KWNPSA Meeting Notes

From SOBAC Wiki
Revision as of 19:38, 26 May 2019 by BobJonkman (talk | contribs) (Add Past Item)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
(KWNPSA Upcoming Events)
(KWNPSA Past Events)
(KWNPSA Meeting Notes on one page)
(KWNPSA Requested Topics)

All the NPSA Meeting Notes on one page

Contents

Education

Date
Monday, 13 May 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/255614075/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map

Is your Non-Profit an educational organization? As its main function? Or is teaching one of many services you offer? What do you teach? How do you teach it? Do you have classrooms? With computers? What software do you use for teaching in the classroom? Do you have online courses? What online software do you use online? How do you establish your curriculum? How do you perform evaluations? How do you track student progress? Do you work with other educational institutions? Other certifying agencies? What constraints to they impose on your teaching programs?

We'll have a demonstration of Moodle by Marc Paré and perhaps a representative from KW's Desire To Learn. And, of course, we'll have a Round Table discussion on how each of us are managing our organizations education needs.

--Marc Paré & Bob Jonkman




Resources


Back to: Education



Software Testing

Date
Monday, 8 April 2019 Year from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/260073069/
Location
Room 1300 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map

If you work in software development, how much of your job involves testing? If you're a project manager, do you work closely with the testers to keep an eye on their results and bug reports as a project progresses? If you are a developer, do you do your own unit testing and work with testers on test plan reviews and fix the bugs they find when they do integration and regression testing? If you are a software tester, how do you balance the need to be thorough with the need to deliver on time? How does that affect writing test plans? When a project team has to deal with a lot of changes in the middle of development and testing, how do you cope with updating test plans with limited time? Since you should be considerate when reporting bugs in software, especially when people have worked hard on it, how can you do this tactfully? How do testers work with people like technical writers who use test plans as a reference when writing documentation like user manuals?

Nicholas Collins, a long-time member of KWNSPA and a professional software tester will give us an overview of the deep art of testing software.


--Bob Jonkman & Marc Paré




Resources


One of James Bach's talks on YouTube



Meeting Notes

  • Introductions


  • Nicholas Collins
    • Software tester for a few years, knowledge of how his company works
    • But two years isn't a long time compared to some software testers
    • Nick has prepared notes, will be presenting slightly differently from other KWNPSA sessions
    • SysAdmin in insurance industry; laid off (as are many of us); back to school to upgrade IT skills
    • Uses Visual Studio, C#, other languages
    • People he's met were developers, or business-specific skills; when software testers are needed these people are thrust into the role
    • This might change as more universities offer software testing as a major
    • There are very few courses or certificates in software testing, more prevalent in the US
      • but Fanshawe college in London has a certificate program
    • Some institutions have a couple of courses in tech writing, project management, quality management; maybe a night course in software quality testing
    • Without academic rigour, different people use different terminology, nomenclature
      • "Should I know what all these different terms mean?" But it's fairly common with other software testers Nick has spoken to
    • At Microsoft, developers use their development skills to write tests. Needs more skills than just coding
      • Microsoft has internal courses to train testers how to test software
      • Get promoted to full developer once you've proven you can write tests
    • people use Terminology like "Post-mortem" (although nobody dies), mix up "Milestone" and "Benchmark", &c.
    • Software testing is the start for a developer's career, then to DevOps
      • Does this mean the most junior, inexperienced programmers are responsible for testing software?
    • Nick: large companies use junior testers to run tests, senior testers to supervise
    • During an upgrade Nick (a programmer at the time) did testing for the Database Analyst
      • But a junior intern was assigned to that role as well, just to gain experience.
      • Worked out details at a high level, then applied tests to get results


  • Project Managers take different approaches


  • You can always think of more tests
    • It's a fine balance between staying on schedule and being thorough
    • Walkthroughs and working in a team can be helpful


  • Some testing instructors do not like teaching from texts
    • eg. "Software Testing" by Yogesh Singh
    • But Nicholas gets good ideas from texts, doesn't agree with those testing instructors
    • THe problem is that the authors suffer from "Perfect Worldism"
      • A world where there is unlimited time and money, and the perfect tests can be developed
    • Nicholas has experience with sticky problems, gets ideas from texts to adapt to his problem



  • Even the simplest test "is A < 70 ?" can have seven or eight tests

FlowchartExampleResized.png

    • Test results, but also overflows, boundaries, different data types
    • Input validation can require many tests


  • Working with other people, eg. technical writers
    • For them to understand the software they'll play with the software, and may create unanticipated conditions
    • Everyone can be a software tester to some degree: Project manager, developer, writer. Even sales?
    • Sometimes testers find problems with usability as they're running tests; not part of the test suite


  • How effective are some of these ad-hoc testers?
    • Is there a bias? Do they have some incentive to pass tests even when there are problems?
      • Sometimes a QA will hold back tests that would have been better to give to the developer in the first place
    • Accessibility testing is a new skill for QA, may become a testing requirement
    • Business Analyst (BA), developer and tester make a good team
      • Sometimes the process of testing will identify the need for more testing


  • Reporting bugs
    • Requires consideration, tact


  • Test plans may need to be developed quickly
    • But near the end of a project when time is tight there may not be time to develop tests
    • So quality of code may suffer near the end of the project
      • Breaking things during testing that no-one has time to fix


  • Automated testing?
    • Nick has experience with automated regression testing
    • Automated regression testing reduces the introduction of new bugs


  • Open Broadcaster Software
    • Used to catch all activity during user testing
    • Also use Virtual Box recorder uses host to capture all the output on the VM screen


  • "Monkey Testing"
    • Also "fuzz testing" or "fuzzing"
    • Fill all fields, try to overflow, pound on the keyboard, click as fast as possible
      • But this this does not lead to reproducible errors (fine timing errors)
      • Although some testers claim they can reproduce


  • Pride in finding bugs?
    • Nick finds that the "high five" time should occur only after the entire team has identified, reported, documented, and fixed the error, and re-tested


  • Load testing
    • Hitting a system with a large number of transactions, &c.
    • But a bogged down system may not be writing to logs, making analysis difficult
    • A benefit in load testing is adding assertions, find issues with threads
      • Assertions and Singletons...
    • Be sure to validate the output even when just testing for capacity


  • Nick has written a test for XML testing
    • But the code Nick wrote was not well tested at all! Oh, the irony!


  • Q: Do you use debugger software like GDB to examine the flow of code?
  • A: Not common, but becoming more prevalent.
    • Certainly having a debugger to throw at the code is nice to have
    • But much testing is done with the software under test as a black box, just examine the input and the expected output


  • Nick speaks of the complexity of software testing.
    • One thing works fine by itself, and other thing does too, but do they work together?
    • Different software on different platform needs to interoperate, but sometimes differences in date formats causes problems
      • although each platform by itself passed all tests
    • Dealing with currencies, eg. USD and CAD, and GBP
    • Dealing with leap years and 29 February
    • General rule: Anything date sensitive needs to test for leap years
      • and time zones! Anything dealing with calendars needs to worry about time zones


  • What happens internationally when different countries need to interoperate?
    • Companies have service contracts that define how the service is implemented
      • If the system is changed, the contract defines who is responsible for continued interoperation
      • If I make a change and it breaks your system, it's your fault for not defining the contract accurately
      • called "spring contracts"


  • Nick gives an example from James ---- YouTube video ("nominal input voltage is 100VAC to 250VAC")

VoltageExampleResized.png

    • "Test the nominal range" is an incomplete answer
    • Also need to test outside the range
    • The user manual may give advice not to go outside the nominal range, but users don't necessarily read the manual
    • So, does the system fail gracefully outside the nominal range?
    • This is the function of the software tester, to design the test to ensure that software or equipment is failsafe
      • eg. for medical equipment
      • How much money is available to fry the device under test? Some prototypes may be really expensive
      • Many examples of people damaging electronics with incorrect application of voltage!
    • It's good for testers to think outside the parameters of the system


  • Testing to ensure system has a consistent look and feel
    • eg. fonts on some menus were different
      • Is that a software testers responsibility? Sometimes as an additional task
      • There are tools (overlays, templates) to find these issues
    • Window resizing can make the application fail, but there need to be limits for those tests
    • Testing for "greyed out" functions can be time consuming
      • When a function is available when it shouldn't be can result in errors
    • These are general things for a tester to keep in mind


  • Systems that have features which have little to do with each other
    • Easy to test they're not contending for resources, &c.
    • But still important to run these features simultaneous to shake loose bugs, eg. memory allocation, concurrent DB access
    • Perhaps a simple monitor with limited functions: But what if something goes wrong, does the device report an error?


  • Client-side data validation: All testing needs to be duplicated at the server to ensure malusers don't bypass client-side validation
    • But that increases load on the server


  • Logging
    • Logs may indicate problems with the way the code executes, eg. repeated log entries indicate an invalid loop
    • Circular reasoning: How can the logs from software under test be considered
      • Logs are only one step, begin the process of analysis
      • NewRelic will test user experience (surveillance software)


  • Nick has found bugs because the test suites are well designed
    • But at least half the time the bugs discovered were found in spite of the test, which was not designed to find that kind of bug


  • Q&A
    • Is the developer + tester model usable?
      • May be a bit scary for shops not set up for that collaborative arrangement
    • Nick says to just forge ahead.
      • Having experience is good, but can also develop that experience in-house
    • Worries about the coming requirements for accessibility for software
      • May take changes in coding practices (use POSH: Plain Ol' Semantic HTML instead of Javascripted forms)
      • Jurisdictional differences may be difficult to deal with


Back to: Software Testing



Network Security

Date
Monday, 11 March 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/257702185/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map


We've talked about Malware and the importance of Keeping Computers Up To Date, and even just about The Things We Should Fear. But what new hazards are unveiled when you connect two or more computers together? When some of those computers aren't on your own network? When malusers are out there trying to break into your network? When you're actually inviting everyone into your network by running servers and services? Should you just outsource everything? Or are there tools available for the Non-Profit SysAdmin to help secure your networks?

We'll talk about the hazards of running a public network, and go over a list of tools and software.

--Marc Paré & Bob Jonkman




Resources

  • Firewalls
    • The most secure firewall: Nipper for Electronic Wire (Old).png
    • Another secure firewall: pfSense
  • Intrusion Detection Software
  • Pen Testing apps



Meeting Notes

Spoke about resources, war stories


  • Proprietary mail systems
    • Errors in implementation, makes mail inaccessible, or sends mail when unwanted.
    • Corporate culture prevents people from speaking of security flaws


  • Bugs in the software
  • Errors in procedures


The Cloud
  • "If the data was in the cloud it would have been safe"
  • What is The Cloud?
    • Somebody manages the servers, still subject to human error
    • But reduces the human interaction that is needed
    • Maybe if everything is run by robots...
      • But that's not the way Nonprofits operate, engaging people to be more involved


  • Open Source groups want more interaction, so still room for error
    • eg. LibreOffice: Get a professional to manage website? Or keep local group involvement? No to robots


  • Robots have programmers too
    • One more level of abstraction


  • Problems solved?
    • Email spoofing, phishing schemes: Joe Jobs, third-party addressbooks breached
    • Could contact the apparent sender, but that person may not be involved in the message at all


Tour of pfSense

Bob Jonkman logged into his live pfSense installation and stepped through each of the menu items.


Multiple connections to isolate traffic
  • While Bob's installation has only two connections (WAN, LAN), it is possible to isolate Internet-facing servers on their own network connection (DMZ) to isolate that traffic from the internal LAN.
  • pfSense supports many network connections, useful for separate campus sites


Back to: Network Security



Gaming

Date
Monday, 11 February 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/256359263/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Gaming/Announcement 2019-02-11

Are you a gamer? Wouldn't it be great to play games during work? Are you a game designer? What role does gamification have in Non-Profit organizations? Can gamification make a SysAdmin's life easier? What value do games have in the Non-Profit sector?

Join our round-table discussion on Gaming, and share your views.


--Bob Jonkman & Marc Paré


Resources


Meeting Notes

Encouraging Gaming
  • Gamification of Disaster Recovery
    • Playing a role playing game
    • Roll the dice "Your mail server has failed"
    • Good for scenarios
    • Needs a Dungeon Master who understands security


  • Gamification of server uptime
    • One SysAdmin has a server with 1000 days uptime
    • Challenge other SysAdmins to do it too
    • Ensures SysAdmins will coddle the server to ensure uptime


  • Movie effects for computer screens
    • Don't look like reality, more like computer games
    • But tools are trying to look like games
    • Want more customers to use their products
      • Security products (eg) are hard to use
      • Making the UI easier, more exciting to use
      • Trying to keep the user on the device as much as possible
      • Targetting today's users who are gamers
      • Try to concentrate attention on the things that need attention


  • 12 hour operator shifts
    • Very tiring, trying to spot "hacker" anomalies in gigabytes of data
    • The job doesn't get done, staff doesn't care after a few days
    • If the system had been gamified it might have made the job better
      • But mostly it seems a management problem for having 12 hour shifts
    • But gamers are in front of monitors that long, don't have the apathy problem


  • Can World Of Warcraft design be used to analyze logs?
    • Players are unknowingly doing the work while playing the game
    • But what gets attention is based on what the player finds fun
  • May be similar to using spare CPU cycles to do bitcoin


  • Have a reward attached to success
    • But in some cases there's no control, so success is not based on work but luck and gamification won't work


  • Games are visually appealing and attractive
  • Competition is appealing


  • Re-Captcha has gamified proofreading
    • Spread out the work to millions, make it fun
    • Purpose for captcha owner may not be access control, but OCR improvement, traffic AI optimization


  • "Sex and violence moves the world forward"
    • Porn has driven technology: Hi-res, accurate skin tones; VHS technology; video streaming
    • And the military has pushed technology too


  • Sometimes gamification gets in the way
    • "You have won this case number 54321!" is just annoying
    • Trying to fool employees backfires, recognized by employees
  • But maybe if the gamification could be switched off


  • An experienced worker can do more without gamification
    • But his attitude was that life is one big game


  • Young people develop new skills that older people don't have
    • This affects how they approach gamification


  • "War Games"
    • Using games to make serious tasks go better
    • Also, how much control do you turn over to the computer?
  • Has become reality - military drone operators


  • US Military had an RPG for recruiting
    • Very realistic, eg. speed for loading a rifle
    • Intent to get people familiar with army life before recruiting them


  • DARPA Challenge
    • Started as a monetary reward for specific goals
      • 100 metre autonomous vehicles in 2004
      • 100 km autonomous vehicles in 2005 (xxxxxx check dates!


  • People in finance and politics use gamification
    • eg. "First Past The Post" is a horse racing analogy


  • Different rewards are effective for different groups
    • eg. Grade 3 kids may be influenced by a reward of bubblegum, but not Grade 8 kids


  • Bread and Circuses
    • Roman Warriors went from lean survivalists to entertainment
    • Games became a distraction, so young people no longer wanted to be warriors


  • Games in any environment have limits and rules
    • The objective is to be attained by following those limits and rules
    • The effects games have on social cohesion and morale are defined by those limits and rules
    • Not just rote and repetition, but applying strategy


Preventing Gaming
  • User Friendly cartoons about Doom on the LAN


  • SysAdmins wanted to prevent smart phones, more work to provide bandwidth


  • Security concerns with using personal devices in work
    • Accessing corporate data with personal devices


  • But people found these devices made their work more fun


  • Is there any way to run a corporation without using some kind of gamification?
    • Boring, routine jobs need it
    • But some people just aren't suited to that kind of work
    • People who can remain focussed on routine work are scarce, but may not benefit from gamification
    • People have to be interested in the objective


  • Gold Farmers are playing a capitalist metagame


  • It should be possible to roboticize the work to make gamification customized
    • But then it is probably possible to automate the work directly, no longer requiring a worker


  • There are programs to monitor online behaviour to identify mental health issues


Categories of motivation

  1. Mastery of skill
  2. Exploratoin/ Discovery
  3. Competition
  4. Cooperation


  • How does cooperation and collaboration help with work?
  • Competition:
    • Nobody wants to be the laggard in the group
    • Competition is a loaded word in our society
    • But a notion of competition, argumentation with the aim of improvement, everyone winning


  • Gamification needs a goal, objective
    • eg. politics - getting people informed


  • Gamification is not Learning
    • Competing against other players
    • Or against your previous score
      • Someone has to know all the answers in order to mark your score
      • How can we solve problems that have not already been solved?
      • That's not gaming, that's learning
    • If you're moving into an unknown area you don't know what rules apply, what the goal is


  • Self-directed, independent study courses are a form of gamification?
    • No, that's exploring, learning challenge; vision quest
    • Minecraft: No predefined goal
      • Possible collaboration, also competition
      • Used in education, "kids learn without knowing they're learning" (but not accepted by all educators)
      • Letting kids play games, and maybe learning, is too haphazard, it's not education
  • "Everything is a game", "Life is a game"
    • But that makes the idea of a game useless.


  • When outside things are gamified, are people just being conditioned? Or are people learning?
    • eg. the Army game


  • Making games highly addictive
    • Are people conditioned to play again and again, spend money
    • Are corporations just games? Employees buying into it again and again.


  • Being fooled into learning can lead to a real interest in the subject
    • Movies, books can lead to further research. Reality is more interesting than fiction.



Back to: Gaming



GDPR

Date
Monday, 14 January 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/255516932/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
GDPR/Announcement 2019-01-14

Does your Non-Profit organization collect personal data on people? People in Europe? And what is Personal Data anyway? Does your organization have an office in Europe? Store data in Europe? Process data in Europe? What is the General Data Protection Regulation (GDPR)? Does it apply to your organization? What policies does your organization need to have? What technical measures need to be in place? What's the SysAdmin's role in all this? Could a SysAdmin be liable?

Marc Paré will provide us with an overview of the GDPR, and outline some of the concerns for Non-Profit SysAdmins.

--Marc Paré & Bob Jonkman


Resources

Talking Points

  • General Data Protection Regulation (GDPR)
    • European Commission
      • set the GDPR standards
    • Data Protection Agencies (DPA) (e.g. Information Commissioners Office ICO in the UK)
      • In charge of administering the GDPR in their respective countries
    • In force as of 25 May 2018
      • primarily applies to controllers and processors located in the European Economic Area (the EEA) with some exceptions
      • applies to any site servicing or selling goods to European users
      • all sites must adhere to GDPR except any personal websites
    • Types of data
      • clear reason for data collection
    • Consent
      • requires use of positive opt-in consent and NOT pre-ticked consent or use of double-opt-in
      • requires site's statement of consent must be clear and explicit
        • cannot re-purpose consent to another statement
      • user ability to remove consent should be easily accomplished
      • requires storage of consent for possible future audit trails
    • Data Storage
      • clear defined use and length needed to store information
      • storage of personal data for longer if you are only keeping it for public interest archiving, scientific or historical research, or statistical purposes
      • data collection must be necessary
      • users have the right to access, rectify, erase, restrict, restrict portability of data
      • restricts the transfer of personal data to countries outside the EEA, or international organizations
    • Types of data collection groups (2)
      • Controllers and Processors
    • Data Protection Officers (DPO)
      • individual in charge of data storage and adherence/compliance to GDPR for companies over 250 employees or if collecting large personal sensitive data
      • DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level
      • DPO may be shared amongst multiple organizations
      • you must appoint a DPO if
        • your site requires large scale tracking
        • you are a public authority or body
        • your site collects data on criminal convictions/offences
        • appointing a DPO is suggested as best practice
    • Data Breaches
      • requires that data is stored securely
      • encryption is suggested
      • breaches reported withing 72hrs
      • keep record on any breaches
      • have breech policy
    • Non-compliance fines
      • up to 20 million euros or 4% of annual revenues
    • GDPR Certification
      • framework is still not available but forthcoming

GDPR and Canadian Privacy Laws

    • Personal Information Protection and Electronic Documents Act (PIPEDA)
      • aligns more or less with GDPR
      • updated as of 01 November 2018
      • mandatory reporting of breeches to users and to Privacy Commissioner
        • more fine grained reporting on breech policy and record keeping
      • fines up to $100,000
      • PIPEDA does not generally apply to not-for-profit and charity groups as well as political parties and associations
      • complaints may be sent to the organization in question or to the Privacy Commisioner
      • Privacy Commissioner may conduct audit if necessary

More Resources

They said Microsoft engages in this telemetry collection covertly and without properly informing users.
The report said investigators didn't find any official documentation about what information Microsoft collects through Office and no way of turning Office telemetry off, raising a serious privacy concern for all current Office users, regardless of geographical location.


Meeting Notes

  • Don't take our words as legal advice!


  • Some websites closed down rather than violate GDPR
  • Each country in EU needs to appoint its own GDPR Commissioner
  • Started last year (25 May 2018)
    • People had several years to comply before 2018
    • But European commission is not yet up-to-speed on everything, still working on enforcement and compliance


  • Personal websites don't fall under GDPR
    • Unless you're selling goods or services to European markets
    • If you don't expect visitors from Europe you should be OK
    • But GDPR exceeds boundaries, even non-European sites need to follow that law


  • Controllers: Collect the data, set standards to determine what data to collect (eg. Google)
  • Processors: Websites that don't necessarily use the data, but collects data from other sites (eg. banner ads)


  • Even temporary receipt of data falls under GDPR
    • KWNPSA site might be under GDPR, WordPress requires cookies
      • Marc has added a cookie disclaimer to https://kwnpsa.ca
      • The cookie form cannot be pre-checked
      • Newsletter subscriptions require double opt-in (subscribe, then confirm)
        • We can no longer add people's names without written permission, or subscribing with an opt-in
        • Marc & Bob gave a demonstration of the Mailman subsription process
    • Fines might be 20,000,000 Euros, or 4% of your profits


  • Could one entity cause trouble for another entity by reporting them to GDPR?
    • Compliance is largely self-adhering
    • Getting a whole website shut down isn't really possible, as long as that entity is responsive to GDPR


  • Is there an agency that reviews incoming complaints, and finds those entities that don't comply?
    • Not really defined, still setting up the framework for that
    • The European Commission will not fine people, but the individual states' Data Protection Agencies do the enforcement
    • Foreign policies affect relationships between all countries, might trigger or be triggered by other events


  • GDPR was an answer to privacy and anti-competitive incidents with Microsoft, Google, Facebook, and Yahoo


  • GDPR provides a clear policy on data collection
    • Gives users a right to see and have corrected the data collected on them
    • Only applies to e-mail (and websites) that affect European users, not e-mail that stays within Canadian borders
      • But Canada has rules of its own, not as strict as GDPR
      • Canadian fines aren't as high, only $100,000
    • In the US the only state that's updating its rules is California
      • But other states are expected to follow California


  • GDPR rules just make common sense for the user
    • For website developers it's more onerous
    • Also onerous for those people running secure browsers that clear the cookies allowing cookies...
    • Compliance is built into some frameworks like WordPress.
      • But we (KWNPSA) still need to write and publish our policies on cookies and data retention.
      • The current disclaimer text is no longer adequate, even for Canadian rules
      • GDPR and Canadian rules are moving towards requiring encrypted collected data storage
      • Organizations with 250+ employees must have a full-time, certified GDPR Data Protection Officer
        • But there is as yet no framework for this certification
      • Will there be a standard for encryption?
        • Probably as part of the framework for certification
        • All the usual encryption problems apply (decryption in the server, decryption between storage and transmission)
    • Political organizations, Charities, and Non-Profits don't have to follow the Canadian PIPEDA regulations for mailing lists
      • But CANSPAM still applies (but there are tools and services to check if your fundraising letters are conformant)


  • There are stringent rules about publishing policies, reporting breaches, timeline for reporting breaches
  • Organizations that are too small to have a dedicated Data Protection Officer can share one between them


  • Marc shows some sites that are GDPR conformant, eg. IBM
    • IBM in Germany does not have a cookie popup.
    • Shell has a nicer cookie popup than most (small, unobtrusive box at the bottom)
    • Volvo has every cookie itemized in their policy (GDPR encourages that, Canada is likely to follow)


  • There are sites with sample policy wording that can be followed.
    • Do analytics companies like Piwik offer their own sample polices? No, because they could not make it specific enough for all regulations, too much liability


  • In Canada:
    • PIPEDA is the equivalent of GDPR, updated in November 2018


  • Ultimate goal is to restore people's confidence in spending money on the Web


Back to: GDPR



Tech Wobblies

Date
Monday, 12 November 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253998238/
Location
Room 1301 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Tech Wobblies/Announcement 2018-11-12

Is automation taking over Systems Administration? Are highly skilled SysAdmin jobs (and their highly skilled SysAdmins) becoming obsolete? What is to become of the Non-Profit SysAdmin? Are we all going to become Mechanical Turks? Or should tech workers become Wobblies? Who are the Wobblies? Is the tech industry ready for collective action?

We're joined by special guests Sean Howard and "Wobbly Sunny" at our round table to discuss the state of the tech industry, the working conditions for tech workers, and what can be done about it.

--Marc Paré & Bob Jonkman


Tech Wobblies/Meeting Notes 2018-11-12


Resources

Part of the CBC Ideas series Workshift.



Meeting Notes

  • Introductions
  • Steve has an IWW membership card from 1975!
    • and Sunny has a modern card, with self-adhesive stickers representing dues (from $11 - $33/month)
  • IWW goal is to be a self-funded union.
    • Money to do projects: training on workplace organizing, &c.
    • Having a budget is useful
    • No outside influence if self-funded.
    • Similar to a self-managed business or a co-op
    • all funding goes back into the IWW
    • kwiww.wordpress.com (needs some updating)


  • Techworkers Coalition is less formal, anyone can join


  • Orgininally, unions were based on trades
    • Now, divided by region (Toronto, Kitchener-Waterloo)
    • But tech workers have their own needs, so now splitting that off again
    • The larger techworkers union can encompass Toronto, KW, North Bay
  • IWW has general membership branches, divided by region, not by trade
    • Has strength in Ontario from lumber industry, based on migrant workers, who had no access to trade unions
  • With many workers working and living together they will (can?) self-organize
    • Talk things over about how employers are treating workers.
    • Most trade unions don't accept contractors in their union, contractors == scabs
  • IWW accepts contractors in their union, any worker
  • The union will accept contractors, and negotiate for
    • But it's different for off-site contractors, but the IWW could handle that
    • IWW also operates in areas where there's no jurisdiction for trade unions
    • No framework for industrial organizing in Canada (or the States)
  • Union for a workplace is for collective bargaining; a trade union may provide union training
  • IWW puts techworkers under "Communications"
    • Setting standards for all techworkers in any workplace
    • Good for small, scattered workplaces
    • For techworkers, not so much for negotiating pay, but perhaps oncall or overtime hours


  • eg. Google walkout for sexual harrassment; influenced other corporations like Facebook
    • Making small changes in one place will filter to other places
  • But some grievances aren't satisfied by one corporation; if one company doesn't do it, another one will


  • This sounds more like a social justice action -- and that's the whole point.


  • Critical mass?
    • Needs 10 people to form a formal industrial union branch (IUB).
      • (that's an IWW requirement)
  • Note that IWW is not Techworkers Coalition
    • Techworkers Coalition started in the California Bay area, from gameworker's union.
    • Loose organization, no formal membership
    • Provides a place to discuss grievances, solutions, and expand that to larger nationwide discussions
    • "Low obligation" way to get involved,
    • Sign up for Techworker's Coalition on their website, get access to their Slack channel
    • No dues, no voting...


  • Techworker's Coalition Meetup on Sat 17 Nov from 3-6pm at East York Civic Centre
  • IWW and Techworker's Coalition share values, but IWW has a budget, and "real union" power to back the workers


  • Labour laws require employers to negotiate with unions once there is sufficient membership
    • Some progress in Montreal in fast food industry, precarious work.
    • Has low union membership density, so a good target for organizing
    • In Montreal some demands were met wihtout a contract; in US formal contracts are in place.
    • But no contracts are preferred to avoid legal battles
    • Certification as a union? Get certain numbers of people to sign union cards; protection from dismissal for union activity
    • Improved working conditions, improved control over the work\
    • Building block for social change
  • Difficult co-op to get union affilliation
    • In order to get recognized there needs to be a boss and workers, but that's not part of a co-op. Workaround: A board of directors.
  • But big unions (Unifor) is not interested in worker control
  • But worker control over labour is the point of IWW
  • Is Unifor subsuming the work of IWW?
    • Well! Not really, Unifor is not working for the workers, although their literature would say otherwise. There is antagonism between Unifor and other unions.
  • Unifor has left the CLC
    • CLC is a social justice organization
  • Unifor's politics are not those of the IWW
    • The IWW locals are autonomous, the IWW is run by the locals from the bottom up (unlike other unions)
    • Other unions profit from the workers not knowing about the union
    • (discussion on union raiding, agitating, organizing)
  • IWW practices "solidarity unionism", everyone signs on and becomes involved
    • Other unions dictate conditions to the workers
  • Many parallels to political parties: there are top-down, big-tent parties, and bottom-up, grass-roots parties
    • Maybe the trade unions did start off as bottom-up, but when they grew large that level of communication interfered with that model
    • How can IWW prevent that?
    • Direction the labour movement has taken in the last 50 years: different trade unions got amalgamated, and grew into monstrous beasts
  • Large unions are affected by back-to-work legislation: How does that provide protection to the workers? This is entrenched in Canadian labour legislation
    • "If you're really big no-one wants to pick a fight with you"
    • Very little gains have been made in the last 50 years
    • When organizations get too large, the executive takes over
    • Now things are speedy and novel that organizations don't have a chance to make mistakes -- how to keep up the communications-expensive organizational model of IWW?
  • Local KW branch of IWW is try9ing to pull out tech workers based on their unique needs.
    • But that will grow and build bureaucracy
    • Ontario labour law has many exemptions for techworkers (12 hour days, no overtime protection, &c)
  • When a local organization gets large enough, the IWW fragments it into their own bureaucratic structure; fragmentation is built in to prevent over-size organizations
    • This model has been demonstrated many times, in many different sectors, throughout IWW existence
    • eg. Russian Bolsheviks, labour union in Spain
    • IWW has been doing this for 100 years


  • IU == Industrial Unions
  • CNTU == Quebec-based federation of unions
  • Closed union shops?
    • Based on legislation at the close of WWII
    • Everyone must pay dues to prevent the "free rider" problem
    • SysAdmins not well represented by, eg. Steelworkers union
    • Create a separate bargaining unit, in the same union?
    • When bargained contracts are unequal the Ontario Labour Relations board gets involved.
    • IWW allows membership in multiple unions!
    • But that may create more borders between workers, looks disorganized to the employers
    • Bargaining units could be as small as two or three people
    • eg. Waterloo Region example of shed-builders: Two people certified a union, now it's a closed shop.
    • Politicians in WR are working to prevent the ill effects of closed shops and the bidding process.


  • Are we going to get bids as cheaply as possible, or are we going to ensure a fair wage for workers? This is determined by who we elect into office to set labour law. (but who gets to vote based on this one issue?)


  • In IWW there are people opposed to the closed shop model
    • Closed shops may be a trap for unions: "We're done organizing now"
    • But that doesn't provide flexibility when new classes of work appear, new workers are needed
    • Unions become unresponsive to needs of new workers in new work
    • Union amalagamation is not responsive to small changes


  • In some union elections the offices are almost always contested
    • because the workers are involved
  • Everyone informed, everyone involved, everyone having a say is the essence of solidarity unionism
  • Contracting out shouldn't matter, as long as the workers have the same working conditions
    • But this may not work for off-site work, eg. contracted at-home workers
    • Need to be in contact with your fellow workers to keep up with the needs of workers


  • What kind of response has IWW got from the SysAdmin community?
    • People have been coming out to meetings!
    • Sunny looking to set up an Industrial Union, not a workplace union.
    • Lots of media attention to collective action, eg. Salesforce workers want the company to divest from ICE; sexual harrassment walkout; anti-war, peace work
    • Happening everywhere, but centered in the Bay Area
  • Want organizations that are not employer-centric or industry-centric
    • Want to be able to critize the hand that feeds us
    • eg. funding organizations don't provide funding to non-profit organizations involved in well-off industries
  • Co-op sector is very much aligned with the values and philosophies of IWW
  • Why does IWW pursue the union model, not the worker-owned model?
    • IWW does both
    • Unions have a history of making radical, industry-wide changes, eg. invented the weekend
    • Co-ops may not make such big chagnes for workers
    • And co-op workers are workers too!
  • LibraInformation Systems is a co-op that is unionized; very big, lots of contracts
  • Maybe workers can buy their distressed companies and form a co-op
  • False dichotomy between co-ops and unions. Other countries with histories of worker-based actions are more open to co-op/union fusion

(mondregon in spain?)

  • Co-ops have been failing because of lack of capital & cashflow
  • IWW has facilitated communication between different unions in the same sector where employer was pitting one union against the other
  • Unionizing the trade unions? Union workers are workers too!



Back to: Tech Wobblies



Training

Date
Monday, 15 October 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253049800/
Location
The Parlour in First United Church, 16 William Street West, Waterloo, Ontario Map
Event Announcement
Training/Announcement 2018-10-15


How complex is your Non-Profit organization? Does your newly hired staff need training on your policies and procedures? On your products and services? On your software and hardware? What happens when you change procedures, get new products, update your software? Does your existing staff need training? How do you supply the training? On the job? In the classroom? Online learning courses? And how do you manage the training administration? Keep track of results? Determine who is eligible for additional training?

At this months' round table discussion let's talk about our experiences in providing training to staff, or receiving training to be better SysAdmins. How can the Non-Profit SysAdmin help deliver and track training for our organizations' training requirements?

In a future session we'll discuss providing education to the clients of our organizations; this month let's focus on internal training.

--Bob Jonkman & Marc Paré


Resources


Meeting Notes

Legacy codes
  • People inherit old legacy code, eg. spreadsheets
  • Nobody want to admit to knowing Excel for fear of having to fix someone's code
Techsoup Catalogue
  • Zoom
    • but that's just conferencing software, not training management software
  • Desire To Learn is no longer in the catalogue


Using Moodle
  • Marc shows off his French Language Moodle installation http://frenchasasecondlanguage.org
  • Need to build your own content on Moodle
  • Danger of copyright infringement if you're not using your own content
  • Universities are more likely to contract out for content creation
  • Marc has used Hot Potatoes to create Moodle content
  • Hot Potatoes might be good for internal training; evaluation doesn't work in all educational settings
  • Looked at some Moodle testimonials for internal staff training
Other notes
  • Discussed evaluation methods, and the efficacy of teachers
  • Also the ideology imposed on the curriculum by different governments
  • Talked about the university model of teaching: Should be two separate streams? One for research, one for teaching (researchers aren't necessarily good teachers)
    • 400 students in a lecture hall? 10-15 students with teaching assistants? Where does best learning take place?
    • More than 25 students makes a teacher a "classroom manager" rather than an "educator"


Back to: Training



Purchasing and Procurement

Date
Monday, 17 September 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253047725/
Location
4th Floor, 121 Charles Street West, Kitchener, Ontario Map
  • Search for Danielle McCormack on the iPad through Envoy
Event Announcement
Purchasing and Procurement/Announcement 2018-09-17

Does your organization buy things? Do you go to the local store? Or do you issue Requests for Information, Quotes, or Proposals? How do you evaluate those RFIs, RFQs, and RFPs? How do you find suppliers? Contractors? Vendors? Does your organization have minimum standards for vendors? How can you ensure vendors making bids meet these standards? Isn't there some software that can help with all this?

Yes! Local company Bonfire creates purchasing and Procurement software. Special guests Danielle McCormack and Ethan Driedger will will give us an overview of what a Non-Profit organization should look for in purchasing and procurement software, and will give us a demonstration of the Bonfire software.


--Marc Paré & Bob Jonkman


Resources


Meeting Notes

  • Introductions
    • Danielle McCormack, Account Manager for the Not For Profit market
    • Ethan Driedger, Account Manager and technical advisor


  • Presentation was recorded, hope to have video available shortly


  • What concerns do people have?
    • Spend time and effort to evaluate RFPs, only to have management choose the lowest bid
    • What is the relationship between purchasing and making grant/funding applications?
      • "Purchasing" is not always commercial. Grant application tools help to make decisions, similar to satisfying an RFP


  • Q: Does Bonfire help an RFP respondent?
    • A: Yes. Vendors can use Bonfire to submit online responses
    • Vendors can subscribe to notifications to learn about new RFPs


  • Danielle recognizes the resource constraints experienced by Not-For-Profit organizations
    • NFP funders require accountability and transparency in the purchasing process
    • Need to know the why and how of decision making


  • Interesting stats: 15% of the workforce is employed by Not-For-Profit organizations
  • 7.1% of the GDP is generated by NFPs


  • Q: How easy is it to "divorce" Bonfire? How is the data portability? Is there integration to other applications? Databases?
    • A: Yes, Bonfire has an open API. Glue apps (middleware) are not provided, but Bonfire can be hired to create them
    • May be out of reach for Non-Profit organizations
    • There was some discussion on data structures and interoperability


  • Q: Integration with financial applications?
    • A: Bonfire can import legacy purchasing data from spreadsheets, &c.
    • Other integrations can be done via the API


  • Q: Project management software?
    • A: No direct integration


  • Q: Existing purchasing departments?
    • A: Bonfire software facilitates communication between purchasing agents and the end-user requiring the purchase


  • More discussion on data exchange. How is the data structured for different sectors?


  • Vendors submit the outcome of their bids, used to build knowledgebase of successful strategies


  • Q: Integrations with MERX? (online database of government RFPs)
    • A: No direct connection


  • Q: Conversion from hard data?


  • Bonfire provides alerts to Not-For-Profit organizations of new grant available for application
    • NFPs can apply to these grants for free
    • Sort of "purchasing in reverse"; Bonfire clients are the grant providers, respondents are the NFPs applying


  • Subscribe to different categories for notification (for vendors?)
    • eg. based on geographic location: "Any RFP in Ontario"
    • eg. based on industry codes (SIC, UKSIC)


  • Municipalities (technically Not-For-Profit organizations) have additional constraints imposed by legislation


  • The purchasing process doesn't allow innovation in responses
    • eg. software company loses bid because they're not offering a tangible solution to a traditional problem
    • The solution offered by the respondent isn't compliant because purchasing requirements are too rigid


  • Bonfire recommends multi-stage RFPs
    • This means stakeholders don't need to answer all the questions
    • eg. a Chief Technical Officer doesn't need to answer financial questions


  • Bonfire scales well to small respondents (vendors)
    • Q: Does it also scale to small customers? (purchasers)
      • A: Perhaps. Bonfire removes the arduous tasks of the purchasing process, freeing resources at the NFP


  • Classification discussion
    • Steve employed librarians to classify books for University courses
    • Bonfire has search functions for both classification codes (well-defined) and keywords (arbitrary, free-format)


  • Revenue model: Annual subscription
    • Contract management option?
    • Vendor management option?
    • Bonfire is entirely cloud-based (on AWS infrastructure), not software purchase or licence


  • Q: Is there a short-term subsciption? ie. 1 or 2 months?
    • A: Future availability


  • Q: Real estate?
    • A: Technically, it's no different from any other purchase
    • Bonfire can help in advertising the bid (less reliance on real estate agents)


  • Pricing
    • For Not-For-Profit organizations, work with grant providing organizations who can purchase a blanket subscription for the NFPs they provide grants to
    • Q: Have vendors purchase the subscription, allow NFPs free access as purchaser?
      • A: Vendor-pay may be not be legal for government and public sector organizations
    • Q: Pro Bono subscription to Bonfire for Not-For-Profit orgs?
      • A: Bonfire is still a startup.
      • Perhaps as a charitable donation?


  • Hope to have links soon to videos demonstrating the use of the Bonfire software


Many thanks to the Danielle McCormack, Ethan Driedger, and all the staff at Bonfire for hosting the KWNPSA meetup on Purchasing and Procurement!


Back to: Purchasing and Procurement



Scripting Languages

Date
Monday, 20 August 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253044847/
Location
Room 1301 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Scripting Languages/Announcement 2018-08-20

Do you need to do the same thing again and again? Have you automated those repetitive tasks? What software tools do you use? Keyboard macros? Programmable keyboard macros? A scripting language? Which scripting language? What makes a scripting language different from a programming language? Is a scripting language Turing-complete? Can't you just do everything in PowerShell or Bash?

Let's talk about what can be solved with scripting languages, and what can't. Bring your laptop to give a demonstration of your favourite scripting languages, and maybe we can help solve some of your most annoying repetitive problems.


