • Mailing lists? OK for non-commercial organizations that don't sell or solicit funds.
  • Fundraising? OK as long as there is a paragraph in the message that this is for fundraising.

Back to: KWNPSA Meeting Notes

---

---

Malware

Date

Monday, 12 June 2017 from 7:00pm to 9:00pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/239940239/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Breaking News: Dozens of countries affected by ransomware cyberattack (CBC News, 12 May 2017)

Are you protected from malware? On your desktop computers? On your servers? Does your staff have malware protection at home? Is anti-virus software enough? What's "ransomware"? What's the difference between a virus, a trojan, and a phishing attack? Does it matter? How do you protect yourself from malware? What's the best way to react to a malware outbreak? How do you recover from a malware attack?

We'll share our experiences in a round table discussion, and perhaps have a guest from the industry to provide some of the answers.

--Marc Paré and Bob Jonkman

• Malware/Meeting Notes 2017-06-12

---

Video

Malware discussion at NetSquared KW meetup (courtesy of Gheorghe Curelet)

Guest: Scott Smith

• Tekkshare demonstration by guest Scott Smith
  • A Goods-and-Services marketplace for technical stuff based on Sharetribe
  • Invitation for KWNPSA members to sign up, will waive commission for first year

Meeting Notes

Malware experiences

• from the days of floppy drives

• WannaCry ransomware
  • seemed to be more prevalent on Win7, not so much WinXP
  • Video on encryption in WannaCrypt ransomware: How WanaCrypt Encrypts Your Files - Computerphile

• Malware vulnerability assessments
  • https://www.spacelabshealthcare.com/wp-content/uploads/2017/05/WannaCry-Malware-Assessment-and-Compatibility-Statement_23_May_2017.pdf
  • https://www.sans.org/ has vulnerability reports

• SSL Certificates and PKI
  • Anyone who pays enough money to browser vendors can be included as a Certificate Authority
  • Some CAs have issued invalid certs for well-known domains, eg. DigiNotar and google.com
  • Certificate Authority Authentication is designed to protect against that threat: An Introduction to Certification Authority Authorization (CAA) - SSL.com

Platforms

• Apple malware, adware
  • Nothing super malicious, but affects the browser, user libraries inc. user preferences
  • Backup with TimeMachine, but that takes malware with it
  • Free TV websites and proxy sites seem to be sources of malware
  • Manual restore (not Time Machine) to restore each file individually
  • AdAware bought by Malwareytes, good for Apple platform, free for home use: Malwarebytes | Malwarebytes Anti-Malware for Mac

• Android
  • Large platform, biggest vulnerability
  • Old, refurbished phones may be vulnerable, they don't get updates
  • Same for routers, security cams
  • Fragmentation in market, but providers (Samsung, Verizon) don't provide updates after a year or two
  • Reluctance to update phones because it takes too long (10 minutes!)
  • People are more likely to replace a device than upgrade it
    • Both on desktop and mobile devices
  • Change is scary, some people can't even deal with a moved icon on the desktop
  • SysAdmins are not able to meet the expectations of clients
  • Google is taking heat for lack of Android updates
    • Thought it might have been like GNU/Linux distros (stable, testing, Sid), didn't work out that way
    • Proprietary applications contribute to this, only Google can upgrade their apps
    • CopperheadOS tried to address this with a secure Android OS, but constantly battles Google and vendors

People believe things are secure because they've paid the vendor lots of money, they don't pay the vendor lots of money because the products are secure.

Best defence: Make our purchasing decisions based on public data of vulnerabilities

• More security resources:
  • https://www.cisco.com/c/en/us/products/security/threat-grid/index.html
  • https://www.entrust.com/certification-authority-authorization/

Mitigation

• Software for Non-profit organizations available from TechSoup: Server & Security Software | TechSoup Canada

• Treat the end-user as an adversary
  • Focus on recovery instead of avoidance
  • But should we treat people as adversaries? Technical solutions are not a panacea
• Backups!!!
• Risk management -- given enough time, the probability of being affected approaches one
• Training is necessary, but not sufficient

Defence in Depth

• Backups, backup rotation, offsite backup
• Training
• Updates
• Offsite storage (Cloud), store deleted files for 90 days (version control)
  • But privacy issues with out-of-country routing and storage
• Buy-in from management to provide enough resources (money)
• Honeypot, canary - let SysAdmin know when certain files are being touched

Staff needs to know this Defence-in-Depth is being done, and when

Recovery

• Some people don't care about their data, just re-image the computer
• Shadowcopy in Window -- only Administrator has access, can't be encrypted by ransomware
  • But malware knows Shadowcopy is a good idea, and will try to bypass

• How can you tell your files are encrypted?
  • Applications can't open their data files
  • Some malware leaves messages "This folder is encrypted"

• Stiller software (c. 1995) to identify modified files with checksum appended to all files; won't open or execute compromised files

Meeting Administration

• Time limits? 8:30pm
  • Stay on topic
  • May start at 6:30pm? Consensus, not...

---

---

Offsite Hosting

Date

Monday, 8 May 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237779027/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Where are your servers? Are you self-hosting? Have you thought about professional hosting? What services does a professional hosting service offer? Do you need shared hosting? Do you need a VPS? What's a VPS? What's a colocation site? How much will all this cost?

Come share your experiences with self-hosting, shared hosting, and VPSes. Bob and Marc have the questions, and special guest Mark Steffen from indieServe Networks will have the answers.

See you at the meeting!

--Bob Jonkman and Marc Paré

• Offsite Hosting/Meeting Notes 2017-05-08

---

Video

Offsite Internet servers hosting - YouTube (courtesy of Gheorghe Curelet)

Meeting Notes

• Today's guest is Mark Steffen from indieServe Networks

Selecting a hosting provider

• There's no "One size fits all"
• What do you need?
  • Disaster recovery?
  • Microsoft licensing?
  • E-mail hosting?

What kinds of servers for a host?

• Dell servers at one place
• Had HPs, didn't mind them
  • indieServe has some HP servers for colocation
• Lenovo, but there was BIOS based malware
  • Liked IBM servers, anecdotally liked the reliability
  • indieServe has all Lenovo servers

Offsite Hosting Problems?