--Bob Jonkman & Marc Paré




Resources


Introductions

  • Testers, programmers, SysAdmins, and some non-scripting users


Meeting Notes

  • Programming vs. Scripting
    • "Programs" are compiled, "Scripts" are interpreted
    • But mostly there's no differences in syntax


  • Use a scripting language to prototype a concept


  • Non-programmers using scripts to do application installation
    • Useful for installing applications without a GUI to get that app installed to the GUI level
    • eg. Mail-In-A-Box, installed with a script


  • Vagrant written in RUBY, but has its own scripting language


  • Lots of variation in scripting language syntax, even within the same language
    • "semicolons forever!"
    • Brackets, or no brackets
    • Is whitespace significant?
    • Indenting
  • many of these are tradeoffs
    • Optimizing for speed, time to program, robustness


  • LLVM (originally Low Level Virtual Machine) is used to create programming language
    • take input intermediate language, p-code, generates machine language
    • Needs research. Bob can't figure out what this does (Wikipedia:LLVM may be helpful}
    • LLVM is embedded in CLANG, RUST, other scripting languages
    • way to create code generation for your software


  • "If all scripting languages were combined, could we create a universal scripting language?"
    • Probably not -- semantic ambiguity, eg. use of semicolons is different in different languages, other syntax doesn't match


  • Using one language is comfortable, so you tend to do everything in that language, appropriate or not
    • What is the lifespan of a language? Depends on the domain -- AWK has been around for 40 years, RUST has not
  • How do you keep up with all the new languages?
    • Need to decide what to give up
    • How much spare time do you have
    • How do you know what new tech to embrace
    • Depends on the lifespan of the project, don't spend 3 months to learn a language for a 2 month project


  • Lambda the ultimate on programming language design
    • There is a formal science to language design


  • Still worth learning C?
    • Yes, it's still efficient, has installed base, still close to the hardware
    • C makes it tolerable to understand what is happening in your computer
    • High level languages have many layers of abstraction
    • Knowing C leads to understanding


  • "Scripting is a gateway drug to programming"


  • How do we learn scripting?
    • Get a raspberry pi
    • JavaScript
    • You need a project to solve!
    • Find something on GitHub
    • Python is considered the preferred entry-level language
    • App Inventor allows people with no programming experience to create apps on Android
    • Scratch is another drag'n'drop learning app
    • Marc taught Logo to a kindergarten class
    • NetLogo used for serious science application, complexity science at Santa Fe Institute
    • Other applications like Docker are written in GO, so worth learning


  • Is scripting a desirable skill in job applications?
    • Python is one of the most requested skills
    • But shell scripting is difficult
    • For security eg. Wireshark, SNORT, &c need scripting to identify network traffic



LUA
  • Kirk wrote in LUA to access the Linux encryption keyring subsystem
    • was using GUILE (FSF's SCHEME), not so good for encryption
    • LUA is "Python for millennials"
  • Written in ANSI C
  • Very embeddable, no linking,
  • Comiles to a Virtual Machine
  • Two flavours, LUA and LUAJIT (Just-In-Time compiler)
  • Seen in XMPP server, used for real-time application
  • Came from Brazil, university project, released "into the wild"
  • Has facility for OOP, but needs your own OOP tools
  • Has co-routines, program in loops that are interruptible; daisychain them together
  • Functions are first-class entities, so can do functional programming
  • There's a modLUA for Apache server; handle data in blocks without touching the Apache system
    • Rather than create a web backend, it lets you create the entire web server
  • "Embeddable extension language"
  • There's a bootloader LUA for use before the OS loads in SysLinux
  • Kirk has used LUA as a conversion layer for allowing Apache to work with encryption sysstyem
  • Definitely a good language for testing
  • Built into Wireshark for decoding packets
  • How popular is LUA? People make stuff available on GitHub
  • LUA is used in games for event handling
  • Many apps have LUA built-in (on the LUA site)
AWK

Wikipedia:AWK

  • Brian Kernighan still uses AWK,


  • "If you want to compile AWK, just re-write it in C"


  • Associative arrays in AWK,
    • Mainstay of Python
    • C only has enumerative arrays, difficult to simulate associative arrays


  • Conrad Grebel prof Dave Huron used AWK to create a catalogue of music for Hewlett-Packard
    • HumDrum Toolkit" is the app name
    • Trying to analyze music, determine patterns among composer
    • Find out if people would be happy if music was two tones up or down
    • Two minutes of this analysis is equal to a human analysis of years
    • Dave Huron one of the first


  • Raymond cleans the data before processing it with AWK
    • Uses BASH to insert parameters begore printing.


  • Bob used AWK to parse log files
    • Poor programming practices - AWK lends itself to quick&dirty hacks, but the scripts grew; good programming practices at the outset would have been beneficial later
    • Much better if data is available though an API, but these scripts were created because there were no APIs
    • Bob implemented a standardized CSV file, but not according to the RFC 4180 specification
    • Human readable: https://sobac.com/sobac/groupwise/code2html/
    • Downloadable: https://sobac.com/bin/awk/


List of scripting languages
Other tools
  • Keystroke macros
    • Record and playback keystrokes
    • Bob wants this to be programmable, depending on input processed
    • AutoIT does this on Windows
    • Not many keystroke macro tools in Linux


Future Topics


Back to: Scripting Languages



Web Stores and Shopping Carts

Date
Monday 16 July 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/250380630/
Location
Room 1301 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Web Stores and Shopping Carts/Announcement 2018-07-16

Does your NonProfit organization sell things? Does it provide paid services? Do you need a web presence for your sales? Will you need a separate server for your web store? Or can you add a shopping cart to your existing web site? Or is it better to outsource all online commerce?

Meet our guest speaker Sam Nabi, developer of Shopkit, and let's discuss what a System Administrator needs to join a NonProfit organization to the world of web commerce.

--Marc Paré & Bob Jonkman

Resources

Meeting Notes

Introductions
  • Where is everyone coming from? Sam Nabi will tailor his tour to our needs.
    • Nonprofit org wants online registrations with payment
    • Bookseller
    • Online donations
    • Goods and Services
    • Media Production (rental of cameras, lights, &c)
  • People want to make things easier for sellers and buyers


  • Sam started as a city planner, moved to a startup doing web development
    • Then, Sam bought a retail store, Full Circle Foods
    • ...the inherited system is a series of linked spreadsheets :/
    • Full Circle Foods has 90 suppliers. Seems a lot, but many are small, local businesses
    • Lots to be done digitizing the order system of Full Circle Foods


Shopkit
  • Self-hosted PHP-based solution
    • Sold as a subscription service
    • Sam would hold the code and provides the online webhosting



  • Sam provides the code, and can work it into the design of an existing web page


  • Had an idea to pool resources for pooled shipping, delivery, advertising
    • (not sure if this is a feature of ShopKit --Bob.)


  • Sam is part of the Kirby CMS community
    • Didn't have an ecommerce plugin, but there was an appetite for it
    • Working over three years to develop Shopkit with the Kirby developers
    • Kirby is a file-based PHP CMS (we like that)
      • Files are written in Markdown, still accessible if Web connection goes down
      • But there is a good GUI as well (good for marketers)
      • UI is decoupled from the data


  • Sam gives a quick tour of a sample installation on GitHub
    • https://github.com/samnabi/shopkit-sample-content/
    • Kirby has multi-language support, i18n, l10n
    • Also has categories, which Shopkit links to
    • It's a system of API hooks, launched from the plugin to Kirby
    • but Shopkit has all the templates for, eg. slideshows, created by Sam


  • Purchasing flow:
    • Select product, increase/decrease quantity, totals are updated
    • Uses AJAX, but the site is not Javascript dependent
      • Jeremy Keith is Sam's inspiration, he knows about good design.
    • There can be different shipping rules, different tax rates for different localities
    • Add personal details (name, e-mail)


  • Tour of the back end
    • Resetting passwords :)
    • Sam has tried to make it easy for front-end users
    • Adding products, adding categories
      • Products have variants with different prices, options that don't affect price
        • Small oversight: Options don't have different SKUs, no separate inventory
      • Changing the use of SKUs is not dependent on the purchasing process
    • A "Featured Product" is displayed in the sidebar
    • Feature request by developers: "Items Remaining In Stock"
    • Another request: Individual e-mails for restocking
    • Shipping Rules:
      • Can be different for all countries, one country,
      • Shipping rules UI created by Sam, but as part of the plugin (even though it shows in the Kirby UI)
      • Tax and shipping rules can be defined by the developer, but not through the WebUI
      • Sam take us for a deep dive into the shipping selection code


  • Reporting in Shopkit
    • Done from the Shopkit backend
    • Invoices are created by PHP into PDF files using "dompdf" https://github.com/dompdf/dompdf
    • Report invoices are generated dynamically every time, but from a static "transactions" file
    • Added some widgets on the dashboard, eg. "Abandoned, Pending, Paid/Shipped"
    • There are also site stats based on another Kirby plugin


  • Payment Processing
    • Implemented at "gateways" in Shopkit
      • Each gateway has a "process" and a "callback"
    • Some processors (Square) expect money values to be in cents
      • Performing only integer operations on cents seems to be best practice
    • There are thousands of processors, so Sam has created an open system for processor gateways
      • This separates the payment processing from Shopkit itself, absolving Sam of dealing with payment issues
    • Payment processors provide an SDK for the gateway code
      • Each payment processor has its own API, unique for each installation.


  • Testing
    • No formal testing methodology
    • Tries new code on a test site, Sam's own site
    • Most bugs are caught by end-users (developers)


  • Shopkit and Kirby aren't quite Free Software: Code is available for inspection, modification, but not necessarily for redistribution. But payment is on the honour system.


  • There have been 200 issues logged in the Shopkit issue tracker; most are from Sam himself.
    • Top question: Can I add Shopkit to an existing (Kirby) site?
      • Not really, Shopkit is a standalone application,
      • Shopkit is a good intermediate between a simple button, and a full-fledged e-commerce system.
  • Shopkit's changes to Kirby are mostly in the "snippets", which might conflict with another Kirby installation's snippets
  • Shopkit is a full point version behind the Kirby, always on the stable version.


  • A look at the data: Order file
    • A YAML file that builds up as order information is entereed
    • Based on server's session ID (uniqueness?)
    • File locking? Kirby has some file locking built in
    • Sessions are now the same across tabs, but that may break with new Chrome tab isolation


Shopkit is a kit, a standalone, turnkey application


  • Kirby developer, Bastian Allgeier, is known for Zootool, and is making a living off Kirby


General Business

  • SysAdminDay Dinner - 6:00pm on Friday, 27 July 2018 at Abe Erb Restaurant in Kitchener
    • All System Administrators, Non-Profit, For-Profit, and their friends and relations are invited!


Future Topics



Accessibility

Date
Monday, 11 June 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245691598/
Location
The Chapel in First United Church, 16 William Street West, Waterloo, Ontario Map
Event Announcement
Accessibility/Announcement 2018-06-11

Is your Non-Profit organization accessible? Can your website contents be read by a text-to-speech synthesizer? By a Braille reader? With a screen magnifier? Without Javascript? In a text-only browser? Does it pass the WAVE Web Accessibility Tool validator? Does your podcast have a text transcription? Is your video described? What other accessibility tools does a SysAdmin need to manage? What legal requirements for accessibility are there?

Join other Kitcher-Waterloo Non-Profit System Administrators for examples, demonstrations and our usual round-table discussion, and perhaps a guest presentation! Everyone is welcome, you don't have to be a Non-Profit System Administrator to attend.

--Bob Jonkman & Marc Paré


Resources

Meeting Notes

Introductions
  • Everyone introduced themselves
    • Marc Paré says LibreOffice group is happening; there is money to hold a hackfest
    • Also planning a campaign for LibreOffice, not much awareness in North America
    • LO has maybe 160 million users
AODA
  • Accessibility for Ontarians with Disabilities Act
  • 2/3 way into the mandate
    • But not even 1/3 of the way there
    • McGuinty govt in 1999 claimed that we would be fully accessible by 2025
    • But not enough attention or funding supplied
    • Only recourse is Human Rights claims


  • Applies to
    • Customer service (people providing cust serv must have dignity, independence, integration, &c.)
    • Information and Communications (eg. web sites)
    • Transportation (eg. transit)
      • TTC is under fire for transgressions


  • Many accessibility features are put in place that don't provide accessibility (eg. new door requires automatic opener, but still has a step up and no ramp)


  • These are "minimum" standards,
    • eg. Elections Ontario required polling stations to exceed minimum standards, recognizing that the standards aren't adequate
    • Will these standards improve by 2025, or will these inadequacies continue to exist.
Discussion
  • The initial AODA standards were applied to government regulated organizations
    • eg. banks were amongst the first employers to apply accessibility standards
    • But the problem is that disabilities were self-declared, and so
    • Some disabilities do not require accommodation, so some people may have been hired in preference to some people that did require accommodation (cheaper to provide minimal accommodation). But the stats show that an equal number of people with disabilities were accommodated, no matter how slight or severe.


  • "People aren't against being accessible, they're against the cost of being accessible."


  • eg. accessible restaurant with accessible washroom, but no way to get from restaurant to washroom.
    • Some buildings cannot be modified to have elevators
    • Buildings with historical or heritage designation are exempt


  • Some standards apply to the customers of the establishment, not the employees or employers (might be individual accommodation for employee)
    • this is why internal websites don't have to be accessible


  • Government should be giving us tools to test websites
    • There are 109 tools listed on https://www.w3.org/WAI/ER/tools/
    • It should be easier to make an accessible website without Javascript
      • But it is possible to make an entirely inaccessible website without Javascript


  • Javascript reduces the load on the server, by performing data validation on entry, rather than on submission
    • Javascript is an opensource library
      • But there are many proprietary libraries that aren't accessible, and many opensource libraries that are modified making them inaccessible
    • How many coders can be hired to write accessible code? Cheaper to use a Javascript library than hire coders or buy servers


  • A website has four layers of functionality, the first needs to be present before the second, &c.
    • Content, semantics, layout & presentation, behaviour
    • Javascript implements website behaviour, but sometimes is used to generate content (making the page inaccessible)


  • Javascript makes response faster, but sometimes inaccessible
    • People don't want to wait for form completion (eg. loan approvals), or error responses
    • Complex websites can have many different parts,
    • The counterpart, many websites load so many libraries that it takes too long to load.
      • "Lazy loading" makes content available only when the page scrolls there
        • eg. the new CBC website (unusable on older browsers or slower computers)


  • LibreOffice has very few accessibility programmers, nobody wants to work on accessiblity issues
    • So can LO be used in an environment where accessibility is required?


  • The Assistive Devices Program only allows refresh of assistive devices once every five years
    • 5 year old technology doesn't work with slick, dynamic websites
    • Only covers 75% of the cost for the minimum device, anything fancier than minimum needs to be fully paid for


  • Is there funding to become compliant with AODA? Needs to be done within 7 years (2025)
    • Some funding for private homes (but only the front door, even if the side door is more practical)
    • Don't know if funding is available for technology


  • People who need accommodation tend to be lower income, and the good jobs are not available to those who need more accommodation than others.


  • Worried about the new provincial government; will the dream of a fully accessible Ontario be realized by 2025? Probably not.


  • Are there fines? Only through human rights complaints. There is no "accessibility police" to quickly levy a fine.
    • Human Rights can require compliance, but there may not be much adherence.
    • At the start (2000?) there were ethical organizations that made themselves compliant; now, not so much.
    • Some organizations/businesses rent their facilities, so who is responsible for accessibility? Owner or renter?


  • Wheelchair users and Self-serve gas stations: AODA compliance says you can call 24hrs in advance to have someone pump your gas.
    • That may be compliant, but it's not practical


  • For tech sites, will it be like GDPR? (General Data Protection Regulation (European Union))
    • Will sites go out of business rather than become compliant with AODA?
    • Will all sites have a popup disclaimer saying they're compliant?
    • How about other international sites? Maybe having international laws will force Ontario to be accessible faster than the AODA
    • There needs to be some international framework to standardize
      • AODA may have come from a UN standard
    • British Columbia is far more accessible (through advocacy from Rick Hansen)


  • As people age into disability, there will be more pressure to achieve accessibility


  • The pressure right now is to make services cheap;
    • Pressure to get products out before the competition means that accessibility corners are cut, possibly in violation of standards and laws


  • Universal design principles
    • Visitability for physical access isn't enough, but it's a step in the right direction.
    • There is a market for accessible homes, higher resale value for accessible homes
    • But there is no resale market for digital properties
      • But there is value in EPUB books, because the standards allow portability and derivative works; more likely to be useful in future version of the text
      • Sometimes there is just convenience in adding some accessibility, but accessibility is not an end goal



Sample sites

Back to: Accessibility



Productivity Tools

Date
Monday, 14 May 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245661086/
Location
The Parlour in First United Church, 16 William Street West, Waterloo, Ontario Map


How do SysAdmins get any work done? What software makes your life better? Which tools do you use every day? How do you use common utilities? What custom configurations do you have? Is there an application specific to your Non-Profit organization? Have you written a script to make work easier? What's your favourite productivity tool?

In concert with other NetSquared groups across the globe we're going to share tips and tricks with each other. Bring your laptop, notebook, tablet or phone, and take five minutes to show and tell us one thing -- anything at all!

--Marc Paré & Bob Jonkman


Meeting Notes

Panel discussion with attending KWNPSA members making reference to some of their most used productivity tools

  • Google Drive and GMail
    • discussion of the merits of the use of Google Drive in a working non-profit group
      • organization's GDrive is organized is group agreed-to folder hierarchy
      • documents are worked on in a collaborative format where members may work simultaneously on documents or alternatively
      • there are questions as to the efficacy of this format, where the usual format is that of having one person in charge of the document write-up while others send in their edits for discussion/debate or in a meeting setting
      • there is talk of varied results where some members have found the collaborative method as resulting in time-savings all-round with good results, while others have found it preferable to maintain file integrity without the use of collaborative tools but rather edits through correspondence with the main editor of the document
  • search options
    • discussion of the use of the "search" option ensued from a robust talk of file organization
    • for some, the organization of files in a sensible structure is paramount to organizations' electronic data (email or other data) integrity. The ease of finding information is dramatically increased if organizational skill-sets from employees/volunteers is reinforced through on-the-job training with regards to file structure/nomenclature
    • for others, some note the recent emergence of powerful "search" engines/utilities that negate the need to organize files in a systematic/sensible structure. For example, one large "received mail" without any type of indexing may be easily tapped by the use of most email software search utilities. The same may be said for files on a hardrive that follows no real structural index and where all is stored on the disc. Most searches will now return quick and accurate results.
    • discussions also centered on the need to instruct/teach/inform newly engaged employees/volunteers on the organization's prescribed file storage nomenclature. However, it is also noted that, despite all good intentions of informing employees of file structure, some develop their own structure that may not marry well into the company file structure organization.
  • cygwin [1]
    • set of Unix tools for Windows
    • still actively maintained and used for decades
    • good set of packages
    • well used by sys admins
  • MKS Toolkit [2]
    • originally built for DOS boxes
    • more Unix for Dos
    • is now maintained by PTC with latest version being released in 2017
    • not as elegant as cygwin
  • Canva [3]
    • design site for misc. projects, presentation, banners etc.
    • free for non-profits -- 1 team of up to 10 persons
    • widely used by non-profits and for-profits alike
    • style is recognizable to those who are familiar with Canva, however not so much with people unfamiliar with the Canva templates/styles
  • Nirsoft.net [4]
    • set of utility soft., scripts
    • all stored on site
  • virustotal.com [5]
    • good to check files
    • checks agains its signature database
    • owned by Google
  • Screen and Tmux -- terminal multiplexer apps
    • virtual terminal
    • terminal tabs
    • hold different terminal sessions at the same time
    • similar to Konsole (KDE) tabs, although the sessions are kept live when changing from one workstation to the next
    • does not survive a server re-boot
  • powershells
    • task automation and configuration management infrastructure for Windows
    • all used at the command prompt, Windows and Linux
    • powershell scripts are collected from various locations on the web
    • can use multiple powershells alongside each other
  • command prompt
    • still considered most useful and time-saving approach to work at command prompt


Back to: Productivity Tools



Dark Web, Hidden Services

Date
Monday, 16 April 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245564977/
Location
Upper Board Room in First United Church, 16 William Street West, Waterloo, Ontario Map
Event Announcement
Dark Web, Hidden Services/Announcement 2018-04-16

What is the Dark Web? Is it full of bad guys? What are Hidden Services? Aren't those illegal? Why would a Non-Profit organization want to use the Dark Web? Why should a Non-Profit organization make their online services available as Hidden Services? What software can we use to access the Dark Web and create Hidden Services?

We'll have a demonstration of Tor and I2P, and have a round-table discussion of the benefits and pitfalls of using them.

--Bob Jonkman & Marc Paré


Resources

Meeting Notes

  • In attendance were 14 members out of 39 signed up for the meeting.
  • Laurel video recorded session for Bob
  • Most people at the meeting are also Meetup members
  • The intent was to present both Tor as well as I2P, however, the Tor demonstration and background information took longer than expected. There will be a follow-up meeting covering I2P in August 2018.

Tor Browser - getting down and dirty with Tor - the basics

  • Bob's Tor slideshow presentation is available on KWNPSA Public Documents site
  • this presentation of the Tor browser is aimed to admins who would consider the use of Tor beneficial to their organization and members
  • Tor still needs mode of authentification
  • best practices -- use Tor as is from the official Tor website and keep it updated, Avoid any use of pre-modified Tor clients from any other sites.
  • Tor is basically a hardened version of Firefox
  • DO NOT USE BitTorrent (any client) inside of the Tor browser as the BitTorrent identifies IP addresses
    • BitTorrent does not work well on Tor
    • Q/ Can you use ghosting? A/ Not sure, but if tunnelling, will reveal your ghosting IP address but bittorent will still show data
  • Tor tends to be slow and laggy
  • The use of Tor may harm your reputation if you are found to use Tor with certain ISP's! Your IP may become exposed/found out if you make use of the wrong exit node. Some ISP's or sites may may try to ban you from any future connection, or, worse case scenario, In certain cases, there may be possibility of having your own ISP blacklisted by using Tor.
      • Using Tor may raise suspicion by legit sites, where they may wonder why the use of Tor is needed to visit their site (What do you have to hide?)
    • if you make use of some poorly chosen Tor exit nodes, they may be connected/linked to other nefarious sites.
    • Tekksavvy is good at providing Tor exit nodes, most ISP's are not relatively warm to the idea of the use of Tor
  • see slides re: Tor failure modes
    • note that CAPTCHA is hardened and will reveal your identity
  • The concept behind the Tor browser was initially conceived by the US defence project

Question (members) & Answer (Bob)

  • Why make use of a good and legit exit node? -- Helps protect your identity and also helps harden Tor for its use in countries where rights abuse is pervasive.
  • Is Tor easy to configure? -- Tor is easy to misconfigure.
  • How active is Tor's development? -- Patches are constant and often.
  • Tor breach? -- If in jurisdiction where Tor is monitored, some nefarious entry nodes could be made available through Tor traffic and may make that entry node vulnerable. German nodes (entry and exit) are popular.
  • Is there encryption node-to-node? -- Tor is onion routed and encrypted multiple times ... see slide "How Tor Works: 2"
    • The nodes (onion peels) are known only by certain devices, but not all in the nodal chains.
  • How many node layers are there? -- You may configure Tor to use as many layers as you need but 3 layers are really all you need as more layers add to latency. With the arrival of Quantum decryption, it may become easier to decrypt the Tor nodal routes, but hopefully there will be an equivalent Quantum solution for an updated Tor browser.
  • 80% of net is encrypted (https) -- However that is only for 1 layer; under Tor, layers are more numerous. Under https, we still see some list of certificate authorities that are unusual (Turkey, Tawain Telephone Service etc.), there are still some bogus certificates. The use of Tor makes it more difficult for bogus authorities to have any influence over your browsing.
  • Do we know the number of compromised exit nodes? The number of compromised exit nodes are still unknown but research on such is being done, some research, for example, is being doen at UW.
  • Can an exit node be a relay node? -- Yes. however it is not recommended to run an exit node, running a relay node is most likely safe enough.
  • is it possible to set up your exit node but only for individuals that you wish to use that particular exit node? -- Not sure. Member suggests that you could possibly use a pre-configured Tor rc file. But you would have to carry the exit node detail on some physical device and be possibly stopped at borders. Bob usually recommends using off-the-shelf hardware bought in destination country to avoid being stopped at the border.
  • Can blockchain technology be used for Tor? -- Not sure.
  • How many Tor devs? -- Tor is developed by many, some at institutions such as universities.
  • What is the adoption rate? -- Not really sure, however, making use of VPN's is popular, Tor could also be configured to do the same; therefore Tor is seeing much more takeup in some business models.
  • Does it work on cellphones? -- ORBOT, but it is extremely slow compared to Tor
  • Can we use it with VPN? -- Yes, a little more complexity is involved, but yes they do work well together.
  • Are there frequent improvements and updates of the project? -- Yes, There are hopes that perhaps streaming will work well later, but browsing websites is still a little painful.

Tor installation

  • Download from site is easy
  • Do not change the default settings, even screen size may be tracked.
    • to add a server, must add a few line to the Tor .rc file "torrc"

Round-table discussion

  • What would you use this for?
  • Use for human rights organizations, to communicate with members or view pertinent websites that are blocked in certain countries.


Back to: Dark Web, Hidden Services



File Formats

Date
Monday, 12 March 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/244120869/
Location
Upper Board Room in First United Church, 16 William Street West, Waterloo, Ontario Map

What file formats do your documents, images, spreadsheets use? Can you exchange your files with people using Macs? Linux? VMS? Will your documents survive an upgrade of your application software? Can you switch to another word processor? Image editor? Spreadsheet app? Can you still read the files from backups created years ago with different software? Can you choose the file format your application uses?

In the month of Document Freedom Day we'll look at the importance of open, well-known file formats, and compare it to closed, proprietary formats that are so prevalent today.

--Marc Paré & Bob Jonkman


Resources

Document Freedom Day
http://www.documentfreedom.org/
Document Freedom Day (DFD) is the international day to celebrate and raise awareness of Open Standards.
Digital Freedom Foundation
http://www.digitalfreedomfoundation.org/
Digital Freedom Foundation is the non-profit organization behind different International Days including Software Freedom Day, Education Freedom Day, Hardware Freedom Day and Document Freedom Day
The Document Foundation
https://www.documentfoundation.org/
The Document Foundation is proud to be the home of LibreOffice and The Document Liberation Project

Meeting Notes

What are Free/Open File formats?
  • and what are closed or proprietary formats?
Survey of participants
  • Free/open File Formats users: #
  • Proprietary File Formats users: #
Round Table Discussion
Software and applications
Free/Open File Formats
  • make list here
Closed or Proprietary Formats
  • make another list here


Corporate Surveillance

Date
Monday, 12 February 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245128116
Location
First United Church, 16 William St West, Waterloo, ON Map

How do we keep our workplaces secure? Does your organization use cameras? Does it filter web content? Check for document exfiltration? Inspect e-mail? Monitor keystrokes? Is this sneaky, underhanded spying, or merely good business practice? What are the ethics of corporate surveillance for System Administrators?

Join Kitchener-Waterloo Non-Profit System Administrators at our monthly round table meeting for a technical, philosophical and moral discussion.

--Bob Jonkman & Marc Paré


Resources

Office Audit and Control Management Server | TechSoup Canada

Meeting Notes

Notes taken by Bob Jonkman


What is Corporate Surveillance
  • Most corporate management is meant to ensure computers aren't altered, no viruses are introduced
    • Bob has worked in a place that checks all outbound e-mail for keywords, looking for data exfiltration.
    • Some exfiltration data is monitored for employees' protection, also video camera footage, so if theft occurs employees are not falsely accused
    • Some places archive e-mail for several months
      • Data retention required for legislative purposes, but can be used for forensics and surveillance


  • Is employee monitoring legal? Yes, employees sign contracts allowing this to take place, and that all data belongs to the corporation
    • Including "shower ideas", that are developed outside of company time


  • Some places allow "reasonable use" of telephone, internet.


Ethics
  • Do employees even know they're being monitored?
    • There may be pop-up messages indicating that USB-drives are inserted, &c.
    • Sometimes you see evidence of SysAdmins taking remote control


  • But would you still want to work in a place like that?
    • Very stressful to work in a place like that.
    • Washroom breaks being logged!!
    • Creepy for those being surveilled
    • Maybe employees need a guaranteed that the data will not be retained, and is secure from data theft
    • Need a union to protect the employees
      • Even when it's obvious that data on the computer is being logged and monitored
      • Is that common sense?
    • Some SysAdmins do not want to do forensics against their co-workers
      • Or even SysAdmins doing forensics against managers
      • Refusal to perform surveillance against co-workers can result in dismissal
      • Sometimes the stuff unearthed is disturbing (pornography? worse?)


  • We can all make reasonable arguments in favour of surveillance
    • But big companies have shown time and time again that they can't be trusted with the data
    • And we can't opt out
    • Data correlation can identify individuals in millions of records based on only three data points


  • Definitely unethical to sell my data collected through browsing
    • But it's OK if one company shows their products based on data they've collected previously


Internet Surveillance

Internet Surveillance Companies (ISC) provide services at no cost to the user, but their business model is based on selling those users' data


  • Google is providing a service that predicts your "needs and wants" based on analysis of big data
    • Selling it advertisers, insurance agencies, potential employers
      • "Minority Report", "Thoughtcrime"


  • The "free services" are monetized by the sale of personal data
    • Most people don't know how much, how detailed it is


  • You're constantly being given things you want to see, you want to hear
    • But it's nothing that grates you, nothing that you don't want to see
    • So your online experience is shaped in a pleasant way,
    • For someone who wants something different, the experience is not in that model
      • It's more insidious -- you're being tempted to have greater desires

Your desires are being shaped, not reflected by the collection of big data

-- Steve Izma


"5 things about TV" (get actual title from Steve Izma)

  • Subliminal advertising, designed to hit your subconscious
    • Outlawed on TV
  • There is similarity between what anti-spam laws prohibit and what ISC are doing
  • Reddit: Kids know that laws are weaker in US, consider Canada more favourable for keeping privacy
  • As a SysAdmin, if you collect data on employees, what stops ISC from gathering that data?
    • try to safeguard your employees, your company, your employers.
    • Not just stealing stored data, but data from streaming services (search, video, forums)
    • Google acts like an independent nation
    • Needs legislation; corporations will kill people for profit if not prevented by law


  • Internet Surveillance Companies give us what we want, but are they reshaping our values?
    • Culture is important, will surveillance companies change your culture?
    • People rooted in culture are more difficult to move
    • We need legislation to preserve culture; we can trust our politicians to look out for us (???)


  • (Side conversation on government subsidising Canadian culture)
    • Good: Preserves our culture
    • Bad: The good culture just moves offshore, only the mediocre Canadian stuff stays behind
      • Some producers will create anything just to attract grant money
      • Canadian funded productions are made to look like American productions; no cultural benefit to Canadians


  • Canadians need to support Canadian businesses
    • If Blackberry had been a US company, would they have been successful?
    • Lots of loyalty -- Microsoft failed in the mobile market
    • Nortel failed not because they were Canadian, but because they made poor choices


  • 19yr old believes Canada has a better grip on surveillance legislation
    • He gets a wider point of view, not just from one source


  • Regulations?
    • Canada has lots of regulations to keep data private
      • PIPEDA (Canada's Personal Information Protection and Electronic Documents Act)
      • MFIPPA (Ontario's Municipal Freedom of Information and Protection of Privacy Act)
      • PHIPA (Ontario's Personal Health Information Protection Act)
    • In the US much data privacy data is pushed by FBI; Canada's equivalent is RCMP
      • Is the funding and capability in Canada equivalent? (10% tax base of US)
      • "Five Eyes", mutual spying on each other


  • Bell has a proposal to throttle and turn off sites they find offensive
    • Done through an "independent body"; keep our content we've paid for out of pirates' hands
    • Who will monitor the Canadian web? The CRTC? Who enforces the regulations?
    • Yet another attempt by Big Media to provide services in the old model


  • Blackberry's encryption may be good, but they've still compromised themselves for large markets
Protection
  • How can we protect ourselves?
    • Don't use the main services like Google (use SearchX) or Twitter (use GNUsocial or Mastodon)
    • Use proxy services like Tor and I2P (the Dark Web)
    • Use VPN services (but how can you trust the VPN provider?)
    • Trying to do black-box analysis of "protection" sites may be hazaradous


  • As bad as our loss of privacy is, other countries have their entire access blocked (and surveilled)


  • Corporate profits always take priority over ethics
    • Not a sustainable model in many cases
    • Staff is hired to find loopholes in contracts to maximize profits
    • Corporations that go out of business are cannibalized to create new markets, improve
    • Venture Capitalists will also undermine ethics
    • Tim Wu, "The Master Switch", on how corporations shape the legislation that controls them, and how independent service providers get displaced by monopolies


  • Privately held companies (and non-profits) can still uphold their ethics

Future topics

  • Fallout from data breaches Equifax, Yahoo
    • How do these companies work? "reputation management companies"
    • Do these companies operate?
      • You can get your own data from them, legally mandated
      • There are Meta-access services that get info from all services


Back to: Corporate Surveillance



Document Storage

Date
Monday, 13 November 2017 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243067519/
Location
Queen Street Commons Cafe, 43 Queen Street South, Kitchener, Ontario Map
Event Announcement
Document Storage/Announcement 2017-11-13

How do you store your documents? Where do you store them? What software creates your documents? What software stores it? What software retrieves it? What about document indexing and searching? How do you deal with non-textual documents? What document file format do you use? Is parchment and goose-quill still best?

This month there'll be a shooting match between the Well-Known Format SysAdmins and the OpenStandards SysAdmins. But it'll be a polite shooting match at our round table discussion, with SysAdmins relating their own practices, learning new ones, and telling tall tales.

--Bob Jonkman & Marc Paré

Resources

File Storage | TechSoup Canada

Nextcloud or ownCloud


Future Venues

  • Communitech has indicated we can no longer use the Jellybean Room on Mondays
    • but the room is available on Wednesdays
      • but it's only available until 8:00pm
      • do we want to switch meeting days?
    • Marc will check if there's any availability on Mondays
      • but the cost will probably be higher ($15/hr now)


  • We were contacted by Reg from One King North Map, a coworking space
    • Reg indicated that "Also it's complimentary, so you don't have to pay for using our space to hold meetups"
    • Marc followed up with Reg and has yet to hear back from him
      • Apparently, Reg was unclear in his communication, probability of having access to this venue space does not look promising


  • Other possible venues:
    • Old school board building (Marc has contacts, will investigate)
    • Downtown Community Centre Map
      • but they require all KWNPSA attendees to purchase memberships at $15/year
      • Paul Nijjar investigated for KWLUG; it was deemed unsuitable for a non-profit group
      • Bob's notes indicate there are also meeting room fees, insurance costs, and participants under 18 years old are not allowed.
    • Descendants Beer & Beverage Co. apparently has meeting facilities. Kirk will investigate. Map

Meeting Notes

Cloud Storage
  • Microsoft Office 365
    • Lots of KWNPSA members use Office 365
    • Default installation moves documents to US servers
    • Microsoft will move documents to Canadian servers on request
      • but this may take up to seven years
    • Microsoft OneDrive was automatically installed at one organization
    • Business version of Skype can't be turned off, once it's installed!
      • It is difficult to use Business Skype with non-business instances of Skype
      • But there is finally a good GNU/Linux client for Skype, works with multiple video streams


  • Google G Suite (Google Docs)
    • Used by political organizations
      • This seems like a bad idea; want to keep political affiliations and activity away from prying eyes
    • Google Drive storage
      • Some SysAdmins have seen identical filenames in folders
        • Perhaps the User Interface hides extensions or filename suffixes
      • Maybe Google Drive uses links or pointers?
        • People move files, but they still exist in orginal locations
        • Google Mail uses flat storage of all messages, tags on each message are displayed in UI as though it is a folder structure


  • Cloud horror stories:
    • Company advertising genetic testing services stored data in the cloud
      • then sold people's personal genetic data to a pharmaceutical or insurance company
    • Genealogy company acquired data stored "freely available" from individuals' web sites
      • Now sells this data, and it is not available to the original authors
      • Suggestion: "Poison the well" by creating a "Fake Uncle Ralph" to prove authorship (see Wikipedia:Trap street)


  • Security risks
    • Commercial cloud providers will hand over customer data to authorities
      • National Security Letters -- Cloud providers may be compelled to keep this data access from their customers
    • Ensure you have a contract with a Service Level Agreement (SLA) that specifies where servers are stored (Canada? US?), how data is routed
      • Even if source and destination are both in Canada, traffic may still be routed through US and subject to snooping; Canadian data has no protection when routed through US
    • Technical means: Source Routing can specify how a packet is sent through the network (Internet)


Encrypted File Storage
  • Use VPNs to keep remote sites within your own network
  • Encrypted tunnels, eg. Secure Shell (sshfs)
  • Encrypted file systems
    • eg. Nextcloud, ownCloud
    • Must ensure that encrypted file system is not mounted on remote, unsecured server
  • Encrypted containers
  • For any corporate encryption, Additional Decryption Keys are needed
    • Any user-encrypted files or containers can be decrypted by the organization's ADK; ensures data is not lost when user forgets password or leaves the organization
  • Office 365 encryption
    • The culture for Microsoft products is less concerned with encryption (poor adoption of encrypted technologies?)


  • Encrypted Backups?
    • For backups in the cloud, or on local storage
    • Encrypted backups can become un-restorable with minor errors
      • Bob recommends making unencrypted backups, then saving them in an encrypted container; even better to keep unencrypted backups physically secure
Sharing Files
  • File permissions
    • Staff doesn't know how to use filesystem permissions, makes all files globally read/writeable
  • Use a Document Management System to assign authorization to documents
    • Access control with a DMS can be more finely tuned
    • DMS also provides benefits such as metadata and search/indexing
    • but it needs the skills of a librarian to properly catalogue documents
    • and a DMS adds another layer of abstraction; more work for the SysAdmin, more to go wrong
  • Physical file systems (file cabinets, folders) were treated better by staff than digital file systems
  • Using Roaming Profiles for shared file access
    • SysAdmin can force desktop computers to put "My Documents", "My Pictures" &c. on the server for shared and secure storage
      • Doesn't work for Windows' "My Desktop"; that folder appears to have special privileges, but we don't know how
      • Can "My Desktop" or "My Documents" be made read-only to force staff to use server storage? Doubtful
    • Thin clients don't store data locally
    • Use the Browser Local Storage? (please, no)
    • "Libraries" feature in Windows can combine several folders (from different sources) into one
  • Commercial applications for managing roaming profiles: Micro Focus ZENworks (formerly NAL, Novell Application Launcer); Intel LANdesk Manager, Computer Associates
  • Staff gets easily confused with shared filesystems
    • Folder tree changes, filename and foldername changes


Storing Binary Files
  • Music Files, photos, video, CAD drawings, &c.
  • Using Google Drive is not efficient for binary files, better to keep on local (non-cloud) storage
    • Post-production for music can't be done online
  • Cloud services need cloud-based client software to manage binary files
    • Google Docs does not have a good music client to manage music file for an orchestra
    • But Google Docs has good photo apps


USB Sticks or Thumbdrives
  • How to prevent the use of USB drives?
    • Physically hotglue the USB ports on organizations' computers
    • Pop up a warning to the user when USB device is inserted
    • Lock the computer when a USB device is inserted
  • Worried about "Parking Lot USBs" (USB drives found in the parking lot, may contain malicious payload)
    • Physical attacks through high-voltage discharges (see https://usbkill.com/ )
    • The only protection against physical attacks is physical protection


Future Topics

  • Document Management: There are specialized software tools to manage your documents, provide version control, allow staff to checkout documents for exclusive access, and to provide indexing and search tools. What do you use?
  • Encryption How do encrypted file systems work? Demonstration/Workshop on creating encrypted file containers.
  • Microsoft Evening (do they still provide sponsorship? Marc will check with Eli)



Markup Languages and Note Taking

Date
Monday, 16 October 2017 from 7:00pm to 9:00pm
(Thanksgiving! Scheduled for the 2nd non-holiday Monday of the month)
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243068343/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

How do you take notes? What software exists for note taking? What markup language is best for taking notes? Are your notes available on your phone or tablet? How do you synchronize them? How do you publish your notes online? When is it better to use a Note Taking application rather than a proper Word Processor?

This month we invite all the devotees of MarkDown, WikiText, MoinMoin, YAML, and LaTeX to contribute to the discussion at our round table.

--Marc Paré & Bob Jonkman


Resources

Note-taking applications
Markup Languages
Markup Editors

On creating a standard Markup Language:

standards.png
Fortunately, the charging one has been solved now that we've all standardized on mini-USB. Or is it micro-USB? Shit.



Meeting Notes

Practices
  • Bob edits notes directly into MediaWiki (but only at KWNPSA)
    • Has tried Sticky Notes, Xpad, not suitable
    • mounts website locally, edits with his text editor, saves directly to website
    • Writes notes in notebook, transcribes to wiki, then copies generated HTML source to destination website


  • Steve's practice is to separate content from form
    • Create content first, but in a way that it's easy to add formatting stuff later on
      • WordProcessing doesn't do that, tries to do them both
      • WP tries to be an operating system
      • On all principles, WP are bad
      • But LibreOffice tries to fix that, its internal format is not proprietary
      • Valuable for
    • When writing, be concerned primarily with content, secondarily with syntax, format
      • Can always add typographical content (the markup) afterwards
    • eg. Wordcount isn't really needed, can't do it accurately by examining marked-up text
    • Steve uses his own markup, similar to Markdown, related to groff
      • Only worries about paragraph breaks and lists, maybe section headers
      • Does not want ML to interpret line breaks, unless there's two in a row
      • Always works in Linux, so LF only
    • Steve uses AWK script to render text,
      • But how to apply markup to a previous line?
    • Uses VIMperator in Firefox to edit online content


  • Kirk managed documentation in SGML using James Clark's DSSSL processor called "Jade" to generate RTF, TeX, PDF(?)
    • DSSSL == Wikipedia:Document Style Semantics and Specification Language
    • James Clark also wrote groff, modelled on SoftQuad troff
    • Schema for SGML was DocBook
    • None of which gave the results, so he used
    • DocBook in XML
    • Kirk wrote a stylesheet in XSLT to turn DocBook into XML for LibreOffice
      • "compiled" documentation, literally using "make"
    • XML provides rigid consistency, important to typographers
    • Also created WinHelp files with DSSSL
      • Also tried to create TeX files
    • The important part is that a single source document created multiple output file formats


  • Nick
    • Taking notes for school,
      • OneNote can be handy, good for finding notes and subcategories
    • Adapting different note taking for different purposes, even sticky notes
    • Different apps are suitable to different purposes
    • Short term is good with StickyNotes or Xpad
      • Version of StickyNotes with Win10 is colourizable
    • November is NaNoWriMo month,
      • Use OneNote is nice because it organizes a lot of notes, eg research, character development
      • But not for the actual manuscript, use a WP for that
    • There's a StickyNotes app for Android: Search F-Droid for "Sticky Notes"
    • Different situatation: Academic, professional, hobby -- all have different requirements, different needs
    • How to do the website?
      • Not his website, done on webs.com
      • Needed to directly edit HTML in webs.com, no feature to FTP content
      • The webs.com HTML viewer is not so great, uses his browser to download source, converts to PDF for a rough idea, then copy'n'paste back into the site
    • Notepad++ has nice indenting
    • Nick's site is largely static, but needs to update meeting events
      • Gets content from HTML e-mail, imports to Word, saves as HTML, then massages by hand (Word generates very verbose HTML)
      • this is a pretty common technique with other SysAdmins


  • Raymond
    • Casual note taking (temporary), eg library cards
      • Needs to do it on the cellphone
      • Notetaker on iPhone
      • Google Keep on Android --
        • Has checklists! Good feature!
        • Google Notebook was good, no longer exists
      • Uses computer to enter content for reading on cell phone
    • For serious notetaking
      • Started with text files, but that's a problem, eg. need diagrams, searching
      • Searchable is a top requirement
      • Offline use is important
        • Bob has horror story: taking notes at KWNPSA directly into wiki, closed laptop, needed to recover document from browser cache
      • Organization is important,
      • Re-ordering, re-sorting
    • Javascript, programming
    • Using Evernote for a long time
      • Has a limit on the traffic, now restricted to two devices (annoying with Macbook, cell phone, office desktop)
      • Can search, even text in pictures.
      • Free (as in gratis)
      • Crossplatform
      • Evernote and StickyNote can synchronize!
    • Tried OneNote years ago, didn't work well
      • Formatting or search ability wasn't good enough


  • Mojtaba is not a heavy note taker
    • Tried OneNote
    • gedit and vim on the desktop
    • Google Notes on the phone
    • Plain text!
    • Does programming with vim
      • just search through directories with egrep
General Musings
  • Raymond has used Atom.io competitor Sublime Text
  • Mojtaba has used vundle (package manager for vim)


  • People using online apps to synchronize between devices
  • OneNote does not have an import/export function
    • Raymond can set up a channel ifttt (If This Then That)
    • But OneNote is too proprietary to get stuff out (export)


  • Steve: Organize stuff in a file system to make it easy to find
    • Doc files in one subdir, PDF in another, then create a "logfile" to locate stuff
    • Keep notes organized by project, more concerned with content


Tech stuff
  • How is a "schema" different from the ML?
    • SGML and XML are serialization formats, taking data and turning it into one long stream of characters
    • DocBook and DITA are schemas that specify the allowable data elements eg, a DTD in HTML or SGML
    • XSLTProc using DocBook stylesheets to render HTML


  • LaTeX is a superset for Tex
    • Much more structured
    • But easier to use
    • And probably faster to describe things like formulas
    • groff is pretty much the same syntax for marking up math
    • Every computer science and math student needs to know TeX
    • Built-in font is "Computer Modern"
      • But there are commands to change to any other font for better legibility
    • Donald Knuth wrote "metafont" to create fonts, TeX to do page layout
    • Tex is primarily layout and presentation, LaTeX adds semantics
      • Steve gives a brief overview of LaTeX document structure, logical and strict
  • In typesetting
    • Authors are just concerned about appearance
    • Typesetters want more document structure
    • groff is a typesetting language
    • runoff for running online printers in the 1960s
    • Bell Labs operating system created to generate output
      • "We'll write you a typesetting language", just need an OS so they created Unix
      • troff was the result "typeset and runoff"
        • Author died suddenly, Brian Kernighan needed to reverse-engineer the code, rewrote in C
      • SoftQuad got rights to the troff code, developed it before "SGML handbook", HoTMetaL
        • Tied to Coach House Press


  • Reminiscing about the old days when you could still talk to people in charge of major industries
    • Phototypesetting: Steve gives a brief history


  • Mindmapping tools
    • Freeplane:
      • Lots of features
      • Non-linear editing
      • decorate with icons
      • Lua scripting language
    • Freemind is another
      • Both Java applications, for platform independence?
      • Mindmanager is a commercial version for Windows
    • Similar to WP outlining feature
      • But you need to scroll up and down to find things


  • Spectrum of file formats
    • From binary data with human read-only output
    • to readable input formats
    • eg. JSON format is not a good human-readable language
    • eg. YAML is for machine readable, not human
    • XML is not as human-readable as Markdown either
    • Markdown is an incomplete language, can't deal with some formatting issues
      • Lists are a problem (but there is the pipe character
    • Makes sense for XML to be more strict
      • Machine needs to read the DOM


  • Sometimes meaning of document structure disappears for human readers when a stylesheet is applied that alters appearance


  • Typographic needs a structure like XML
    • Can contain markup content that is not rendered, but gives typographic instructions
      • eg. command to kern a paragraph
    • Steve uses attributes as non-content typographic instructions
    • If you need to pass structural data use XML
    • Markup languages can target either humans or machines
    • The more complicated the document structure, the more you need a non-human-readable format like XML
  • Books with indices lend themselves to XML
    • also bibliographies, very strict for punctuation and capitalization
    • Steve can apply scripts to a document to apply structure, strip out what the author has done
      • Generate Tables fo Content from marked up content, don't cut'n'paste
      • DRY - Don't Repeat Yourself


  • What is the format that uses separate lines for markup, eg.
Heading
=======

Subheading
----------


Requirements
  • SGML and HTML and XML aren't meant for writing, but for semantic meaning
    • More of an interchange format
    • Editors need to be for getting content into the editor quickly
    • Choose an editor or Markup Language for "pretty", how it appears
    • or choose an editor/ML for semantic meaning


Future topics



Project Management

Date
Monday, 18 September 2017 from 7:00pm to 8:30pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243066154/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What is Project Management? How do SysAdmins provide support to Project Managers? What kind of projects directly affect SysAdmins? Do Non-Profit SysAdmins manage projects? What tools are available for project management? What server-based software exists for project management? Who provides outsourced project management? What standards exist for project management? What certification?

Let's bring together SysAdmins and Project Managers to discuss the state of the art. As always, we'll have round table discussion to ask questions, provide expertise, and share stories of past experiences.

--Bob Jonkman & Marc Paré


Resources

Project Management | Techsoup Canada

The Project Management Association of Canada

Canada's Technology Triangle Chapter | PMI | Project Management Institute

Wikipedia:Project Management


(unrelated) https://www.adminadminpodcast.co.uk/

These guys talk about being an IT administrator, whether thats a local
desktop engineer, a cloud-native specialist deploying to cloud hosting
platforms running Linux, or an enterprise Windows admin...

Meeting Notes

  • Sponsorships
    • We like NetSquared and TechSoup, but don't want the KWNPSA direction dicated by the sponsors
    • Stickers were distributed!
  • NaNoWriMo - National Novel Writing Month - good tie-in with Document Storage
    • Discussing backups and formatting and document semantics
  • File Formats -- tie-in with Document Freedom Day in March
  • Introductions - SysAdmins, Typesetters, Software Testers, Software Developers, Teachers
    • Not a single Project Manager, but all these projects!
What is Project Management?
  • What is a project?
    • Has a start and deadline, must have a goal, and measure of success
    • Certain kinds of reports, eg. financial statistics, not part of the normal booking routine, eg. grant proposal, eg. special audit
    • Contrast with regular operations, which may still have a continuous improvement goal
  • Always implies collaboration, eg. a book


  • Tasks of project management
    • Eliminate Redundancies
    • Optimizing the whole project, costs, resources,
    • Set constraints and scope of the project
    • Scheduling
    • Distributing the responsibilities of labour and resources


SysAdmin role in Project Management
  • Sometimes SysAdmin is the Project Manager
  • Some projects start internally, others are imposed externally
    • Server upgrades, reports and time estimates for operations
  • Small companies may not have large project teams, people wear many hats
  • Sometimes no diff between PM, Team Leader, Department Head
    • Who are the "boots on the ground"?
    • Again, communication flows are important, making sure it happens smootly.
    • Avoid animosity by keeping communications open. There's not software for that
    • Even software like Slack doesn't achieve this, needs people-to-people communication. Needs change, software doesn't keep up.
  • Time estimates are horrible to figure out in IT
    • Need buffer time,
    • SysAdmin will have a good idea of time needed to perform tasks.


Software
  • Manual techniques like sticky notes and whiteboards
    • Gets transferred to software
    • Requires stakeholders in a meeting, maybe video conference, not asynchronous tools like e-mail
      • But getting contributions in a live meeting may be tough. After the meeting people finally got involved by sending e-mail
      • Keeping the tone collegial is everyone's task, but bridge-building is definitely a skill for PMs
  • Concurrence: Multiple people may need to access (Read/Write) the project data
    • Is concurrence necessarily the best data management practice?
      • We had vigorous discussion on the merits of document concurrency
        • Good for managing sub-tasks, not good for overall project coherence
    • Lose focus of the project with too many simultaneous changes
  • Software licencing can be onerous -- cost of software, seat licenses, and audits


Specific apps
  • Symantec Timeline circa 1998.
  • Microsoft Project
  • Project Libre
    • Open Source has XML data format, anyone can read the data without having the software
Project Management Standards and Certification

(wasn't discussed in the time available)

Stories
  • Management dictates timelines, despite project management best practices
  • Management dictates "buy from the lowest bidder", not based on project requiremetns
  • Management dictates "Put the dev stuff into production", not following proper dev-test-prod protocols
  • There is a gap for project managers that have one foot in the software dev world and another foot in the communications field
    • PMs spend a lot of time speaking to both developers and management
    • Need to teach better communication skills to developers to speak to Management
      • although Management may not have the communications skills to listen to developers
  • Discussion on the "Mythical Man Month", the book of project management gotchas
    • Skunkworks may be more efficient and effective than following the full Project Management procedures


Monetization

Date
Monday, 21 August 2017 from 7:00pm to 9:00pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/241820045/ iCal
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

How can a Non-Profit organization raise money from their services? Can a Not-For-Profit organization make a profit? Why do some NonProfit organizations have separate corporate entities for fundraising and their core business? How do NonProfit SysAdmins manage crowdfunding? How does monetization affect NonProfit status? How does monetization affect legislation concerning mailing lists? What does the NonProfit SysAdmin need to know to enable monetization on the Internet? What software exists to enable monetization?

Join us to discuss these and other ideas for monetization.

--Marc Paré & Bob Jonkman


Resources

Which Crowdfunding Platform Is Best for Your Nonprofit? | TechSoup Canada

Canada's Law on Spam and Other Electronic Threats - Home - Canada's Anti-Spam Legislation


Meeting Notes

What NonProfit Organizations sell stuff?
  • Publishing companies
  • Food co-ops
  • Musical societies (CDs, services)
  • Event admission for political groups, rallies
Two companies?
  • If activities don't fit within the mission statement, then CRA may consider it a separate, for-profit company
  • Charitable companies are particularly vulnerable, hassled by CRA
Drawbacks to monetization
  • Need End-of-year reports, tax knowledge
  • Need an audit/auditor over a certain amount (maybe $100K?)
  • Tricky to justify certain kinds of income, esp if there is significant profit
    • Need a budget that justifies certain expenses eg. equipment
  • People don't have enough knowledge of IT systems to use them properly
    • Using spreadsheets that don't integrate with financial systems
      • But still better than a Word Document
    • Frustrating for SysAdmins, who need to provide support
    • No user knowledge of version control, journalling, &c.
  • The Treasurer position of a NonProfit has frequent turnover, no continuity
    • Treasurer may be volunteer, unskilled for the task
  • Some NonProfits deal with esoteric financials (book sales, royalties), may not have a system in packaged software
  • Need specific information that the grant agency (that provides funds) wants to see
  • Concerns with transparency, opening the books for the public
  • Who maintains privacy of finances?
    • Need a designated Privacy Officer


Methods of monetization
  • "Legacy Gifts": Larger groups (orchestras?) are pitching bequeathing estates as donations, triggered by a will.
    • Important to performance groups, as their audience ages
    • In Europe, cities a fraction of the size of KW get government funding for the arts, so fundraising not necessary
    • In Canada there are people hired by NonProfit art and performance organizations to do nothing but acquire funding through donations
  • Integrate small NonProfit groups into the finances of a larger organization, eg. at a University
    • But the reporting needs may not be adequate.
  • Need to know about methods for funding proposals
    • Software? Forms? Documents?
  • http://career.publicoutreachgroup.com/ Facilitates fundraising for non-profits
  • Community Foundations will organize the funding for NonProfits, eg. Kitchener-Waterloo Community Foundation
    • Other arts groups set up their own foundations, eg. KW Symphony
    • Or set up your own foundation, then the KW Community Foundation will provide the administration for it


What does a SysAdmin do to enable monetization?
  • Not too interested in accounting
  • Shopping carts on websites
    • Not done internally, this gets contracted out
  • Point-of-sale systems?
    • Need to combine with sales data from other systems
  • Provide integration to other systems
  • Select and set up Crowdfunding platforms
Crowdfunding
  • Has Crowdfunding passed its peak? It was the big thing two or three years ago.
  • What criteria are used to select a Crowdfunding source?
  • Techsoup: https://www.techsoupcanada.ca/en/community/blog/which-crowdfunding-platform-is-best-for-your-nonprofit
  • Centre for Social Innovation in Toronto:
    • Bring your own audience, your own following, before starting the campaign
    • Pretty much everyone involved already needs to be in place
    • Crowdfunding sites don't necessarily increase your reach, or attract more contributors
    • Crowdfunding is good for devices, eg. Pebble Watch
  • If you haven't reached your funding level in three months, it's not likely to fly
  • There are "Crowdfunding Brokers"
    • providing Consultancy, advocacy,
    • Centre for Social Innovation trying to get social advocacy agencies involved (two or three years ago)
  • City of Waterloo had a program to crowdfund Civic Improvements
    • Had their own website
    • People proposed their own projects, advocated for them, got the funding. Then the City would implement them.
      • Thorough failure... People did not want to give money for things they had already paid for through taxes
  • Education: Raising money for supplies, program was halted by the Ministry of Education: "We already provide funding for that."
Financial Software

Needs dedicated staff to manage privacy issues, but if your NonProfit Org has enough staff to maintain it, it's very effective

  • Purchasing financial software also purchases the skills and expertise of building such a system (Lawyers, accountants)
    • A way of recording transactions without requiring the expertise of accountants
    • Avoid bitrot (spreadsheets may not be the same from one year to the next)
  • QuickBooks?
    • Has a non-profit module
    • QuickBooks is common, but doesn't provide the detail for non-profits
      • eg. selling worldwide through Amazon, QuickBooks doesn't provide geographic customer data
    • Dedicated software provides more granularity in recording transactions.
    • with QuickBooks you still need other tools to record other data
  • Spreadsheets are prone to user error, eg. changing or deleting a formula
  • Orgs hold fundraisers to pay for events
    • Events themselves may raise funds through admission fees
  • There exists fundraising software
    • Similar to contact management software, eg. CiviCRM, Sales Force Automation, Symantec ACT!
    • CiviCRM provides metrics, eg. number and amount of donations
      • Metrics are really important for donations and ticket sales
    • Good for larger NonProfit orgs, too complicated for small ones
    • And with a list of donors, privacy becomes a concern
    • Some integrates well with financial/accounting software
    • Detects patterns of donations, sends out requests only at the correct intervals, or when donors are ready
    • Coordinates with maturity of investments held by donors, when NonProfits can get a pledge.
    • Good software can snipe other NonProfits looking for donations
  • "Grant Station" (subscription software, available through TechSoup)
    • TechSoup subscription is more flexible (cheaper) than purchasing directly from Grant Station
    • Provides a list of Canadian and American grant agencies
    • helps prepare online pitches for donations
    • Hones your skills in preparing grant applications
  • "Canada Donates" is also useful for NonProfits
Accounting software:

http://www.techsoupcanada.ca/en/taxonomy/term/287

  • Newviews
  • QuickBooks
  • MYOB (Mind Your Own Business) (defunct? Only in Australia?)
  • Microsoft Money
  • GNUcash (Free Software)
  • Scrooge (chequebook model, not really for NonProfits) (FS, KDE)
  • FrontAccounting (ERP)
Tax Software


"If you're looking to monetize your NonProfit group, joining TechSoup is very beneficial." (spontaneous endorsement from KWNPSA attendee)



(KWNPSA Upcoming Events)
(KWNPSA Past Events)
(KWNPSA Meeting Notes on one page)
(KWNPSA Requested Topics)

All the NPSA Meeting Notes on one page


Education

Date
Monday, 13 May 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/255614075/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map

Is your Non-Profit an educational organization? As its main function? Or is teaching one of many services you offer? What do you teach? How do you teach it? Do you have classrooms? With computers? What software do you use for teaching in the classroom? Do you have online courses? What online software do you use online? How do you establish your curriculum? How do you perform evaluations? How do you track student progress? Do you work with other educational institutions? Other certifying agencies? What constraints to they impose on your teaching programs?

We'll have a demonstration of Moodle by Marc Paré and perhaps a representative from KW's Desire To Learn. And, of course, we'll have a Round Table discussion on how each of us are managing our organizations education needs.

--Marc Paré & Bob Jonkman




Resources


Back to: Education



Software Testing

Date
Monday, 8 April 2019 Year from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/260073069/
Location
Room 1300 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map

If you work in software development, how much of your job involves testing? If you're a project manager, do you work closely with the testers to keep an eye on their results and bug reports as a project progresses? If you are a developer, do you do your own unit testing and work with testers on test plan reviews and fix the bugs they find when they do integration and regression testing? If you are a software tester, how do you balance the need to be thorough with the need to deliver on time? How does that affect writing test plans? When a project team has to deal with a lot of changes in the middle of development and testing, how do you cope with updating test plans with limited time? Since you should be considerate when reporting bugs in software, especially when people have worked hard on it, how can you do this tactfully? How do testers work with people like technical writers who use test plans as a reference when writing documentation like user manuals?

Nicholas Collins, a long-time member of KWNSPA and a professional software tester will give us an overview of the deep art of testing software.


--Bob Jonkman & Marc Paré




Resources


One of James Bach's talks on YouTube



Meeting Notes

  • Introductions


  • Nicholas Collins
    • Software tester for a few years, knowledge of how his company works
    • But two years isn't a long time compared to some software testers
    • Nick has prepared notes, will be presenting slightly differently from other KWNPSA sessions
    • SysAdmin in insurance industry; laid off (as are many of us); back to school to upgrade IT skills
    • Uses Visual Studio, C#, other languages
    • People he's met were developers, or business-specific skills; when software testers are needed these people are thrust into the role
    • This might change as more universities offer software testing as a major
    • There are very few courses or certificates in software testing, more prevalent in the US
      • but Fanshawe college in London has a certificate program
    • Some institutions have a couple of courses in tech writing, project management, quality management; maybe a night course in software quality testing
    • Without academic rigour, different people use different terminology, nomenclature
      • "Should I know what all these different terms mean?" But it's fairly common with other software testers Nick has spoken to
    • At Microsoft, developers use their development skills to write tests. Needs more skills than just coding
      • Microsoft has internal courses to train testers how to test software
      • Get promoted to full developer once you've proven you can write tests
    • people use Terminology like "Post-mortem" (although nobody dies), mix up "Milestone" and "Benchmark", &c.
    • Software testing is the start for a developer's career, then to DevOps
      • Does this mean the most junior, inexperienced programmers are responsible for testing software?
    • Nick: large companies use junior testers to run tests, senior testers to supervise
    • During an upgrade Nick (a programmer at the time) did testing for the Database Analyst
      • But a junior intern was assigned to that role as well, just to gain experience.
      • Worked out details at a high level, then applied tests to get results


  • Project Managers take different approaches


  • You can always think of more tests
    • It's a fine balance between staying on schedule and being thorough
    • Walkthroughs and working in a team can be helpful


  • Some testing instructors do not like teaching from texts
    • eg. "Software Testing" by Yogesh Singh
    • But Nicholas gets good ideas from texts, doesn't agree with those testing instructors
    • THe problem is that the authors suffer from "Perfect Worldism"
      • A world where there is unlimited time and money, and the perfect tests can be developed
    • Nicholas has experience with sticky problems, gets ideas from texts to adapt to his problem



  • Even the simplest test "is A < 70 ?" can have seven or eight tests

FlowchartExampleResized.png

    • Test results, but also overflows, boundaries, different data types
    • Input validation can require many tests


  • Working with other people, eg. technical writers
    • For them to understand the software they'll play with the software, and may create unanticipated conditions
    • Everyone can be a software tester to some degree: Project manager, developer, writer. Even sales?
    • Sometimes testers find problems with usability as they're running tests; not part of the test suite


  • How effective are some of these ad-hoc testers?
    • Is there a bias? Do they have some incentive to pass tests even when there are problems?
      • Sometimes a QA will hold back tests that would have been better to give to the developer in the first place
    • Accessibility testing is a new skill for QA, may become a testing requirement
    • Business Analyst (BA), developer and tester make a good team
      • Sometimes the process of testing will identify the need for more testing


  • Reporting bugs
    • Requires consideration, tact


  • Test plans may need to be developed quickly
    • But near the end of a project when time is tight there may not be time to develop tests
    • So quality of code may suffer near the end of the project
      • Breaking things during testing that no-one has time to fix


  • Automated testing?
    • Nick has experience with automated regression testing
    • Automated regression testing reduces the introduction of new bugs


  • Open Broadcaster Software
    • Used to catch all activity during user testing
    • Also use Virtual Box recorder uses host to capture all the output on the VM screen


  • "Monkey Testing"
    • Also "fuzz testing" or "fuzzing"
    • Fill all fields, try to overflow, pound on the keyboard, click as fast as possible
      • But this this does not lead to reproducible errors (fine timing errors)
      • Although some testers claim they can reproduce


  • Pride in finding bugs?
    • Nick finds that the "high five" time should occur only after the entire team has identified, reported, documented, and fixed the error, and re-tested


  • Load testing
    • Hitting a system with a large number of transactions, &c.
    • But a bogged down system may not be writing to logs, making analysis difficult
    • A benefit in load testing is adding assertions, find issues with threads
      • Assertions and Singletons...
    • Be sure to validate the output even when just testing for capacity


  • Nick has written a test for XML testing
    • But the code Nick wrote was not well tested at all! Oh, the irony!


  • Q: Do you use debugger software like GDB to examine the flow of code?
  • A: Not common, but becoming more prevalent.
    • Certainly having a debugger to throw at the code is nice to have
    • But much testing is done with the software under test as a black box, just examine the input and the expected output


  • Nick speaks of the complexity of software testing.
    • One thing works fine by itself, and other thing does too, but do they work together?
    • Different software on different platform needs to interoperate, but sometimes differences in date formats causes problems
      • although each platform by itself passed all tests
    • Dealing with currencies, eg. USD and CAD, and GBP
    • Dealing with leap years and 29 February
    • General rule: Anything date sensitive needs to test for leap years
      • and time zones! Anything dealing with calendars needs to worry about time zones


  • What happens internationally when different countries need to interoperate?
    • Companies have service contracts that define how the service is implemented
      • If the system is changed, the contract defines who is responsible for continued interoperation
      • If I make a change and it breaks your system, it's your fault for not defining the contract accurately
      • called "spring contracts"


  • Nick gives an example from James ---- YouTube video ("nominal input voltage is 100VAC to 250VAC")

VoltageExampleResized.png

    • "Test the nominal range" is an incomplete answer
    • Also need to test outside the range
    • The user manual may give advice not to go outside the nominal range, but users don't necessarily read the manual
    • So, does the system fail gracefully outside the nominal range?
    • This is the function of the software tester, to design the test to ensure that software or equipment is failsafe
      • eg. for medical equipment
      • How much money is available to fry the device under test? Some prototypes may be really expensive
      • Many examples of people damaging electronics with incorrect application of voltage!
    • It's good for testers to think outside the parameters of the system


  • Testing to ensure system has a consistent look and feel
    • eg. fonts on some menus were different
      • Is that a software testers responsibility? Sometimes as an additional task
      • There are tools (overlays, templates) to find these issues
    • Window resizing can make the application fail, but there need to be limits for those tests
    • Testing for "greyed out" functions can be time consuming
      • When a function is available when it shouldn't be can result in errors
    • These are general things for a tester to keep in mind


  • Systems that have features which have little to do with each other
    • Easy to test they're not contending for resources, &c.
    • But still important to run these features simultaneous to shake loose bugs, eg. memory allocation, concurrent DB access
    • Perhaps a simple monitor with limited functions: But what if something goes wrong, does the device report an error?


  • Client-side data validation: All testing needs to be duplicated at the server to ensure malusers don't bypass client-side validation
    • But that increases load on the server


  • Logging
    • Logs may indicate problems with the way the code executes, eg. repeated log entries indicate an invalid loop
    • Circular reasoning: How can the logs from software under test be considered
      • Logs are only one step, begin the process of analysis
      • NewRelic will test user experience (surveillance software)


  • Nick has found bugs because the test suites are well designed
    • But at least half the time the bugs discovered were found in spite of the test, which was not designed to find that kind of bug


  • Q&A
    • Is the developer + tester model usable?
      • May be a bit scary for shops not set up for that collaborative arrangement
    • Nick says to just forge ahead.
      • Having experience is good, but can also develop that experience in-house
    • Worries about the coming requirements for accessibility for software
      • May take changes in coding practices (use POSH: Plain Ol' Semantic HTML instead of Javascripted forms)
      • Jurisdictional differences may be difficult to deal with


Back to: Software Testing



Network Security

Date
Monday, 11 March 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/257702185/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map


We've talked about Malware and the importance of Keeping Computers Up To Date, and even just about The Things We Should Fear. But what new hazards are unveiled when you connect two or more computers together? When some of those computers aren't on your own network? When malusers are out there trying to break into your network? When you're actually inviting everyone into your network by running servers and services? Should you just outsource everything? Or are there tools available for the Non-Profit SysAdmin to help secure your networks?

We'll talk about the hazards of running a public network, and go over a list of tools and software.

--Marc Paré & Bob Jonkman




Resources

  • Firewalls
    • The most secure firewall: Nipper for Electronic Wire (Old).png
    • Another secure firewall: pfSense
  • Intrusion Detection Software
  • Pen Testing apps



Meeting Notes

Spoke about resources, war stories


  • Proprietary mail systems
    • Errors in implementation, makes mail inaccessible, or sends mail when unwanted.
    • Corporate culture prevents people from speaking of security flaws


  • Bugs in the software
  • Errors in procedures


The Cloud
  • "If the data was in the cloud it would have been safe"
  • What is The Cloud?
    • Somebody manages the servers, still subject to human error
    • But reduces the human interaction that is needed
    • Maybe if everything is run by robots...
      • But that's not the way Nonprofits operate, engaging people to be more involved


  • Open Source groups want more interaction, so still room for error
    • eg. LibreOffice: Get a professional to manage website? Or keep local group involvement? No to robots


  • Robots have programmers too
    • One more level of abstraction


  • Problems solved?
    • Email spoofing, phishing schemes: Joe Jobs, third-party addressbooks breached
    • Could contact the apparent sender, but that person may not be involved in the message at all


Tour of pfSense

Bob Jonkman logged into his live pfSense installation and stepped through each of the menu items.


Multiple connections to isolate traffic
  • While Bob's installation has only two connections (WAN, LAN), it is possible to isolate Internet-facing servers on their own network connection (DMZ) to isolate that traffic from the internal LAN.
  • pfSense supports many network connections, useful for separate campus sites


Back to: Network Security



Gaming

Date
Monday, 11 February 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/256359263/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Gaming/Announcement 2019-02-11

Are you a gamer? Wouldn't it be great to play games during work? Are you a game designer? What role does gamification have in Non-Profit organizations? Can gamification make a SysAdmin's life easier? What value do games have in the Non-Profit sector?

Join our round-table discussion on Gaming, and share your views.


--Bob Jonkman & Marc Paré


Resources


Meeting Notes

Encouraging Gaming
  • Gamification of Disaster Recovery
    • Playing a role playing game
    • Roll the dice "Your mail server has failed"
    • Good for scenarios
    • Needs a Dungeon Master who understands security


  • Gamification of server uptime
    • One SysAdmin has a server with 1000 days uptime
    • Challenge other SysAdmins to do it too
    • Ensures SysAdmins will coddle the server to ensure uptime


  • Movie effects for computer screens
    • Don't look like reality, more like computer games
    • But tools are trying to look like games
    • Want more customers to use their products
      • Security products (eg) are hard to use
      • Making the UI easier, more exciting to use
      • Trying to keep the user on the device as much as possible
      • Targetting today's users who are gamers
      • Try to concentrate attention on the things that need attention


  • 12 hour operator shifts
    • Very tiring, trying to spot "hacker" anomalies in gigabytes of data
    • The job doesn't get done, staff doesn't care after a few days
    • If the system had been gamified it might have made the job better
      • But mostly it seems a management problem for having 12 hour shifts
    • But gamers are in front of monitors that long, don't have the apathy problem


  • Can World Of Warcraft design be used to analyze logs?
    • Players are unknowingly doing the work while playing the game
    • But what gets attention is based on what the player finds fun
  • May be similar to using spare CPU cycles to do bitcoin


  • Have a reward attached to success
    • But in some cases there's no control, so success is not based on work but luck and gamification won't work


  • Games are visually appealing and attractive
  • Competition is appealing


  • Re-Captcha has gamified proofreading
    • Spread out the work to millions, make it fun
    • Purpose for captcha owner may not be access control, but OCR improvement, traffic AI optimization


  • "Sex and violence moves the world forward"
    • Porn has driven technology: Hi-res, accurate skin tones; VHS technology; video streaming
    • And the military has pushed technology too


  • Sometimes gamification gets in the way
    • "You have won this case number 54321!" is just annoying
    • Trying to fool employees backfires, recognized by employees
  • But maybe if the gamification could be switched off


  • An experienced worker can do more without gamification
    • But his attitude was that life is one big game


  • Young people develop new skills that older people don't have
    • This affects how they approach gamification


  • "War Games"
    • Using games to make serious tasks go better
    • Also, how much control do you turn over to the computer?
  • Has become reality - military drone operators


  • US Military had an RPG for recruiting
    • Very realistic, eg. speed for loading a rifle
    • Intent to get people familiar with army life before recruiting them


  • DARPA Challenge
    • Started as a monetary reward for specific goals
      • 100 metre autonomous vehicles in 2004
      • 100 km autonomous vehicles in 2005 (xxxxxx check dates!


  • People in finance and politics use gamification
    • eg. "First Past The Post" is a horse racing analogy


  • Different rewards are effective for different groups
    • eg. Grade 3 kids may be influenced by a reward of bubblegum, but not Grade 8 kids


  • Bread and Circuses
    • Roman Warriors went from lean survivalists to entertainment
    • Games became a distraction, so young people no longer wanted to be warriors


  • Games in any environment have limits and rules
    • The objective is to be attained by following those limits and rules
    • The effects games have on social cohesion and morale are defined by those limits and rules
    • Not just rote and repetition, but applying strategy


Preventing Gaming
  • User Friendly cartoons about Doom on the LAN


  • SysAdmins wanted to prevent smart phones, more work to provide bandwidth


  • Security concerns with using personal devices in work
    • Accessing corporate data with personal devices


  • But people found these devices made their work more fun


  • Is there any way to run a corporation without using some kind of gamification?
    • Boring, routine jobs need it
    • But some people just aren't suited to that kind of work
    • People who can remain focussed on routine work are scarce, but may not benefit from gamification
    • People have to be interested in the objective


  • Gold Farmers are playing a capitalist metagame


  • It should be possible to roboticize the work to make gamification customized
    • But then it is probably possible to automate the work directly, no longer requiring a worker


  • There are programs to monitor online behaviour to identify mental health issues


Categories of motivation

  1. Mastery of skill
  2. Exploratoin/ Discovery
  3. Competition
  4. Cooperation


  • How does cooperation and collaboration help with work?
  • Competition:
    • Nobody wants to be the laggard in the group
    • Competition is a loaded word in our society
    • But a notion of competition, argumentation with the aim of improvement, everyone winning


  • Gamification needs a goal, objective
    • eg. politics - getting people informed


  • Gamification is not Learning
    • Competing against other players
    • Or against your previous score
      • Someone has to know all the answers in order to mark your score
      • How can we solve problems that have not already been solved?
      • That's not gaming, that's learning
    • If you're moving into an unknown area you don't know what rules apply, what the goal is


  • Self-directed, independent study courses are a form of gamification?
    • No, that's exploring, learning challenge; vision quest
    • Minecraft: No predefined goal
      • Possible collaboration, also competition
      • Used in education, "kids learn without knowing they're learning" (but not accepted by all educators)
      • Letting kids play games, and maybe learning, is too haphazard, it's not education
  • "Everything is a game", "Life is a game"
    • But that makes the idea of a game useless.


  • When outside things are gamified, are people just being conditioned? Or are people learning?
    • eg. the Army game


  • Making games highly addictive
    • Are people conditioned to play again and again, spend money
    • Are corporations just games? Employees buying into it again and again.


  • Being fooled into learning can lead to a real interest in the subject
    • Movies, books can lead to further research. Reality is more interesting than fiction.



Back to: Gaming



GDPR

Date
Monday, 14 January 2019 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/255516932/
Location
*** Room 1300 *** -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
GDPR/Announcement 2019-01-14

Does your Non-Profit organization collect personal data on people? People in Europe? And what is Personal Data anyway? Does your organization have an office in Europe? Store data in Europe? Process data in Europe? What is the General Data Protection Regulation (GDPR)? Does it apply to your organization? What policies does your organization need to have? What technical measures need to be in place? What's the SysAdmin's role in all this? Could a SysAdmin be liable?

Marc Paré will provide us with an overview of the GDPR, and outline some of the concerns for Non-Profit SysAdmins.

--Marc Paré & Bob Jonkman


Resources

Talking Points

  • General Data Protection Regulation (GDPR)
    • European Commission
      • set the GDPR standards
    • Data Protection Agencies (DPA) (e.g. Information Commissioners Office ICO in the UK)
      • In charge of administering the GDPR in their respective countries
    • In force as of 25 May 2018
      • primarily applies to controllers and processors located in the European Economic Area (the EEA) with some exceptions
      • applies to any site servicing or selling goods to European users
      • all sites must adhere to GDPR except any personal websites
    • Types of data
      • clear reason for data collection
    • Consent
      • requires use of positive opt-in consent and NOT pre-ticked consent or use of double-opt-in
      • requires site's statement of consent must be clear and explicit
        • cannot re-purpose consent to another statement
      • user ability to remove consent should be easily accomplished
      • requires storage of consent for possible future audit trails
    • Data Storage
      • clear defined use and length needed to store information
      • storage of personal data for longer if you are only keeping it for public interest archiving, scientific or historical research, or statistical purposes
      • data collection must be necessary
      • users have the right to access, rectify, erase, restrict, restrict portability of data
      • restricts the transfer of personal data to countries outside the EEA, or international organizations
    • Types of data collection groups (2)
      • Controllers and Processors
    • Data Protection Officers (DPO)
      • individual in charge of data storage and adherence/compliance to GDPR for companies over 250 employees or if collecting large personal sensitive data
      • DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level
      • DPO may be shared amongst multiple organizations
      • you must appoint a DPO if
        • your site requires large scale tracking
        • you are a public authority or body
        • your site collects data on criminal convictions/offences
        • appointing a DPO is suggested as best practice
    • Data Breaches
      • requires that data is stored securely
      • encryption is suggested
      • breaches reported withing 72hrs
      • keep record on any breaches
      • have breech policy
    • Non-compliance fines
      • up to 20 million euros or 4% of annual revenues
    • GDPR Certification
      • framework is still not available but forthcoming

GDPR and Canadian Privacy Laws

    • Personal Information Protection and Electronic Documents Act (PIPEDA)
      • aligns more or less with GDPR
      • updated as of 01 November 2018
      • mandatory reporting of breeches to users and to Privacy Commissioner
        • more fine grained reporting on breech policy and record keeping
      • fines up to $100,000
      • PIPEDA does not generally apply to not-for-profit and charity groups as well as political parties and associations
      • complaints may be sent to the organization in question or to the Privacy Commisioner
      • Privacy Commissioner may conduct audit if necessary

More Resources

They said Microsoft engages in this telemetry collection covertly and without properly informing users.
The report said investigators didn't find any official documentation about what information Microsoft collects through Office and no way of turning Office telemetry off, raising a serious privacy concern for all current Office users, regardless of geographical location.


Meeting Notes

  • Don't take our words as legal advice!