• Shared hosting was OK for a while, but host was asking for more money
• Another company seemed perfect shared hosting (using WordPress),
  • Works today, but lots of complaints on Facebook, so he no longer trusts
• Backups?
  • Yes, keeping your own backups in addition to using the hosts' backups

indieServe Networks

• indieServe is hosting for KWLUG, KWVoIP, FairvoteWRC, KWPeace, &c.
• About $10/month for shared host
  • No limits but on the honour system
  • Keep it to one company per shared host
  • Local non-profits may be able to get really good deal -- talk to Mark Steffen
• Also has VPS (Virtual Private Servers)
• Can do hosted Windows servers or domain
  • Good for small file sharing systems
  • Microsoft has a specific licensing arrangement for hosting providers
  • Cost based on cores and sockets, plus number of customers
  • Not cheap, $100's /month
  • Similar model to Azure or Amazon AWS

Offsite Backups

• Some customers use offsite hosting only for data replication (disaster recovery)
  • Do keep offsite backups encrypted
  • For any backup solution check with Legal for PIPEDA legislation
  • Cheap backup? 20¢/GiByte for storage is typical
• Backup software:
  • Duplicity for Linux
  • Cloud Berry for backup service
  • DupliCaddy for Windows (Open Source, Beta software,supports SQL, kinda slow)
    • For Windows, do full backup, then everything is incremental afterwards
    • But it keeps a synthetic "Full" in the background
  • With S3 or Azure, you can restore to EC2 -- get (almost) instant restore on external VPS -- really cheap disaster recovery
  • Back Blaze (personal backup for $5/month, also B2 backup storage, .02¢/Gibyte?, $10/month for 1 TByte?)

• indieServe keeps hard backups (USB drives stored offsite)

Backup horror stories

• Hijacked truck (backups not encrypted, nobody knows who now has access to backup data)
• Encrypted backups corrupted (physical disk damage corrupted one block of data, cypher block chaining made rest of backup inaccesible)
• Bulk files corrupted (backup file is OK, but contained invalid data, making rest of the backup invalid)
• Tape backup is still the most dense storage for immutable backups
• Mark Steffen has techniques for redundant backup storage (good for ransomware attacks, &c.)
• How much backup do you need?
  • How much data can you afford to lose?
  • Have at least one automated backup in place

Selfhosting?

• Run your own service on a VPS or shared host (XMPP, Wiki, Social media) instead of using Facebook, Google, Twitter)
• Manage your own server, colocated in a datacentre
• Getting a DSL line (with multi-link support), and running a server on premises
• Managed hosting - servers in house or colo, but contract out the SysAdmin

Webhosting Management

cPanel

• Set up WordPress, &c.
• Handles updates, patch management, backups, email
• Installatron for managing applications
• Varnish is a cache in front of Apache, for bursty traffic
• cPanel is pricey? $20/month for bare metal, less for a VPS
  • Keeping cPanel on a VPS makes it portable, allows cPanel admin to perform maintenance with no downtime

Zenserver

• A Virtual Machine host
• The free version is pretty unrestricted
• Use Zenserver to run cPanel

Cloud Linux

• uses CageFS,
• isolates users from each other

Other panels?

• CentOS Web Panel
• ISP Config
• Ubuntu MAAS
• WebMin, VirtualMin
• WHM is the management tool for cPanel
• WHMCS is a shopping cart / billing system for hosting
  • But these apps may have security issues (PHP doncha know)

Reseller hosting

• Perhaps for Web developers, who want to manage resources for their customers
• Can add multiple accounts, lets hosting provider manage growth and resources
• Could be unlimited accounts, but typically 300 GBytes, good for about 50 accounts

---

---

Blockchains

Date

Monday, 10 April 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778947/

Location

Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What's a blockchain? Is this all about math? How do I make Bitcoin payments? How can I receive Bitcoin donations on my Website? Are there other blockchain currencies? What services exist for blockchain currency exchange? Is blockchain technology good for more than just Bitcoin? What blockchain tools exist for Non-Profit organizations?

Marc and Bob ask the questions, and special guest Kris Stinson will be on hand to provide the answers!

See you at the meeting!

--Marc and Bob.

• Blockchains/Meeting Notes 2017-04-10

Video

Familiarization with Bitcoin and other cryptocurrencies (courtesy of Gheorghe Curelet)

Meeting Notes

• Today we're joined by guest Kris Stinson (@StinsonKris on Twitter)
• Lots of media attention, "blockchain this, blockchain that", they're trying to sell you a database
  • Microsoft, IBM, governments (even Canada: Cancoin)
• Banks are threatened, unregulated currency (scary!)
• Japan has approved Bitcoin as a currency (legal tender)
• Legal (tax) ramifications: Capital Gains.

Video

• We watch a video with Andreas Antonopolis: Foremost educator on Bitcoin Blockchain for Beginners - YouTube

Types of blockchain currency

• CryptoCurrency Market Capitalizations
• Augur - a "betting" site; deals with contracts
• Based on Ethereum
• DAO - Decentralized Autonomous Organization
  • eg. Ethereum
  • A decision by this DAO split Ethereum into Ethereum and Ethereum Classic
  • Now there are miners working on both branches of the blockchain
  • "The mining network" determines whether a fork of the blockchain can happen

How does the blockchain determine "truth"?

• The longest chain wins
• "Rolling back the chain"
  • database
  • miners

Quantum computers?

• Will change the game!

• Winkelvoss brothers
  • Own over 50% of bitcoin?
  • This is a problem, they can determine the validity of transactions

Wallets

• Wallets are Public/Private Key encryption containers

• How to get a Bitcoin Donation buttton on our Non-Profit Organization website?
  • Just need to publish your wallet's Public Key, no "button" required
  • But Shifty Button | ShapeShift | The fastest way to swap cryptocurrencies. No account required
    • This will generate a button for multiple currencies;
    • Just copy 'n' paste your public wallet address

Other blockchain technologies

• Don't trust The Cloud?
  • Authentication
  • Filesystems

90 minutes was far too short to cover all aspects of Blockchain Technology; we'll invite Kris Stinson back someday.

---

---

Branding

Date

Monday, 13 March 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778855/

Location

Steve Izma's house, 35 Locust Street, Kitchener, Ontario Map

What's your brand? Do you have a brand? How do you choose a brand? Is branding important for NonProfit organizations? What is the value of a good brand? What is the cost of a bad brand? Have you ever changed your branding? How much work was it for the SysAdmins? Did you have re-do the Web site? The e-mail addresses? Business cards? Letterhead? What legal considerations are there for choosing a brand?

Bob and Marc have the questions, together all of us have the answers.

See you at the meeting!

--Bob and Marc

• Branding/Meeting Notes 2017-03-13

---

Meeting Notes

This meeting ended up being more about our own re-branding needs, and the business of running KWNPSA as a non-profit organization. We'll have another session in the future on Branding to discuss the experience and gather the advice of other organizations.

• We started with a discussion on the different syntaxes used in markup languages, eg. Markdown, Mediawiki, PMWiki, MoinMoin...