  • Some websites closed down rather than violate GDPR
  • Each country in EU needs to appoint its own GDPR Commissioner
  • Started last year (25 May 2018)
    • People had several years to comply before 2018
    • But European commission is not yet up-to-speed on everything, still working on enforcement and compliance


  • Personal websites don't fall under GDPR
    • Unless you're selling goods or services to European markets
    • If you don't expect visitors from Europe you should be OK
    • But GDPR exceeds boundaries, even non-European sites need to follow that law


  • Controllers: Collect the data, set standards to determine what data to collect (eg. Google)
  • Processors: Websites that don't necessarily use the data, but collects data from other sites (eg. banner ads)


  • Even temporary receipt of data falls under GDPR
    • KWNPSA site might be under GDPR, WordPress requires cookies
      • Marc has added a cookie disclaimer to https://kwnpsa.ca
      • The cookie form cannot be pre-checked
      • Newsletter subscriptions require double opt-in (subscribe, then confirm)
        • We can no longer add people's names without written permission, or subscribing with an opt-in
        • Marc & Bob gave a demonstration of the Mailman subsription process
    • Fines might be 20,000,000 Euros, or 4% of your profits


  • Could one entity cause trouble for another entity by reporting them to GDPR?
    • Compliance is largely self-adhering
    • Getting a whole website shut down isn't really possible, as long as that entity is responsive to GDPR


  • Is there an agency that reviews incoming complaints, and finds those entities that don't comply?
    • Not really defined, still setting up the framework for that
    • The European Commission will not fine people, but the individual states' Data Protection Agencies do the enforcement
    • Foreign policies affect relationships between all countries, might trigger or be triggered by other events


  • GDPR was an answer to privacy and anti-competitive incidents with Microsoft, Google, Facebook, and Yahoo


  • GDPR provides a clear policy on data collection
    • Gives users a right to see and have corrected the data collected on them
    • Only applies to e-mail (and websites) that affect European users, not e-mail that stays within Canadian borders
      • But Canada has rules of its own, not as strict as GDPR
      • Canadian fines aren't as high, only $100,000
    • In the US the only state that's updating its rules is California
      • But other states are expected to follow California


  • GDPR rules just make common sense for the user
    • For website developers it's more onerous
    • Also onerous for those people running secure browsers that clear the cookies allowing cookies...
    • Compliance is built into some frameworks like WordPress.
      • But we (KWNPSA) still need to write and publish our policies on cookies and data retention.
      • The current disclaimer text is no longer adequate, even for Canadian rules
      • GDPR and Canadian rules are moving towards requiring encrypted collected data storage
      • Organizations with 250+ employees must have a full-time, certified GDPR Data Protection Officer
        • But there is as yet no framework for this certification
      • Will there be a standard for encryption?
        • Probably as part of the framework for certification
        • All the usual encryption problems apply (decryption in the server, decryption between storage and transmission)
    • Political organizations, Charities, and Non-Profits don't have to follow the Canadian PIPEDA regulations for mailing lists
      • But CANSPAM still applies (but there are tools and services to check if your fundraising letters are conformant)


  • There are stringent rules about publishing policies, reporting breaches, timeline for reporting breaches
  • Organizations that are too small to have a dedicated Data Protection Officer can share one between them


  • Marc shows some sites that are GDPR conformant, eg. IBM
    • IBM in Germany does not have a cookie popup.
    • Shell has a nicer cookie popup than most (small, unobtrusive box at the bottom)
    • Volvo has every cookie itemized in their policy (GDPR encourages that, Canada is likely to follow)


  • There are sites with sample policy wording that can be followed.
    • Do analytics companies like Piwik offer their own sample polices? No, because they could not make it specific enough for all regulations, too much liability


  • In Canada:
    • PIPEDA is the equivalent of GDPR, updated in November 2018


  • Ultimate goal is to restore people's confidence in spending money on the Web


Back to: GDPR



Tech Wobblies

Date
Monday, 12 November 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253998238/
Location
Room 1301 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Tech Wobblies/Announcement 2018-11-12

Is automation taking over Systems Administration? Are highly skilled SysAdmin jobs (and their highly skilled SysAdmins) becoming obsolete? What is to become of the Non-Profit SysAdmin? Are we all going to become Mechanical Turks? Or should tech workers become Wobblies? Who are the Wobblies? Is the tech industry ready for collective action?

We're joined by special guests Sean Howard and "Wobbly Sunny" at our round table to discuss the state of the tech industry, the working conditions for tech workers, and what can be done about it.

--Marc Paré & Bob Jonkman


Tech Wobblies/Meeting Notes 2018-11-12


Resources

Part of the CBC Ideas series Workshift.



Meeting Notes

  • Introductions
  • Steve has an IWW membership card from 1975!
    • and Sunny has a modern card, with self-adhesive stickers representing dues (from $11 - $33/month)
  • IWW goal is to be a self-funded union.
    • Money to do projects: training on workplace organizing, &c.
    • Having a budget is useful
    • No outside influence if self-funded.
    • Similar to a self-managed business or a co-op
    • all funding goes back into the IWW
    • kwiww.wordpress.com (needs some updating)


  • Techworkers Coalition is less formal, anyone can join


  • Orgininally, unions were based on trades
    • Now, divided by region (Toronto, Kitchener-Waterloo)
    • But tech workers have their own needs, so now splitting that off again
    • The larger techworkers union can encompass Toronto, KW, North Bay
  • IWW has general membership branches, divided by region, not by trade
    • Has strength in Ontario from lumber industry, based on migrant workers, who had no access to trade unions
  • With many workers working and living together they will (can?) self-organize
    • Talk things over about how employers are treating workers.
    • Most trade unions don't accept contractors in their union, contractors == scabs
  • IWW accepts contractors in their union, any worker
  • The union will accept contractors, and negotiate for
    • But it's different for off-site contractors, but the IWW could handle that
    • IWW also operates in areas where there's no jurisdiction for trade unions
    • No framework for industrial organizing in Canada (or the States)
  • Union for a workplace is for collective bargaining; a trade union may provide union training
  • IWW puts techworkers under "Communications"
    • Setting standards for all techworkers in any workplace
    • Good for small, scattered workplaces
    • For techworkers, not so much for negotiating pay, but perhaps oncall or overtime hours


  • eg. Google walkout for sexual harrassment; influenced other corporations like Facebook
    • Making small changes in one place will filter to other places
  • But some grievances aren't satisfied by one corporation; if one company doesn't do it, another one will


  • This sounds more like a social justice action -- and that's the whole point.


  • Critical mass?
    • Needs 10 people to form a formal industrial union branch (IUB).
      • (that's an IWW requirement)
  • Note that IWW is not Techworkers Coalition
    • Techworkers Coalition started in the California Bay area, from gameworker's union.
    • Loose organization, no formal membership
    • Provides a place to discuss grievances, solutions, and expand that to larger nationwide discussions
    • "Low obligation" way to get involved,
    • Sign up for Techworker's Coalition on their website, get access to their Slack channel
    • No dues, no voting...


  • Techworker's Coalition Meetup on Sat 17 Nov from 3-6pm at East York Civic Centre
  • IWW and Techworker's Coalition share values, but IWW has a budget, and "real union" power to back the workers


  • Labour laws require employers to negotiate with unions once there is sufficient membership
    • Some progress in Montreal in fast food industry, precarious work.
    • Has low union membership density, so a good target for organizing
    • In Montreal some demands were met wihtout a contract; in US formal contracts are in place.
    • But no contracts are preferred to avoid legal battles
    • Certification as a union? Get certain numbers of people to sign union cards; protection from dismissal for union activity
    • Improved working conditions, improved control over the work\
    • Building block for social change
  • Difficult co-op to get union affilliation
    • In order to get recognized there needs to be a boss and workers, but that's not part of a co-op. Workaround: A board of directors.
  • But big unions (Unifor) is not interested in worker control
  • But worker control over labour is the point of IWW
  • Is Unifor subsuming the work of IWW?
    • Well! Not really, Unifor is not working for the workers, although their literature would say otherwise. There is antagonism between Unifor and other unions.
  • Unifor has left the CLC
    • CLC is a social justice organization
  • Unifor's politics are not those of the IWW
    • The IWW locals are autonomous, the IWW is run by the locals from the bottom up (unlike other unions)
    • Other unions profit from the workers not knowing about the union
    • (discussion on union raiding, agitating, organizing)
  • IWW practices "solidarity unionism", everyone signs on and becomes involved
    • Other unions dictate conditions to the workers
  • Many parallels to political parties: there are top-down, big-tent parties, and bottom-up, grass-roots parties
    • Maybe the trade unions did start off as bottom-up, but when they grew large that level of communication interfered with that model
    • How can IWW prevent that?
    • Direction the labour movement has taken in the last 50 years: different trade unions got amalgamated, and grew into monstrous beasts
  • Large unions are affected by back-to-work legislation: How does that provide protection to the workers? This is entrenched in Canadian labour legislation
    • "If you're really big no-one wants to pick a fight with you"
    • Very little gains have been made in the last 50 years
    • When organizations get too large, the executive takes over
    • Now things are speedy and novel that organizations don't have a chance to make mistakes -- how to keep up the communications-expensive organizational model of IWW?
  • Local KW branch of IWW is try9ing to pull out tech workers based on their unique needs.
    • But that will grow and build bureaucracy
    • Ontario labour law has many exemptions for techworkers (12 hour days, no overtime protection, &c)
  • When a local organization gets large enough, the IWW fragments it into their own bureaucratic structure; fragmentation is built in to prevent over-size organizations
    • This model has been demonstrated many times, in many different sectors, throughout IWW existence
    • eg. Russian Bolsheviks, labour union in Spain
    • IWW has been doing this for 100 years


  • IU == Industrial Unions
  • CNTU == Quebec-based federation of unions
  • Closed union shops?
    • Based on legislation at the close of WWII
    • Everyone must pay dues to prevent the "free rider" problem
    • SysAdmins not well represented by, eg. Steelworkers union
    • Create a separate bargaining unit, in the same union?
    • When bargained contracts are unequal the Ontario Labour Relations board gets involved.
    • IWW allows membership in multiple unions!
    • But that may create more borders between workers, looks disorganized to the employers
    • Bargaining units could be as small as two or three people
    • eg. Waterloo Region example of shed-builders: Two people certified a union, now it's a closed shop.
    • Politicians in WR are working to prevent the ill effects of closed shops and the bidding process.


  • Are we going to get bids as cheaply as possible, or are we going to ensure a fair wage for workers? This is determined by who we elect into office to set labour law. (but who gets to vote based on this one issue?)


  • In IWW there are people opposed to the closed shop model
    • Closed shops may be a trap for unions: "We're done organizing now"
    • But that doesn't provide flexibility when new classes of work appear, new workers are needed
    • Unions become unresponsive to needs of new workers in new work
    • Union amalagamation is not responsive to small changes


  • In some union elections the offices are almost always contested
    • because the workers are involved
  • Everyone informed, everyone involved, everyone having a say is the essence of solidarity unionism
  • Contracting out shouldn't matter, as long as the workers have the same working conditions
    • But this may not work for off-site work, eg. contracted at-home workers
    • Need to be in contact with your fellow workers to keep up with the needs of workers


  • What kind of response has IWW got from the SysAdmin community?
    • People have been coming out to meetings!
    • Sunny looking to set up an Industrial Union, not a workplace union.
    • Lots of media attention to collective action, eg. Salesforce workers want the company to divest from ICE; sexual harrassment walkout; anti-war, peace work
    • Happening everywhere, but centered in the Bay Area
  • Want organizations that are not employer-centric or industry-centric
    • Want to be able to critize the hand that feeds us
    • eg. funding organizations don't provide funding to non-profit organizations involved in well-off industries
  • Co-op sector is very much aligned with the values and philosophies of IWW
  • Why does IWW pursue the union model, not the worker-owned model?
    • IWW does both
    • Unions have a history of making radical, industry-wide changes, eg. invented the weekend
    • Co-ops may not make such big chagnes for workers
    • And co-op workers are workers too!
  • LibraInformation Systems is a co-op that is unionized; very big, lots of contracts
  • Maybe workers can buy their distressed companies and form a co-op
  • False dichotomy between co-ops and unions. Other countries with histories of worker-based actions are more open to co-op/union fusion

(mondregon in spain?)

  • Co-ops have been failing because of lack of capital & cashflow
  • IWW has facilitated communication between different unions in the same sector where employer was pitting one union against the other
  • Unionizing the trade unions? Union workers are workers too!



Back to: Tech Wobblies



Training

Date
Monday, 15 October 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253049800/
Location
The Parlour in First United Church, 16 William Street West, Waterloo, Ontario Map
Event Announcement
Training/Announcement 2018-10-15


How complex is your Non-Profit organization? Does your newly hired staff need training on your policies and procedures? On your products and services? On your software and hardware? What happens when you change procedures, get new products, update your software? Does your existing staff need training? How do you supply the training? On the job? In the classroom? Online learning courses? And how do you manage the training administration? Keep track of results? Determine who is eligible for additional training?

At this months' round table discussion let's talk about our experiences in providing training to staff, or receiving training to be better SysAdmins. How can the Non-Profit SysAdmin help deliver and track training for our organizations' training requirements?

In a future session we'll discuss providing education to the clients of our organizations; this month let's focus on internal training.

--Bob Jonkman & Marc Paré


Resources


Meeting Notes

Legacy codes
  • People inherit old legacy code, eg. spreadsheets
  • Nobody want to admit to knowing Excel for fear of having to fix someone's code
Techsoup Catalogue
  • Zoom
    • but that's just conferencing software, not training management software
  • Desire To Learn is no longer in the catalogue


Using Moodle
  • Marc shows off his French Language Moodle installation http://frenchasasecondlanguage.org
  • Need to build your own content on Moodle
  • Danger of copyright infringement if you're not using your own content
  • Universities are more likely to contract out for content creation
  • Marc has used Hot Potatoes to create Moodle content
  • Hot Potatoes might be good for internal training; evaluation doesn't work in all educational settings
  • Looked at some Moodle testimonials for internal staff training
Other notes
  • Discussed evaluation methods, and the efficacy of teachers
  • Also the ideology imposed on the curriculum by different governments
  • Talked about the university model of teaching: Should be two separate streams? One for research, one for teaching (researchers aren't necessarily good teachers)
    • 400 students in a lecture hall? 10-15 students with teaching assistants? Where does best learning take place?
    • More than 25 students makes a teacher a "classroom manager" rather than an "educator"


Back to: Training



Purchasing and Procurement

Date
Monday, 17 September 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253047725/
Location
4th Floor, 121 Charles Street West, Kitchener, Ontario Map
  • Search for Danielle McCormack on the iPad through Envoy
Event Announcement
Purchasing and Procurement/Announcement 2018-09-17

Does your organization buy things? Do you go to the local store? Or do you issue Requests for Information, Quotes, or Proposals? How do you evaluate those RFIs, RFQs, and RFPs? How do you find suppliers? Contractors? Vendors? Does your organization have minimum standards for vendors? How can you ensure vendors making bids meet these standards? Isn't there some software that can help with all this?

Yes! Local company Bonfire creates purchasing and Procurement software. Special guests Danielle McCormack and Ethan Driedger will will give us an overview of what a Non-Profit organization should look for in purchasing and procurement software, and will give us a demonstration of the Bonfire software.


--Marc Paré & Bob Jonkman


Resources


Meeting Notes

  • Introductions
    • Danielle McCormack, Account Manager for the Not For Profit market
    • Ethan Driedger, Account Manager and technical advisor


  • Presentation was recorded, hope to have video available shortly


  • What concerns do people have?
    • Spend time and effort to evaluate RFPs, only to have management choose the lowest bid
    • What is the relationship between purchasing and making grant/funding applications?
      • "Purchasing" is not always commercial. Grant application tools help to make decisions, similar to satisfying an RFP


  • Q: Does Bonfire help an RFP respondent?
    • A: Yes. Vendors can use Bonfire to submit online responses
    • Vendors can subscribe to notifications to learn about new RFPs


  • Danielle recognizes the resource constraints experienced by Not-For-Profit organizations
    • NFP funders require accountability and transparency in the purchasing process
    • Need to know the why and how of decision making


  • Interesting stats: 15% of the workforce is employed by Not-For-Profit organizations
  • 7.1% of the GDP is generated by NFPs


  • Q: How easy is it to "divorce" Bonfire? How is the data portability? Is there integration to other applications? Databases?
    • A: Yes, Bonfire has an open API. Glue apps (middleware) are not provided, but Bonfire can be hired to create them
    • May be out of reach for Non-Profit organizations
    • There was some discussion on data structures and interoperability


  • Q: Integration with financial applications?
    • A: Bonfire can import legacy purchasing data from spreadsheets, &c.
    • Other integrations can be done via the API


  • Q: Project management software?
    • A: No direct integration


  • Q: Existing purchasing departments?
    • A: Bonfire software facilitates communication between purchasing agents and the end-user requiring the purchase


  • More discussion on data exchange. How is the data structured for different sectors?


  • Vendors submit the outcome of their bids, used to build knowledgebase of successful strategies


  • Q: Integrations with MERX? (online database of government RFPs)
    • A: No direct connection


  • Q: Conversion from hard data?


  • Bonfire provides alerts to Not-For-Profit organizations of new grant available for application
    • NFPs can apply to these grants for free
    • Sort of "purchasing in reverse"; Bonfire clients are the grant providers, respondents are the NFPs applying


  • Subscribe to different categories for notification (for vendors?)
    • eg. based on geographic location: "Any RFP in Ontario"
    • eg. based on industry codes (SIC, UKSIC)


  • Municipalities (technically Not-For-Profit organizations) have additional constraints imposed by legislation


  • The purchasing process doesn't allow innovation in responses
    • eg. software company loses bid because they're not offering a tangible solution to a traditional problem
    • The solution offered by the respondent isn't compliant because purchasing requirements are too rigid


  • Bonfire recommends multi-stage RFPs
    • This means stakeholders don't need to answer all the questions
    • eg. a Chief Technical Officer doesn't need to answer financial questions


  • Bonfire scales well to small respondents (vendors)
    • Q: Does it also scale to small customers? (purchasers)
      • A: Perhaps. Bonfire removes the arduous tasks of the purchasing process, freeing resources at the NFP


  • Classification discussion
    • Steve employed librarians to classify books for University courses
    • Bonfire has search functions for both classification codes (well-defined) and keywords (arbitrary, free-format)


  • Revenue model: Annual subscription
    • Contract management option?
    • Vendor management option?
    • Bonfire is entirely cloud-based (on AWS infrastructure), not software purchase or licence


  • Q: Is there a short-term subsciption? ie. 1 or 2 months?
    • A: Future availability


  • Q: Real estate?
    • A: Technically, it's no different from any other purchase
    • Bonfire can help in advertising the bid (less reliance on real estate agents)


  • Pricing
    • For Not-For-Profit organizations, work with grant providing organizations who can purchase a blanket subscription for the NFPs they provide grants to
    • Q: Have vendors purchase the subscription, allow NFPs free access as purchaser?
      • A: Vendor-pay may be not be legal for government and public sector organizations
    • Q: Pro Bono subscription to Bonfire for Not-For-Profit orgs?
      • A: Bonfire is still a startup.
      • Perhaps as a charitable donation?


  • Hope to have links soon to videos demonstrating the use of the Bonfire software


Many thanks to the Danielle McCormack, Ethan Driedger, and all the staff at Bonfire for hosting the KWNPSA meetup on Purchasing and Procurement!


Back to: Purchasing and Procurement



Scripting Languages

Date
Monday, 20 August 2018 from 7:00pm to 9:00pm iCal
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/253044847/
Location
Room 1301 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Scripting Languages/Announcement 2018-08-20

Do you need to do the same thing again and again? Have you automated those repetitive tasks? What software tools do you use? Keyboard macros? Programmable keyboard macros? A scripting language? Which scripting language? What makes a scripting language different from a programming language? Is a scripting language Turing-complete? Can't you just do everything in PowerShell or Bash?

Let's talk about what can be solved with scripting languages, and what can't. Bring your laptop to give a demonstration of your favourite scripting languages, and maybe we can help solve some of your most annoying repetitive problems.


--Bob Jonkman & Marc Paré




Resources


Introductions

  • Testers, programmers, SysAdmins, and some non-scripting users


Meeting Notes

  • Programming vs. Scripting
    • "Programs" are compiled, "Scripts" are interpreted
    • But mostly there's no differences in syntax


  • Use a scripting language to prototype a concept


  • Non-programmers using scripts to do application installation
    • Useful for installing applications without a GUI to get that app installed to the GUI level
    • eg. Mail-In-A-Box, installed with a script


  • Vagrant written in RUBY, but has its own scripting language


  • Lots of variation in scripting language syntax, even within the same language
    • "semicolons forever!"
    • Brackets, or no brackets
    • Is whitespace significant?
    • Indenting
  • many of these are tradeoffs
    • Optimizing for speed, time to program, robustness


  • LLVM (originally Low Level Virtual Machine) is used to create programming language
    • take input intermediate language, p-code, generates machine language
    • Needs research. Bob can't figure out what this does (Wikipedia:LLVM may be helpful}
    • LLVM is embedded in CLANG, RUST, other scripting languages
    • way to create code generation for your software


  • "If all scripting languages were combined, could we create a universal scripting language?"
    • Probably not -- semantic ambiguity, eg. use of semicolons is different in different languages, other syntax doesn't match


  • Using one language is comfortable, so you tend to do everything in that language, appropriate or not
    • What is the lifespan of a language? Depends on the domain -- AWK has been around for 40 years, RUST has not
  • How do you keep up with all the new languages?
    • Need to decide what to give up
    • How much spare time do you have
    • How do you know what new tech to embrace
    • Depends on the lifespan of the project, don't spend 3 months to learn a language for a 2 month project


  • Lambda the ultimate on programming language design
    • There is a formal science to language design


  • Still worth learning C?
    • Yes, it's still efficient, has installed base, still close to the hardware
    • C makes it tolerable to understand what is happening in your computer
    • High level languages have many layers of abstraction
    • Knowing C leads to understanding


  • "Scripting is a gateway drug to programming"


  • How do we learn scripting?
    • Get a raspberry pi
    • JavaScript
    • You need a project to solve!
    • Find something on GitHub
    • Python is considered the preferred entry-level language
    • App Inventor allows people with no programming experience to create apps on Android
    • Scratch is another drag'n'drop learning app
    • Marc taught Logo to a kindergarten class
    • NetLogo used for serious science application, complexity science at Santa Fe Institute
    • Other applications like Docker are written in GO, so worth learning


  • Is scripting a desirable skill in job applications?
    • Python is one of the most requested skills
    • But shell scripting is difficult
    • For security eg. Wireshark, SNORT, &c need scripting to identify network traffic



LUA
  • Kirk wrote in LUA to access the Linux encryption keyring subsystem
    • was using GUILE (FSF's SCHEME), not so good for encryption
    • LUA is "Python for millennials"
  • Written in ANSI C
  • Very embeddable, no linking,
  • Comiles to a Virtual Machine
  • Two flavours, LUA and LUAJIT (Just-In-Time compiler)
  • Seen in XMPP server, used for real-time application
  • Came from Brazil, university project, released "into the wild"
  • Has facility for OOP, but needs your own OOP tools
  • Has co-routines, program in loops that are interruptible; daisychain them together
  • Functions are first-class entities, so can do functional programming
  • There's a modLUA for Apache server; handle data in blocks without touching the Apache system
    • Rather than create a web backend, it lets you create the entire web server
  • "Embeddable extension language"
  • There's a bootloader LUA for use before the OS loads in SysLinux
  • Kirk has used LUA as a conversion layer for allowing Apache to work with encryption sysstyem
  • Definitely a good language for testing
  • Built into Wireshark for decoding packets
  • How popular is LUA? People make stuff available on GitHub
  • LUA is used in games for event handling
  • Many apps have LUA built-in (on the LUA site)
AWK

Wikipedia:AWK

  • Brian Kernighan still uses AWK,


  • "If you want to compile AWK, just re-write it in C"


  • Associative arrays in AWK,
    • Mainstay of Python
    • C only has enumerative arrays, difficult to simulate associative arrays


  • Conrad Grebel prof Dave Huron used AWK to create a catalogue of music for Hewlett-Packard
    • HumDrum Toolkit" is the app name
    • Trying to analyze music, determine patterns among composer
    • Find out if people would be happy if music was two tones up or down
    • Two minutes of this analysis is equal to a human analysis of years
    • Dave Huron one of the first


  • Raymond cleans the data before processing it with AWK
    • Uses BASH to insert parameters begore printing.


  • Bob used AWK to parse log files
    • Poor programming practices - AWK lends itself to quick&dirty hacks, but the scripts grew; good programming practices at the outset would have been beneficial later
    • Much better if data is available though an API, but these scripts were created because there were no APIs
    • Bob implemented a standardized CSV file, but not according to the RFC 4180 specification
    • Human readable: https://sobac.com/sobac/groupwise/code2html/
    • Downloadable: https://sobac.com/bin/awk/


List of scripting languages
Other tools
  • Keystroke macros
    • Record and playback keystrokes
    • Bob wants this to be programmable, depending on input processed
    • AutoIT does this on Windows
    • Not many keystroke macro tools in Linux


Future Topics


Back to: Scripting Languages



Web Stores and Shopping Carts

Date
Monday 16 July 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/250380630/
Location
Room 1301 -- Conrad Grebel University College, 140 Westmount Rd. N., Waterloo, Ontario Map
Event Announcement
Web Stores and Shopping Carts/Announcement 2018-07-16

Does your NonProfit organization sell things? Does it provide paid services? Do you need a web presence for your sales? Will you need a separate server for your web store? Or can you add a shopping cart to your existing web site? Or is it better to outsource all online commerce?

Meet our guest speaker Sam Nabi, developer of Shopkit, and let's discuss what a System Administrator needs to join a NonProfit organization to the world of web commerce.

--Marc Paré & Bob Jonkman

Resources

Meeting Notes

Introductions
  • Where is everyone coming from? Sam Nabi will tailor his tour to our needs.
    • Nonprofit org wants online registrations with payment
    • Bookseller
    • Online donations
    • Goods and Services
    • Media Production (rental of cameras, lights, &c)
  • People want to make things easier for sellers and buyers


  • Sam started as a city planner, moved to a startup doing web development
    • Then, Sam bought a retail store, Full Circle Foods
    • ...the inherited system is a series of linked spreadsheets :/
    • Full Circle Foods has 90 suppliers. Seems a lot, but many are small, local businesses
    • Lots to be done digitizing the order system of Full Circle Foods


Shopkit
  • Self-hosted PHP-based solution
    • Sold as a subscription service
    • Sam would hold the code and provides the online webhosting



  • Sam provides the code, and can work it into the design of an existing web page


  • Had an idea to pool resources for pooled shipping, delivery, advertising
    • (not sure if this is a feature of ShopKit --Bob.)


  • Sam is part of the Kirby CMS community
    • Didn't have an ecommerce plugin, but there was an appetite for it
    • Working over three years to develop Shopkit with the Kirby developers
    • Kirby is a file-based PHP CMS (we like that)
      • Files are written in Markdown, still accessible if Web connection goes down
      • But there is a good GUI as well (good for marketers)
      • UI is decoupled from the data


  • Sam gives a quick tour of a sample installation on GitHub
    • https://github.com/samnabi/shopkit-sample-content/
    • Kirby has multi-language support, i18n, l10n
    • Also has categories, which Shopkit links to
    • It's a system of API hooks, launched from the plugin to Kirby
    • but Shopkit has all the templates for, eg. slideshows, created by Sam


  • Purchasing flow:
    • Select product, increase/decrease quantity, totals are updated
    • Uses AJAX, but the site is not Javascript dependent
      • Jeremy Keith is Sam's inspiration, he knows about good design.
    • There can be different shipping rules, different tax rates for different localities
    • Add personal details (name, e-mail)


  • Tour of the back end
    • Resetting passwords :)
    • Sam has tried to make it easy for front-end users
    • Adding products, adding categories
      • Products have variants with different prices, options that don't affect price
        • Small oversight: Options don't have different SKUs, no separate inventory
      • Changing the use of SKUs is not dependent on the purchasing process
    • A "Featured Product" is displayed in the sidebar
    • Feature request by developers: "Items Remaining In Stock"
    • Another request: Individual e-mails for restocking
    • Shipping Rules:
      • Can be different for all countries, one country,
      • Shipping rules UI created by Sam, but as part of the plugin (even though it shows in the Kirby UI)
      • Tax and shipping rules can be defined by the developer, but not through the WebUI
      • Sam take us for a deep dive into the shipping selection code


  • Reporting in Shopkit
    • Done from the Shopkit backend
    • Invoices are created by PHP into PDF files using "dompdf" https://github.com/dompdf/dompdf
    • Report invoices are generated dynamically every time, but from a static "transactions" file
    • Added some widgets on the dashboard, eg. "Abandoned, Pending, Paid/Shipped"
    • There are also site stats based on another Kirby plugin


  • Payment Processing
    • Implemented at "gateways" in Shopkit
      • Each gateway has a "process" and a "callback"
    • Some processors (Square) expect money values to be in cents
      • Performing only integer operations on cents seems to be best practice
    • There are thousands of processors, so Sam has created an open system for processor gateways
      • This separates the payment processing from Shopkit itself, absolving Sam of dealing with payment issues
    • Payment processors provide an SDK for the gateway code
      • Each payment processor has its own API, unique for each installation.


  • Testing
    • No formal testing methodology
    • Tries new code on a test site, Sam's own site
    • Most bugs are caught by end-users (developers)


  • Shopkit and Kirby aren't quite Free Software: Code is available for inspection, modification, but not necessarily for redistribution. But payment is on the honour system.


  • There have been 200 issues logged in the Shopkit issue tracker; most are from Sam himself.
    • Top question: Can I add Shopkit to an existing (Kirby) site?
      • Not really, Shopkit is a standalone application,
      • Shopkit is a good intermediate between a simple button, and a full-fledged e-commerce system.
  • Shopkit's changes to Kirby are mostly in the "snippets", which might conflict with another Kirby installation's snippets
  • Shopkit is a full point version behind the Kirby, always on the stable version.


  • A look at the data: Order file
    • A YAML file that builds up as order information is entereed
    • Based on server's session ID (uniqueness?)
    • File locking? Kirby has some file locking built in
    • Sessions are now the same across tabs, but that may break with new Chrome tab isolation


Shopkit is a kit, a standalone, turnkey application


  • Kirby developer, Bastian Allgeier, is known for Zootool, and is making a living off Kirby


General Business

  • SysAdminDay Dinner - 6:00pm on Friday, 27 July 2018 at Abe Erb Restaurant in Kitchener
    • All System Administrators, Non-Profit, For-Profit, and their friends and relations are invited!


Future Topics



Accessibility

Date
Monday, 11 June 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245691598/
Location
The Chapel in First United Church, 16 William Street West, Waterloo, Ontario Map
Event Announcement
Accessibility/Announcement 2018-06-11

Is your Non-Profit organization accessible? Can your website contents be read by a text-to-speech synthesizer? By a Braille reader? With a screen magnifier? Without Javascript? In a text-only browser? Does it pass the WAVE Web Accessibility Tool validator? Does your podcast have a text transcription? Is your video described? What other accessibility tools does a SysAdmin need to manage? What legal requirements for accessibility are there?

Join other Kitcher-Waterloo Non-Profit System Administrators for examples, demonstrations and our usual round-table discussion, and perhaps a guest presentation! Everyone is welcome, you don't have to be a Non-Profit System Administrator to attend.

--Bob Jonkman & Marc Paré


Resources

Meeting Notes

Introductions
  • Everyone introduced themselves
    • Marc Paré says LibreOffice group is happening; there is money to hold a hackfest
    • Also planning a campaign for LibreOffice, not much awareness in North America
    • LO has maybe 160 million users
AODA
  • Accessibility for Ontarians with Disabilities Act
  • 2/3 way into the mandate
    • But not even 1/3 of the way there
    • McGuinty govt in 1999 claimed that we would be fully accessible by 2025
    • But not enough attention or funding supplied
    • Only recourse is Human Rights claims


  • Applies to
    • Customer service (people providing cust serv must have dignity, independence, integration, &c.)
    • Information and Communications (eg. web sites)
    • Transportation (eg. transit)
      • TTC is under fire for transgressions


  • Many accessibility features are put in place that don't provide accessibility (eg. new door requires automatic opener, but still has a step up and no ramp)


  • These are "minimum" standards,
    • eg. Elections Ontario required polling stations to exceed minimum standards, recognizing that the standards aren't adequate
    • Will these standards improve by 2025, or will these inadequacies continue to exist.
Discussion
  • The initial AODA standards were applied to government regulated organizations
    • eg. banks were amongst the first employers to apply accessibility standards
    • But the problem is that disabilities were self-declared, and so
    • Some disabilities do not require accommodation, so some people may have been hired in preference to some people that did require accommodation (cheaper to provide minimal accommodation). But the stats show that an equal number of people with disabilities were accommodated, no matter how slight or severe.


  • "People aren't against being accessible, they're against the cost of being accessible."


  • eg. accessible restaurant with accessible washroom, but no way to get from restaurant to washroom.
    • Some buildings cannot be modified to have elevators
    • Buildings with historical or heritage designation are exempt


  • Some standards apply to the customers of the establishment, not the employees or employers (might be individual accommodation for employee)
    • this is why internal websites don't have to be accessible


  • Government should be giving us tools to test websites
    • There are 109 tools listed on https://www.w3.org/WAI/ER/tools/
    • It should be easier to make an accessible website without Javascript
      • But it is possible to make an entirely inaccessible website without Javascript


  • Javascript reduces the load on the server, by performing data validation on entry, rather than on submission
    • Javascript is an opensource library
      • But there are many proprietary libraries that aren't accessible, and many opensource libraries that are modified making them inaccessible
    • How many coders can be hired to write accessible code? Cheaper to use a Javascript library than hire coders or buy servers


  • A website has four layers of functionality, the first needs to be present before the second, &c.
    • Content, semantics, layout & presentation, behaviour
    • Javascript implements website behaviour, but sometimes is used to generate content (making the page inaccessible)


  • Javascript makes response faster, but sometimes inaccessible
    • People don't want to wait for form completion (eg. loan approvals), or error responses
    • Complex websites can have many different parts,
    • The counterpart, many websites load so many libraries that it takes too long to load.
      • "Lazy loading" makes content available only when the page scrolls there
        • eg. the new CBC website (unusable on older browsers or slower computers)


  • LibreOffice has very few accessibility programmers, nobody wants to work on accessiblity issues
    • So can LO be used in an environment where accessibility is required?


  • The Assistive Devices Program only allows refresh of assistive devices once every five years
    • 5 year old technology doesn't work with slick, dynamic websites
    • Only covers 75% of the cost for the minimum device, anything fancier than minimum needs to be fully paid for


  • Is there funding to become compliant with AODA? Needs to be done within 7 years (2025)
    • Some funding for private homes (but only the front door, even if the side door is more practical)
    • Don't know if funding is available for technology


  • People who need accommodation tend to be lower income, and the good jobs are not available to those who need more accommodation than others.


  • Worried about the new provincial government; will the dream of a fully accessible Ontario be realized by 2025? Probably not.


  • Are there fines? Only through human rights complaints. There is no "accessibility police" to quickly levy a fine.
    • Human Rights can require compliance, but there may not be much adherence.
    • At the start (2000?) there were ethical organizations that made themselves compliant; now, not so much.
    • Some organizations/businesses rent their facilities, so who is responsible for accessibility? Owner or renter?


  • Wheelchair users and Self-serve gas stations: AODA compliance says you can call 24hrs in advance to have someone pump your gas.
    • That may be compliant, but it's not practical


  • For tech sites, will it be like GDPR? (General Data Protection Regulation (European Union))
    • Will sites go out of business rather than become compliant with AODA?
    • Will all sites have a popup disclaimer saying they're compliant?
    • How about other international sites? Maybe having international laws will force Ontario to be accessible faster than the AODA
    • There needs to be some international framework to standardize
      • AODA may have come from a UN standard
    • British Columbia is far more accessible (through advocacy from Rick Hansen)


  • As people age into disability, there will be more pressure to achieve accessibility


  • The pressure right now is to make services cheap;
    • Pressure to get products out before the competition means that accessibility corners are cut, possibly in violation of standards and laws


  • Universal design principles
    • Visitability for physical access isn't enough, but it's a step in the right direction.
    • There is a market for accessible homes, higher resale value for accessible homes
    • But there is no resale market for digital properties
      • But there is value in EPUB books, because the standards allow portability and derivative works; more likely to be useful in future version of the text
      • Sometimes there is just convenience in adding some accessibility, but accessibility is not an end goal



Sample sites

Back to: Accessibility



Productivity Tools

Date
Monday, 14 May 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245661086/
Location
The Parlour in First United Church, 16 William Street West, Waterloo, Ontario Map


How do SysAdmins get any work done? What software makes your life better? Which tools do you use every day? How do you use common utilities? What custom configurations do you have? Is there an application specific to your Non-Profit organization? Have you written a script to make work easier? What's your favourite productivity tool?

In concert with other NetSquared groups across the globe we're going to share tips and tricks with each other. Bring your laptop, notebook, tablet or phone, and take five minutes to show and tell us one thing -- anything at all!

--Marc Paré & Bob Jonkman


Meeting Notes

Panel discussion with attending KWNPSA members making reference to some of their most used productivity tools

  • Google Drive and GMail
    • discussion of the merits of the use of Google Drive in a working non-profit group
      • organization's GDrive is organized is group agreed-to folder hierarchy
      • documents are worked on in a collaborative format where members may work simultaneously on documents or alternatively
      • there are questions as to the efficacy of this format, where the usual format is that of having one person in charge of the document write-up while others send in their edits for discussion/debate or in a meeting setting
      • there is talk of varied results where some members have found the collaborative method as resulting in time-savings all-round with good results, while others have found it preferable to maintain file integrity without the use of collaborative tools but rather edits through correspondence with the main editor of the document
  • search options
    • discussion of the use of the "search" option ensued from a robust talk of file organization
    • for some, the organization of files in a sensible structure is paramount to organizations' electronic data (email or other data) integrity. The ease of finding information is dramatically increased if organizational skill-sets from employees/volunteers is reinforced through on-the-job training with regards to file structure/nomenclature
    • for others, some note the recent emergence of powerful "search" engines/utilities that negate the need to organize files in a systematic/sensible structure. For example, one large "received mail" without any type of indexing may be easily tapped by the use of most email software search utilities. The same may be said for files on a hardrive that follows no real structural index and where all is stored on the disc. Most searches will now return quick and accurate results.
    • discussions also centered on the need to instruct/teach/inform newly engaged employees/volunteers on the organization's prescribed file storage nomenclature. However, it is also noted that, despite all good intentions of informing employees of file structure, some develop their own structure that may not marry well into the company file structure organization.
  • cygwin [6]
    • set of Unix tools for Windows
    • still actively maintained and used for decades
    • good set of packages
    • well used by sys admins
  • MKS Toolkit [7]
    • originally built for DOS boxes
    • more Unix for Dos
    • is now maintained by PTC with latest version being released in 2017
    • not as elegant as cygwin
  • Canva [8]
    • design site for misc. projects, presentation, banners etc.
    • free for non-profits -- 1 team of up to 10 persons
    • widely used by non-profits and for-profits alike
    • style is recognizable to those who are familiar with Canva, however not so much with people unfamiliar with the Canva templates/styles
  • Nirsoft.net [9]
    • set of utility soft., scripts
    • all stored on site
  • virustotal.com [10]
    • good to check files
    • checks agains its signature database
    • owned by Google
  • Screen and Tmux -- terminal multiplexer apps
    • virtual terminal
    • terminal tabs
    • hold different terminal sessions at the same time
    • similar to Konsole (KDE) tabs, although the sessions are kept live when changing from one workstation to the next
    • does not survive a server re-boot
  • powershells
    • task automation and configuration management infrastructure for Windows
    • all used at the command prompt, Windows and Linux
    • powershell scripts are collected from various locations on the web
    • can use multiple powershells alongside each other
  • command prompt
    • still considered most useful and time-saving approach to work at command prompt


Back to: Productivity Tools



Dark Web, Hidden Services

Date
Monday, 16 April 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245564977/
Location
Upper Board Room in First United Church, 16 William Street West, Waterloo, Ontario Map
Event Announcement
Dark Web, Hidden Services/Announcement 2018-04-16

What is the Dark Web? Is it full of bad guys? What are Hidden Services? Aren't those illegal? Why would a Non-Profit organization want to use the Dark Web? Why should a Non-Profit organization make their online services available as Hidden Services? What software can we use to access the Dark Web and create Hidden Services?

We'll have a demonstration of Tor and I2P, and have a round-table discussion of the benefits and pitfalls of using them.

--Bob Jonkman & Marc Paré


Resources

Meeting Notes

  • In attendance were 14 members out of 39 signed up for the meeting.
  • Laurel video recorded session for Bob
  • Most people at the meeting are also Meetup members
  • The intent was to present both Tor as well as I2P, however, the Tor demonstration and background information took longer than expected. There will be a follow-up meeting covering I2P in August 2018.

Tor Browser - getting down and dirty with Tor - the basics

  • Bob's Tor slideshow presentation is available on KWNPSA Public Documents site
  • this presentation of the Tor browser is aimed to admins who would consider the use of Tor beneficial to their organization and members
  • Tor still needs mode of authentification
  • best practices -- use Tor as is from the official Tor website and keep it updated, Avoid any use of pre-modified Tor clients from any other sites.
  • Tor is basically a hardened version of Firefox
  • DO NOT USE BitTorrent (any client) inside of the Tor browser as the BitTorrent identifies IP addresses
    • BitTorrent does not work well on Tor
    • Q/ Can you use ghosting? A/ Not sure, but if tunnelling, will reveal your ghosting IP address but bittorent will still show data
  • Tor tends to be slow and laggy
  • The use of Tor may harm your reputation if you are found to use Tor with certain ISP's! Your IP may become exposed/found out if you make use of the wrong exit node. Some ISP's or sites may may try to ban you from any future connection, or, worse case scenario, In certain cases, there may be possibility of having your own ISP blacklisted by using Tor.
      • Using Tor may raise suspicion by legit sites, where they may wonder why the use of Tor is needed to visit their site (What do you have to hide?)
    • if you make use of some poorly chosen Tor exit nodes, they may be connected/linked to other nefarious sites.
    • Tekksavvy is good at providing Tor exit nodes, most ISP's are not relatively warm to the idea of the use of Tor
  • see slides re: Tor failure modes
    • note that CAPTCHA is hardened and will reveal your identity
  • The concept behind the Tor browser was initially conceived by the US defence project

Question (members) & Answer (Bob)

  • Why make use of a good and legit exit node? -- Helps protect your identity and also helps harden Tor for its use in countries where rights abuse is pervasive.
  • Is Tor easy to configure? -- Tor is easy to misconfigure.
  • How active is Tor's development? -- Patches are constant and often.
  • Tor breach? -- If in jurisdiction where Tor is monitored, some nefarious entry nodes could be made available through Tor traffic and may make that entry node vulnerable. German nodes (entry and exit) are popular.
  • Is there encryption node-to-node? -- Tor is onion routed and encrypted multiple times ... see slide "How Tor Works: 2"
    • The nodes (onion peels) are known only by certain devices, but not all in the nodal chains.
  • How many node layers are there? -- You may configure Tor to use as many layers as you need but 3 layers are really all you need as more layers add to latency. With the arrival of Quantum decryption, it may become easier to decrypt the Tor nodal routes, but hopefully there will be an equivalent Quantum solution for an updated Tor browser.
  • 80% of net is encrypted (https) -- However that is only for 1 layer; under Tor, layers are more numerous. Under https, we still see some list of certificate authorities that are unusual (Turkey, Tawain Telephone Service etc.), there are still some bogus certificates. The use of Tor makes it more difficult for bogus authorities to have any influence over your browsing.
  • Do we know the number of compromised exit nodes? The number of compromised exit nodes are still unknown but research on such is being done, some research, for example, is being doen at UW.
  • Can an exit node be a relay node? -- Yes. however it is not recommended to run an exit node, running a relay node is most likely safe enough.
  • is it possible to set up your exit node but only for individuals that you wish to use that particular exit node? -- Not sure. Member suggests that you could possibly use a pre-configured Tor rc file. But you would have to carry the exit node detail on some physical device and be possibly stopped at borders. Bob usually recommends using off-the-shelf hardware bought in destination country to avoid being stopped at the border.
  • Can blockchain technology be used for Tor? -- Not sure.
  • How many Tor devs? -- Tor is developed by many, some at institutions such as universities.
  • What is the adoption rate? -- Not really sure, however, making use of VPN's is popular, Tor could also be configured to do the same; therefore Tor is seeing much more takeup in some business models.
  • Does it work on cellphones? -- ORBOT, but it is extremely slow compared to Tor
  • Can we use it with VPN? -- Yes, a little more complexity is involved, but yes they do work well together.
  • Are there frequent improvements and updates of the project? -- Yes, There are hopes that perhaps streaming will work well later, but browsing websites is still a little painful.

Tor installation

  • Download from site is easy
  • Do not change the default settings, even screen size may be tracked.
    • to add a server, must add a few line to the Tor .rc file "torrc"

Round-table discussion

  • What would you use this for?
  • Use for human rights organizations, to communicate with members or view pertinent websites that are blocked in certain countries.


Back to: Dark Web, Hidden Services



File Formats

Date
Monday, 12 March 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/244120869/
Location
Upper Board Room in First United Church, 16 William Street West, Waterloo, Ontario Map

What file formats do your documents, images, spreadsheets use? Can you exchange your files with people using Macs? Linux? VMS? Will your documents survive an upgrade of your application software? Can you switch to another word processor? Image editor? Spreadsheet app? Can you still read the files from backups created years ago with different software? Can you choose the file format your application uses?

In the month of Document Freedom Day we'll look at the importance of open, well-known file formats, and compare it to closed, proprietary formats that are so prevalent today.

--Marc Paré & Bob Jonkman


Resources

Document Freedom Day
http://www.documentfreedom.org/
Document Freedom Day (DFD) is the international day to celebrate and raise awareness of Open Standards.
Digital Freedom Foundation
http://www.digitalfreedomfoundation.org/
Digital Freedom Foundation is the non-profit organization behind different International Days including Software Freedom Day, Education Freedom Day, Hardware Freedom Day and Document Freedom Day
The Document Foundation
https://www.documentfoundation.org/
The Document Foundation is proud to be the home of LibreOffice and The Document Liberation Project

Meeting Notes

What are Free/Open File formats?
  • and what are closed or proprietary formats?
Survey of participants
  • Free/open File Formats users: #
  • Proprietary File Formats users: #
Round Table Discussion
Software and applications
Free/Open File Formats
  • make list here
Closed or Proprietary Formats
  • make another list here


Corporate Surveillance

Date
Monday, 12 February 2018 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/245128116
Location
First United Church, 16 William St West, Waterloo, ON Map

How do we keep our workplaces secure? Does your organization use cameras? Does it filter web content? Check for document exfiltration? Inspect e-mail? Monitor keystrokes? Is this sneaky, underhanded spying, or merely good business practice? What are the ethics of corporate surveillance for System Administrators?

Join Kitchener-Waterloo Non-Profit System Administrators at our monthly round table meeting for a technical, philosophical and moral discussion.

--Bob Jonkman & Marc Paré


Resources

Office Audit and Control Management Server | TechSoup Canada

Meeting Notes

Notes taken by Bob Jonkman


What is Corporate Surveillance
  • Most corporate management is meant to ensure computers aren't altered, no viruses are introduced
    • Bob has worked in a place that checks all outbound e-mail for keywords, looking for data exfiltration.
    • Some exfiltration data is monitored for employees' protection, also video camera footage, so if theft occurs employees are not falsely accused
    • Some places archive e-mail for several months
      • Data retention required for legislative purposes, but can be used for forensics and surveillance


  • Is employee monitoring legal? Yes, employees sign contracts allowing this to take place, and that all data belongs to the corporation
    • Including "shower ideas", that are developed outside of company time


  • Some places allow "reasonable use" of telephone, internet.


Ethics
  • Do employees even know they're being monitored?
    • There may be pop-up messages indicating that USB-drives are inserted, &c.
    • Sometimes you see evidence of SysAdmins taking remote control


  • But would you still want to work in a place like that?
    • Very stressful to work in a place like that.
    • Washroom breaks being logged!!
    • Creepy for those being surveilled
    • Maybe employees need a guaranteed that the data will not be retained, and is secure from data theft
    • Need a union to protect the employees
      • Even when it's obvious that data on the computer is being logged and monitored
      • Is that common sense?
    • Some SysAdmins do not want to do forensics against their co-workers
      • Or even SysAdmins doing forensics against managers
      • Refusal to perform surveillance against co-workers can result in dismissal
      • Sometimes the stuff unearthed is disturbing (pornography? worse?)


  • We can all make reasonable arguments in favour of surveillance
    • But big companies have shown time and time again that they can't be trusted with the data
    • And we can't opt out
    • Data correlation can identify individuals in millions of records based on only three data points


  • Definitely unethical to sell my data collected through browsing
    • But it's OK if one company shows their products based on data they've collected previously


Internet Surveillance

Internet Surveillance Companies (ISC) provide services at no cost to the user, but their business model is based on selling those users' data


  • Google is providing a service that predicts your "needs and wants" based on analysis of big data
    • Selling it advertisers, insurance agencies, potential employers
      • "Minority Report", "Thoughtcrime"


  • The "free services" are monetized by the sale of personal data
    • Most people don't know how much, how detailed it is


  • You're constantly being given things you want to see, you want to hear
    • But it's nothing that grates you, nothing that you don't want to see
    • So your online experience is shaped in a pleasant way,
    • For someone who wants something different, the experience is not in that model
      • It's more insidious -- you're being tempted to have greater desires

Your desires are being shaped, not reflected by the collection of big data

-- Steve Izma


"5 things about TV" (get actual title from Steve Izma)

  • Subliminal advertising, designed to hit your subconscious
    • Outlawed on TV
  • There is similarity between what anti-spam laws prohibit and what ISC are doing
  • Reddit: Kids know that laws are weaker in US, consider Canada more favourable for keeping privacy
  • As a SysAdmin, if you collect data on employees, what stops ISC from gathering that data?
    • try to safeguard your employees, your company, your employers.
    • Not just stealing stored data, but data from streaming services (search, video, forums)
    • Google acts like an independent nation
    • Needs legislation; corporations will kill people for profit if not prevented by law


  • Internet Surveillance Companies give us what we want, but are they reshaping our values?
    • Culture is important, will surveillance companies change your culture?
    • People rooted in culture are more difficult to move
    • We need legislation to preserve culture; we can trust our politicians to look out for us (???)


  • (Side conversation on government subsidising Canadian culture)
    • Good: Preserves our culture
    • Bad: The good culture just moves offshore, only the mediocre Canadian stuff stays behind
      • Some producers will create anything just to attract grant money
      • Canadian funded productions are made to look like American productions; no cultural benefit to Canadians


  • Canadians need to support Canadian businesses
    • If Blackberry had been a US company, would they have been successful?
    • Lots of loyalty -- Microsoft failed in the mobile market
    • Nortel failed not because they were Canadian, but because they made poor choices


  • 19yr old believes Canada has a better grip on surveillance legislation
    • He gets a wider point of view, not just from one source


  • Regulations?
    • Canada has lots of regulations to keep data private
      • PIPEDA (Canada's Personal Information Protection and Electronic Documents Act)
      • MFIPPA (Ontario's Municipal Freedom of Information and Protection of Privacy Act)
      • PHIPA (Ontario's Personal Health Information Protection Act)
    • In the US much data privacy data is pushed by FBI; Canada's equivalent is RCMP
      • Is the funding and capability in Canada equivalent? (10% tax base of US)
      • "Five Eyes", mutual spying on each other


  • Bell has a proposal to throttle and turn off sites they find offensive
    • Done through an "independent body"; keep our content we've paid for out of pirates' hands
    • Who will monitor the Canadian web? The CRTC? Who enforces the regulations?
    • Yet another attempt by Big Media to provide services in the old model


  • Blackberry's encryption may be good, but they've still compromised themselves for large markets
Protection
  • How can we protect ourselves?
    • Don't use the main services like Google (use SearchX) or Twitter (use GNUsocial or Mastodon)
    • Use proxy services like Tor and I2P (the Dark Web)
    • Use VPN services (but how can you trust the VPN provider?)
    • Trying to do black-box analysis of "protection" sites may be hazaradous


  • As bad as our loss of privacy is, other countries have their entire access blocked (and surveilled)


  • Corporate profits always take priority over ethics
    • Not a sustainable model in many cases
    • Staff is hired to find loopholes in contracts to maximize profits
    • Corporations that go out of business are cannibalized to create new markets, improve
    • Venture Capitalists will also undermine ethics
    • Tim Wu, "The Master Switch", on how corporations shape the legislation that controls them, and how independent service providers get displaced by monopolies


  • Privately held companies (and non-profits) can still uphold their ethics

Future topics

  • Fallout from data breaches Equifax, Yahoo
    • How do these companies work? "reputation management companies"
    • Do these companies operate?
      • You can get your own data from them, legally mandated
      • There are Meta-access services that get info from all services


Back to: Corporate Surveillance



Document Storage

Date
Monday, 13 November 2017 from 7:00pm to 9:00pm
Meetup Event
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243067519/
Location
Queen Street Commons Cafe, 43 Queen Street South, Kitchener, Ontario Map
Event Announcement
Document Storage/Announcement 2017-11-13

How do you store your documents? Where do you store them? What software creates your documents? What software stores it? What software retrieves it? What about document indexing and searching? How do you deal with non-textual documents? What document file format do you use? Is parchment and goose-quill still best?

This month there'll be a shooting match between the Well-Known Format SysAdmins and the OpenStandards SysAdmins. But it'll be a polite shooting match at our round table discussion, with SysAdmins relating their own practices, learning new ones, and telling tall tales.

--Bob Jonkman & Marc Paré

Resources

File Storage | TechSoup Canada

Nextcloud or ownCloud


Future Venues

  • Communitech has indicated we can no longer use the Jellybean Room on Mondays
    • but the room is available on Wednesdays
      • but it's only available until 8:00pm
      • do we want to switch meeting days?
    • Marc will check if there's any availability on Mondays
      • but the cost will probably be higher ($15/hr now)


  • We were contacted by Reg from One King North Map, a coworking space
    • Reg indicated that "Also it's complimentary, so you don't have to pay for using our space to hold meetups"
    • Marc followed up with Reg and has yet to hear back from him
      • Apparently, Reg was unclear in his communication, probability of having access to this venue space does not look promising


  • Other possible venues:
    • Old school board building (Marc has contacts, will investigate)
    • Downtown Community Centre Map
      • but they require all KWNPSA attendees to purchase memberships at $15/year
      • Paul Nijjar investigated for KWLUG; it was deemed unsuitable for a non-profit group
      • Bob's notes indicate there are also meeting room fees, insurance costs, and participants under 18 years old are not allowed.
    • Descendants Beer & Beverage Co. apparently has meeting facilities. Kirk will investigate. Map

Meeting Notes

Cloud Storage
  • Microsoft Office 365
    • Lots of KWNPSA members use Office 365
    • Default installation moves documents to US servers
    • Microsoft will move documents to Canadian servers on request
      • but this may take up to seven years
    • Microsoft OneDrive was automatically installed at one organization
    • Business version of Skype can't be turned off, once it's installed!
      • It is difficult to use Business Skype with non-business instances of Skype
      • But there is finally a good GNU/Linux client for Skype, works with multiple video streams


  • Google G Suite (Google Docs)
    • Used by political organizations
      • This seems like a bad idea; want to keep political affiliations and activity away from prying eyes
    • Google Drive storage
      • Some SysAdmins have seen identical filenames in folders
        • Perhaps the User Interface hides extensions or filename suffixes
      • Maybe Google Drive uses links or pointers?
        • People move files, but they still exist in orginal locations
        • Google Mail uses flat storage of all messages, tags on each message are displayed in UI as though it is a folder structure


  • Cloud horror stories:
    • Company advertising genetic testing services stored data in the cloud
      • then sold people's personal genetic data to a pharmaceutical or insurance company
    • Genealogy company acquired data stored "freely available" from individuals' web sites
      • Now sells this data, and it is not available to the original authors
      • Suggestion: "Poison the well" by creating a "Fake Uncle Ralph" to prove authorship (see Wikipedia:Trap street)


  • Security risks
    • Commercial cloud providers will hand over customer data to authorities
      • National Security Letters -- Cloud providers may be compelled to keep this data access from their customers
    • Ensure you have a contract with a Service Level Agreement (SLA) that specifies where servers are stored (Canada? US?), how data is routed
      • Even if source and destination are both in Canada, traffic may still be routed through US and subject to snooping; Canadian data has no protection when routed through US
    • Technical means: Source Routing can specify how a packet is sent through the network (Internet)


Encrypted File Storage
  • Use VPNs to keep remote sites within your own network
  • Encrypted tunnels, eg. Secure Shell (sshfs)
  • Encrypted file systems
    • eg. Nextcloud, ownCloud
    • Must ensure that encrypted file system is not mounted on remote, unsecured server
  • Encrypted containers
  • For any corporate encryption, Additional Decryption Keys are needed
    • Any user-encrypted files or containers can be decrypted by the organization's ADK; ensures data is not lost when user forgets password or leaves the organization
  • Office 365 encryption
    • The culture for Microsoft products is less concerned with encryption (poor adoption of encrypted technologies?)


  • Encrypted Backups?
    • For backups in the cloud, or on local storage
    • Encrypted backups can become un-restorable with minor errors
      • Bob recommends making unencrypted backups, then saving them in an encrypted container; even better to keep unencrypted backups physically secure
Sharing Files
  • File permissions
    • Staff doesn't know how to use filesystem permissions, makes all files globally read/writeable
  • Use a Document Management System to assign authorization to documents
    • Access control with a DMS can be more finely tuned
    • DMS also provides benefits such as metadata and search/indexing
    • but it needs the skills of a librarian to properly catalogue documents
    • and a DMS adds another layer of abstraction; more work for the SysAdmin, more to go wrong
  • Physical file systems (file cabinets, folders) were treated better by staff than digital file systems
  • Using Roaming Profiles for shared file access
    • SysAdmin can force desktop computers to put "My Documents", "My Pictures" &c. on the server for shared and secure storage
      • Doesn't work for Windows' "My Desktop"; that folder appears to have special privileges, but we don't know how
      • Can "My Desktop" or "My Documents" be made read-only to force staff to use server storage? Doubtful
    • Thin clients don't store data locally
    • Use the Browser Local Storage? (please, no)
    • "Libraries" feature in Windows can combine several folders (from different sources) into one
  • Commercial applications for managing roaming profiles: Micro Focus ZENworks (formerly NAL, Novell Application Launcer); Intel LANdesk Manager, Computer Associates
  • Staff gets easily confused with shared filesystems
    • Folder tree changes, filename and foldername changes


Storing Binary Files
  • Music Files, photos, video, CAD drawings, &c.
  • Using Google Drive is not efficient for binary files, better to keep on local (non-cloud) storage
    • Post-production for music can't be done online
  • Cloud services need cloud-based client software to manage binary files
    • Google Docs does not have a good music client to manage music file for an orchestra
    • But Google Docs has good photo apps


USB Sticks or Thumbdrives
  • How to prevent the use of USB drives?
    • Physically hotglue the USB ports on organizations' computers
    • Pop up a warning to the user when USB device is inserted
    • Lock the computer when a USB device is inserted
  • Worried about "Parking Lot USBs" (USB drives found in the parking lot, may contain malicious payload)
    • Physical attacks through high-voltage discharges (see https://usbkill.com/ )
    • The only protection against physical attacks is physical protection


Future Topics

  • Document Management: There are specialized software tools to manage your documents, provide version control, allow staff to checkout documents for exclusive access, and to provide indexing and search tools. What do you use?
  • Encryption How do encrypted file systems work? Demonstration/Workshop on creating encrypted file containers.
  • Microsoft Evening (do they still provide sponsorship? Marc will check with Eli)



Markup Languages and Note Taking

Date
Monday, 16 October 2017 from 7:00pm to 9:00pm
(Thanksgiving! Scheduled for the 2nd non-holiday Monday of the month)
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243068343/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

How do you take notes? What software exists for note taking? What markup language is best for taking notes? Are your notes available on your phone or tablet? How do you synchronize them? How do you publish your notes online? When is it better to use a Note Taking application rather than a proper Word Processor?

This month we invite all the devotees of MarkDown, WikiText, MoinMoin, YAML, and LaTeX to contribute to the discussion at our round table.

--Marc Paré & Bob Jonkman


Resources

Note-taking applications
Markup Languages
Markup Editors

On creating a standard Markup Language:

standards.png
Fortunately, the charging one has been solved now that we've all standardized on mini-USB. Or is it micro-USB? Shit.



Meeting Notes

Practices
  • Bob edits notes directly into MediaWiki (but only at KWNPSA)
    • Has tried Sticky Notes, Xpad, not suitable
    • mounts website locally, edits with his text editor, saves directly to website
    • Writes notes in notebook, transcribes to wiki, then copies generated HTML source to destination website


  • Steve's practice is to separate content from form
    • Create content first, but in a way that it's easy to add formatting stuff later on
      • WordProcessing doesn't do that, tries to do them both
      • WP tries to be an operating system
      • On all principles, WP are bad
      • But LibreOffice tries to fix that, its internal format is not proprietary
      • Valuable for
    • When writing, be concerned primarily with content, secondarily with syntax, format
      • Can always add typographical content (the markup) afterwards
    • eg. Wordcount isn't really needed, can't do it accurately by examining marked-up text
    • Steve uses his own markup, similar to Markdown, related to groff
      • Only worries about paragraph breaks and lists, maybe section headers
      • Does not want ML to interpret line breaks, unless there's two in a row
      • Always works in Linux, so LF only
    • Steve uses AWK script to render text,
      • But how to apply markup to a previous line?
    • Uses VIMperator in Firefox to edit online content


  • Kirk managed documentation in SGML using James Clark's DSSSL processor called "Jade" to generate RTF, TeX, PDF(?)
    • DSSSL == Wikipedia:Document Style Semantics and Specification Language
    • James Clark also wrote groff, modelled on SoftQuad troff
    • Schema for SGML was DocBook
    • None of which gave the results, so he used
    • DocBook in XML
    • Kirk wrote a stylesheet in XSLT to turn DocBook into XML for LibreOffice
      • "compiled" documentation, literally using "make"
    • XML provides rigid consistency, important to typographers
    • Also created WinHelp files with DSSSL
      • Also tried to create TeX files
    • The important part is that a single source document created multiple output file formats


  • Nick
    • Taking notes for school,
      • OneNote can be handy, good for finding notes and subcategories
    • Adapting different note taking for different purposes, even sticky notes
    • Different apps are suitable to different purposes
    • Short term is good with StickyNotes or Xpad
      • Version of StickyNotes with Win10 is colourizable
    • November is NaNoWriMo month,
      • Use OneNote is nice because it organizes a lot of notes, eg research, character development
      • But not for the actual manuscript, use a WP for that
    • There's a StickyNotes app for Android: Search F-Droid for "Sticky Notes"
    • Different situatation: Academic, professional, hobby -- all have different requirements, different needs
    • How to do the website?
      • Not his website, done on webs.com
      • Needed to directly edit HTML in webs.com, no feature to FTP content
      • The webs.com HTML viewer is not so great, uses his browser to download source, converts to PDF for a rough idea, then copy'n'paste back into the site
    • Notepad++ has nice indenting
    • Nick's site is largely static, but needs to update meeting events
      • Gets content from HTML e-mail, imports to Word, saves as HTML, then massages by hand (Word generates very verbose HTML)
      • this is a pretty common technique with other SysAdmins


  • Raymond
    • Casual note taking (temporary), eg library cards
      • Needs to do it on the cellphone
      • Notetaker on iPhone
      • Google Keep on Android --
        • Has checklists! Good feature!
        • Google Notebook was good, no longer exists
      • Uses computer to enter content for reading on cell phone
    • For serious notetaking
      • Started with text files, but that's a problem, eg. need diagrams, searching
      • Searchable is a top requirement
      • Offline use is important
        • Bob has horror story: taking notes at KWNPSA directly into wiki, closed laptop, needed to recover document from browser cache
      • Organization is important,
      • Re-ordering, re-sorting
    • Javascript, programming
    • Using Evernote for a long time
      • Has a limit on the traffic, now restricted to two devices (annoying with Macbook, cell phone, office desktop)
      • Can search, even text in pictures.
      • Free (as in gratis)
      • Crossplatform
      • Evernote and StickyNote can synchronize!
    • Tried OneNote years ago, didn't work well
      • Formatting or search ability wasn't good enough


  • Mojtaba is not a heavy note taker
    • Tried OneNote
    • gedit and vim on the desktop
    • Google Notes on the phone
    • Plain text!
    • Does programming with vim
      • just search through directories with egrep
General Musings
  • Raymond has used Atom.io competitor Sublime Text
  • Mojtaba has used vundle (package manager for vim)


  • People using online apps to synchronize between devices
  • OneNote does not have an import/export function
    • Raymond can set up a channel ifttt (If This Then That)
    • But OneNote is too proprietary to get stuff out (export)


  • Steve: Organize stuff in a file system to make it easy to find
    • Doc files in one subdir, PDF in another, then create a "logfile" to locate stuff
    • Keep notes organized by project, more concerned with content


Tech stuff
  • How is a "schema" different from the ML?
    • SGML and XML are serialization formats, taking data and turning it into one long stream of characters
    • DocBook and DITA are schemas that specify the allowable data elements eg, a DTD in HTML or SGML
    • XSLTProc using DocBook stylesheets to render HTML


  • LaTeX is a superset for Tex
    • Much more structured
    • But easier to use
    • And probably faster to describe things like formulas
    • groff is pretty much the same syntax for marking up math
    • Every computer science and math student needs to know TeX
    • Built-in font is "Computer Modern"
      • But there are commands to change to any other font for better legibility
    • Donald Knuth wrote "metafont" to create fonts, TeX to do page layout
    • Tex is primarily layout and presentation, LaTeX adds semantics
      • Steve gives a brief overview of LaTeX document structure, logical and strict
  • In typesetting
    • Authors are just concerned about appearance
    • Typesetters want more document structure
    • groff is a typesetting language
    • runoff for running online printers in the 1960s
    • Bell Labs operating system created to generate output
      • "We'll write you a typesetting language", just need an OS so they created Unix
      • troff was the result "typeset and runoff"
        • Author died suddenly, Brian Kernighan needed to reverse-engineer the code, rewrote in C
      • SoftQuad got rights to the troff code, developed it before "SGML handbook", HoTMetaL
        • Tied to Coach House Press


  • Reminiscing about the old days when you could still talk to people in charge of major industries
    • Phototypesetting: Steve gives a brief history


  • Mindmapping tools
    • Freeplane:
      • Lots of features
      • Non-linear editing
      • decorate with icons
      • Lua scripting language
    • Freemind is another
      • Both Java applications, for platform independence?
      • Mindmanager is a commercial version for Windows
    • Similar to WP outlining feature
      • But you need to scroll up and down to find things


  • Spectrum of file formats
    • From binary data with human read-only output
    • to readable input formats
    • eg. JSON format is not a good human-readable language
    • eg. YAML is for machine readable, not human
    • XML is not as human-readable as Markdown either
    • Markdown is an incomplete language, can't deal with some formatting issues
      • Lists are a problem (but there is the pipe character
    • Makes sense for XML to be more strict
      • Machine needs to read the DOM


  • Sometimes meaning of document structure disappears for human readers when a stylesheet is applied that alters appearance


  • Typographic needs a structure like XML
    • Can contain markup content that is not rendered, but gives typographic instructions
      • eg. command to kern a paragraph
    • Steve uses attributes as non-content typographic instructions
    • If you need to pass structural data use XML
    • Markup languages can target either humans or machines
    • The more complicated the document structure, the more you need a non-human-readable format like XML
  • Books with indices lend themselves to XML
    • also bibliographies, very strict for punctuation and capitalization
    • Steve can apply scripts to a document to apply structure, strip out what the author has done
      • Generate Tables fo Content from marked up content, don't cut'n'paste
      • DRY - Don't Repeat Yourself


  • What is the format that uses separate lines for markup, eg.
Heading
=======

Subheading
----------


Requirements
  • SGML and HTML and XML aren't meant for writing, but for semantic meaning
    • More of an interchange format
    • Editors need to be for getting content into the editor quickly
    • Choose an editor or Markup Language for "pretty", how it appears
    • or choose an editor/ML for semantic meaning


Future topics



Project Management

Date
Monday, 18 September 2017 from 7:00pm to 8:30pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/243066154/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What is Project Management? How do SysAdmins provide support to Project Managers? What kind of projects directly affect SysAdmins? Do Non-Profit SysAdmins manage projects? What tools are available for project management? What server-based software exists for project management? Who provides outsourced project management? What standards exist for project management? What certification?

Let's bring together SysAdmins and Project Managers to discuss the state of the art. As always, we'll have round table discussion to ask questions, provide expertise, and share stories of past experiences.

--Bob Jonkman & Marc Paré


Resources

Project Management | Techsoup Canada

The Project Management Association of Canada

Canada's Technology Triangle Chapter | PMI | Project Management Institute

Wikipedia:Project Management


(unrelated) https://www.adminadminpodcast.co.uk/

These guys talk about being an IT administrator, whether thats a local
desktop engineer, a cloud-native specialist deploying to cloud hosting
platforms running Linux, or an enterprise Windows admin...

Meeting Notes

  • Sponsorships
    • We like NetSquared and TechSoup, but don't want the KWNPSA direction dicated by the sponsors
    • Stickers were distributed!
  • NaNoWriMo - National Novel Writing Month - good tie-in with Document Storage
    • Discussing backups and formatting and document semantics
  • File Formats -- tie-in with Document Freedom Day in March
  • Introductions - SysAdmins, Typesetters, Software Testers, Software Developers, Teachers
    • Not a single Project Manager, but all these projects!
What is Project Management?
  • What is a project?
    • Has a start and deadline, must have a goal, and measure of success
    • Certain kinds of reports, eg. financial statistics, not part of the normal booking routine, eg. grant proposal, eg. special audit
    • Contrast with regular operations, which may still have a continuous improvement goal
  • Always implies collaboration, eg. a book


  • Tasks of project management
    • Eliminate Redundancies
    • Optimizing the whole project, costs, resources,
    • Set constraints and scope of the project
    • Scheduling
    • Distributing the responsibilities of labour and resources


SysAdmin role in Project Management
  • Sometimes SysAdmin is the Project Manager
  • Some projects start internally, others are imposed externally
    • Server upgrades, reports and time estimates for operations
  • Small companies may not have large project teams, people wear many hats
  • Sometimes no diff between PM, Team Leader, Department Head
    • Who are the "boots on the ground"?
    • Again, communication flows are important, making sure it happens smootly.
    • Avoid animosity by keeping communications open. There's not software for that
    • Even software like Slack doesn't achieve this, needs people-to-people communication. Needs change, software doesn't keep up.
  • Time estimates are horrible to figure out in IT
    • Need buffer time,
    • SysAdmin will have a good idea of time needed to perform tasks.


Software
  • Manual techniques like sticky notes and whiteboards
    • Gets transferred to software
    • Requires stakeholders in a meeting, maybe video conference, not asynchronous tools like e-mail
      • But getting contributions in a live meeting may be tough. After the meeting people finally got involved by sending e-mail
      • Keeping the tone collegial is everyone's task, but bridge-building is definitely a skill for PMs
  • Concurrence: Multiple people may need to access (Read/Write) the project data
    • Is concurrence necessarily the best data management practice?
      • We had vigorous discussion on the merits of document concurrency
        • Good for managing sub-tasks, not good for overall project coherence
    • Lose focus of the project with too many simultaneous changes
  • Software licencing can be onerous -- cost of software, seat licenses, and audits


Specific apps
  • Symantec Timeline circa 1998.
  • Microsoft Project
  • Project Libre
    • Open Source has XML data format, anyone can read the data without having the software
Project Management Standards and Certification

(wasn't discussed in the time available)

Stories
  • Management dictates timelines, despite project management best practices
  • Management dictates "buy from the lowest bidder", not based on project requiremetns
  • Management dictates "Put the dev stuff into production", not following proper dev-test-prod protocols
  • There is a gap for project managers that have one foot in the software dev world and another foot in the communications field
    • PMs spend a lot of time speaking to both developers and management
    • Need to teach better communication skills to developers to speak to Management
      • although Management may not have the communications skills to listen to developers
  • Discussion on the "Mythical Man Month", the book of project management gotchas
    • Skunkworks may be more efficient and effective than following the full Project Management procedures


Monetization

Date
Monday, 21 August 2017 from 7:00pm to 9:00pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/241820045/ iCal
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

How can a Non-Profit organization raise money from their services? Can a Not-For-Profit organization make a profit? Why do some NonProfit organizations have separate corporate entities for fundraising and their core business? How do NonProfit SysAdmins manage crowdfunding? How does monetization affect NonProfit status? How does monetization affect legislation concerning mailing lists? What does the NonProfit SysAdmin need to know to enable monetization on the Internet? What software exists to enable monetization?

Join us to discuss these and other ideas for monetization.

--Marc Paré & Bob Jonkman


Resources

Which Crowdfunding Platform Is Best for Your Nonprofit? | TechSoup Canada

Canada's Law on Spam and Other Electronic Threats - Home - Canada's Anti-Spam Legislation


Meeting Notes

What NonProfit Organizations sell stuff?
  • Publishing companies
  • Food co-ops
  • Musical societies (CDs, services)
  • Event admission for political groups, rallies
Two companies?
  • If activities don't fit within the mission statement, then CRA may consider it a separate, for-profit company
  • Charitable companies are particularly vulnerable, hassled by CRA
Drawbacks to monetization
  • Need End-of-year reports, tax knowledge
  • Need an audit/auditor over a certain amount (maybe $100K?)
  • Tricky to justify certain kinds of income, esp if there is significant profit
    • Need a budget that justifies certain expenses eg. equipment
  • People don't have enough knowledge of IT systems to use them properly
    • Using spreadsheets that don't integrate with financial systems
      • But still better than a Word Document
    • Frustrating for SysAdmins, who need to provide support
    • No user knowledge of version control, journalling, &c.
  • The Treasurer position of a NonProfit has frequent turnover, no continuity
    • Treasurer may be volunteer, unskilled for the task
  • Some NonProfits deal with esoteric financials (book sales, royalties), may not have a system in packaged software
  • Need specific information that the grant agency (that provides funds) wants to see
  • Concerns with transparency, opening the books for the public
  • Who maintains privacy of finances?
    • Need a designated Privacy Officer


Methods of monetization
  • "Legacy Gifts": Larger groups (orchestras?) are pitching bequeathing estates as donations, triggered by a will.
    • Important to performance groups, as their audience ages
    • In Europe, cities a fraction of the size of KW get government funding for the arts, so fundraising not necessary
    • In Canada there are people hired by NonProfit art and performance organizations to do nothing but acquire funding through donations
  • Integrate small NonProfit groups into the finances of a larger organization, eg. at a University
    • But the reporting needs may not be adequate.
  • Need to know about methods for funding proposals
    • Software? Forms? Documents?
  • http://career.publicoutreachgroup.com/ Facilitates fundraising for non-profits
  • Community Foundations will organize the funding for NonProfits, eg. Kitchener-Waterloo Community Foundation
    • Other arts groups set up their own foundations, eg. KW Symphony
    • Or set up your own foundation, then the KW Community Foundation will provide the administration for it


What does a SysAdmin do to enable monetization?
  • Not too interested in accounting
  • Shopping carts on websites
    • Not done internally, this gets contracted out
  • Point-of-sale systems?
    • Need to combine with sales data from other systems
  • Provide integration to other systems
  • Select and set up Crowdfunding platforms
Crowdfunding
  • Has Crowdfunding passed its peak? It was the big thing two or three years ago.
  • What criteria are used to select a Crowdfunding source?
  • Techsoup: https://www.techsoupcanada.ca/en/community/blog/which-crowdfunding-platform-is-best-for-your-nonprofit
  • Centre for Social Innovation in Toronto:
    • Bring your own audience, your own following, before starting the campaign
    • Pretty much everyone involved already needs to be in place
    • Crowdfunding sites don't necessarily increase your reach, or attract more contributors
    • Crowdfunding is good for devices, eg. Pebble Watch
  • If you haven't reached your funding level in three months, it's not likely to fly
  • There are "Crowdfunding Brokers"
    • providing Consultancy, advocacy,
    • Centre for Social Innovation trying to get social advocacy agencies involved (two or three years ago)
  • City of Waterloo had a program to crowdfund Civic Improvements
    • Had their own website
    • People proposed their own projects, advocated for them, got the funding. Then the City would implement them.
      • Thorough failure... People did not want to give money for things they had already paid for through taxes
  • Education: Raising money for supplies, program was halted by the Ministry of Education: "We already provide funding for that."
Financial Software

Needs dedicated staff to manage privacy issues, but if your NonProfit Org has enough staff to maintain it, it's very effective

  • Purchasing financial software also purchases the skills and expertise of building such a system (Lawyers, accountants)
    • A way of recording transactions without requiring the expertise of accountants
    • Avoid bitrot (spreadsheets may not be the same from one year to the next)
  • QuickBooks?
    • Has a non-profit module
    • QuickBooks is common, but doesn't provide the detail for non-profits
      • eg. selling worldwide through Amazon, QuickBooks doesn't provide geographic customer data
    • Dedicated software provides more granularity in recording transactions.
    • with QuickBooks you still need other tools to record other data
  • Spreadsheets are prone to user error, eg. changing or deleting a formula
  • Orgs hold fundraisers to pay for events
    • Events themselves may raise funds through admission fees
  • There exists fundraising software
    • Similar to contact management software, eg. CiviCRM, Sales Force Automation, Symantec ACT!
    • CiviCRM provides metrics, eg. number and amount of donations
      • Metrics are really important for donations and ticket sales
    • Good for larger NonProfit orgs, too complicated for small ones
    • And with a list of donors, privacy becomes a concern
    • Some integrates well with financial/accounting software
    • Detects patterns of donations, sends out requests only at the correct intervals, or when donors are ready
    • Coordinates with maturity of investments held by donors, when NonProfits can get a pledge.
    • Good software can snipe other NonProfits looking for donations
  • "Grant Station" (subscription software, available through TechSoup)
    • TechSoup subscription is more flexible (cheaper) than purchasing directly from Grant Station
    • Provides a list of Canadian and American grant agencies
    • helps prepare online pitches for donations
    • Hones your skills in preparing grant applications
  • "Canada Donates" is also useful for NonProfits
Accounting software:

http://www.techsoupcanada.ca/en/taxonomy/term/287

  • Newviews
  • QuickBooks
  • MYOB (Mind Your Own Business) (defunct? Only in Australia?)
  • Microsoft Money
  • GNUcash (Free Software)
  • Scrooge (chequebook model, not really for NonProfits) (FS, KDE)
  • FrontAccounting (ERP)
Tax Software


"If you're looking to monetize your NonProfit group, joining TechSoup is very beneficial." (spontaneous endorsement from KWNPSA attendee)



Template loop detected: Mail Management/Meeting Notes 2017-07-17



Malware

Date
Monday, 12 June 2017 from 7:00pm to 9:00pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/239940239/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Breaking News: Dozens of countries affected by ransomware cyberattack (CBC News, 12 May 2017)

Are you protected from malware? On your desktop computers? On your servers? Does your staff have malware protection at home? Is anti-virus software enough? What's "ransomware"? What's the difference between a virus, a trojan, and a phishing attack? Does it matter? How do you protect yourself from malware? What's the best way to react to a malware outbreak? How do you recover from a malware attack?

We'll share our experiences in a round table discussion, and perhaps have a guest from the industry to provide some of the answers.

--Marc Paré and Bob Jonkman



Video

Malware discussion at NetSquared KW meetup (courtesy of Gheorghe Curelet)

Guest: Scott Smith

  • Tekkshare demonstration by guest Scott Smith
    • A Goods-and-Services marketplace for technical stuff based on Sharetribe
    • Invitation for KWNPSA members to sign up, will waive commission for first year

Meeting Notes

Malware experiences
  • from the days of floppy drives
Platforms
  • Apple malware, adware
    • Nothing super malicious, but affects the browser, user libraries inc. user preferences
    • Backup with TimeMachine, but that takes malware with it
    • Free TV websites and proxy sites seem to be sources of malware
    • Manual restore (not Time Machine) to restore each file individually
    • AdAware bought by Malwareytes, good for Apple platform, free for home use: Malwarebytes | Malwarebytes Anti-Malware for Mac
  • Android
    • Large platform, biggest vulnerability
    • Old, refurbished phones may be vulnerable, they don't get updates
    • Same for routers, security cams
    • Fragmentation in market, but providers (Samsung, Verizon) don't provide updates after a year or two
    • Reluctance to update phones because it takes too long (10 minutes!)
    • People are more likely to replace a device than upgrade it
      • Both on desktop and mobile devices
    • Change is scary, some people can't even deal with a moved icon on the desktop
    • SysAdmins are not able to meet the expectations of clients
    • Google is taking heat for lack of Android updates
      • Thought it might have been like GNU/Linux distros (stable, testing, Sid), didn't work out that way
      • Proprietary applications contribute to this, only Google can upgrade their apps
      • CopperheadOS tried to address this with a secure Android OS, but constantly battles Google and vendors

People believe things are secure because they've paid the vendor lots of money, they don't pay the vendor lots of money because the products are secure.

Best defence: Make our purchasing decisions based on public data of vulnerabilities

Mitigation
  • Treat the end-user as an adversary
    • Focus on recovery instead of avoidance
    • But should we treat people as adversaries? Technical solutions are not a panacea
  • Backups!!!
  • Risk management -- given enough time, the probability of being affected approaches one
  • Training is necessary, but not sufficient
Defence in Depth
  • Backups, backup rotation, offsite backup
  • Training
  • Updates
  • Offsite storage (Cloud), store deleted files for 90 days (version control)
    • But privacy issues with out-of-country routing and storage
  • Buy-in from management to provide enough resources (money)
  • Honeypot, canary - let SysAdmin know when certain files are being touched

Staff needs to know this Defence-in-Depth is being done, and when

Recovery
  • Some people don't care about their data, just re-image the computer
  • Shadowcopy in Window -- only Administrator has access, can't be encrypted by ransomware
    • But malware knows Shadowcopy is a good idea, and will try to bypass
  • How can you tell your files are encrypted?
    • Applications can't open their data files
    • Some malware leaves messages "This folder is encrypted"
  • Stiller software (c. 1995) to identify modified files with checksum appended to all files; won't open or execute compromised files

Meeting Administration

  • Time limits? 8:30pm
    • Stay on topic
    • May start at 6:30pm? Consensus, not...


Offsite Hosting

Date
Monday, 8 May 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237779027/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Where are your servers? Are you self-hosting? Have you thought about professional hosting? What services does a professional hosting service offer? Do you need shared hosting? Do you need a VPS? What's a VPS? What's a colocation site? How much will all this cost?