Hosting Services

• Many Non-Profit organizations are migrating from CCj/Clearline (Steph Smith, Cedric Puddy) to IndieServe (Mark Steffen)
• Marc Paré will take over the hosting for KWNPSA
  • Marc is currently using 123EHost.com
  • This is for the interim, until Marc has his own server set up
  • The hosting OS will be Mageia
• Mailing Lists
  • Steve Izma will be the Mailing List Manager
  • We currently have our Discussion and Announcements mailing lists on CCj/Clearline
  • Steve will look after the mailing list migrations as soon as Marc has Mailman set up
• Wiki
  • Mediawiki is being used by everyone at this meeting,
  • Currently being hosted at http://sobac.com/kwnpsa by Bob Jonkman
  • Will be migrated after Marc has set up the Mageia server

Sponsorships

• CIRA - Has provided $100 for the previous and this meeting.
• TechSoup - provides low-cost Microsoft licenses to Non-Profit organizations
  • NetSquared (part of TechSoup) is an umbrella group for Non-Profit organizations' IT staff
    • If we get a venue without A/V facilities, can NetSquared sponsorship provide, say, a projector? Marc to ask Eli...
• Microsoft
  • We will gladly accept Microsoft sponsorhip and host an evening dedicated to Microsoft products
    • Perhaps have as a guest speaker a product specialist from Microsoft?
  • We will continue to focus on Free Software / Open Source solutions at other meetings
• Google
  • Apparently Google is a sponsor or a member of NetSquared
    • but we have not seen support from our local Google office, eg. request for a venue

Formalizing the KWNPSA group

• The formal structure of the group will consist only of a Treasurer
  • Marc Paré will be Treasurer, will take care of any finances received from sponsors, donations, &c.
  • Funds received from sponsorships &c. will be used for venues, hosting costs, domain name costs.
• Bob Jonkman will ask Eli van Giessen to re-brand the meetup.com group as KWNPSA - Kitchener Waterloo Non-Profit System Administrators -- a NetSquared Group

Marketing KWNPSA

• Business cards?
  • We need someone to design a KWNPSA logo
    • The KW part is important to our geographic locale; highlight or separate KW from NPSA
  • Marc Paré has found with other organizations that business cards are just as effective as posters
• Let more people know that KWNPSA exists
  • Marc has a list of local KW Non-Profit organizations List he has contacted about 100

Meeting format

• KWNPSA has a collegial Round Table Discussion format, which suits Non-Profit organizations
  • Contrast this with formal presentations at KWLUG
  • or the social restaurant meetings of KWVoIP

Mailing Lists

• How do we deal with badly configured MUAs (Mail clients) that try to reply to the Announcements list?
• Do we need two separate lists?
  • Steve Izma will investigate the use of "child lists" in Mailman
  • "Child lists" will allow "Discussion" to receive "Announcements" so people only have to subscribe to one list
• DMARC problems
  • Steve will activate "munging" on Mailman so badly configured mail hosts like Yahoo Mail will accept messages
• We will have KWNPSA branded e-mail addresses
  • To be seen if this helps or hinders the DMARC problem
  • Lends authority to Announcements; requests for venues, &c.
    • Marc Paré marc.pare@kwnpsa.ca
    • Steve Izma sizma@kwnpsa.ca
    • Bob Jonkman bobjonkman@kwnpsa.ca
  • Available to anyone who helps organize the group

Wiki

• Meetup.com is closing its Discussion Forums where we used to publish Meeting Notes
  • Paul Nijjar has a .gzip file of all meeting notes
  • Bob Jonkman will upload these to the Wiki (they're in the Public Folder as npsa.tar.bz2)
    • Public folder (RO): http://sobac.com/owncloud/s/CQr2YmVw6VZ91We
    • Upload folder (R/W): http://sobac.com/owncloud/s/35Gyy6yTOG5Ak9z (contact Bob Jonkman for the password)
  • Steve Izma will write a script to convert these from Markdown into Mediawiki syntax and upload them
• Bob has been testing different data structures on the Wiki, eg. transclusions for meeting announcements, sub-folders for meeting notes.

Branding

• Description of group: Resource Group for Information Technology in Non-Profit Organizations
  • Similar to a Mission Statement, if not identical
  • Also the Vision -- use one phrase for all
  • We will refine this description on the Discussion List with other members
• Are we KWNPSA or KW-NPSA?
  • It's a non-issue, we'll spell it out in full on posters and whenever we make announcements
  • Let's see what the Business Card designer does

Venue

• Marc Paré will pursue Communitech and the Downtown Community Centre for "venue sponsorship"
• A venue at Google may not be possible (high security facility)

Meeting notes taken by Bob Jonkman.

---

---

Social Media

Date

Monday, 13 February 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237362708/

Location

Queen Street Commons Cafe, 43 Queen Street South, Kitchener.

Across the street from our previous meeting place. Map

How can a Nonprofit organization make use of Social Media? Should a Nonprofit organization even use Social Media? What Social Media platform do you use? What sorts of things do you put on Social Media? Who puts it there? A team of SMEs? One person? Is this a full-time job? How much time does it take to maintain Social Media accounts for a Nonprofit organization? What will you do when your Social Media platform disappears? Or deletes your content? Or delivers your content to only a small set of viewers?

• Social Media/Meeting Notes for 2017-02-13

Meeting Notes

• Conversation started with employment
  • Headhunters and placement agencies frequently call potential employees or contractors, but rarely result in employment or contracts.
  • Salaries for developers are higher in Waterloo Region, due to competition from other tech firms.

• Social Media is all about the analytics
  • Using analytics provided by the services, eg. https://analytics.twitter.com
  • Analytics from different sites (Twitter, Facebook) are similar enough that direct comparisons can be made.
  • Use some custom links to identify source of engagement on their own content
    • eg. use one URL for Twitter, another for Facebook to reach the same content
    • Use Google Analytics for generic information
    • How does Google identifiy the source of the visitor if the links are all the same? Or the URLs are all the same?

• Staffing at one non-profit organization:
  • 1 person for Twitter + Facebook
  • 1 person for Instagram
  • Need more staff (Reddit, other social media forums)
  • Maintaining social media accounts by volunteers
    • Takes lots of time! Split it up between people
    • Automate some tasks (POSSE - Publish Once, Syndicate Self Everywhere)

• Update frequency
  • Twitter: 8-10 time per day
  • Facebook: Once a day
  • Search for how to optimize facebook feed
  • Have a hashtag strategy (what is a hashtag strategy?)

• Before starting on social media, ask "What is the organization's goal for social media?"
  • Distribute information (meetings, info about the cause, eg. environmental tips)
  • Grow the organization

• Automate feeds
  • Facebook -> Twitter
  • Blog -> GNUsocial -> Twitter -> Facebook

• Your following:
  • Are your followers passive or engaged?
  • Twitter is good for a large number of followers, but low engagement
  • Facebook is the opposite (few followers, strong engagement)
  • Linkedin is good for Business-To-Business

• "Twitter will be around forever"
  • Some disagreement about that
  • Whatever organization buys out Twitter will want to keep the eyeballs (users generating advertising revenue)

• Reddit is a great platform
  • But nobody likes it

• Having a social media presence on Twitter and Facebook and Instagram will reach 90% of people online.

• The purpose of one non-profit organization is to change consumer behaviour
  • How can that be measured?