Come share your experiences with self-hosting, shared hosting, and VPSes. Bob and Marc have the questions, and special guest Mark Steffen from indieServe Networks will have the answers.

See you at the meeting!

--Bob Jonkman and Marc Paré



Video

Offsite Internet servers hosting - YouTube (courtesy of Gheorghe Curelet)

Meeting Notes

Selecting a hosting provider
  • There's no "One size fits all"
  • What do you need?
    • Disaster recovery?
    • Microsoft licensing?
    • E-mail hosting?
What kinds of servers for a host?
  • Dell servers at one place
  • Had HPs, didn't mind them
    • indieServe has some HP servers for colocation
  • Lenovo, but there was BIOS based malware
    • Liked IBM servers, anecdotally liked the reliability
    • indieServe has all Lenovo servers
Offsite Hosting Problems?
  • Shared hosting was OK for a while, but host was asking for more money
  • Another company seemed perfect shared hosting (using WordPress),
    • Works today, but lots of complaints on Facebook, so he no longer trusts
  • Backups?
    • Yes, keeping your own backups in addition to using the hosts' backups
indieServe Networks
  • indieServe is hosting for KWLUG, KWVoIP, FairvoteWRC, KWPeace, &c.
  • About $10/month for shared host
    • No limits but on the honour system
    • Keep it to one company per shared host
    • Local non-profits may be able to get really good deal -- talk to Mark Steffen
  • Also has VPS (Virtual Private Servers)
  • Can do hosted Windows servers or domain
    • Good for small file sharing systems
    • Microsoft has a specific licensing arrangement for hosting providers
    • Cost based on cores and sockets, plus number of customers
    • Not cheap, $100's /month
    • Similar model to Azure or Amazon AWS
Offsite Backups
  • Some customers use offsite hosting only for data replication (disaster recovery)
    • Do keep offsite backups encrypted
    • For any backup solution check with Legal for PIPEDA legislation
    • Cheap backup? 20¢/GiByte for storage is typical
  • Backup software:
    • Duplicity for Linux
    • Cloud Berry for backup service
    • DupliCaddy for Windows (Open Source, Beta software,supports SQL, kinda slow)
      • For Windows, do full backup, then everything is incremental afterwards
      • But it keeps a synthetic "Full" in the background
    • With S3 or Azure, you can restore to EC2 -- get (almost) instant restore on external VPS -- really cheap disaster recovery
    • Back Blaze (personal backup for $5/month, also B2 backup storage, .02¢/Gibyte?, $10/month for 1 TByte?)
  • indieServe keeps hard backups (USB drives stored offsite)
Backup horror stories
  • Hijacked truck (backups not encrypted, nobody knows who now has access to backup data)
  • Encrypted backups corrupted (physical disk damage corrupted one block of data, cypher block chaining made rest of backup inaccesible)
  • Bulk files corrupted (backup file is OK, but contained invalid data, making rest of the backup invalid)
  • Tape backup is still the most dense storage for immutable backups
  • Mark Steffen has techniques for redundant backup storage (good for ransomware attacks, &c.)
  • How much backup do you need?
    • How much data can you afford to lose?
    • Have at least one automated backup in place
Selfhosting?
  • Run your own service on a VPS or shared host (XMPP, Wiki, Social media) instead of using Facebook, Google, Twitter)
  • Manage your own server, colocated in a datacentre
  • Getting a DSL line (with multi-link support), and running a server on premises
  • Managed hosting - servers in house or colo, but contract out the SysAdmin
Webhosting Management
cPanel
  • Set up WordPress, &c.
  • Handles updates, patch management, backups, email
  • Installatron for managing applications
  • Varnish is a cache in front of Apache, for bursty traffic
  • cPanel is pricey? $20/month for bare metal, less for a VPS
    • Keeping cPanel on a VPS makes it portable, allows cPanel admin to perform maintenance with no downtime
Zenserver
  • A Virtual Machine host
  • The free version is pretty unrestricted
  • Use Zenserver to run cPanel
Cloud Linux
  • uses CageFS,
  • isolates users from each other
Other panels?
  • CentOS Web Panel
  • ISP Config
  • Ubuntu MAAS
  • WebMin, VirtualMin
  • WHM is the management tool for cPanel
  • WHMCS is a shopping cart / billing system for hosting
    • But these apps may have security issues (PHP doncha know)
Reseller hosting
  • Perhaps for Web developers, who want to manage resources for their customers
  • Can add multiple accounts, lets hosting provider manage growth and resources
  • Could be unlimited accounts, but typically 300 GBytes, good for about 50 accounts


Blockchains

Date
Monday, 10 April 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778947/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What's a blockchain? Is this all about math? How do I make Bitcoin payments? How can I receive Bitcoin donations on my Website? Are there other blockchain currencies? What services exist for blockchain currency exchange? Is blockchain technology good for more than just Bitcoin? What blockchain tools exist for Non-Profit organizations?

Marc and Bob ask the questions, and special guest Kris Stinson will be on hand to provide the answers!

See you at the meeting!

--Marc and Bob.


Video

Familiarization with Bitcoin and other cryptocurrencies (courtesy of Gheorghe Curelet)

Meeting Notes

  • Today we're joined by guest Kris Stinson (@StinsonKris on Twitter)
  • Lots of media attention, "blockchain this, blockchain that", they're trying to sell you a database
    • Microsoft, IBM, governments (even Canada: Cancoin)
  • Banks are threatened, unregulated currency (scary!)
  • Japan has approved Bitcoin as a currency (legal tender)
  • Legal (tax) ramifications: Capital Gains.
Video
Types of blockchain currency
  • CryptoCurrency Market Capitalizations
  • Augur - a "betting" site; deals with contracts
  • Based on Ethereum
  • DAO - Decentralized Autonomous Organization
    • eg. Ethereum
    • A decision by this DAO split Ethereum into Ethereum and Ethereum Classic
    • Now there are miners working on both branches of the blockchain
    • "The mining network" determines whether a fork of the blockchain can happen
How does the blockchain determine "truth"?
  • The longest chain wins
  • "Rolling back the chain"
    • database
    • miners
Quantum computers?
  • Will change the game!
  • Winkelvoss brothers
    • Own over 50% of bitcoin?
    • This is a problem, they can determine the validity of transactions
Wallets
  • Wallets are Public/Private Key encryption containers
Other blockchain technologies
  • Don't trust The Cloud?
    • Authentication
    • Filesystems

90 minutes was far too short to cover all aspects of Blockchain Technology; we'll invite Kris Stinson back someday.



Branding

Date
Monday, 13 March 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778855/
Location
Steve Izma's house, 35 Locust Street, Kitchener, Ontario Map

What's your brand? Do you have a brand? How do you choose a brand? Is branding important for NonProfit organizations? What is the value of a good brand? What is the cost of a bad brand? Have you ever changed your branding? How much work was it for the SysAdmins? Did you have re-do the Web site? The e-mail addresses? Business cards? Letterhead? What legal considerations are there for choosing a brand?

Bob and Marc have the questions, together all of us have the answers.

See you at the meeting!

--Bob and Marc



Meeting Notes

This meeting ended up being more about our own re-branding needs, and the business of running KWNPSA as a non-profit organization. We'll have another session in the future on Branding to discuss the experience and gather the advice of other organizations.

  • We started with a discussion on the different syntaxes used in markup languages, eg. Markdown, Mediawiki, PMWiki, MoinMoin...
Hosting Services
  • Many Non-Profit organizations are migrating from CCj/Clearline (Steph Smith, Cedric Puddy) to IndieServe (Mark Steffen)
  • Marc Paré will take over the hosting for KWNPSA
    • Marc is currently using 123EHost.com
    • This is for the interim, until Marc has his own server set up
    • The hosting OS will be Mageia
  • Mailing Lists
    • Steve Izma will be the Mailing List Manager
    • We currently have our Discussion and Announcements mailing lists on CCj/Clearline
    • Steve will look after the mailing list migrations as soon as Marc has Mailman set up
  • Wiki
    • Mediawiki is being used by everyone at this meeting,
    • Currently being hosted at http://sobac.com/kwnpsa by Bob Jonkman
    • Will be migrated after Marc has set up the Mageia server
Sponsorships
  • CIRA - Has provided $100 for the previous and this meeting.
  • TechSoup - provides low-cost Microsoft licenses to Non-Profit organizations
    • NetSquared (part of TechSoup) is an umbrella group for Non-Profit organizations' IT staff
      • If we get a venue without A/V facilities, can NetSquared sponsorship provide, say, a projector? Marc to ask Eli...
  • Microsoft
    • We will gladly accept Microsoft sponsorhip and host an evening dedicated to Microsoft products
      • Perhaps have as a guest speaker a product specialist from Microsoft?
    • We will continue to focus on Free Software / Open Source solutions at other meetings
  • Google
    • Apparently Google is a sponsor or a member of NetSquared
      • but we have not seen support from our local Google office, eg. request for a venue
Formalizing the KWNPSA group
  • The formal structure of the group will consist only of a Treasurer
    • Marc Paré will be Treasurer, will take care of any finances received from sponsors, donations, &c.
    • Funds received from sponsorships &c. will be used for venues, hosting costs, domain name costs.
  • Bob Jonkman will ask Eli van Giessen to re-brand the meetup.com group as KWNPSA - Kitchener Waterloo Non-Profit System Administrators -- a NetSquared Group
Marketing KWNPSA
  • Business cards?
    • We need someone to design a KWNPSA logo
      • The KW part is important to our geographic locale; highlight or separate KW from NPSA
    • Marc Paré has found with other organizations that business cards are just as effective as posters
  • Let more people know that KWNPSA exists
    • Marc has a list of local KW Non-Profit organizations List he has contacted about 100
Meeting format
  • KWNPSA has a collegial Round Table Discussion format, which suits Non-Profit organizations
    • Contrast this with formal presentations at KWLUG
    • or the social restaurant meetings of KWVoIP
Mailing Lists
  • How do we deal with badly configured MUAs (Mail clients) that try to reply to the Announcements list?
  • Do we need two separate lists?
    • Steve Izma will investigate the use of "child lists" in Mailman
    • "Child lists" will allow "Discussion" to receive "Announcements" so people only have to subscribe to one list
  • DMARC problems
    • Steve will activate "munging" on Mailman so badly configured mail hosts like Yahoo Mail will accept messages
  • We will have KWNPSA branded e-mail addresses
Wiki
Branding
  • Description of group: Resource Group for Information Technology in Non-Profit Organizations
    • Similar to a Mission Statement, if not identical
    • Also the Vision -- use one phrase for all
    • We will refine this description on the Discussion List with other members
  • Are we KWNPSA or KW-NPSA?
    • It's a non-issue, we'll spell it out in full on posters and whenever we make announcements
    • Let's see what the Business Card designer does
Venue
  • Marc Paré will pursue Communitech and the Downtown Community Centre for "venue sponsorship"
  • A venue at Google may not be possible (high security facility)


Meeting notes taken by Bob Jonkman.



  1. REDIRECT Social Media/Meeting Notes for 2017-02-13


Estimating Time and Resources

Date
Monday, 16 January 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260371/
Meeting Notes
https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50529155

In IT we are often asked to estimate the time and resources assorted tasks will take. Often these time/cost estimates are tied to funding, grants, and resource allocations. Unfortunately, many of us struggle at coming up with estimates more accurate than "it will take longer than expected". What are some strategies and best practices we can use to come up with better estimates? Under what circumstances does estimating things become easier? Harder? Under what conditions should we spend a lot of effort making estimates, and under what circumstances should we not?

When have you had good experiences making estimates? When have you struggled?

As always, bring your experiences and questions. Also, please spread the word about this meetup so that more people who do nonprofit systems administration will become aware of it.


Announcements

  • Laptop Rescue Mission this Saturday, 21 February 2017, 4-8pm
  • Does somebody want to take over the group?
Taking Over the Group
  • Is there a venue available?
  • QSC is noisy
  • Other TWC spaces need staffing
  • Meeting at Steve's house?
  • Will anybody take the mailing lists?
  • New organizers: Bob Jonkman, Marc Paré.
  • Should we be on meetup?
    • mailman does some of this
    • NetSquared does not help with promotion
    • meetup has a large user base
    • there is a blog and a wiki already
    • there is a twitter account
  • They want the group to be face to face
  • Bob likes the peer to peer conversation
  • March meeting's at Steve's house
  • Marc will look for other venues
  • Communitech has space available to tech groups: Marc
  • Moving the mailing lists: Steve
  • Marc can host on his server and get a domain name
  • Future topic: Project management software


Meeting Notes

Discussion Points
  • What are strategies and best practices to get better estimates?
  • Under what circumstances does estimation become easier?
  • Under what circumstances does estimation become harder?
  • When should we spend a lot of effort making estimates?
Discussion
  • Horror story: server installation
    • building a server room that needed dedicated cooling
    • he estimated power consumption of each device
    • UPSes only need to be sized for the running current (they are built to handle startup current already)
    • He ended up overestimating by three times
    • The air conditioner would freeze the pipes and everything would shut down
    • He looked up currents instead of measuring them
    • How do you deal with the exhaust heat?
    • The UPSes had meters for measuring electricity draw
    • But then they dismantled the server room for other reasons
  • When is it easy?
    • Figuring out spending is easy?
      • In the horror story they sized based on existing equipment
      • Looking up specs can be difficult
    • Never?
    • When you have done this project before?
      • There are differences between software and hardware
      • But sometimes you make software similar to the stuff you made before
    • When you can look at projects similar organizations have done?
      • How do you get that information?
  • Mythical man month comes into play
    • You cannot predict how managers will manage the project
  • Example: replacing a network was the single largest line item
  • It is harder than you think always
  • There is always effort associated with making estimates
    • When is it worth the effort?
    • When projects are expensive
    • When projects are tied to specific grants
  • Waterfall vs agile software methodologies
    • Don't estimate everything at the beginning
    • Can you make estimates a little at a time?
    • But budgets are always waterfall, not agile
  • But we tend to overengineer things
    • But then your results are rejected
  • Projects always have unanticipated things
  • It is expedient to underestimate costs to win contracts and political support
    • What will future maintenence costs be?
    • If you lowball costs then you get approved
    • Who pays for the overage
    • But operational budgets are overestimated so that you get a surplus later
    • End of year rollovers are political
    • Surpluses are seen as weaknesses, not frugality
    • This applies to nonprofits as well
    • Bureaucrats look good when they give large amounts of money
    • There are not good incentives to share funds across departments/projects
  • Does that mean IT is always having to convince management for funds?
    • IT is always a cost sink
    • But technologies can reduce labour costs and stop people waste time
    • Workers should enjoy the additional gains from productivity gains
  • How do you position yourself so that you get buy-in?
    • Get the people who are affected to talk to management too
  • Sometimes estimates are done to argue for funds and sometimes they are used to find projects that should not go ahead
  • If you know that you are going to need something then just go and do it
    • But senior management does not trust the estimates, so they hire consultants, which causes conflicts
  • It is less important to estimate when you have projects that can be done in small stages (instead of projects that need to be done all at once).
  • If the project is small it makes less sense to make estimates
  • Pilot projects can help figure out long term costs
  • Projects can be broken down by scope
  • Sometimes estimates are not honest, but designed to underbid the competition
    • Who pays for the overruns?
    • There can be penalty clauses in these contracts
    • Getting the lowest contract can be a problem
    • If you incur penalties you get taken off the list of approved contractors, but you just change your name and try again
    • This can result in lawsuits
    • There can be completion bonds, etc
    • As soon as lawyers get involved costs go up dramatically
  • It can be a problem when sales team promise things without telling engineering
  • Doing estimates can give you a ballpark about the costs
    • but now you may have to have consultants vetting other consultants
  • To some extent you can play vendors off against each other
    • Big software companies will have pre-sales engineering teams to help you figure out your costs
    • They can also outbid you if they want
  • How do you deal with projects where you have blown the time constraints?
    • You can hire subcontractors
    • Drop parts of the project
  • RFPs can tell you what they have to offer
    • They can help you anticipate some of the pitfalls
  • Do requirements documents of what you need
    • Talk with the vendors/engineers from the companies
    • But the vendors will not tell you the horror stories
  • People's behaviours can change once the ystem changes
    • eg people beginning to use email as file storage
  • Breaking down projects into chunks
    • This shows you things that you are missing
    • Then you can better understand what the project is
    • Start aspects of the project that you can learn from and what different tasks are involved
    • But you cannot do this with monolithic systems
  • Fixing technical debt is more work than starting fresh
  • Don't be tempted to give the estimate right away
    • Be prepared to charge extra when the estimates increase
  • Sometimes competitive bids boil down to who you know?
    • This is not necessarily bad because of trust
    • But the well-known vendors have more experience winning these bids
    • If you start out at a big vendor and branch out on your own you can receive trust
  • Talk to other people who have done the same thing


Documenting Things

Date
Monday, 12 December 2016
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260323/

Much of our September meeting revolved around documentation. How do we ensure it gets written when there are so many other priorities? How is it maintained so it does not go out of date? How do we index it so that it is easy to find the information we need when we need it? What tools have we found most helpful in creating and maintaining documentation? What things are important to document, and what things can be skipped? As always, bring your experiences and questions.



Meeting Notes

(Notes by Martin Edmonds)

Best Practices
  • Create documentation for users: “How To” & “FAQ” documents on Wiki so it can be self-serve or you can pass on links when users ask questions
  • Consider formats for defining requirements:
    • Consider: security, auditor controls, speed, backups, file permissions
    • Ask client where data coming from
  • Weigh balance between: need for documentation versus the effort that it requires to develop
  • Don’t document same info in multiple places or it is more work to maintain
    • Get data into a structured format that data can be entered once and it will ripple through to every relevant place
  • Too much documentation may never be used; Keep it simple with what is most important
  • Know your audience
  • Videos have advantages, but you can’t scan through or search to find what you want
    • Short instructional video on a specific topics can be helpful
  • Consider security: are multiple levels of access required to documentation
  • Consider paper versus electronic forms of documentation
  • Think about what someone would need and how they would find it, if you are not around to show them.
  • Keep it in a standard place. Don’t keep documentation on your personal computer or account, because other people won’t be able to find it.
  • Keep in a place where you can give access to someone else but is not accessible to people who should not get it
  • Include examples in the documentation
  • Include why you did something (not just what you did)
  • How do we make sure that it is done
    • Make it easy to document
    • Allocate more time to do documentation
    • Set aside time at the end of each day to update documentation based on what you worked on that day
    • Document as you do it
What to Document
  • Enough to get a person started (in case person with knowledge is no longer available)
  • Overview of where documentation is. (big picture view)
  • Explanation of what is done on repeated basis at certain times (eg. Holiday posting done each year)
  • Document characteristics of users. For example: user expectations, knowledge, tendencies, tolerance for flaws, etc.
Tools
  • Word processor is not ideal since the documentation should be structured so that it can be queried
  • Wiki: forces you to think of structure; easy to create new links to new pages; good for collaborative authoring; manages revisions;
    • A wiki is not as simple to use as a word processor, but non-programmers can update document using wiki
    • Using a wiki may discourage some people from commenting because of learning curve
    • Requires a good editor
    • Can preview documentation through wiki
    • Wiki is not great for multiple security levels of access to documentation
  • Tools to consider
    • OneNote
    • “Remarkable” use on a tablet for taking notes at a meeting
    • Data Base: such as Access
    • Cloud based: Eg. Google Keep, Google Docs
    • Sharepoint
  • Video and screen capture: eg. SnagIt or Jing or
  • Tools that come with Windows: “Recording Steps” or “Snipping Tool”
  • Word processor or spreadsheet are very easy to use, That is what people know how to use. Those are not ideal, but any documentation is better than no documentation
  • Ticket system which will capture what you did to resolve issue
  • For documenting Network: “Lan Sweeper” or “nmap”


Thanks to Martin Edmonds for moderating this month.

Event announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/
Meeting notes: https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50337067

Regulatory Compliance

Date
Monday, 14 November 2016
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow? How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission? How do the SysAdmins get along with the Lawyers? When is encryption required? What do you encrypt and when?


Meeting Notes

  • Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
  • In addition to govt regulations, must consider industry practices & standards
  • Following of the Ont. Non-Profit Corporations Act (ONCA
  • Maintenance of email lists:
    • use double opt-in
    • using email lists only for stated purpose
    • offer mechanism for requesting to be removed
  • On website for incorporated organization (In Europe, but not yet in North America)
    • need to specify if cookies will be saved
    • need to specify physical address (required in Europe)
  • Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
  • Adherence to Copyrights laws when photocopying
  • What responsibilities does organization have when providing internet access to public
  • Audits from organizations that grant non-profit status or organizations that provide grants
  • Software audits (Eg Microsoft ensuring license adherence)
  • Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person
Storage

How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?

  • LotusNotes used to route a document and get sign-offs along the way
  • Block chain systems (discuss further in future meeting)
  • Electronic forms on secure file server or encrypted device
  • Encrypted data.
    • TrueCrypt
      • There are some known vulnerabilities in the Windows version.
      • Veracrypt is a fork of TrueCrypt).
    • Luks container
    • Offsite (using send command)
    • ZFS (a file system)
  • Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
  • Encrypted email systems eg. Enigmail (a thunderbird plug-in)
  • Online service to encrypt mail eg. Proton Mail, and Tutanota
  • Signal, Telegraph, and WhatsApp for encrypting instant messages

Potential topics for future meetings

  • Block chain systems
    • Book: London Review of Books had two stories by the same author Andrew O’Hagen
    • Ethereum (a programming environment built on top of Block Chain)
  • Accessibility rules
  • Document storage formats (ODS, etc.) could be combined with document management systems


KWNPSA Meeting Notes for 2016-10-17



Smooth Succession

Date
Monday, 19 September 2016
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/232556568/

Sooner or later, people move on. Sometimes they leave for greener pastures and sometimes they just leave. Sysadmins tend to have a lot knowledge about the systems they work with, and often their knowledge is in their heads and their heads alone. As responsible sysadmins, how do we transition out of our jobs without our organizations collapsing behind us? How do our replacements learn the institutional knowledge they need to keep things running? What best practices can we implement to document and share knowledge so that others know what is going on when we are hit by buses?



Future sessions

Documentation
  • What do you document?
  • What tools do you use?
Coming up with time/effort estimates?
  • How do you be realistic but efficient
  • How do you justify unanticipated difficulties


Questions

  • Have you taken over from another person leaving? What was helpful? What was frustrating?
  • What preparations have you made so that future people can successfully transition into your work?
  • What barriers and challenges are there to smooth succession?
  • How do you transfer institutional/oral culture?
  • What best practices are there for documentation?

Meeting Notes

Our IT hats
  • Schoolteachers: often one person gets picked to wear the IT hat
    • 50 staff, 300 students
    • He deals with tech support questions
    • The board has a regular IT department but the ratio is high: 1 person for thousands of users
    • Tickets take a lot of time to resolve from the IT department
    • Teachers often have to pick up the slack
    • The IT staff they get in now are younger
    • The software stack seems to work better now
    • Software compatibility would break when deployed
      • eg a network game would break everything else
    • Now they test deployments better
      • But this reduces spontaneity
    • What about interaction with the school boards? How do documents get passed around?
      • This is more centralized now
    • They were going to give all kids their own email accounts
    • Schools have logins for their kids now
    • Some school boards do BYOD (Bring Your Own Device)
      • This is cheaper for the school boards, which can't keep up (and budgets are tight)
    • They use the same number of IT staff for the Catholic school board as they did for the entire high school system
      • This probably implies web interfaces for everything


  • Small non-for-profit, 25 staff
    • Prior to joining his director was the primary IT person
    • They signed a contract for hardware/software support
    • Now there is an IT committee
    • He made the mistake of admitting that he "knew about computers"
    • The organization decided to move to a cloud based service (Sharepoint) with a data migration
      • This was somewhat painful because the outside supplier did not tell them about their slow upload speeds
    • He does software/hardware problem solving
    • He does software upgrades: Office 2013/Office 365
    • Does training on the Sharepoint move
    • They are trying to transfer knowledge from the director's head to the collective
    • They have a local server
    • They also do BYOD
    • Getting information for connecting computers to the server is tough
    • How can staff do their jobs day to day
    • Do people prefer Office 2013 to Office 365?
      • There is more functionality in Office 2013
      • eg they have a room booking spreadsheet that has pane-freezing problems
    • Do people have problems with file versioning?
      • Not really
    • They have had communications problems with outside tech support
    • Even doing hardware audits and internet connections was tough
    • Getting people up to speed in Sharepoint is a big issue
    • People have problems adjusting to change
    • Where is the storage? It is all on the Microsoft cloud


  • Approaches to succession at a large company
    • There were procedures that were documented in a lot of detail
    • Important for time-sensitive stuff (eg batch jobs)
    • People did document well
    • You could search a spreadsheet for jobs to diagnose
    • Disaster recovery testing were documented in a lot of detail
    • He participated in disaster recovery one year
      • A coworker then started the next year, and he gave pointers
      • The documents were well-written and a good guide
    • Reviewing the documents well before is important
    • Management was invested in making sure that documented were well done


  • Another co-op job was not as smooth
    • A small one-person operation was not documented well -- much of the knowledge was in this person's head
    • Maybe this person should have done more documentation
    • The boss was very time-conscious, so he documented only the most complex issues
    • Writing things down is a good buffer for dealing with remembering stuff that is on screens
    • Is commenting code financially efficient? There is a short-term/long-term tradeoff.
    • Implementing better error tracing can be used by future people


  • He was working for a small startup where the emphasis was getting things as soon as possible with no succession of any kind
    • There ought to be good handoff procedures
    • This can be an issue with Google Summer of Code: people hang out for four months and leave
      • But sometimes there are good changelogs


  • Succession horror stories (small nonprofits)
    • He would like people to assign administrator access
    • Most organizations are staffed by nontechnical people


  • When going to new organizations
    • He had to explore how things are hooked up and why
    • Naming conventions were weird
    • He changed some of the printer names and got into trouble because it messed up the network documentation
    • Other places have been decomissioning jobs
    • He had to document everything before shutting things down
    • Big municipality had a good disaster recovery plan
    • Nobody should have to think in order to get things back up
    • Problems: system change and then documentation goes out of date
    • One on one training is better than doing no documentation


  • He worked for an insurance company. Their disaster planning was based on insurance.
    • This is called "key man insurance"


  • Worked for a university press
    • He kept the job for 30 years
    • He had a lot of autonomy in writing his job descriptions
    • Early on they had their own UNIX system and some people on Windows using UNIX tools
      • User training was not difficult because typographers know how to type to get stuff done
    • But in 1999 things changed. Kids these days! They only know how to use word processors
    • Passing on old skills was hard
    • When he went on leave he hired a friend who knew the same skills
    • When he was getting closer to retiring there were a lot of meetings about the stuff he did. Other people were learning this but others didn't think they could handle the whole thing.
      • The people who took his job have good communication skills and could change things to their preferences
      • He found that his meetings were collaborative and good for problem solving
    • Things are going well but are slower
      • eg there are fewer spreadsheet manipulation abilities
    • There is documentation in wikis. People can read them but not write to them easily.
    • Have others dismantled your work since you left?
      • Yes
      • They were thinking of shutting down the Linux servers
      • They were going to migrate the functionality to a virtual machine
      • The server ran for a year without being rebooted and continued to work
    • Working with text files on local servers can be simpler than the cloud, because of black boxes
      • He had a lot of discipline to the structure of the data
      • black box: you have a promise of input and output, but you don't know what is happening inside
      • If the input data changes then everything can get messed up
      • Can you troubleshoot problems when they come up
      • Black boxes mean you can change the inputs and examine the outputs, but this is trial and error
    • Is there good software for putting bounding box information on EPS information. He found a script that worked that was made of Perl and shell script.


  • At TWC
    • Lots of complicated infrastructre
    • Some of it is documented but documentation goes out of date
    • People come and go
      • Understand everything about everything
    • Oral culture (both positive and negative)
    • Documentation is like survivalist training
      • Documentation that gets used stays up to date
    • Some documents are used frequently
      • Write down passwords in a shared (encrypted!) document
      • Multiple people working on a door system means documentation gets written
    • Documentation that is hard to write and hard to update does not get written (or gets written and is useless)
      • Text only
      • No screenshots unless absolutely necessary
      • Trivial update mechanisms
      • DRY : Don't repeat yourself
      • Trivial to search
      • OneNote
      • Plain text
      • Documents with good search
      • Email (yes, really)
    • Write documentation as you go
      • Too much documentation is kind of better than too little
      • If you learn things twice then document carefully the second time
    • Some people consider lack of documentation as job insurance
    • HOWTO files can be helpful
    • Make things as self-documenting as feasible
      • Drop README files in source folders
      • Inline comments
      • Documentation as file names
    • Log files and version control are forms of documentation (if you have the discipline)
      • etckeeper is good for Linux systems
Best Practices
  • Mind the bus factor and stay away from public transportation
    • Don't store documents in someone's personal folders
  • Having good documentation is helpful. How does it get created?
  • Never admit you know computers
  • How do you keep documentation up to date as things change?
  • Make documentation accessible
  • Get good at trawling other people's work
  • Do regular training for staff and volunteers
    • Forcing people's hands can help
  • Start people small if you can
    • This way you can assess their skills and commitment
  • Make new people do documentation as they work
    • This helps them learn the systems
Worries and Challenges
  • Being the person who gets hit by the bus
    • How do you spread information?
    • Continuous learning by staff -- raising everybody's level of knowledge
    • Management may not be on board
    • Do people understand that not having long-term planning leaves them vulnerable?
    • You can't boss around volunteers as much
  • People think that the cloud solves backups and IT administration
  • How hard will it be to step into a new position?
    • When we are unemployed because we don't have the tools
    • Money becomes a huge issue
    • Getting access to hardware is an issue
  • How many times will you be called after you left?
    • Will you remember your old work
    • There is a sense of liability -- who is responsible when things break?
  • Choosing the wrong successor could be a disaster
  • Finding time/resources to transfer knowledge
    • Sometimes you need to be inefficient to be effiencent
    • Letting other people do the thing even though you could do it faster and more efficiently
      • Letting other people do the thing in ways you would not do it
      • Giving people good base levels of knowledge helps
  • How do you learn the system while being careful and not destroying everything in a burning ball of flame
    • How do you make a good impression and getting things done both quickly and correctly
  • Sometimes contractors get commissions with promises they cannot keep


Financial Software

Date
Monday, 15 August 2016
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/232234165/

What kinds of financial software are appropriate for nonprofits? What does your organization use? What work is involved in supporting it?


Meeting notes
https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50064445

Questions

  • What financial software does your organization use?
  • How do you migrate between software?
  • What considerations do you factor in?
  • How do you support this software?

Announcements

  • Upcoming meetings? Fold the group?
    • Free software for nonprofits
  • What do we want out of the group?
    • Proselytize free software? How do we get others to adopt free software?
    • What makes people use free software vs proprietary?
  • Hiring policies. Windows people are replacable?
  • Recruitment drive?

Meeting Notes

  • It was difficult to get accounting software for Linux without paying a fortune.
  • We should be concerned about financial software
    • Writing different interfaces (eg for batch jobs) is difficult
  • Sysadmins usually do not decide this software. Accountants do.
    • There are specific needs for payroll, HST, auditing
    • There is a high learning curve
  • Brendan uses SAGE because of payroll
    • Quickbooks requires a service to deal with payroll
    • Personally Brendan uses GNUCash
  • NewViews
    • hierarchical accounting that looks like a spreadsheet
    • It was made for DOS and Windows
    • It has a high learning curve
    • TWC moved from the DOS version to Windows
  • People at banks prefer correctness over efficiency
  • Brendan keeps tracks of accounts for several nonprofits
    • They were both using some ancient DOS program
    • They migrated their infrastructure to Access databases
    • They have multiple systems that have to manually reconcile things?!!!??!!?!!
  • It is possible to use TeX as an accounting system
    • With spreadsheets as input
    • Who else maintains this?
  • Why can't some Drupally solution come in and take over this space?
  • The core of financial software are:
    • Sales
    • Financial transactions
    • Different accounts
  • The non-cores:
    • Reports to funders
    • Payroll
  • (ObTopic) Is the cloud going to eat everyone's lunch?
    • Freshbooks is on all the podcasts
  • Integrating with banks is not so easy with GNUCash
    • You also have to make sure the cheques have been written correctly
  • Why can't this all be federated?
    • IIF : Intuit Interchange Format (proprietary)
    • OFX : open standard used by Microsoft Money : http://www.ofx.net/
  • Not an API thing?


  • Companies vary in what their expenses are and their categories?
  • In publishing:
    • There is some key information in invoices
    • People need to respond to invoices from printers
    • Different industries have come up with their own standards (EDI)
    • EDI: Electonic Data Interchange
  • Used for Business to Business transactions
    • Banks have worked out how to exhange data amongst themselves
  • Companies decide WHEN to pay invoices to maximize their cash flows
    • If you pay early then maybe you get a discount
    • Can computers help with some of these problems?
    • You favour certain relationships over others
  • Quickbooks works under Linux using WINE?



Considerations
  • What people know
    • People like their Word and Excel
    • Migration costs are very high -- there has to be lots of benefit


  • There are a bunch of updates to payroll and HST
    • The software is always under development
  • Upgrade costs are very high -- once you make a choice you are kind of stuck
  • Accounting software needs to be customized to the particular needs of the organization
  • Internal formatting is different from reports
    • If internal structure is good then maybe making add-ons is feasible
  • Humans will have to input most of the transactions?
    • But there are point of sales
    • Accountants need to verify the receipts
    • Robust interfaces are important to avoid input errors
  • Can the bookkeepers use the software?
  • Does the software interface with the services (ADP) that the organization uses?
  • What are the security implications of data breaches?
    • Information leakage about things?
    • Corporate surveillance? Future products?
    • Know what your prices are?
    • Know what different employees are paid?
    • Medical/dental data
  • Maybe you can't have plugins because that has the potential of violating integrity
    • Can't proper transaction logging fix this?


  • You close books at the end of the fiscal year
    • This freezes accounts
Migration
  • Take an end of year fiscal snapshot
  • Move the summary to the new program
  • Quickbooks will let you upload your desktop information to the cloud
    • But you can't get the data back!
    • Maybe the competitors will let you upload to THEIR clouds
    • But Quickbooks does not support backwards compatibility on the desktop either

Back to: KWNPSA Meeting Notes



The Cloud

Date
Monday, 11 July 2016 from 7:00pm to 9:00pm
Meetup Event
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/228739922/
Meeting notes
http://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/49977700
Location
The Working Centre, 58 Queen Street South, Kitchener, Ontario

Every single meeting we mention "The Cloud" but it has never been a formal topic of discussion. What do you trust on the cloud? What do you not trust? Why? How how the cloud made your life easier? How has it made it harder? What criteria do you use when deciding to use cloud services? Are there feasible alternatives to the cloud? What are their plusses and minuses? Are IT admins who don't like the cloud dinosaurs who will be unemployed dinosaurs within a few months or years?


Meeting Notes

Hosting
VPS hosting: servers in the cloud
  • Linode: $20/month (TWC uses this)
  • Digital Ocean
  • Cloud at cost (don't use this for production)

You get a virtual machine in the sky which you have to administrate.


Shared hosting

Somebody else sets a server up and gives people accounts. They typically take care of disaster recovery.

Typically you don't get root. Sometimes you don't get a shell.

Colocation

Put a server in somebody's rack. You pay for the hardware and the hosting.

Computer in your basement (self-hosting)

You take of everything.

Your ISP has to be happy with you.

Server power is expensive.

Pros/cons
  • Be careful what you make public
  • Be careful of hopscotch attacks


Hosted Services
Types of Services
  • Microsoft services (Office 365)
  • Storage (SkyDrive, DropBox, Google Drive)
  • Hosted Exchange, Sharepoint, OneDrive
  • Hosting antivirus
Considerations
  • There have to be ways for people to work offline on planes
    • But even Google Docs can be used offline (via an installer?)
  • When the Internet is down Brendan goes home. Why?
    • Email
    • VoIP phones
    • File shares that are not local
  • Can you do video editing in the cloud?
    • There is an upper limit to the resolution
  • Multiple location and home access is easier
  • Who does the backups?
    • There is versioning for documents in Office 365
  • Sometimes services you depend upon go down. Then what?
    • Can you transfer your services to other providers easily?
    • LibreOffice is going into the cloud as well
    • Mount as a filesystem and use rsync
    • Google provides a way to do sync as well
  • Can sysadmins see the documents of their users when they are on the cloud?
    • What happens when people leave?
    • People use their corporate accounts and access data via their browser
  • Logging into multiple companies can be difficult
  • Do these services all use cookies for sessions?
    • Cookies
    • Session tokens
    • User data storage
    • Persistent TCP sessions?
    • Endlessly refreshing HTTP sessions? WebSockets
Pros/cons
  • Self-hosting is complicated so companies are taking it away (also not as lucrative for the companies)
  • What happens if you are offline?
    • Adobe was offline in 2014 and people were locked out (how does this work?)
    • What happens when your apps are just web frontends?
  • Will all the IT people be unemployed? Not Brendan!
Antivirus?
  • Web browsers check every page to make sure it is not malicious?
  • You could put the management consoles in the cloud
  • You could have clients send everything up to the cloud to be scanned


User Training/Adoptions
  • Do corporations just do this to minimize training costs?
    • You have to train people
    • But what happens when there is a breach?
  • How to we improve training and workplace culture?
    • Go to management?
    • Sheet of instructions that staff don't read
    • Monthly staff meetings
  • What about intentionally baiting users?
    • Report to your users
    • Go to your users individually and educate them?
    • Reduce user rights?
    • Publicize the people who have done bad things
    • Use peer pressure?
  • Passwords
    • Shamir's Secret Sharing System : Multiple people each need to put a password in to unlock things. http://point-at-infinity.org/ssss/
    • Brendan does not allow people to set their own passwords. He gives passwords to people.
    • Is it worth running hashcat or john the ripper on passwords?
  • Why do users keep sending attachments by email?
    • People have inertia for new things
    • It is harder to put files in shared storage than to email attachments
    • Sharepoint puts links to files instead of attaching them (for internal emails) (and so does GroupWise document management)
  • "Permissions" for cloud resources are hard for users to understand
    • Things that are "public" can be public to the world, not just the organization

Future Topic

(Go to NPSA Past Events)



KWNPSA Meeting Notes for 2016-06-13



KWNPSA Meeting Notes for 2016-05-09



KWNPSA Meeting Notes for 2016-04-11



KWNPSA Meeting Notes for 2016-03-14



KWNPSA Meeting Notes for 2016-02-08



Estimating Time and Resources/Meeting notes for 2016-01-11



Collaborative Editing Tools

Date
Monday, 14 December 2015
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223909896/

How do people work together? How do you deal with privacy concerns? What tools work and what have problems?

  • OneNote
  • Etherpad and friends
  • WebEx


Meeting notes

for 14 December 2015: 

Many users want to use collaborative editing tools.

  • What do you use?
  • How do you deal with privacy concerns?
  • How do you manage backups?
  • What are the strengths and weaknesses of these systems?
  • When are they best used?
Options
  • Wikis
  • OneNote
  • Etherpad
  • WebEx
  • Slack (Mattermost?)
  • Sharepoint
  • Google Hangouts
  • Google docs
Observations
  • GoToMeeting is better than WebEx
    • WebEx: poor audio
    • Pretty expensive? ($50/month)
    • Like Skype for 1-many
  • There are different classes? Wikis are different from WebEx
  • Wikis: collaborative editing
  • GoToMeeting: realtime conferencing/interacting
  • How can people work together on documents?
  • LibreOffice tends to use Google Hangouts
    • Hangouts allow multiple video and sound
    • LibreOffice will also use IRC
    • This is for discussions
    • The kids use Google for everything
  • Google docs allow you to edit simultaneously and chat
    • They have versioning
    • Marc backs up Google docs once a month into a zipfile
  • You can choose the format
    • Should we all embrace the Google?
  • LibreOffice is trying to work on OneCloud
  • This could be released next spring
  • The internal file structure is well known
    • Google Drive will let you mount a drive for Google Docs
  • LibreOffice will let you edit files from Dropbox
    • This is different than having documents mirrored on local drives?
    • LibreOffice is a "do what you like" community
    • eg there is little interest for any Android devs to develop an Android version, so they are contracting out the work.


  • OwnCloud lets you edit LibreOffice collaboratively (without locking)
    • This is like Etherpad
    • But you cannot do spreadsheets


  • Wikis are for structured text; Google docs are not (necessarily?)
    • You need guidelines to put documentation into reasonable shape
    • You need to handle your backups yourself
    • Images have to be handled differently
    • Back up each database separately
  • Bob generated a 300MB --all-databases file
  • He cannot restore the database properly
  • Does that mean his file is toast?
  • No, because he can chunk it apart
  • But that is difficult
What do we want for collaboration?

Why is it more helpful to have multiple people collaborating?

  • Conference organizing: You can have 5-6 people on a conference call all looking at the same spreadsheet.
  • How do you decide who is taking care of each part? You play nice.
  • The editing is not completely random
  • Do you need to have a meeting? Not necessarily
    • eg Agenda items
    • eg collaborative web page editing (Etherpad/UbuntuPad) with text chatting

What is a typical number people who can play nice?

  • Maybe 10?
  • Sometimes a few people dominate
  • Some people can't work like this; they have to take the document home
    • But some people think they want to take the document home and then are won over to collaborative meetings
  • Some people wreck everything and thus have to be limited to commenting

Grammar skills can be an issue. Can you assume good grammar?

  • As they type content you can follow behind and edit
  • It is most important for people to get their ideas out

This is similar to a writer's group

  • Comments should be constructive
  • This works best face to face (because criticism is hard)

People don't go into technical writing because you like creative writing

  • Clarity is important in both, however
  • Marc's group was reticent to use Google Docs at first, but they were won over
  • They found chat to be efficient while editing the document
  • He found the visual (Skype) harder

Marc worked on mumble for voice chat

  • It is low resource

Is face to face or messaging easier? It depends on the group.

How do you choose the right tool for the job?

It is easy to put bullet points into a document and then organize after

How do you come up with protocols for collaboration?

  • Marc's group was ad-hoc, but roles (leader, secretaries) tend to emerge
  • There is trust involved

LibreOffice uses a lot of wikis

  • Marc thinks they need WYSIWYG because the barrier to editing is too high
  • You don't get good content so people get frustrated and leave
  • The people LibreOffice is trying to support people who do not necessarily have good editing skills
  • Do people who learn office software learn good styles?
    • It does not matter. The ideas are important
  • What is the bridge between thoughts and markup?
    • Wikipedia is working on WYSIWYG tools
  • Is Wikimedia not receptive to this?
    • Drupal 8 has in-line editing now?

Should people have the right to NOT learn markup?

  • If you force people to learn then you raise the barrier to entry
  • That makes people elitist
  • If the barrier to entry was lower then more people would end up learning the system
  • Should people be forced to edit in Word?
    • Smart people have the ability to learn it


(Oh no! Markup!)

Marc doesn't like Mediawiki because it is hard to are able to edit it in his group.

  • People use all kinds of other tools
  • What about eating our own dogfood?
    • The initial documentation was not published in ODT
  • Should people be forced to edit in Word?
    • Smart people have the ability to learn it


Slack???
  • Everybody loves slack
  • Slack is the email killer?
    • Easier to search (with group chat?)
    • It is like a searchable newsgroup? mailing list?
  • Do you have to go to the site in order to get the content?
  • Conversations are collected chronologically so it is easier to go through them than on email chains


Gmail labels deduplicates messages into pointers to folders


How do you avoid the standards problem? Having yet another place to look for stuff.

Finding stuff on Etherpad and Ubuntupad is difficult unless you bookmark items with useful labels

It is impossible to search across Etherpad documents

Redmine can also be used for collaborative work

  • Less useful for collaborative work?
  • Ticketing assigns work to people : less good for volunteering
  • Closing abandoned tickets is difficult (and frustrating!)


Matching employers to job-seekers?

  • Use a dating site?
  • Donor management software?


progress.com : Database company

Moodle

  • Tim uses it
  • It has a learning curve

VPSes

  • DigitalOcean
  • CloudAtCost
  • Linode


Factors in collaboration
  • Concurrent or not?
  • Are you producing a document out of the tool or not?
  • Does the document need to be exported or not?



Sidetrack: community foundation for the arts
  • They are in every city?
  • This is different from CEI
  • The community foundation was giving CEI some money too


Back to: KWNPSA Meeting Notes



KWNPSA Meeting Notes for 2015-11-09



KWNPSA Meeting Notes for 2015-10-19




KWNPSA Meeting Notes for 2015-09-21




All About VoIP

Date
Monday, 17 August 2015
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223550824/

What combination of VoIP and PSTN lines do you use? What problems does VoIP solve for you? What problems does it create?


The meeting on Monday, 17 August 2015 was All About VoIP.

Discussion Questions

  • What are you using?
  • What do you like about VoIP? What do you not like?
  • What providers do you use?
  • What works better with PSTN? With VoIP?
  • What are the pros and cons?

Arbitrary Comments

  • What can we do with Teksavvy?
  • Vonage vs ITSP? (Unlimitel, VoIP.ms) vs ISP (Teksavvy, Rogers) vs MagicJack
  • MagicJack is an ATA? You need internet
    • You can get a USB dongle as well (don't work under Linux)
    • It is reliable enough for faxing
    • $10 extra per year for a Canadian number
    • $50/year + tax ($70 for the device)
    • Berleine spends $32/year for a US number and service
    • Unlimited minutes
    • Call quality can suffer if the internet is busy
  • Magicjack and Vonage are in the same space
  • VoiP.ms and Unlimitel
    • $1/month for the DID, $1.50 for Emergency 911
    • Unlimited minutes
  • Magicjack and Vonage are in the same space
  • VoIP.ms: $1 + $1.50 for Emergency 911 + 1c/minute per calls
    • You can buy a home package for $3.50 per month
    • You can have subaccounts
    • You can have many calls running simultaneously
  • Fongo
    • Free phone number, free calls, free voicemail, pay to send texts
    • Freephoneline.ca is the same but for desktops
    • How far can you get on a wifi phone?
    • Sometimes quality is an issue
  • SIP phones
  • The Working Centre
    • One PSTN line + voip lines + Norstar systems
    • Use an ATA to convert VoIP.ms to analogue
    • This does not work perfectly all the time (eg long tones)
  • Brendan has tried to switch to all VoIP
    • How do you trunk calls between buildings that use different systems?
    • Idea: just map lines to phones so you can use Norstar handsets
    • How can you receive calls in multiple locations?
      • Voip.ms makes this easy
      • You can use follow-me settings in Asterisk
  • Faxing and virtual faxing
    • Doesn't work so well on VoIP
    • VoIP wants to break up packets, but faxes want a continuous
  • Cheapest SIP phone: Grandstream GXP1400 (similar: GXP1405)
  • Why VoIP?
    • Cost: $40 for a PSTN line. VoIP can be cheaper
    • Can use the same phone number for many calls
    • We trust everything that goes over the internet
    • Very configurable for free
  • Why not VoIP?
    • Depends on power to work. Don't have blackouts!
    • Can't run faxing (reliably), DSL modems
    • Can't use analog modems
    • Can be reliability problems
    • Security concerns
    • Should have quality of service to ensure good performance
    • Need upload bandwidth (16k-64kbps up per call depending on codec)
    • Rollovers can be an issue between POTS and VoIP, depending on provider
    • Costs more in terms of IT time
  • You can do voip via internet addresses
  • Older ADSL lines provide 700kbps up
  • Bell VDSL is broken? Fibernetics does it right?
  • Execulink is a provider that does PSTN rollovers right
  • Can you do anything more with commercial VoIP than with regular Bell?
    • Maybe. It depends on what the provider provides.
  • Hiding callerID : easy
  • Is this obsolete because of cellphones?
    • The numbers are different
    • Not as configurable
    • But your cellphone works in a blackout (modulo batteries)
  • You can't run your own cellphone service (in Canada)
    • Compare to radio, community cable
  • SIP clients for cellphones?
    • SIPSimple?
    • You can register to a local asterisk account
    • Ring groups on VoIP.ms
    • How can you make phones ring in certain locations only?
      • Put a sip client on their phones
      • Put Asterisk
  • What Asterisk systems can be configured by Thursday?
    • PBX in a Flash
    • Elastix
  • Cheap analog phones?

Acronym Fun

  • ADSL : Asymmetric Digital Subsriber Line - High-speed Internet over an analog phone line
  • ATA : Analog Telephone Adapter - Turns VoIP into PSTN lines.
  • DID : Direct Inward Dialing - A phone number
  • FXO : Foreign Exchange Office - Port that is on the phone. In asterisk, you use a port of this type when you want to integrate a PSTN line. Wikipedia:Fxo
  • FXS : Foreign Exchange Service - Provides a dialtone. This can be from the wall, or the ports on an ATA
  • Hunt groups: Choose which order phones will ring
  • ISP : Internet Service Provider
  • ITSP : Internet Telephony Service Provider - The company that provides VoIP service
  • MWI: Message Waiting Indicator - The light that shows when you have voicemail
  • PBX : Private Branch Exchange - the device that routes phone calls
  • PSTN/POTS : Public Switched Telephone Network / Plain Old Telephone Service - A "Real" phone line
  • QoS: Quality of Service - prefer sending packets to phones rather than Bittorrents
  • Rollovers: First call a POTS line, then call a VoIP line with a different provider
  • SIP : Session Initiation Protocol - VoIP protocol. There are others (eg IAX)
  • VDSL : Very High Speed Digital Subscriber Line - ADSL on steroids
  • VoIP : Voice over Internet Protocol - The trendy thing.
  • VoIP registration: What phone will ring when you make a call to the number?




Keeping Remote Sites Up To Date

Date
Monday, 13 July 2015 from 7:00pm to 9:00pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223189124/
Location
The Working Centre, 58 Queen Street South, Kitchener Map

This month we will be talking about how to deal with multiple locations within an organization. We will be discussing things like file sharing setups for more than one location, communications between locations, different router types for VPN and such, etc....

Multiple locations may mean more than one office building, or other situations like employees who work from home or other remote locations.


Meeting Notes

What kinds of remote sites do you need to support/connect?
  • Second location
    • public facing location at one site
  • People working remotely without having an office
What things do remote users need to do?
  • File sharing: spreadsheets, word documents, PDFs
  • Database use
What tools do you do to enable them?
  • Sharepoint site for sharing documents
    • Brendan uses an older version
  • Syncing files between file shares
  • Windows Server Remote App
    • Small Business Server and Essentials
  • Moving files to the cloud
    • hosted server
  • Syncing with dropbox
  • Office 365 transitions workflow to the cloud
  • VPNs
    • Complicated for users
    • SecurePoint client makes it easier
  • Cisco mobility to connect (forwards all traffic via the VPN?)
    • Local storage with encrypted storage
    • files are stored remotely
  • Windows BranchCache?
  • Bittorrent sync, Dropbox, Syncthing
  • Caching servers that sync overnight
  • Microsoft DFS Replication (don't bother!)
    • OneDrive for Business is still not working
  • OpenVPN over OpenWRT
  • Hamachi
  • SSH tunnelling for remote access
  • Remote support: SSH tunnelling, VNC, Fuse and SSHFS
  • ownCloud with WebDAV
    • ownCloud does not do symbolic links very well (OK on synchronized clients, not on WebUI or WebDAV mounts)
  • WebEx (free for first three clients)
  • http://www.remoteutilities.com/download/ : free for 10 clients
  • AWS cloud?
  • Using git for synchronization
What clouds are easy to set up?
  • ownCloud on VPSes or your own servers
What is painful?
  • Attaching remote files to local email
  • Syncing multimedia files (photos)
  • Downloading things from the VPN is slow
  • People want things to work without learning anything
  • Initially contact to a remote client: how do you get them setup?
    • join.me, bomgar, TeamViewer, screensharing with Skype (slow)
  • Users do not provide enough detail
  • Slow connections on the remote end
  • ADSL connections with slow uploads
  • Can we stop the cloud?
  • Synchronizing calendars
Troubleshooting mobile devices?
  • Remote support viewing on smartphones? WebEx, LogMeIn
Other considerations
  • syncing over DSL
  • online collaborative systems for sharing documents
  • newer versions of Sharepoint allow concurrent editing of documents
  • confidential/sensitive information being uploaded to The Cloud (tm)
    • But any computer that is online is on the Cloud
  • Storing medical information on the Cloud?
  • VPN routers?
    • They have VPN servers themselves (IPSec and PPTP)
    • How do they find the clients? They use a road warrior setup
  • German company: SoftMaker (word processor software)
ISPs

Back to: KWNPSA Meeting Notes




Keeping Computers Up To Date

Date
Monday, 8 June 2015 from 7:00pm to 9:00pm
Event Announcement 
Keeping Computers Up To Date/Meeting Announcement 2015-06-08
Location
The Working Centre, 58 Queen Street South, Kitchener Map

Updating Desktops

You thought it would never happen again, but we are in fact holding a second Nonprofit Sysadmin meeting this Monday, June 8. As we did introductions last month I tried to collect some themes as future discussion topics. Somewhat arbitrarily, I propose that Monday's meeting be about keeping systems (specifically desktops) up to date:

  • What tools do you use to keep desktops up to date? (Windows or Linux, or other)
  • What tools do you use for third party updates (Flash? Adobe Reader? Hateful Java?)
  • What tools do you use to monitor and ensure that updates are happening?
  • How do you prevent desktops from filling up with spyware and other nonsense?
  • For Windows people: what are you doing about the Windows 10 upgrade offer?

We will meet starting at 7pm at the main Working Centre building, 58 Queen Street South. Bill says that there is free parking kitty-corner from the Working Centre, on the other side of Charles.

If you know of interested sysadmins who might be interested in our conversation, please invite them to the meeting.

- Paul



Upcoming meeting topics

  • July: Administrating remote locations and people who work from home
  • August: All about VoIP


Here are the bullet-point notes I took from tonight's meeting. (Paul Nijjar)

Someone needs to remind the list about how to get information for logging into the wiki.

Meeting Notes

Updating Computers

Linux
  • Run apt-get manually
  • apticron: emails when there are updates
  • unattended-upgrades: does security updates automatically
  • apt-dater: run updates in parallel
  • rkhunter
  • chkrootkit
Windows
  • Download and ask to install
  • WSUS updates
  • Download updates and shut down
Third Party Updates
  • ninite.com
  • wpkg.org
  • chocolatey.org
  • wsusoffline.net
Restoring computers
  • DriveVaccine (SUCKS)
  • SteadyState (RIP)
  • SteadierState
  • Faronics DeepFreeze
  • Virtual terminal servers (Multipoint server)
  • Ubuntu with guest account
    • PlayOnLinux: install Wine easier
  • DelProf




Introductions And Planning

Date
Monday, 11 May 2015 from 7:00pm to 9:00pm
Event Announcement
Introductions And Planning/Meeting Announcement 2015-05-11
Location
The Working Centre, 58 Queen Street South, Kitchener Map

During the first meeting I figure we can introduce ourselves, work out the logistics, and introduce some of the things that are challenging us in our sysadmin work.

- Paul


  • There are no meeting notes for this session.




(KWNPSA Upcoming Events)
(KWNPSA Past Events)
(KWNPSA Meeting Notes on one page)
(KWNPSA Requested Topics)

Meeting Notes

Alternatives to E-mail
  • Aren't we all on Slack by now?
    • Slack has some free options, also paid ones
    • eg. voice and video options
    • E-mail threads have messages and reply text, but slack has just the continuous stream-of-consciousness
    • Bots: "What's my schedule on Thursday?", "Bot, book me lunch with Kirk on Tuesday"
      • Regular expression bots, "human in the loop" bots, and "IBM Watson" hyperintelligent bots
      • Bots really made it, turned Slack into a marketable product (opened the platform, API)
    • But whatever happened to Google Wave and Google Buzz?
    • Is there a Slack-to-Email bridge? Maybe on Rocket.Chat
      • Privacy and datamanagment concerns: who stores your chats? streams? e-mail?
    • Spammers on Slack? It's a closed environment, you know your spammer (unlike e-mail)
    • But there can be public "Talk to a sales rep" windows
  • Kik also opened their platform
  • Rocket.Chat - "Slack-alike"
    • web client & phone apps
    • e-mail gateway, LDAP gateway
    • Drag'n'drop filesharing
    • Self-hosted, on Ubuntu as a Snap
    • Self-hosted, so you have control over your own data
    • kwvoip.ca may set this up...
  • XMPP - Cisco bought Jabber.com (now Cisco Jabber)
  • Matrix / Riot
Ease-of-Use

E-mail is so easy to use, people use it for everything

  • File storage
  • Instant messaging
  • Archival storage
  • Operating System?
    • Heard of people who use git as a mail repository
Difficulty-of-Admin
  • Struggle with Exchange and Outlook
    • Weird problems, eg. indexes
    • Would weird problems like indexing exist on Office365?
  • Large systems are constrained only by the time and effort of the SysAdmin
    • Or sufficient funds to purchase vendor support
Spam Mitigation
  • Large mail providers silently drop some mail, receivers and senders have no idea it's not delivered
  • Need to bring mail filtering inhouse
    • Opinion that the only effective filters are Bayesian filters on content, not geo-blocks, IP-blocks, or domainname-blocks
  • DMARC and DKIM (both broken for mailing list use)
  • Dealing with blocklists
    • Blocklists are reputation managers
    • Small orgs sending mail are incorrectly identified as spammers
    • Blocklist providers have no incentive to lift blocks based on the requests of senders (otherwise every spammer would make that request)
    • Recipients of failed messages need to contact their mail providers to stop the mail providers from subscribing to bad blocklists
    • Filter provider needs to hold the spam for subsequent retraining (problems with privacy and data control)
  • Organizations block access to external mail providers


Back to: KWNPSA Meeting Notes



Malware

Date
Monday, 12 June 2017 from 7:00pm to 9:00pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/239940239/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Breaking News: Dozens of countries affected by ransomware cyberattack (CBC News, 12 May 2017)

Are you protected from malware? On your desktop computers? On your servers? Does your staff have malware protection at home? Is anti-virus software enough? What's "ransomware"? What's the difference between a virus, a trojan, and a phishing attack? Does it matter? How do you protect yourself from malware? What's the best way to react to a malware outbreak? How do you recover from a malware attack?

We'll share our experiences in a round table discussion, and perhaps have a guest from the industry to provide some of the answers.

--Marc Paré and Bob Jonkman



Video

Malware discussion at NetSquared KW meetup (courtesy of Gheorghe Curelet)

Guest: Scott Smith

  • Tekkshare demonstration by guest Scott Smith
    • A Goods-and-Services marketplace for technical stuff based on Sharetribe
    • Invitation for KWNPSA members to sign up, will waive commission for first year

Meeting Notes

Malware experiences
  • from the days of floppy drives
Platforms
  • Apple malware, adware
    • Nothing super malicious, but affects the browser, user libraries inc. user preferences
    • Backup with TimeMachine, but that takes malware with it
    • Free TV websites and proxy sites seem to be sources of malware
    • Manual restore (not Time Machine) to restore each file individually
    • AdAware bought by Malwareytes, good for Apple platform, free for home use: Malwarebytes | Malwarebytes Anti-Malware for Mac
  • Android
    • Large platform, biggest vulnerability
    • Old, refurbished phones may be vulnerable, they don't get updates
    • Same for routers, security cams
    • Fragmentation in market, but providers (Samsung, Verizon) don't provide updates after a year or two
    • Reluctance to update phones because it takes too long (10 minutes!)
    • People are more likely to replace a device than upgrade it
      • Both on desktop and mobile devices
    • Change is scary, some people can't even deal with a moved icon on the desktop
    • SysAdmins are not able to meet the expectations of clients
    • Google is taking heat for lack of Android updates
      • Thought it might have been like GNU/Linux distros (stable, testing, Sid), didn't work out that way
      • Proprietary applications contribute to this, only Google can upgrade their apps
      • CopperheadOS tried to address this with a secure Android OS, but constantly battles Google and vendors

People believe things are secure because they've paid the vendor lots of money, they don't pay the vendor lots of money because the products are secure.

Best defence: Make our purchasing decisions based on public data of vulnerabilities

Mitigation
  • Treat the end-user as an adversary
    • Focus on recovery instead of avoidance
    • But should we treat people as adversaries? Technical solutions are not a panacea
  • Backups!!!
  • Risk management -- given enough time, the probability of being affected approaches one
  • Training is necessary, but not sufficient
Defence in Depth
  • Backups, backup rotation, offsite backup
  • Training
  • Updates
  • Offsite storage (Cloud), store deleted files for 90 days (version control)
    • But privacy issues with out-of-country routing and storage
  • Buy-in from management to provide enough resources (money)
  • Honeypot, canary - let SysAdmin know when certain files are being touched

Staff needs to know this Defence-in-Depth is being done, and when

Recovery
  • Some people don't care about their data, just re-image the computer
  • Shadowcopy in Window -- only Administrator has access, can't be encrypted by ransomware
    • But malware knows Shadowcopy is a good idea, and will try to bypass
  • How can you tell your files are encrypted?
    • Applications can't open their data files
    • Some malware leaves messages "This folder is encrypted"
  • Stiller software (c. 1995) to identify modified files with checksum appended to all files; won't open or execute compromised files

Meeting Administration

  • Time limits? 8:30pm
    • Stay on topic
    • May start at 6:30pm? Consensus, not...


Offsite Hosting

Date
Monday, 8 May 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237779027/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

Where are your servers? Are you self-hosting? Have you thought about professional hosting? What services does a professional hosting service offer? Do you need shared hosting? Do you need a VPS? What's a VPS? What's a colocation site? How much will all this cost?

Come share your experiences with self-hosting, shared hosting, and VPSes. Bob and Marc have the questions, and special guest Mark Steffen from indieServe Networks will have the answers.

See you at the meeting!

--Bob Jonkman and Marc Paré



Video

Offsite Internet servers hosting - YouTube (courtesy of Gheorghe Curelet)

Meeting Notes

Selecting a hosting provider
  • There's no "One size fits all"
  • What do you need?
    • Disaster recovery?
    • Microsoft licensing?
    • E-mail hosting?
What kinds of servers for a host?
  • Dell servers at one place
  • Had HPs, didn't mind them
    • indieServe has some HP servers for colocation
  • Lenovo, but there was BIOS based malware
    • Liked IBM servers, anecdotally liked the reliability
    • indieServe has all Lenovo servers
Offsite Hosting Problems?
  • Shared hosting was OK for a while, but host was asking for more money
  • Another company seemed perfect shared hosting (using WordPress),
    • Works today, but lots of complaints on Facebook, so he no longer trusts
  • Backups?
    • Yes, keeping your own backups in addition to using the hosts' backups
indieServe Networks
  • indieServe is hosting for KWLUG, KWVoIP, FairvoteWRC, KWPeace, &c.
  • About $10/month for shared host
    • No limits but on the honour system
    • Keep it to one company per shared host
    • Local non-profits may be able to get really good deal -- talk to Mark Steffen
  • Also has VPS (Virtual Private Servers)
  • Can do hosted Windows servers or domain
    • Good for small file sharing systems
    • Microsoft has a specific licensing arrangement for hosting providers
    • Cost based on cores and sockets, plus number of customers
    • Not cheap, $100's /month
    • Similar model to Azure or Amazon AWS
Offsite Backups
  • Some customers use offsite hosting only for data replication (disaster recovery)
    • Do keep offsite backups encrypted
    • For any backup solution check with Legal for PIPEDA legislation
    • Cheap backup? 20¢/GiByte for storage is typical
  • Backup software:
    • Duplicity for Linux
    • Cloud Berry for backup service
    • DupliCaddy for Windows (Open Source, Beta software,supports SQL, kinda slow)
      • For Windows, do full backup, then everything is incremental afterwards
      • But it keeps a synthetic "Full" in the background
    • With S3 or Azure, you can restore to EC2 -- get (almost) instant restore on external VPS -- really cheap disaster recovery
    • Back Blaze (personal backup for $5/month, also B2 backup storage, .02¢/Gibyte?, $10/month for 1 TByte?)
  • indieServe keeps hard backups (USB drives stored offsite)
Backup horror stories
  • Hijacked truck (backups not encrypted, nobody knows who now has access to backup data)
  • Encrypted backups corrupted (physical disk damage corrupted one block of data, cypher block chaining made rest of backup inaccesible)
  • Bulk files corrupted (backup file is OK, but contained invalid data, making rest of the backup invalid)
  • Tape backup is still the most dense storage for immutable backups
  • Mark Steffen has techniques for redundant backup storage (good for ransomware attacks, &c.)
  • How much backup do you need?
    • How much data can you afford to lose?
    • Have at least one automated backup in place
Selfhosting?
  • Run your own service on a VPS or shared host (XMPP, Wiki, Social media) instead of using Facebook, Google, Twitter)
  • Manage your own server, colocated in a datacentre
  • Getting a DSL line (with multi-link support), and running a server on premises
  • Managed hosting - servers in house or colo, but contract out the SysAdmin
Webhosting Management
cPanel
  • Set up WordPress, &c.
  • Handles updates, patch management, backups, email
  • Installatron for managing applications
  • Varnish is a cache in front of Apache, for bursty traffic
  • cPanel is pricey? $20/month for bare metal, less for a VPS
    • Keeping cPanel on a VPS makes it portable, allows cPanel admin to perform maintenance with no downtime
Zenserver
  • A Virtual Machine host
  • The free version is pretty unrestricted
  • Use Zenserver to run cPanel
Cloud Linux
  • uses CageFS,
  • isolates users from each other
Other panels?
  • CentOS Web Panel
  • ISP Config
  • Ubuntu MAAS
  • WebMin, VirtualMin
  • WHM is the management tool for cPanel
  • WHMCS is a shopping cart / billing system for hosting
    • But these apps may have security issues (PHP doncha know)
Reseller hosting
  • Perhaps for Web developers, who want to manage resources for their customers
  • Can add multiple accounts, lets hosting provider manage growth and resources
  • Could be unlimited accounts, but typically 300 GBytes, good for about 50 accounts


Blockchains

Date
Monday, 10 April 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778947/
Location
Communitech Jelly Bean Room 1st Floor, 151 Charles Street West, Kitchener, Ontario Map

What's a blockchain? Is this all about math? How do I make Bitcoin payments? How can I receive Bitcoin donations on my Website? Are there other blockchain currencies? What services exist for blockchain currency exchange? Is blockchain technology good for more than just Bitcoin? What blockchain tools exist for Non-Profit organizations?

Marc and Bob ask the questions, and special guest Kris Stinson will be on hand to provide the answers!

See you at the meeting!

--Marc and Bob.


Video

Familiarization with Bitcoin and other cryptocurrencies (courtesy of Gheorghe Curelet)

Meeting Notes

  • Today we're joined by guest Kris Stinson (@StinsonKris on Twitter)
  • Lots of media attention, "blockchain this, blockchain that", they're trying to sell you a database
    • Microsoft, IBM, governments (even Canada: Cancoin)
  • Banks are threatened, unregulated currency (scary!)
  • Japan has approved Bitcoin as a currency (legal tender)
  • Legal (tax) ramifications: Capital Gains.
Video
Types of blockchain currency
  • CryptoCurrency Market Capitalizations
  • Augur - a "betting" site; deals with contracts
  • Based on Ethereum
  • DAO - Decentralized Autonomous Organization
    • eg. Ethereum
    • A decision by this DAO split Ethereum into Ethereum and Ethereum Classic
    • Now there are miners working on both branches of the blockchain
    • "The mining network" determines whether a fork of the blockchain can happen
How does the blockchain determine "truth"?
  • The longest chain wins
  • "Rolling back the chain"
    • database
    • miners
Quantum computers?
  • Will change the game!
  • Winkelvoss brothers
    • Own over 50% of bitcoin?
    • This is a problem, they can determine the validity of transactions
Wallets
  • Wallets are Public/Private Key encryption containers
Other blockchain technologies
  • Don't trust The Cloud?
    • Authentication
    • Filesystems

90 minutes was far too short to cover all aspects of Blockchain Technology; we'll invite Kris Stinson back someday.



Branding

Date
Monday, 13 March 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237778855/
Location
Steve Izma's house, 35 Locust Street, Kitchener, Ontario Map

What's your brand? Do you have a brand? How do you choose a brand? Is branding important for NonProfit organizations? What is the value of a good brand? What is the cost of a bad brand? Have you ever changed your branding? How much work was it for the SysAdmins? Did you have re-do the Web site? The e-mail addresses? Business cards? Letterhead? What legal considerations are there for choosing a brand?

Bob and Marc have the questions, together all of us have the answers.

See you at the meeting!

--Bob and Marc



Meeting Notes

This meeting ended up being more about our own re-branding needs, and the business of running KWNPSA as a non-profit organization. We'll have another session in the future on Branding to discuss the experience and gather the advice of other organizations.

  • We started with a discussion on the different syntaxes used in markup languages, eg. Markdown, Mediawiki, PMWiki, MoinMoin...
Hosting Services
  • Many Non-Profit organizations are migrating from CCj/Clearline (Steph Smith, Cedric Puddy) to IndieServe (Mark Steffen)
  • Marc Paré will take over the hosting for KWNPSA
    • Marc is currently using 123EHost.com
    • This is for the interim, until Marc has his own server set up
    • The hosting OS will be Mageia
  • Mailing Lists
    • Steve Izma will be the Mailing List Manager
    • We currently have our Discussion and Announcements mailing lists on CCj/Clearline
    • Steve will look after the mailing list migrations as soon as Marc has Mailman set up
  • Wiki
    • Mediawiki is being used by everyone at this meeting,
    • Currently being hosted at http://sobac.com/kwnpsa by Bob Jonkman
    • Will be migrated after Marc has set up the Mageia server
Sponsorships
  • CIRA - Has provided $100 for the previous and this meeting.
  • TechSoup - provides low-cost Microsoft licenses to Non-Profit organizations
    • NetSquared (part of TechSoup) is an umbrella group for Non-Profit organizations' IT staff
      • If we get a venue without A/V facilities, can NetSquared sponsorship provide, say, a projector? Marc to ask Eli...
  • Microsoft
    • We will gladly accept Microsoft sponsorhip and host an evening dedicated to Microsoft products
      • Perhaps have as a guest speaker a product specialist from Microsoft?
    • We will continue to focus on Free Software / Open Source solutions at other meetings
  • Google
    • Apparently Google is a sponsor or a member of NetSquared
      • but we have not seen support from our local Google office, eg. request for a venue
Formalizing the KWNPSA group
  • The formal structure of the group will consist only of a Treasurer
    • Marc Paré will be Treasurer, will take care of any finances received from sponsors, donations, &c.
    • Funds received from sponsorships &c. will be used for venues, hosting costs, domain name costs.
  • Bob Jonkman will ask Eli van Giessen to re-brand the meetup.com group as KWNPSA - Kitchener Waterloo Non-Profit System Administrators -- a NetSquared Group
Marketing KWNPSA
  • Business cards?
    • We need someone to design a KWNPSA logo
      • The KW part is important to our geographic locale; highlight or separate KW from NPSA
    • Marc Paré has found with other organizations that business cards are just as effective as posters
  • Let more people know that KWNPSA exists
    • Marc has a list of local KW Non-Profit organizations List he has contacted about 100
Meeting format
  • KWNPSA has a collegial Round Table Discussion format, which suits Non-Profit organizations
    • Contrast this with formal presentations at KWLUG
    • or the social restaurant meetings of KWVoIP
Mailing Lists
  • How do we deal with badly configured MUAs (Mail clients) that try to reply to the Announcements list?
  • Do we need two separate lists?
    • Steve Izma will investigate the use of "child lists" in Mailman
    • "Child lists" will allow "Discussion" to receive "Announcements" so people only have to subscribe to one list
  • DMARC problems
    • Steve will activate "munging" on Mailman so badly configured mail hosts like Yahoo Mail will accept messages
  • We will have KWNPSA branded e-mail addresses
Wiki
Branding
  • Description of group: Resource Group for Information Technology in Non-Profit Organizations
    • Similar to a Mission Statement, if not identical
    • Also the Vision -- use one phrase for all
    • We will refine this description on the Discussion List with other members
  • Are we KWNPSA or KW-NPSA?
    • It's a non-issue, we'll spell it out in full on posters and whenever we make announcements
    • Let's see what the Business Card designer does
Venue
  • Marc Paré will pursue Communitech and the Downtown Community Centre for "venue sponsorship"
  • A venue at Google may not be possible (high security facility)


Meeting notes taken by Bob Jonkman.



Social Media

Date
Monday, 13 February 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/237362708/
Location
Queen Street Commons Cafe, 43 Queen Street South, Kitchener.
Across the street from our previous meeting place. Map

How can a Nonprofit organization make use of Social Media? Should a Nonprofit organization even use Social Media? What Social Media platform do you use? What sorts of things do you put on Social Media? Who puts it there? A team of SMEs? One person? Is this a full-time job? How much time does it take to maintain Social Media accounts for a Nonprofit organization? What will you do when your Social Media platform disappears? Or deletes your content? Or delivers your content to only a small set of viewers?


Meeting Notes

  • Conversation started with employment
    • Headhunters and placement agencies frequently call potential employees or contractors, but rarely result in employment or contracts.
    • Salaries for developers are higher in Waterloo Region, due to competition from other tech firms.
  • Social Media is all about the analytics
    • Using analytics provided by the services, eg. https://analytics.twitter.com
    • Analytics from different sites (Twitter, Facebook) are similar enough that direct comparisons can be made.
    • Use some custom links to identify source of engagement on their own content
      • eg. use one URL for Twitter, another for Facebook to reach the same content
      • Use Google Analytics for generic information
      • How does Google identifiy the source of the visitor if the links are all the same? Or the URLs are all the same?
  • Staffing at one non-profit organization:
    • 1 person for Twitter + Facebook
    • 1 person for Instagram
    • Need more staff (Reddit, other social media forums)
    • Maintaining social media accounts by volunteers
      • Takes lots of time! Split it up between people
      • Automate some tasks (POSSE - Publish Once, Syndicate Self Everywhere)
  • Update frequency
    • Twitter: 8-10 time per day
    • Facebook: Once a day
    • Search for how to optimize facebook feed
    • Have a hashtag strategy (what is a hashtag strategy?)
  • Before starting on social media, ask "What is the organization's goal for social media?"
    • Distribute information (meetings, info about the cause, eg. environmental tips)
    • Grow the organization
  • Automate feeds
    • Facebook -> Twitter
    • Blog -> GNUsocial -> Twitter -> Facebook
  • Your following:
    • Are your followers passive or engaged?
    • Twitter is good for a large number of followers, but low engagement
    • Facebook is the opposite (few followers, strong engagement)
    • Linkedin is good for Business-To-Business
  • "Twitter will be around forever"
    • Some disagreement about that
    • Whatever organization buys out Twitter will want to keep the eyeballs (users generating advertising revenue)
  • Reddit is a great platform
    • But nobody likes it
  • Having a social media presence on Twitter and Facebook and Instagram will reach 90% of people online.
  • The purpose of one non-profit organization is to change consumer behaviour
    • How can that be measured?
  • Are social media sites trustworthy?
    • Social media sites are bad for your personal mental health
      • Some people remove themselves from social media
  • Twitter is a conversation
    • Really? 140 characters seems too short for meaningful conversation
    • Twitter is (only) good for broadcast announcements
    • A Grade 8 reading level is good for Twitter
    • It takes skill to get more information into 140 characters than in long-form prose
      • But too many abbreviations and leetspeek and others can't understand
      • "Dracula" by Bram Stoker was written as diary entries, good for syndication on Twitter
      • Books are being replaced by social media
        • so put novels on social media where people will read them
  • How to be effective:
    • Go where the people are
      • But that leaves out Free Software solutions like Friendica (Facebook substitute) or GNUsocial (Twitter substitute)
  • Wouldn't it be nice
    • if social media didn't affect reading levels or comprehension
    • people learned more evaluation and critical thinking, not rote memorization
  • Filter bubble
    • Facebook only shows those things you've already "liked"
    • reinforces biases
  • Recognize that Social Media is just a tool
    • You can use it well
    • ...or you can use it poorly
  • We (Non-profit organizations) are parasitic
    • We're using social media platforms for our own purposes, fully recognizing they're not doing this for our benefit.

Meeting Closing Discussion

  • Discussed CIRA (Canadian Internet Registration Authority)
    • supports the .ca domain extension for Canada
    • most are aware of the organization
    • result of discussion is to obtain the .ca version of the NPSA domain: kwnpsa.ca

Future topics:

  • Monetization
  • Branding (logos, names)


Estimating Time and Resources

Date
Monday, 16 January 2017
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260371/
Meeting Notes
https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50529155

In IT we are often asked to estimate the time and resources assorted tasks will take. Often these time/cost estimates are tied to funding, grants, and resource allocations. Unfortunately, many of us struggle at coming up with estimates more accurate than "it will take longer than expected". What are some strategies and best practices we can use to come up with better estimates? Under what circumstances does estimating things become easier? Harder? Under what conditions should we spend a lot of effort making estimates, and under what circumstances should we not?

When have you had good experiences making estimates? When have you struggled?

As always, bring your experiences and questions. Also, please spread the word about this meetup so that more people who do nonprofit systems administration will become aware of it.


Announcements

  • Laptop Rescue Mission this Saturday, 21 February 2017, 4-8pm
  • Does somebody want to take over the group?
Taking Over the Group
  • Is there a venue available?
  • QSC is noisy
  • Other TWC spaces need staffing
  • Meeting at Steve's house?
  • Will anybody take the mailing lists?
  • New organizers: Bob Jonkman, Marc Paré.
  • Should we be on meetup?
    • mailman does some of this
    • NetSquared does not help with promotion
    • meetup has a large user base
    • there is a blog and a wiki already
    • there is a twitter account
  • They want the group to be face to face
  • Bob likes the peer to peer conversation
  • March meeting's at Steve's house
  • Marc will look for other venues
  • Communitech has space available to tech groups: Marc
  • Moving the mailing lists: Steve
  • Marc can host on his server and get a domain name
  • Future topic: Project management software


Meeting Notes

Discussion Points
  • What are strategies and best practices to get better estimates?
  • Under what circumstances does estimation become easier?
  • Under what circumstances does estimation become harder?
  • When should we spend a lot of effort making estimates?
Discussion
  • Horror story: server installation
    • building a server room that needed dedicated cooling
    • he estimated power consumption of each device
    • UPSes only need to be sized for the running current (they are built to handle startup current already)
    • He ended up overestimating by three times
    • The air conditioner would freeze the pipes and everything would shut down
    • He looked up currents instead of measuring them
    • How do you deal with the exhaust heat?
    • The UPSes had meters for measuring electricity draw
    • But then they dismantled the server room for other reasons
  • When is it easy?
    • Figuring out spending is easy?
      • In the horror story they sized based on existing equipment
      • Looking up specs can be difficult
    • Never?
    • When you have done this project before?
      • There are differences between software and hardware
      • But sometimes you make software similar to the stuff you made before
    • When you can look at projects similar organizations have done?
      • How do you get that information?
  • Mythical man month comes into play
    • You cannot predict how managers will manage the project
  • Example: replacing a network was the single largest line item
  • It is harder than you think always
  • There is always effort associated with making estimates
    • When is it worth the effort?
    • When projects are expensive
    • When projects are tied to specific grants
  • Waterfall vs agile software methodologies
    • Don't estimate everything at the beginning
    • Can you make estimates a little at a time?
    • But budgets are always waterfall, not agile
  • But we tend to overengineer things
    • But then your results are rejected
  • Projects always have unanticipated things
  • It is expedient to underestimate costs to win contracts and political support
    • What will future maintenence costs be?
    • If you lowball costs then you get approved
    • Who pays for the overage
    • But operational budgets are overestimated so that you get a surplus later
    • End of year rollovers are political
    • Surpluses are seen as weaknesses, not frugality
    • This applies to nonprofits as well
    • Bureaucrats look good when they give large amounts of money
    • There are not good incentives to share funds across departments/projects
  • Does that mean IT is always having to convince management for funds?
    • IT is always a cost sink
    • But technologies can reduce labour costs and stop people waste time
    • Workers should enjoy the additional gains from productivity gains
  • How do you position yourself so that you get buy-in?
    • Get the people who are affected to talk to management too
  • Sometimes estimates are done to argue for funds and sometimes they are used to find projects that should not go ahead
  • If you know that you are going to need something then just go and do it
    • But senior management does not trust the estimates, so they hire consultants, which causes conflicts
  • It is less important to estimate when you have projects that can be done in small stages (instead of projects that need to be done all at once).
  • If the project is small it makes less sense to make estimates
  • Pilot projects can help figure out long term costs
  • Projects can be broken down by scope
  • Sometimes estimates are not honest, but designed to underbid the competition
    • Who pays for the overruns?
    • There can be penalty clauses in these contracts
    • Getting the lowest contract can be a problem
    • If you incur penalties you get taken off the list of approved contractors, but you just change your name and try again
    • This can result in lawsuits
    • There can be completion bonds, etc
    • As soon as lawyers get involved costs go up dramatically
  • It can be a problem when sales team promise things without telling engineering
  • Doing estimates can give you a ballpark about the costs
    • but now you may have to have consultants vetting other consultants
  • To some extent you can play vendors off against each other
    • Big software companies will have pre-sales engineering teams to help you figure out your costs
    • They can also outbid you if they want
  • How do you deal with projects where you have blown the time constraints?
    • You can hire subcontractors
    • Drop parts of the project
  • RFPs can tell you what they have to offer
    • They can help you anticipate some of the pitfalls
  • Do requirements documents of what you need
    • Talk with the vendors/engineers from the companies
    • But the vendors will not tell you the horror stories
  • People's behaviours can change once the ystem changes
    • eg people beginning to use email as file storage
  • Breaking down projects into chunks
    • This shows you things that you are missing
    • Then you can better understand what the project is
    • Start aspects of the project that you can learn from and what different tasks are involved
    • But you cannot do this with monolithic systems
  • Fixing technical debt is more work than starting fresh
  • Don't be tempted to give the estimate right away
    • Be prepared to charge extra when the estimates increase
  • Sometimes competitive bids boil down to who you know?
    • This is not necessarily bad because of trust
    • But the well-known vendors have more experience winning these bids
    • If you start out at a big vendor and branch out on your own you can receive trust
  • Talk to other people who have done the same thing


Documenting Things

Date
Monday, 12 December 2016
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/234260323/

Much of our September meeting revolved around documentation. How do we ensure it gets written when there are so many other priorities? How is it maintained so it does not go out of date? How do we index it so that it is easy to find the information we need when we need it? What tools have we found most helpful in creating and maintaining documentation? What things are important to document, and what things can be skipped? As always, bring your experiences and questions.