• Are social media sites trustworthy?
  • Social media sites are bad for your personal mental health
    • Some people remove themselves from social media

• Twitter is a conversation
  • Really? 140 characters seems too short for meaningful conversation
  • Twitter is (only) good for broadcast announcements
  • A Grade 8 reading level is good for Twitter
  • It takes skill to get more information into 140 characters than in long-form prose
    • But too many abbreviations and leetspeek and others can't understand
    • "Dracula" by Bram Stoker was written as diary entries, good for syndication on Twitter
    • Books are being replaced by social media
      • so put novels on social media where people will read them

• How to be effective:
  • Go where the people are
    • But that leaves out Free Software solutions like Friendica (Facebook substitute) or GNUsocial (Twitter substitute)

• Wouldn't it be nice
  • if social media didn't affect reading levels or comprehension
  • people learned more evaluation and critical thinking, not rote memorization

• Filter bubble
  • Facebook only shows those things you've already "liked"
  • reinforces biases

• Recognize that Social Media is just a tool
  • You can use it well
  • ...or you can use it poorly

• We (Non-profit organizations) are parasitic
  • We're using social media platforms for our own purposes, fully recognizing they're not doing this for our benefit.

Meeting Closing Discussion

• Discussed CIRA (Canadian Internet Registration Authority)
  • supports the .ca domain extension for Canada
  • most are aware of the organization
  • result of discussion is to obtain the .ca version of the NPSA domain: kwnpsa.ca

Future topics:

• Monetization
• Branding (logos, names)

---

---

Estimating Time and Resources

Date

Monday, 16 January 2017

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260371/

Meeting Notes

https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50529155

In IT we are often asked to estimate the time and resources assorted tasks will take. Often these time/cost estimates are tied to funding, grants, and resource allocations. Unfortunately, many of us struggle at coming up with estimates more accurate than "it will take longer than expected". What are some strategies and best practices we can use to come up with better estimates? Under what circumstances does estimating things become easier? Harder? Under what conditions should we spend a lot of effort making estimates, and under what circumstances should we not?

When have you had good experiences making estimates? When have you struggled?

As always, bring your experiences and questions. Also, please spread the word about this meetup so that more people who do nonprofit systems administration will become aware of it.

• Estimating Time and Resources/Meeting Notes for 2017-01-16

---

Announcements

• Laptop Rescue Mission this Saturday, 21 February 2017, 4-8pm
• Does somebody want to take over the group?

Taking Over the Group

• Is there a venue available?
• QSC is noisy
• Other TWC spaces need staffing
• Meeting at Steve's house?
• Will anybody take the mailing lists?
• New organizers: Bob Jonkman, Marc Paré.
• Should we be on meetup?
  • mailman does some of this
  • NetSquared does not help with promotion
  • meetup has a large user base
  • there is a blog and a wiki already
  • there is a twitter account
• They want the group to be face to face
• Bob likes the peer to peer conversation

• March meeting's at Steve's house
• Marc will look for other venues
• Communitech has space available to tech groups: Marc

• Moving the mailing lists: Steve
• Marc can host on his server and get a domain name

• Future topic: Project management software

Meeting Notes

Discussion Points

• What are strategies and best practices to get better estimates?
• Under what circumstances does estimation become easier?
• Under what circumstances does estimation become harder?
• When should we spend a lot of effort making estimates?

Discussion

• Horror story: server installation
  • building a server room that needed dedicated cooling
  • he estimated power consumption of each device
  • UPSes only need to be sized for the running current (they are built to handle startup current already)
  • He ended up overestimating by three times
  • The air conditioner would freeze the pipes and everything would shut down
  • He looked up currents instead of measuring them
  • How do you deal with the exhaust heat?
  • The UPSes had meters for measuring electricity draw
  • But then they dismantled the server room for other reasons

• When is it easy?
  • Figuring out spending is easy?
    • In the horror story they sized based on existing equipment
    • Looking up specs can be difficult
  • Never?
  • When you have done this project before?
    • There are differences between software and hardware
    • But sometimes you make software similar to the stuff you made before
  • When you can look at projects similar organizations have done?
    • How do you get that information?

• Mythical man month comes into play
  • You cannot predict how managers will manage the project

• Example: replacing a network was the single largest line item

• It is harder than you think always

• There is always effort associated with making estimates
  • When is it worth the effort?
  • When projects are expensive
  • When projects are tied to specific grants

• Waterfall vs agile software methodologies
  • Don't estimate everything at the beginning
  • Can you make estimates a little at a time?
  • But budgets are always waterfall, not agile

• But we tend to overengineer things
  • But then your results are rejected

• Projects always have unanticipated things

• It is expedient to underestimate costs to win contracts and political support
  • What will future maintenence costs be?
  • If you lowball costs then you get approved
  • Who pays for the overage
  • But operational budgets are overestimated so that you get a surplus later
  • End of year rollovers are political
  • Surpluses are seen as weaknesses, not frugality
  • This applies to nonprofits as well
  • Bureaucrats look good when they give large amounts of money
  • There are not good incentives to share funds across departments/projects

• Does that mean IT is always having to convince management for funds?
  • IT is always a cost sink
  • But technologies can reduce labour costs and stop people waste time
  • Workers should enjoy the additional gains from productivity gains

• How do you position yourself so that you get buy-in?
  • Get the people who are affected to talk to management too

• Sometimes estimates are done to argue for funds and sometimes they are used to find projects that should not go ahead

• If you know that you are going to need something then just go and do it
  • But senior management does not trust the estimates, so they hire consultants, which causes conflicts

• It is less important to estimate when you have projects that can be done in small stages (instead of projects that need to be done all at once).
• If the project is small it makes less sense to make estimates
• Pilot projects can help figure out long term costs

• Projects can be broken down by scope

• Sometimes estimates are not honest, but designed to underbid the competition
  • Who pays for the overruns?
  • There can be penalty clauses in these contracts
  • Getting the lowest contract can be a problem
  • If you incur penalties you get taken off the list of approved contractors, but you just change your name and try again
  • This can result in lawsuits
  • There can be completion bonds, etc
  • As soon as lawyers get involved costs go up dramatically

• It can be a problem when sales team promise things without telling engineering

• Doing estimates can give you a ballpark about the costs
  • but now you may have to have consultants vetting other consultants

• To some extent you can play vendors off against each other
  • Big software companies will have pre-sales engineering teams to help you figure out your costs
  • They can also outbid you if they want

• How do you deal with projects where you have blown the time constraints?
  • You can hire subcontractors
  • Drop parts of the project

• RFPs can tell you what they have to offer
  • They can help you anticipate some of the pitfalls

• Do requirements documents of what you need
  • Talk with the vendors/engineers from the companies
  • But the vendors will not tell you the horror stories

• People's behaviours can change once the ystem changes
  • eg people beginning to use email as file storage

• Breaking down projects into chunks
  • This shows you things that you are missing
  • Then you can better understand what the project is
  • Start aspects of the project that you can learn from and what different tasks are involved
  • But you cannot do this with monolithic systems

• Fixing technical debt is more work than starting fresh

• Don't be tempted to give the estimate right away
  • Be prepared to charge extra when the estimates increase

• Sometimes competitive bids boil down to who you know?
  • This is not necessarily bad because of trust
  • But the well-known vendors have more experience winning these bids
  • If you start out at a big vendor and branch out on your own you can receive trust

• Talk to other people who have done the same thing

---

---

Documenting Things

Date

Monday, 12 December 2016

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260323/

Much of our September meeting revolved around documentation. How do we ensure it gets written when there are so many other priorities? How is it maintained so it does not go out of date? How do we index it so that it is easy to find the information we need when we need it? What tools have we found most helpful in creating and maintaining documentation? What things are important to document, and what things can be skipped? As always, bring your experiences and questions.