Meeting Notes

(Notes by Martin Edmonds)

Best Practices
  • Create documentation for users: “How To” & “FAQ” documents on Wiki so it can be self-serve or you can pass on links when users ask questions
  • Consider formats for defining requirements:
    • Consider: security, auditor controls, speed, backups, file permissions
    • Ask client where data coming from
  • Weigh balance between: need for documentation versus the effort that it requires to develop
  • Don’t document same info in multiple places or it is more work to maintain
    • Get data into a structured format that data can be entered once and it will ripple through to every relevant place
  • Too much documentation may never be used; Keep it simple with what is most important
  • Know your audience
  • Videos have advantages, but you can’t scan through or search to find what you want
    • Short instructional video on a specific topics can be helpful
  • Consider security: are multiple levels of access required to documentation
  • Consider paper versus electronic forms of documentation
  • Think about what someone would need and how they would find it, if you are not around to show them.
  • Keep it in a standard place. Don’t keep documentation on your personal computer or account, because other people won’t be able to find it.
  • Keep in a place where you can give access to someone else but is not accessible to people who should not get it
  • Include examples in the documentation
  • Include why you did something (not just what you did)
  • How do we make sure that it is done
    • Make it easy to document
    • Allocate more time to do documentation
    • Set aside time at the end of each day to update documentation based on what you worked on that day
    • Document as you do it
What to Document
  • Enough to get a person started (in case person with knowledge is no longer available)
  • Overview of where documentation is. (big picture view)
  • Explanation of what is done on repeated basis at certain times (eg. Holiday posting done each year)
  • Document characteristics of users. For example: user expectations, knowledge, tendencies, tolerance for flaws, etc.
Tools
  • Word processor is not ideal since the documentation should be structured so that it can be queried
  • Wiki: forces you to think of structure; easy to create new links to new pages; good for collaborative authoring; manages revisions;
    • A wiki is not as simple to use as a word processor, but non-programmers can update document using wiki
    • Using a wiki may discourage some people from commenting because of learning curve
    • Requires a good editor
    • Can preview documentation through wiki
    • Wiki is not great for multiple security levels of access to documentation
  • Tools to consider
    • OneNote
    • “Remarkable” use on a tablet for taking notes at a meeting
    • Data Base: such as Access
    • Cloud based: Eg. Google Keep, Google Docs
    • Sharepoint
  • Video and screen capture: eg. SnagIt or Jing or
  • Tools that come with Windows: “Recording Steps” or “Snipping Tool”
  • Word processor or spreadsheet are very easy to use, That is what people know how to use. Those are not ideal, but any documentation is better than no documentation
  • Ticket system which will capture what you did to resolve issue
  • For documenting Network: “Lan Sweeper” or “nmap”


Thanks to Martin Edmonds for moderating this month.

Event announcement: https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/
Meeting notes: https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50337067

Regulatory Compliance

Date
Monday, 14 November 2016
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/233388765/

Many non-profit organizations are involved in government-regulated services such as health care, employment acquisition and training. Other activities require adherence to other laws, such as building codes. How do you keep track of all the regulations that you need to follow? How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission? How do the SysAdmins get along with the Lawyers? When is encryption required? What do you encrypt and when?


Meeting Notes

  • Must consider retention and retention periods of email and other documents (almost any document can be considered a legal document)
  • In addition to govt regulations, must consider industry practices & standards
  • Following of the Ont. Non-Profit Corporations Act (ONCA
  • Maintenance of email lists:
    • use double opt-in
    • using email lists only for stated purpose
    • offer mechanism for requesting to be removed
  • On website for incorporated organization (In Europe, but not yet in North America)
    • need to specify if cookies will be saved
    • need to specify physical address (required in Europe)
  • Considered a member of a non-profit (in some cases, even attending an event can constitute you as a member)
  • Adherence to Copyrights laws when photocopying
  • What responsibilities does organization have when providing internet access to public
  • Audits from organizations that grant non-profit status or organizations that provide grants
  • Software audits (Eg Microsoft ensuring license adherence)
  • Need to be very careful about mailing lists and keeping them up to date to prevent mails to the wrong person
Storage

How do you store compliance documents such as sign-offs, NDAs, and contacts? What do you use for secure document storage and transmission?

  • LotusNotes used to route a document and get sign-offs along the way
  • Block chain systems (discuss further in future meeting)
  • Electronic forms on secure file server or encrypted device
  • Encrypted data.
    • TrueCrypt
      • There are some known vulnerabilities in the Windows version.
      • Veracrypt is a fork of TrueCrypt).
    • Luks container
    • Offsite (using send command)
    • ZFS (a file system)
  • Indicate on top of email who is the intended audience of email. Legal disclaimer on the footer telling you not to read an email if it does not pertain to you.
  • Encrypted email systems eg. Enigmail (a thunderbird plug-in)
  • Online service to encrypt mail eg. Proton Mail, and Tutanota
  • Signal, Telegraph, and WhatsApp for encrypting instant messages

Potential topics for future meetings

  • Block chain systems
    • Book: London Review of Books had two stories by the same author Andrew O’Hagen
    • Ethereum (a programming environment built on top of Block Chain)
  • Accessibility rules
  • Document storage formats (ODS, etc.) could be combined with document management systems


KWNPSA Meeting Notes for 2016-10-17



Smooth Succession

Date
Monday, 19 September 2016
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/232556568/

Sooner or later, people move on. Sometimes they leave for greener pastures and sometimes they just leave. Sysadmins tend to have a lot knowledge about the systems they work with, and often their knowledge is in their heads and their heads alone. As responsible sysadmins, how do we transition out of our jobs without our organizations collapsing behind us? How do our replacements learn the institutional knowledge they need to keep things running? What best practices can we implement to document and share knowledge so that others know what is going on when we are hit by buses?



Future sessions

Documentation
  • What do you document?
  • What tools do you use?
Coming up with time/effort estimates?
  • How do you be realistic but efficient
  • How do you justify unanticipated difficulties


Questions

  • Have you taken over from another person leaving? What was helpful? What was frustrating?
  • What preparations have you made so that future people can successfully transition into your work?
  • What barriers and challenges are there to smooth succession?
  • How do you transfer institutional/oral culture?
  • What best practices are there for documentation?

Meeting Notes

Our IT hats
  • Schoolteachers: often one person gets picked to wear the IT hat
    • 50 staff, 300 students
    • He deals with tech support questions
    • The board has a regular IT department but the ratio is high: 1 person for thousands of users
    • Tickets take a lot of time to resolve from the IT department
    • Teachers often have to pick up the slack
    • The IT staff they get in now are younger
    • The software stack seems to work better now
    • Software compatibility would break when deployed
      • eg a network game would break everything else
    • Now they test deployments better
      • But this reduces spontaneity
    • What about interaction with the school boards? How do documents get passed around?
      • This is more centralized now
    • They were going to give all kids their own email accounts
    • Schools have logins for their kids now
    • Some school boards do BYOD (Bring Your Own Device)
      • This is cheaper for the school boards, which can't keep up (and budgets are tight)
    • They use the same number of IT staff for the Catholic school board as they did for the entire high school system
      • This probably implies web interfaces for everything


  • Small non-for-profit, 25 staff
    • Prior to joining his director was the primary IT person
    • They signed a contract for hardware/software support
    • Now there is an IT committee
    • He made the mistake of admitting that he "knew about computers"
    • The organization decided to move to a cloud based service (Sharepoint) with a data migration
      • This was somewhat painful because the outside supplier did not tell them about their slow upload speeds
    • He does software/hardware problem solving
    • He does software upgrades: Office 2013/Office 365
    • Does training on the Sharepoint move
    • They are trying to transfer knowledge from the director's head to the collective
    • They have a local server
    • They also do BYOD
    • Getting information for connecting computers to the server is tough
    • How can staff do their jobs day to day
    • Do people prefer Office 2013 to Office 365?
      • There is more functionality in Office 2013
      • eg they have a room booking spreadsheet that has pane-freezing problems
    • Do people have problems with file versioning?
      • Not really
    • They have had communications problems with outside tech support
    • Even doing hardware audits and internet connections was tough
    • Getting people up to speed in Sharepoint is a big issue
    • People have problems adjusting to change
    • Where is the storage? It is all on the Microsoft cloud


  • Approaches to succession at a large company
    • There were procedures that were documented in a lot of detail
    • Important for time-sensitive stuff (eg batch jobs)
    • People did document well
    • You could search a spreadsheet for jobs to diagnose
    • Disaster recovery testing were documented in a lot of detail
    • He participated in disaster recovery one year
      • A coworker then started the next year, and he gave pointers
      • The documents were well-written and a good guide
    • Reviewing the documents well before is important
    • Management was invested in making sure that documented were well done


  • Another co-op job was not as smooth
    • A small one-person operation was not documented well -- much of the knowledge was in this person's head
    • Maybe this person should have done more documentation
    • The boss was very time-conscious, so he documented only the most complex issues
    • Writing things down is a good buffer for dealing with remembering stuff that is on screens
    • Is commenting code financially efficient? There is a short-term/long-term tradeoff.
    • Implementing better error tracing can be used by future people


  • He was working for a small startup where the emphasis was getting things as soon as possible with no succession of any kind
    • There ought to be good handoff procedures
    • This can be an issue with Google Summer of Code: people hang out for four months and leave
      • But sometimes there are good changelogs


  • Succession horror stories (small nonprofits)
    • He would like people to assign administrator access
    • Most organizations are staffed by nontechnical people


  • When going to new organizations
    • He had to explore how things are hooked up and why
    • Naming conventions were weird
    • He changed some of the printer names and got into trouble because it messed up the network documentation
    • Other places have been decomissioning jobs
    • He had to document everything before shutting things down
    • Big municipality had a good disaster recovery plan
    • Nobody should have to think in order to get things back up
    • Problems: system change and then documentation goes out of date
    • One on one training is better than doing no documentation


  • He worked for an insurance company. Their disaster planning was based on insurance.
    • This is called "key man insurance"


  • Worked for a university press
    • He kept the job for 30 years
    • He had a lot of autonomy in writing his job descriptions
    • Early on they had their own UNIX system and some people on Windows using UNIX tools
      • User training was not difficult because typographers know how to type to get stuff done
    • But in 1999 things changed. Kids these days! They only know how to use word processors
    • Passing on old skills was hard
    • When he went on leave he hired a friend who knew the same skills
    • When he was getting closer to retiring there were a lot of meetings about the stuff he did. Other people were learning this but others didn't think they could handle the whole thing.
      • The people who took his job have good communication skills and could change things to their preferences
      • He found that his meetings were collaborative and good for problem solving
    • Things are going well but are slower
      • eg there are fewer spreadsheet manipulation abilities
    • There is documentation in wikis. People can read them but not write to them easily.
    • Have others dismantled your work since you left?
      • Yes
      • They were thinking of shutting down the Linux servers
      • They were going to migrate the functionality to a virtual machine
      • The server ran for a year without being rebooted and continued to work
    • Working with text files on local servers can be simpler than the cloud, because of black boxes
      • He had a lot of discipline to the structure of the data
      • black box: you have a promise of input and output, but you don't know what is happening inside
      • If the input data changes then everything can get messed up
      • Can you troubleshoot problems when they come up
      • Black boxes mean you can change the inputs and examine the outputs, but this is trial and error
    • Is there good software for putting bounding box information on EPS information. He found a script that worked that was made of Perl and shell script.


  • At TWC
    • Lots of complicated infrastructre
    • Some of it is documented but documentation goes out of date
    • People come and go
      • Understand everything about everything
    • Oral culture (both positive and negative)
    • Documentation is like survivalist training
      • Documentation that gets used stays up to date
    • Some documents are used frequently
      • Write down passwords in a shared (encrypted!) document
      • Multiple people working on a door system means documentation gets written
    • Documentation that is hard to write and hard to update does not get written (or gets written and is useless)
      • Text only
      • No screenshots unless absolutely necessary
      • Trivial update mechanisms
      • DRY : Don't repeat yourself
      • Trivial to search
      • OneNote
      • Plain text
      • Documents with good search
      • Email (yes, really)
    • Write documentation as you go
      • Too much documentation is kind of better than too little
      • If you learn things twice then document carefully the second time
    • Some people consider lack of documentation as job insurance
    • HOWTO files can be helpful
    • Make things as self-documenting as feasible
      • Drop README files in source folders
      • Inline comments
      • Documentation as file names
    • Log files and version control are forms of documentation (if you have the discipline)
      • etckeeper is good for Linux systems
Best Practices
  • Mind the bus factor and stay away from public transportation
    • Don't store documents in someone's personal folders
  • Having good documentation is helpful. How does it get created?
  • Never admit you know computers
  • How do you keep documentation up to date as things change?
  • Make documentation accessible
  • Get good at trawling other people's work
  • Do regular training for staff and volunteers
    • Forcing people's hands can help
  • Start people small if you can
    • This way you can assess their skills and commitment
  • Make new people do documentation as they work
    • This helps them learn the systems
Worries and Challenges
  • Being the person who gets hit by the bus
    • How do you spread information?
    • Continuous learning by staff -- raising everybody's level of knowledge
    • Management may not be on board
    • Do people understand that not having long-term planning leaves them vulnerable?
    • You can't boss around volunteers as much
  • People think that the cloud solves backups and IT administration
  • How hard will it be to step into a new position?
    • When we are unemployed because we don't have the tools
    • Money becomes a huge issue
    • Getting access to hardware is an issue
  • How many times will you be called after you left?
    • Will you remember your old work
    • There is a sense of liability -- who is responsible when things break?
  • Choosing the wrong successor could be a disaster
  • Finding time/resources to transfer knowledge
    • Sometimes you need to be inefficient to be effiencent
    • Letting other people do the thing even though you could do it faster and more efficiently
      • Letting other people do the thing in ways you would not do it
      • Giving people good base levels of knowledge helps
  • How do you learn the system while being careful and not destroying everything in a burning ball of flame
    • How do you make a good impression and getting things done both quickly and correctly
  • Sometimes contractors get commissions with promises they cannot keep


Financial Software

Date
Monday, 15 August 2016
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/232234165/

What kinds of financial software are appropriate for nonprofits? What does your organization use? What work is involved in supporting it?


Meeting notes
https://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/50064445

Questions

  • What financial software does your organization use?
  • How do you migrate between software?
  • What considerations do you factor in?
  • How do you support this software?

Announcements

  • Upcoming meetings? Fold the group?
    • Free software for nonprofits
  • What do we want out of the group?
    • Proselytize free software? How do we get others to adopt free software?
    • What makes people use free software vs proprietary?
  • Hiring policies. Windows people are replacable?
  • Recruitment drive?

Meeting Notes

  • It was difficult to get accounting software for Linux without paying a fortune.
  • We should be concerned about financial software
    • Writing different interfaces (eg for batch jobs) is difficult
  • Sysadmins usually do not decide this software. Accountants do.
    • There are specific needs for payroll, HST, auditing
    • There is a high learning curve
  • Brendan uses SAGE because of payroll
    • Quickbooks requires a service to deal with payroll
    • Personally Brendan uses GNUCash
  • NewViews
    • hierarchical accounting that looks like a spreadsheet
    • It was made for DOS and Windows
    • It has a high learning curve
    • TWC moved from the DOS version to Windows
  • People at banks prefer correctness over efficiency
  • Brendan keeps tracks of accounts for several nonprofits
    • They were both using some ancient DOS program
    • They migrated their infrastructure to Access databases
    • They have multiple systems that have to manually reconcile things?!!!??!!?!!
  • It is possible to use TeX as an accounting system
    • With spreadsheets as input
    • Who else maintains this?
  • Why can't some Drupally solution come in and take over this space?
  • The core of financial software are:
    • Sales
    • Financial transactions
    • Different accounts
  • The non-cores:
    • Reports to funders
    • Payroll
  • (ObTopic) Is the cloud going to eat everyone's lunch?
    • Freshbooks is on all the podcasts
  • Integrating with banks is not so easy with GNUCash
    • You also have to make sure the cheques have been written correctly
  • Why can't this all be federated?
    • IIF : Intuit Interchange Format (proprietary)
    • OFX : open standard used by Microsoft Money : http://www.ofx.net/
  • Not an API thing?


  • Companies vary in what their expenses are and their categories?
  • In publishing:
    • There is some key information in invoices
    • People need to respond to invoices from printers
    • Different industries have come up with their own standards (EDI)
    • EDI: Electonic Data Interchange
  • Used for Business to Business transactions
    • Banks have worked out how to exhange data amongst themselves
  • Companies decide WHEN to pay invoices to maximize their cash flows
    • If you pay early then maybe you get a discount
    • Can computers help with some of these problems?
    • You favour certain relationships over others
  • Quickbooks works under Linux using WINE?



Considerations
  • What people know
    • People like their Word and Excel
    • Migration costs are very high -- there has to be lots of benefit


  • There are a bunch of updates to payroll and HST
    • The software is always under development
  • Upgrade costs are very high -- once you make a choice you are kind of stuck
  • Accounting software needs to be customized to the particular needs of the organization
  • Internal formatting is different from reports
    • If internal structure is good then maybe making add-ons is feasible
  • Humans will have to input most of the transactions?
    • But there are point of sales
    • Accountants need to verify the receipts
    • Robust interfaces are important to avoid input errors
  • Can the bookkeepers use the software?
  • Does the software interface with the services (ADP) that the organization uses?
  • What are the security implications of data breaches?
    • Information leakage about things?
    • Corporate surveillance? Future products?
    • Know what your prices are?
    • Know what different employees are paid?
    • Medical/dental data
  • Maybe you can't have plugins because that has the potential of violating integrity
    • Can't proper transaction logging fix this?


  • You close books at the end of the fiscal year
    • This freezes accounts
Migration
  • Take an end of year fiscal snapshot
  • Move the summary to the new program
  • Quickbooks will let you upload your desktop information to the cloud
    • But you can't get the data back!
    • Maybe the competitors will let you upload to THEIR clouds
    • But Quickbooks does not support backwards compatibility on the desktop either

Back to: KWNPSA Meeting Notes



The Cloud

Date
Monday, 11 July 2016 from 7:00pm to 9:00pm
Meetup Event
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/228739922/
Meeting notes
http://www.meetup.com/NetSquared-Kitchener-Waterloo/messages/boards/thread/49977700
Location
The Working Centre, 58 Queen Street South, Kitchener, Ontario

Every single meeting we mention "The Cloud" but it has never been a formal topic of discussion. What do you trust on the cloud? What do you not trust? Why? How how the cloud made your life easier? How has it made it harder? What criteria do you use when deciding to use cloud services? Are there feasible alternatives to the cloud? What are their plusses and minuses? Are IT admins who don't like the cloud dinosaurs who will be unemployed dinosaurs within a few months or years?


Meeting Notes

Hosting
VPS hosting: servers in the cloud
  • Linode: $20/month (TWC uses this)
  • Digital Ocean
  • Cloud at cost (don't use this for production)

You get a virtual machine in the sky which you have to administrate.


Shared hosting

Somebody else sets a server up and gives people accounts. They typically take care of disaster recovery.

Typically you don't get root. Sometimes you don't get a shell.

Colocation

Put a server in somebody's rack. You pay for the hardware and the hosting.

Computer in your basement (self-hosting)

You take of everything.

Your ISP has to be happy with you.

Server power is expensive.

Pros/cons
  • Be careful what you make public
  • Be careful of hopscotch attacks


Hosted Services
Types of Services
  • Microsoft services (Office 365)
  • Storage (SkyDrive, DropBox, Google Drive)
  • Hosted Exchange, Sharepoint, OneDrive
  • Hosting antivirus
Considerations
  • There have to be ways for people to work offline on planes
    • But even Google Docs can be used offline (via an installer?)
  • When the Internet is down Brendan goes home. Why?
    • Email
    • VoIP phones
    • File shares that are not local
  • Can you do video editing in the cloud?
    • There is an upper limit to the resolution
  • Multiple location and home access is easier
  • Who does the backups?
    • There is versioning for documents in Office 365
  • Sometimes services you depend upon go down. Then what?
    • Can you transfer your services to other providers easily?
    • LibreOffice is going into the cloud as well
    • Mount as a filesystem and use rsync
    • Google provides a way to do sync as well
  • Can sysadmins see the documents of their users when they are on the cloud?
    • What happens when people leave?
    • People use their corporate accounts and access data via their browser
  • Logging into multiple companies can be difficult
  • Do these services all use cookies for sessions?
    • Cookies
    • Session tokens
    • User data storage
    • Persistent TCP sessions?
    • Endlessly refreshing HTTP sessions? WebSockets
Pros/cons
  • Self-hosting is complicated so companies are taking it away (also not as lucrative for the companies)
  • What happens if you are offline?
    • Adobe was offline in 2014 and people were locked out (how does this work?)
    • What happens when your apps are just web frontends?
  • Will all the IT people be unemployed? Not Brendan!
Antivirus?
  • Web browsers check every page to make sure it is not malicious?
  • You could put the management consoles in the cloud
  • You could have clients send everything up to the cloud to be scanned


User Training/Adoptions
  • Do corporations just do this to minimize training costs?
    • You have to train people
    • But what happens when there is a breach?
  • How to we improve training and workplace culture?
    • Go to management?
    • Sheet of instructions that staff don't read
    • Monthly staff meetings
  • What about intentionally baiting users?
    • Report to your users
    • Go to your users individually and educate them?
    • Reduce user rights?
    • Publicize the people who have done bad things
    • Use peer pressure?
  • Passwords
    • Shamir's Secret Sharing System : Multiple people each need to put a password in to unlock things. http://point-at-infinity.org/ssss/
    • Brendan does not allow people to set their own passwords. He gives passwords to people.
    • Is it worth running hashcat or john the ripper on passwords?
  • Why do users keep sending attachments by email?
    • People have inertia for new things
    • It is harder to put files in shared storage than to email attachments
    • Sharepoint puts links to files instead of attaching them (for internal emails) (and so does GroupWise document management)
  • "Permissions" for cloud resources are hard for users to understand
    • Things that are "public" can be public to the world, not just the organization

Future Topic

(Go to NPSA Past Events)



KWNPSA Meeting Notes for 2016-06-13



KWNPSA Meeting Notes for 2016-05-09



KWNPSA Meeting Notes for 2016-04-11



KWNPSA Meeting Notes for 2016-03-14



KWNPSA Meeting Notes for 2016-02-08



Estimating Time and Resources/Meeting notes for 2016-01-11



Collaborative Editing Tools

Date
Monday, 14 December 2015
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223909896/

How do people work together? How do you deal with privacy concerns? What tools work and what have problems?

  • OneNote
  • Etherpad and friends
  • WebEx


Meeting notes

for 14 December 2015: 

Many users want to use collaborative editing tools.

  • What do you use?
  • How do you deal with privacy concerns?
  • How do you manage backups?
  • What are the strengths and weaknesses of these systems?
  • When are they best used?
Options
  • Wikis
  • OneNote
  • Etherpad
  • WebEx
  • Slack (Mattermost?)
  • Sharepoint
  • Google Hangouts
  • Google docs
Observations
  • GoToMeeting is better than WebEx
    • WebEx: poor audio
    • Pretty expensive? ($50/month)
    • Like Skype for 1-many
  • There are different classes? Wikis are different from WebEx
  • Wikis: collaborative editing
  • GoToMeeting: realtime conferencing/interacting
  • How can people work together on documents?
  • LibreOffice tends to use Google Hangouts
    • Hangouts allow multiple video and sound
    • LibreOffice will also use IRC
    • This is for discussions
    • The kids use Google for everything
  • Google docs allow you to edit simultaneously and chat
    • They have versioning
    • Marc backs up Google docs once a month into a zipfile
  • You can choose the format
    • Should we all embrace the Google?
  • LibreOffice is trying to work on OneCloud
  • This could be released next spring
  • The internal file structure is well known
    • Google Drive will let you mount a drive for Google Docs
  • LibreOffice will let you edit files from Dropbox
    • This is different than having documents mirrored on local drives?
    • LibreOffice is a "do what you like" community
    • eg there is little interest for any Android devs to develop an Android version, so they are contracting out the work.


  • OwnCloud lets you edit LibreOffice collaboratively (without locking)
    • This is like Etherpad
    • But you cannot do spreadsheets


  • Wikis are for structured text; Google docs are not (necessarily?)
    • You need guidelines to put documentation into reasonable shape
    • You need to handle your backups yourself
    • Images have to be handled differently
    • Back up each database separately
  • Bob generated a 300MB --all-databases file
  • He cannot restore the database properly
  • Does that mean his file is toast?
  • No, because he can chunk it apart
  • But that is difficult
What do we want for collaboration?

Why is it more helpful to have multiple people collaborating?

  • Conference organizing: You can have 5-6 people on a conference call all looking at the same spreadsheet.
  • How do you decide who is taking care of each part? You play nice.
  • The editing is not completely random
  • Do you need to have a meeting? Not necessarily
    • eg Agenda items
    • eg collaborative web page editing (Etherpad/UbuntuPad) with text chatting

What is a typical number people who can play nice?

  • Maybe 10?
  • Sometimes a few people dominate
  • Some people can't work like this; they have to take the document home
    • But some people think they want to take the document home and then are won over to collaborative meetings
  • Some people wreck everything and thus have to be limited to commenting

Grammar skills can be an issue. Can you assume good grammar?

  • As they type content you can follow behind and edit
  • It is most important for people to get their ideas out

This is similar to a writer's group

  • Comments should be constructive
  • This works best face to face (because criticism is hard)

People don't go into technical writing because you like creative writing

  • Clarity is important in both, however
  • Marc's group was reticent to use Google Docs at first, but they were won over
  • They found chat to be efficient while editing the document
  • He found the visual (Skype) harder

Marc worked on mumble for voice chat

  • It is low resource

Is face to face or messaging easier? It depends on the group.

How do you choose the right tool for the job?

It is easy to put bullet points into a document and then organize after

How do you come up with protocols for collaboration?

  • Marc's group was ad-hoc, but roles (leader, secretaries) tend to emerge
  • There is trust involved

LibreOffice uses a lot of wikis

  • Marc thinks they need WYSIWYG because the barrier to editing is too high
  • You don't get good content so people get frustrated and leave
  • The people LibreOffice is trying to support people who do not necessarily have good editing skills
  • Do people who learn office software learn good styles?
    • It does not matter. The ideas are important
  • What is the bridge between thoughts and markup?
    • Wikipedia is working on WYSIWYG tools
  • Is Wikimedia not receptive to this?
    • Drupal 8 has in-line editing now?

Should people have the right to NOT learn markup?

  • If you force people to learn then you raise the barrier to entry
  • That makes people elitist
  • If the barrier to entry was lower then more people would end up learning the system
  • Should people be forced to edit in Word?
    • Smart people have the ability to learn it


(Oh no! Markup!)

Marc doesn't like Mediawiki because it is hard to are able to edit it in his group.

  • People use all kinds of other tools
  • What about eating our own dogfood?
    • The initial documentation was not published in ODT
  • Should people be forced to edit in Word?
    • Smart people have the ability to learn it


Slack???
  • Everybody loves slack
  • Slack is the email killer?
    • Easier to search (with group chat?)
    • It is like a searchable newsgroup? mailing list?
  • Do you have to go to the site in order to get the content?
  • Conversations are collected chronologically so it is easier to go through them than on email chains


Gmail labels deduplicates messages into pointers to folders


How do you avoid the standards problem? Having yet another place to look for stuff.

Finding stuff on Etherpad and Ubuntupad is difficult unless you bookmark items with useful labels

It is impossible to search across Etherpad documents

Redmine can also be used for collaborative work

  • Less useful for collaborative work?
  • Ticketing assigns work to people : less good for volunteering
  • Closing abandoned tickets is difficult (and frustrating!)


Matching employers to job-seekers?

  • Use a dating site?
  • Donor management software?


progress.com : Database company

Moodle

  • Tim uses it
  • It has a learning curve

VPSes

  • DigitalOcean
  • CloudAtCost
  • Linode


Factors in collaboration
  • Concurrent or not?
  • Are you producing a document out of the tool or not?
  • Does the document need to be exported or not?



Sidetrack: community foundation for the arts
  • They are in every city?
  • This is different from CEI
  • The community foundation was giving CEI some money too


Back to: KWNPSA Meeting Notes



KWNPSA Meeting Notes for 2015-11-09



KWNPSA Meeting Notes for 2015-10-19




KWNPSA Meeting Notes for 2015-09-21




All About VoIP

Date
Monday, 17 August 2015
Event Announcement
http://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223550824/

What combination of VoIP and PSTN lines do you use? What problems does VoIP solve for you? What problems does it create?


The meeting on Monday, 17 August 2015 was All About VoIP.

Discussion Questions

  • What are you using?
  • What do you like about VoIP? What do you not like?
  • What providers do you use?
  • What works better with PSTN? With VoIP?
  • What are the pros and cons?

Arbitrary Comments

  • What can we do with Teksavvy?
  • Vonage vs ITSP? (Unlimitel, VoIP.ms) vs ISP (Teksavvy, Rogers) vs MagicJack
  • MagicJack is an ATA? You need internet
    • You can get a USB dongle as well (don't work under Linux)
    • It is reliable enough for faxing
    • $10 extra per year for a Canadian number
    • $50/year + tax ($70 for the device)
    • Berleine spends $32/year for a US number and service
    • Unlimited minutes
    • Call quality can suffer if the internet is busy
  • Magicjack and Vonage are in the same space
  • VoiP.ms and Unlimitel
    • $1/month for the DID, $1.50 for Emergency 911
    • Unlimited minutes
  • Magicjack and Vonage are in the same space
  • VoIP.ms: $1 + $1.50 for Emergency 911 + 1c/minute per calls
    • You can buy a home package for $3.50 per month
    • You can have subaccounts
    • You can have many calls running simultaneously
  • Fongo
    • Free phone number, free calls, free voicemail, pay to send texts
    • Freephoneline.ca is the same but for desktops
    • How far can you get on a wifi phone?
    • Sometimes quality is an issue
  • SIP phones
  • The Working Centre
    • One PSTN line + voip lines + Norstar systems
    • Use an ATA to convert VoIP.ms to analogue
    • This does not work perfectly all the time (eg long tones)
  • Brendan has tried to switch to all VoIP
    • How do you trunk calls between buildings that use different systems?
    • Idea: just map lines to phones so you can use Norstar handsets
    • How can you receive calls in multiple locations?
      • Voip.ms makes this easy
      • You can use follow-me settings in Asterisk
  • Faxing and virtual faxing
    • Doesn't work so well on VoIP
    • VoIP wants to break up packets, but faxes want a continuous
  • Cheapest SIP phone: Grandstream GXP1400 (similar: GXP1405)
  • Why VoIP?
    • Cost: $40 for a PSTN line. VoIP can be cheaper
    • Can use the same phone number for many calls
    • We trust everything that goes over the internet
    • Very configurable for free
  • Why not VoIP?
    • Depends on power to work. Don't have blackouts!
    • Can't run faxing (reliably), DSL modems
    • Can't use analog modems
    • Can be reliability problems
    • Security concerns
    • Should have quality of service to ensure good performance
    • Need upload bandwidth (16k-64kbps up per call depending on codec)
    • Rollovers can be an issue between POTS and VoIP, depending on provider
    • Costs more in terms of IT time
  • You can do voip via internet addresses
  • Older ADSL lines provide 700kbps up
  • Bell VDSL is broken? Fibernetics does it right?
  • Execulink is a provider that does PSTN rollovers right
  • Can you do anything more with commercial VoIP than with regular Bell?
    • Maybe. It depends on what the provider provides.
  • Hiding callerID : easy
  • Is this obsolete because of cellphones?
    • The numbers are different
    • Not as configurable
    • But your cellphone works in a blackout (modulo batteries)
  • You can't run your own cellphone service (in Canada)
    • Compare to radio, community cable
  • SIP clients for cellphones?
    • SIPSimple?
    • You can register to a local asterisk account
    • Ring groups on VoIP.ms
    • How can you make phones ring in certain locations only?
      • Put a sip client on their phones
      • Put Asterisk
  • What Asterisk systems can be configured by Thursday?
    • PBX in a Flash
    • Elastix
  • Cheap analog phones?

Acronym Fun

  • ADSL : Asymmetric Digital Subsriber Line - High-speed Internet over an analog phone line
  • ATA : Analog Telephone Adapter - Turns VoIP into PSTN lines.
  • DID : Direct Inward Dialing - A phone number
  • FXO : Foreign Exchange Office - Port that is on the phone. In asterisk, you use a port of this type when you want to integrate a PSTN line. Wikipedia:Fxo
  • FXS : Foreign Exchange Service - Provides a dialtone. This can be from the wall, or the ports on an ATA
  • Hunt groups: Choose which order phones will ring
  • ISP : Internet Service Provider
  • ITSP : Internet Telephony Service Provider - The company that provides VoIP service
  • MWI: Message Waiting Indicator - The light that shows when you have voicemail
  • PBX : Private Branch Exchange - the device that routes phone calls
  • PSTN/POTS : Public Switched Telephone Network / Plain Old Telephone Service - A "Real" phone line
  • QoS: Quality of Service - prefer sending packets to phones rather than Bittorrents
  • Rollovers: First call a POTS line, then call a VoIP line with a different provider
  • SIP : Session Initiation Protocol - VoIP protocol. There are others (eg IAX)
  • VDSL : Very High Speed Digital Subscriber Line - ADSL on steroids
  • VoIP : Voice over Internet Protocol - The trendy thing.
  • VoIP registration: What phone will ring when you make a call to the number?




Keeping Remote Sites Up To Date

Date
Monday, 13 July 2015 from 7:00pm to 9:00pm
Event Announcement
https://www.meetup.com/NetSquared-Kitchener-Waterloo/events/223189124/
Location
The Working Centre, 58 Queen Street South, Kitchener Map

This month we will be talking about how to deal with multiple locations within an organization. We will be discussing things like file sharing setups for more than one location, communications between locations, different router types for VPN and such, etc....

Multiple locations may mean more than one office building, or other situations like employees who work from home or other remote locations.


Meeting Notes

What kinds of remote sites do you need to support/connect?
  • Second location
    • public facing location at one site
  • People working remotely without having an office
What things do remote users need to do?
  • File sharing: spreadsheets, word documents, PDFs
  • Database use
What tools do you do to enable them?
  • Sharepoint site for sharing documents
    • Brendan uses an older version
  • Syncing files between file shares
  • Windows Server Remote App
    • Small Business Server and Essentials
  • Moving files to the cloud
    • hosted server
  • Syncing with dropbox
  • Office 365 transitions workflow to the cloud
  • VPNs
    • Complicated for users
    • SecurePoint client makes it easier
  • Cisco mobility to connect (forwards all traffic via the VPN?)
    • Local storage with encrypted storage
    • files are stored remotely
  • Windows BranchCache?
  • Bittorrent sync, Dropbox, Syncthing
  • Caching servers that sync overnight
  • Microsoft DFS Replication (don't bother!)
    • OneDrive for Business is still not working
  • OpenVPN over OpenWRT
  • Hamachi
  • SSH tunnelling for remote access
  • Remote support: SSH tunnelling, VNC, Fuse and SSHFS
  • ownCloud with WebDAV
    • ownCloud does not do symbolic links very well (OK on synchronized clients, not on WebUI or WebDAV mounts)
  • WebEx (free for first three clients)
  • http://www.remoteutilities.com/download/ : free for 10 clients
  • AWS cloud?
  • Using git for synchronization
What clouds are easy to set up?
  • ownCloud on VPSes or your own servers
What is painful?
  • Attaching remote files to local email
  • Syncing multimedia files (photos)
  • Downloading things from the VPN is slow
  • People want things to work without learning anything
  • Initially contact to a remote client: how do you get them setup?
    • join.me, bomgar, TeamViewer, screensharing with Skype (slow)
  • Users do not provide enough detail
  • Slow connections on the remote end
  • ADSL connections with slow uploads
  • Can we stop the cloud?
  • Synchronizing calendars
Troubleshooting mobile devices?
  • Remote support viewing on smartphones? WebEx, LogMeIn
Other considerations
  • syncing over DSL
  • online collaborative systems for sharing documents
  • newer versions of Sharepoint allow concurrent editing of documents
  • confidential/sensitive information being uploaded to The Cloud (tm)
    • But any computer that is online is on the Cloud
  • Storing medical information on the Cloud?
  • VPN routers?
    • They have VPN servers themselves (IPSec and PPTP)
    • How do they find the clients? They use a road warrior setup
  • German company: SoftMaker (word processor software)
ISPs

Back to: KWNPSA Meeting Notes




Keeping Computers Up To Date

Date
Monday, 8 June 2015 from 7:00pm to 9:00pm
Event Announcement 
Keeping Computers Up To Date/Meeting Announcement 2015-06-08
Location
The Working Centre, 58 Queen Street South, Kitchener Map

Updating Desktops

You thought it would never happen again, but we are in fact holding a second Nonprofit Sysadmin meeting this Monday, June 8. As we did introductions last month I tried to collect some themes as future discussion topics. Somewhat arbitrarily, I propose that Monday's meeting be about keeping systems (specifically desktops) up to date:

  • What tools do you use to keep desktops up to date? (Windows or Linux, or other)
  • What tools do you use for third party updates (Flash? Adobe Reader? Hateful Java?)
  • What tools do you use to monitor and ensure that updates are happening?
  • How do you prevent desktops from filling up with spyware and other nonsense?
  • For Windows people: what are you doing about the Windows 10 upgrade offer?

We will meet starting at 7pm at the main Working Centre building, 58 Queen Street South. Bill says that there is free parking kitty-corner from the Working Centre, on the other side of Charles.

If you know of interested sysadmins who might be interested in our conversation, please invite them to the meeting.

- Paul



Upcoming meeting topics

  • July: Administrating remote locations and people who work from home
  • August: All about VoIP


Here are the bullet-point notes I took from tonight's meeting. (Paul Nijjar)

Someone needs to remind the list about how to get information for logging into the wiki.

Meeting Notes

Updating Computers

Linux
  • Run apt-get manually
  • apticron: emails when there are updates
  • unattended-upgrades: does security updates automatically
  • apt-dater: run updates in parallel
  • rkhunter
  • chkrootkit
Windows
  • Download and ask to install
  • WSUS updates
  • Download updates and shut down
Third Party Updates
  • ninite.com
  • wpkg.org
  • chocolatey.org
  • wsusoffline.net
Restoring computers
  • DriveVaccine (SUCKS)
  • SteadyState (RIP)
  • SteadierState
  • Faronics DeepFreeze
  • Virtual terminal servers (Multipoint server)
  • Ubuntu with guest account
    • PlayOnLinux: install Wine easier
  • DelProf




Introductions And Planning

Date
Monday, 11 May 2015 from 7:00pm to 9:00pm
Event Announcement
Introductions And Planning/Meeting Announcement 2015-05-11
Location
The Working Centre, 58 Queen Street South, Kitchener Map

During the first meeting I figure we can introduce ourselves, work out the logistics, and introduce some of the things that are challenging us in our sysadmin work.

- Paul


  • There are no meeting notes for this session.




(KWNPSA Upcoming Events)
(KWNPSA Past Events)
(KWNPSA Meeting Notes on one page)
(KWNPSA Requested Topics)