• Documenting Things/Meeting Notes for 2016-12-12

---

Meeting Notes

(Notes by Martin Edmonds)

Best Practices

• Create documentation for users: “How To” & “FAQ” documents on Wiki so it can be self-serve or you can pass on links when users ask questions
• Consider formats for defining requirements:
  • Consider: security, auditor controls, speed, backups, file permissions
  • Ask client where data coming from
• Weigh balance between: need for documentation versus the effort that it requires to develop
• Don’t document same info in multiple places or it is more work to maintain
  • Get data into a structured format that data can be entered once and it will ripple through to every relevant place
• Too much documentation may never be used; Keep it simple with what is most important
• Know your audience
• Videos have advantages, but you can’t scan through or search to find what you want
  • Short instructional video on a specific topics can be helpful
• Consider security: are multiple levels of access required to documentation
• Consider paper versus electronic forms of documentation
• Think about what someone would need and how they would find it, if you are not around to show them.
• Keep it in a standard place. Don’t keep documentation on your personal computer or account, because other people won’t be able to find it.
• Keep in a place where you can give access to someone else but is not accessible to people who should not get it
• Include examples in the documentation
• Include why you did something (not just what you did)
• How do we make sure that it is done
  • Make it easy to document
  • Allocate more time to do documentation
  • Set aside time at the end of each day to update documentation based on what you worked on that day
  • Document as you do it

What to Document

• Enough to get a person started (in case person with knowledge is no longer available)
• Overview of where documentation is. (big picture view)
• Explanation of what is done on repeated basis at certain times (eg. Holiday posting done each year)
• Document characteristics of users. For example: user expectations, knowledge, tendencies, tolerance for flaws, etc.

Tools

• Word processor is not ideal since the documentation should be structured so that it can be queried
• Wiki: forces you to think of structure; easy to create new links to new pages; good for collaborative authoring; manages revisions;
  • A wiki is not as simple to use as a word processor, but non-programmers can update document using wiki
  • Using a wiki may discourage some people from commenting because of learning curve
  • Requires a good editor
  • Can preview documentation through wiki
  • Wiki is not great for multiple security levels of access to documentation
• Tools to consider
  • OneNote
  • “Remarkable” use on a tablet for taking notes at a meeting
  • Data Base: such as Access
  • Cloud based: Eg. Google Keep, Google Docs
  • Sharepoint
• Video and screen capture: eg. SnagIt or Jing or
• Tools that come with Windows: “Recording Steps” or “Snipping Tool”
• Word processor or spreadsheet are very easy to use, That is what people know how to use. Those are not ideal, but any documentation is better than no documentation
• Ticket system which will capture what you did to resolve issue
• For documenting Network: “Lan Sweeper” or “nmap”

---

---

Thanks to Martin Edmonds for moderating this month.

Event announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Meeting notes: https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50337067

Regulatory Compliance

Date

Monday, 14 November 2016

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow? How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission? How do the SysAdmins get along with the Lawyers? When is encryption required? What do you encrypt and when?

• NPSA Meeting Notes for 2016-11-14

---

Meeting Notes

• Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
• In addition to govt regulations, must consider industry practices & standards
• Following of the Ont. Non-Profit Corporations Act (ONCA
• Maintenance of email lists:
  • use double opt-in
  • using email lists only for stated purpose
  • offer mechanism for requesting to be removed
• On website for incorporated organization (In Europe, but not yet in North America)
  • need to specify if cookies will be saved
  • need to specify physical address (required in Europe)
• Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
• Adherence to Copyrights laws when photocopying
• What responsibilities does organization have when providing internet access to public
• Audits from organizations that grant non-profit status or organizations that provide grants
• Software audits (Eg Microsoft ensuring license adherence)
• Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person

Storage

How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?

• LotusNotes used to route a document and get sign-offs along the way
• Block chain systems (discuss further in future meeting)
• Electronic forms on secure file server or encrypted device
• Encrypted data.
  • TrueCrypt
    • There are some known vulnerabilities in the Windows version.
    • Veracrypt is a fork of TrueCrypt).
  • Luks container
  • Offsite (using send command)
  • ZFS (a file system)
• Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
• Encrypted email systems eg. Enigmail (a thunderbird plug-in)
• Online service to encrypt mail eg. Proton Mail, and Tutanota
• Signal, Telegraph, and WhatsApp for encrypting instant messages

Potential topics for future meetings

• Block chain systems
  • Book: London Review of Books had two stories by the same author Andrew O’Hagen
  • Ethereum (a programming environment built on top of Block Chain)
• Accessibility rules
• Document storage formats (ODS, etc.) could be combined with document management systems

---

---

KWNPSA Meeting Notes for 2016-10-17

---

---

KWNPSA Meeting Notes for 2016-09-19

---

---

Financial Software

Date

Monday, 15 August 2016

Event Announcement

http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/232234165/

What kinds of financial software are appropriate for nonprofits? What does your organization use? What work is involved in supporting it?

• Financial Software/Meeting Notes for 2016-08-15

Meeting notes

https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50064445

Questions

• What financial software does your organization use?
• How do you migrate between software?
• What considerations do you factor in?
• How do you support this software?

Announcements

• Upcoming meetings? Fold the group?
  • Free software for nonprofits

• What do we want out of the group?
  • Proselytize free software? How do we get others to adopt free software?
  • What makes people use free software vs proprietary?
• Hiring policies. Windows people are replacable?

• Recruitment drive?

Meeting Notes

• It was difficult to get accounting software for Linux without paying a fortune.

• We should be concerned about financial software
  • Writing different interfaces (eg for batch jobs) is difficult

• Sysadmins usually do not decide this software. Accountants do.
  • There are specific needs for payroll, HST, auditing
  • There is a high learning curve

• Brendan uses SAGE because of payroll
  • Quickbooks requires a service to deal with payroll
  • Personally Brendan uses GNUCash

• NewViews
  • hierarchical accounting that looks like a spreadsheet
  • It was made for DOS and Windows
  • It has a high learning curve
  • TWC moved from the DOS version to Windows

• People at banks prefer correctness over efficiency

• Brendan keeps tracks of accounts for several nonprofits
  • They were both using some ancient DOS program
  • They migrated their infrastructure to Access databases
  • They have multiple systems that have to manually reconcile things?!!!??!!?!!

• It is possible to use TeX as an accounting system
  • With spreadsheets as input
  • Who else maintains this?

• Why can't some Drupally solution come in and take over this space?
  • There are consulting companies: eg http://www.parit.ca/

• The core of financial software are:
  • Sales
  • Financial transactions
  • Different accounts

• The non-cores:
  • Reports to funders
  • Payroll

• (ObTopic) Is the cloud going to eat everyone's lunch?
  • Freshbooks is on all the podcasts

• Integrating with banks is not so easy with GNUCash
  • You also have to make sure the cheques have been written correctly

• How about hledger/ledger?
  • https://gitlab.com/egh/ledger-autosync
  • http://captin411.github.io/ofxclient/

• Why can't this all be federated?
  • IIF : Intuit Interchange Format (proprietary)
  • OFX : open standard used by Microsoft Money : http://www.ofx.net/
• Not an API thing?

• Companies vary in what their expenses are and their categories?

• In publishing:
  • There is some key information in invoices
  • People need to respond to invoices from printers
  • Different industries have come up with their own standards (EDI)
  • EDI: Electonic Data Interchange
• Used for Business to Business transactions
  • Banks have worked out how to exhange data amongst themselves

• In libraries: somebody wrote http://www.libraryelf.com/Default.aspx­ that requires you to give your credentials, and it tells you when your books are due.

• Companies decide WHEN to pay invoices to maximize their cash flows
  • If you pay early then maybe you get a discount
  • Can computers help with some of these problems?
  • You favour certain relationships over others

• Quickbooks works under Linux using WINE?

• Studio Tax and UFile will work for tax returns in WINE
  • http://studiotax.com/en/

Considerations

• What people know
  • People like their Word and Excel
  • Migration costs are very high -- there has to be lots of benefit

• There are a bunch of updates to payroll and HST
  • The software is always under development

• Upgrade costs are very high -- once you make a choice you are kind of stuck

• Accounting software needs to be customized to the particular needs of the organization

• Internal formatting is different from reports
  • If internal structure is good then maybe making add-ons is feasible

• Humans will have to input most of the transactions?
  • But there are point of sales
  • Accountants need to verify the receipts
  • Robust interfaces are important to avoid input errors

• Can the bookkeepers use the software?
• Does the software interface with the services (ADP) that the organization uses?

• What are the security implications of data breaches?
  • Information leakage about things?
  • Corporate surveillance? Future products?
  • Know what your prices are?
  • Know what different employees are paid?
  • Medical/dental data

• Maybe you can't have plugins because that has the potential of violating integrity
  • Can't proper transaction logging fix this?

• You close books at the end of the fiscal year
  • This freezes accounts

• https://sfconservancy.org/npoacct/

Migration

• Take an end of year fiscal snapshot
• Move the summary to the new program

• Quickbooks will let you upload your desktop information to the cloud
  • But you can't get the data back!
  • Maybe the competitors will let you upload to THEIR clouds
  • But Quickbooks does not support backwards compatibility on the desktop either

Back to: KWNPSA Meeting Notes

---

---

KWNPSA Meeting Notes for 2016-06-13

---

---

KWNPSA Meeting Notes for 2016-05-09

---

---

KWNPSA Meeting Notes for 2016-04-11

---

---

KWNPSA Meeting Notes for 2016-03-14

---

---

KWNPSA Meeting Notes for 2016-02-08

---

---

Estimating Time and Resources/Meeting notes for 2016-01-11

---

---

Collaborative Editing Tools

Date

Monday, 14 December 2015

Event Announcement

http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223909896/

How do people work together? How do you deal with privacy concerns? What tools work and what have problems?

• OneNote
• Etherpad and friends
• WebEx

• Collaborative Editing Tools/Meeting notes for 2015-12-14

Meeting notes

for 14 December 2015: 

Many users want to use collaborative editing tools.

• What do you use?
• How do you deal with privacy concerns?
• How do you manage backups?
• What are the strengths and weaknesses of these systems?
• When are they best used?

Options

• Wikis
• OneNote
• Etherpad
• WebEx
• Slack (Mattermost?)
• Sharepoint
• Google Hangouts
• Google docs

Observations

• GoToMeeting is better than WebEx
  • WebEx: poor audio
  • Pretty expensive? ($50/month)
  • Like Skype for 1-many

• There are different classes? Wikis are different from WebEx

• Wikis: collaborative editing
• GoToMeeting: realtime conferencing/interacting

• How can people work together on documents?

• LibreOffice tends to use Google Hangouts
  • Hangouts allow multiple video and sound
  • LibreOffice will also use IRC
  • This is for discussions
  • The kids use Google for everything

• Google docs allow you to edit simultaneously and chat
  • They have versioning
  • Marc backs up Google docs once a month into a zipfile
• You can choose the format
  • Should we all embrace the Google?
• LibreOffice is trying to work on OneCloud
• This could be released next spring
• The internal file structure is well known
  • Google Drive will let you mount a drive for Google Docs

• LibreOffice will let you edit files from Dropbox
  • This is different than having documents mirrored on local drives?
  • LibreOffice is a "do what you like" community
  • eg there is little interest for any Android devs to develop an Android version, so they are contracting out the work.

• OwnCloud lets you edit LibreOffice collaboratively (without locking)
  • This is like Etherpad
  • But you cannot do spreadsheets

• Wikis are for structured text; Google docs are not (necessarily?)
  • You need guidelines to put documentation into reasonable shape
  • You need to handle your backups yourself
  • Images have to be handled differently
  • Back up each database separately
• Bob generated a 300MB --all-databases file
• He cannot restore the database properly
• Does that mean his file is toast?
• No, because he can chunk it apart
• But that is difficult

What do we want for collaboration?

Why is it more helpful to have multiple people collaborating?

• Conference organizing: You can have 5-6 people on a conference call all looking at the same spreadsheet.
• How do you decide who is taking care of each part? You play nice.
• The editing is not completely random
• Do you need to have a meeting? Not necessarily
  • eg Agenda items
  • eg collaborative web page editing (Etherpad/UbuntuPad) with text chatting

What is a typical number people who can play nice?

• Maybe 10?
• Sometimes a few people dominate
• Some people can't work like this; they have to take the document home
  • But some people think they want to take the document home and then are won over to collaborative meetings
• Some people wreck everything and thus have to be limited to commenting

Grammar skills can be an issue. Can you assume good grammar?

• As they type content you can follow behind and edit
• It is most important for people to get their ideas out

This is similar to a writer's group

• Comments should be constructive
• This works best face to face (because criticism is hard)

People don't go into technical writing because you like creative writing

• Clarity is important in both, however
• Marc's group was reticent to use Google Docs at first, but they were won over
• They found chat to be efficient while editing the document
• He found the visual (Skype) harder

Marc worked on mumble for voice chat

• It is low resource

Is face to face or messaging easier? It depends on the group.

How do you choose the right tool for the job?

It is easy to put bullet points into a document and then organize after

How do you come up with protocols for collaboration?

• Marc's group was ad-hoc, but roles (leader, secretaries) tend to emerge
• There is trust involved

LibreOffice uses a lot of wikis

• Marc thinks they need WYSIWYG because the barrier to editing is too high
• You don't get good content so people get frustrated and leave
• The people LibreOffice is trying to support people who do not necessarily have good editing skills
• Do people who learn office software learn good styles?
  • It does not matter. The ideas are important
• What is the bridge between thoughts and markup?
  • Wikipedia is working on WYSIWYG tools
• Is Wikimedia not receptive to this?
  • Drupal 8 has in-line editing now?

Should people have the right to NOT learn markup?

• If you force people to learn then you raise the barrier to entry
• That makes people elitist
• If the barrier to entry was lower then more people would end up learning the system
• Should people be forced to edit in Word?
  • Smart people have the ability to learn it

(Oh no! Markup!)

Marc doesn't like Mediawiki because it is hard to are able to edit it in his group.

• People use all kinds of other tools
• What about eating our own dogfood?
  • The initial documentation was not published in ODT

• Should people be forced to edit in Word?
  • Smart people have the ability to learn it

Slack???

• Everybody loves slack
• Slack is the email killer?
  • Easier to search (with group chat?)
  • It is like a searchable newsgroup? mailing list?
• Do you have to go to the site in order to get the content?
• Conversations are collected chronologically so it is easier to go through them than on email chains

Gmail labels deduplicates messages into pointers to folders

How do you avoid the standards problem? Having yet another place to look for stuff.

Finding stuff on Etherpad and Ubuntupad is difficult unless you bookmark items with useful labels

It is impossible to search across Etherpad documents

Redmine can also be used for collaborative work

• Less useful for collaborative work?
• Ticketing assigns work to people : less good for volunteering
• Closing abandoned tickets is difficult (and frustrating!)

Matching employers to job-seekers?

• Use a dating site?
• Donor management software?

progress.com : Database company

• Record-oriented (vs set-oriented)
• It is its own language
• eg Home Hardware point of sale
• http://www.progress.com/customers/

Moodle

• Tim uses it
• It has a learning curve

VPSes

• DigitalOcean
• CloudAtCost
• Linode

Factors in collaboration

• Concurrent or not?
• Are you producing a document out of the tool or not?
• Does the document need to be exported or not?

Sidetrack: community foundation for the arts

• They are in every city?
• This is different from CEI
• The community foundation was giving CEI some money too

Back to: KWNPSA Meeting Notes

---

---

KWNPSA Meeting Notes for 2015-11-09

---

---

KWNPSA Meeting Notes for 2015-10-19

---

---

KWNPSA Meeting Notes for 2015-09-21

---

---

All About VoIP

Date

Monday, 17 August 2015

Event Announcement

http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223550824/

What combination of VoIP and PSTN lines do you use? What problems does VoIP solve for you? What problems does it create?

• All About VoIP/Meeting notes for 2015-08-17

The meeting on Monday, 17 August 2015 was All About VoIP.

Discussion Questions

• What are you using?
• What do you like about VoIP? What do you not like?
• What providers do you use?
• What works better with PSTN? With VoIP?
• What are the pros and cons?

Arbitrary Comments

• What can we do with Teksavvy?
• Vonage vs ITSP? (Unlimitel, VoIP.ms) vs ISP (Teksavvy, Rogers) vs MagicJack
• MagicJack is an ATA? You need internet
  • You can get a USB dongle as well (don't work under Linux)
  • It is reliable enough for faxing
  • $10 extra per year for a Canadian number
  • $50/year + tax ($70 for the device)
  • Berleine spends $32/year for a US number and service
  • Unlimited minutes
  • Call quality can suffer if the internet is busy

• Magicjack and Vonage are in the same space

• VoiP.ms and Unlimitel
  • $1/month for the DID, $1.50 for Emergency 911
  • Unlimited minutes

• Magicjack and Vonage are in the same space

• VoIP.ms: $1 + $1.50 for Emergency 911 + 1c/minute per calls
  • You can buy a home package for $3.50 per month
  • You can have subaccounts
  • You can have many calls running simultaneously

• Fongo
  • Free phone number, free calls, free voicemail, pay to send texts
  • Freephoneline.ca is the same but for desktops
  • How far can you get on a wifi phone?
  • Sometimes quality is an issue

• SIP phones

• The Working Centre
  • One PSTN line + voip lines + Norstar systems
  • Use an ATA to convert VoIP.ms to analogue
  • This does not work perfectly all the time (eg long tones)

• Brendan has tried to switch to all VoIP
  • How do you trunk calls between buildings that use different systems?
  • Idea: just map lines to phones so you can use Norstar handsets
  • How can you receive calls in multiple locations?
    • Voip.ms makes this easy
    • You can use follow-me settings in Asterisk

• Faxing and virtual faxing
  • Doesn't work so well on VoIP
  • VoIP wants to break up packets, but faxes want a continuous

• Cheapest SIP phone: Grandstream GXP1400 (similar: GXP1405)

• Why VoIP?
  • Cost: $40 for a PSTN line. VoIP can be cheaper
  • Can use the same phone number for many calls
  • We trust everything that goes over the internet
  • Very configurable for free

• Why not VoIP?
  • Depends on power to work. Don't have blackouts!
  • Can't run faxing (reliably), DSL modems
  • Can't use analog modems
  • Can be reliability problems
  • Security concerns
  • Should have quality of service to ensure good performance
  • Need upload bandwidth (16k-64kbps up per call depending on codec)
  • Rollovers can be an issue between POTS and VoIP, depending on provider
  • Costs more in terms of IT time

• You can do voip via internet addresses

• Older ADSL lines provide 700kbps up

• Bell VDSL is broken? Fibernetics does it right?

• Execulink is a provider that does PSTN rollovers right
• Can you do anything more with commercial VoIP than with regular Bell?
  • Maybe. It depends on what the provider provides.

• Hiding callerID : easy

• Is this obsolete because of cellphones?
  • The numbers are different
  • Not as configurable
  • But your cellphone works in a blackout (modulo batteries)

• You can't run your own cellphone service (in Canada)
  • Compare to radio, community cable

• SIP clients for cellphones?
  • SIPSimple?
  • You can register to a local asterisk account
  • Ring groups on VoIP.ms
  • How can you make phones ring in certain locations only?
    • Put a sip client on their phones
    • Put Asterisk

• What Asterisk systems can be configured by Thursday?
  • PBX in a Flash
  • Elastix

• Cheap analog phones?

Acronym Fun

• ADSL : Asymmetric Digital Subsriber Line - High-speed Internet over an analog phone line
• ATA : Analog Telephone Adapter - Turns VoIP into PSTN lines.
• DID : Direct Inward Dialing - A phone number
• FXO : Foreign Exchange Office - Port that is on the phone. In asterisk, you use a port of this type when you want to integrate a PSTN line. Wikipedia:Fxo
• FXS : Foreign Exchange Service - Provides a dialtone. This can be from the wall, or the ports on an ATA
• Hunt groups: Choose which order phones will ring
• ISP : Internet Service Provider
• ITSP : Internet Telephony Service Provider - The company that provides VoIP service
• MWI: Message Waiting Indicator - The light that shows when you have voicemail
• PBX : Private Branch Exchange - the device that routes phone calls
• PSTN/POTS : Public Switched Telephone Network / Plain Old Telephone Service - A "Real" phone line
• QoS: Quality of Service - prefer sending packets to phones rather than Bittorrents
• Rollovers: First call a POTS line, then call a VoIP line with a different provider
• SIP : Session Initiation Protocol - VoIP protocol. There are others (eg IAX)
• VDSL : Very High Speed Digital Subscriber Line - ADSL on steroids
• VoIP : Voice over Internet Protocol - The trendy thing.
• VoIP registration: What phone will ring when you make a call to the number?

---

---

Keeping Remote Sites Up To Date

Date

Monday, 13 July 2015 from 7:00pm to 9:00pm

Event Announcement

https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223189124/

Location

The Working Centre, 58 Queen Street South, Kitchener Map

This month we will be talking about how to deal with multiple locations within an organization. We will be discussing things like file sharing setups for more than one location, communications between locations, different router types for VPN and such, etc....

Multiple locations may mean more than one office building, or other situations like employees who work from home or other remote locations.

• Keeping Remote Sites Up To Date/Meeting notes for 2015-07-13

Meeting Notes

What kinds of remote sites do you need to support/connect?

• Second location
  • public facing location at one site
• People working remotely without having an office

What things do remote users need to do?

• File sharing: spreadsheets, word documents, PDFs
• Database use

What tools do you do to enable them?

• Sharepoint site for sharing documents
  • Brendan uses an older version
• Syncing files between file shares
• Windows Server Remote App
  • Small Business Server and Essentials
• Moving files to the cloud
  • hosted server
• Syncing with dropbox
• Office 365 transitions workflow to the cloud
• VPNs
  • Complicated for users
  • SecurePoint client makes it easier
• Cisco mobility to connect (forwards all traffic via the VPN?)
  • Local storage with encrypted storage
  • files are stored remotely
• Windows BranchCache?
• Bittorrent sync, Dropbox, Syncthing
• Caching servers that sync overnight
• Microsoft DFS Replication (don't bother!)
  • OneDrive for Business is still not working
• OpenVPN over OpenWRT
• Hamachi
• SSH tunnelling for remote access
• Remote support: SSH tunnelling, VNC, Fuse and SSHFS
• ownCloud with WebDAV
  • ownCloud does not do symbolic links very well (OK on synchronized clients, not on WebUI or WebDAV mounts)
• WebEx (free for first three clients)
  • http://www.webex.com/products/remote-support.html
• http://www.remoteutilities.com/download/ : free for 10 clients
• AWS cloud?
• Using git for synchronization

What clouds are easy to set up?

• ownCloud on VPSes or your own servers

What is painful?

• Attaching remote files to local email
• Syncing multimedia files (photos)
• Downloading things from the VPN is slow
• People want things to work without learning anything
• Initially contact to a remote client: how do you get them setup?
  • join.me, bomgar, TeamViewer, screensharing with Skype (slow)
• Users do not provide enough detail
• Slow connections on the remote end
• ADSL connections with slow uploads
• Can we stop the cloud?
• Synchronizing calendars
  • ownCloud WebUI does not provide all the tools to manage appointments
  • What webdav clients exist for Android? acal, solcalendar don't stay synchronized
  • SunRise calendar: https://play.google.com/store/apps/details?id=am.sunrise.android.calendar
  • business calendar: https://play.google.com/store/apps/details?id=netgenius.bizcal
  • There is an Exchange connector for Android

Troubleshooting mobile devices?

• Remote support viewing on smartphones? WebEx, LogMeIn

Other considerations

• syncing over DSL
• online collaborative systems for sharing documents
• newer versions of Sharepoint allow concurrent editing of documents
• confidential/sensitive information being uploaded to The Cloud (tm)
  • But any computer that is online is on the Cloud
• Storing medical information on the Cloud?
• VPN routers?
  • They have VPN servers themselves (IPSec and PPTP)
  • How do they find the clients? They use a road warrior setup
• German company: SoftMaker (word processor software)

ISPs

• Execulink supports vDSL now?
  • http://www.execulink.ca/business/internet/vdsl/
• Teksavvy has business offerings
  • They have good support
• Yak
• Eyesurf : okay but limited
• Acanac ?

Back to: KWNPSA Meeting Notes

---

---

Keeping Computers Up To Date

Date

Monday, 8 June 2015 from 7:00pm to 9:00pm

Event Announcement 

Keeping Computers Up To Date/Meeting Announcement 2015-06-08

Location

The Working Centre, 58 Queen Street South, Kitchener Map

Updating Desktops

You thought it would never happen again, but we are in fact holding a second Nonprofit Sysadmin meeting this Monday, June 8. As we did introductions last month I tried to collect some themes as future discussion topics. Somewhat arbitrarily, I propose that Monday's meeting be about keeping systems (specifically desktops) up to date:

• What tools do you use to keep desktops up to date? (Windows or Linux, or other)
• What tools do you use for third party updates (Flash? Adobe Reader? Hateful Java?)
• What tools do you use to monitor and ensure that updates are happening?
• How do you prevent desktops from filling up with spyware and other nonsense?
• For Windows people: what are you doing about the Windows 10 upgrade offer?

We will meet starting at 7pm at the main Working Centre building, 58 Queen Street South. Bill says that there is free parking kitty-corner from the Working Centre, on the other side of Charles.

If you know of interested sysadmins who might be interested in our conversation, please invite them to the meeting.

- Paul

• Keeping Computers Up To Date/Meeting notes for 2015-06-08

Upcoming meeting topics

• July: Administrating remote locations and people who work from home
• August: All about VoIP

Here are the bullet-point notes I took from tonight's meeting. (Paul Nijjar)

Someone needs to remind the list about how to get information for logging into the wiki.

Meeting Notes

Updating Computers

Linux

• Run apt-get manually
• apticron: emails when there are updates
• unattended-upgrades: does security updates automatically
• apt-dater: run updates in parallel
• rkhunter
• chkrootkit

Windows

• Download and ask to install
• WSUS updates
• Download updates and shut down

Third Party Updates

• ninite.com
• wpkg.org
• chocolatey.org
• wsusoffline.net

Restoring computers

• DriveVaccine (SUCKS)
• SteadyState (RIP)
• SteadierState
• Faronics DeepFreeze
• Virtual terminal servers (Multipoint server)
• Ubuntu with guest account
  • PlayOnLinux: install Wine easier
• DelProf

---

---

KWNPSA Meeting notes for 2015-05-11

---

---

(KWNPSA Upcoming Events)

(KWNPSA Past Events)

(KWNPSA Meeting Notes on one page)

(KWNPSA Requested Topics)