From web at polynate.net Thu Apr 4 11:25:06 2024 From: web at polynate.net (Nathan Bailey) Date: Thu, 4 Apr 2024 11:25:06 +1100 Subject: [Linux-aus] How could we get society to adequately fund free software developers In-Reply-To: <87il138hs4.fsf@linuxpenguins.xyz> References: <2fbfdafc-31f1-43df-be49-f6b0725bfb3e@aerusso.net> <61e2abfa-b041-4f8d-af9b-a7183cc653e1@gmail.com> <87wmpkgrma.fsf@hope.eyrie.org> <2629DB93-AC76-488E-A894-B59B15862522@2023.bluespice.org> <87il138hs4.fsf@linuxpenguins.xyz> Message-ID: In both examples (xz-utils and the event-stream example Brian points to below), there was a divergence between the tarball and github. Perhaps a github-based function should be developed to verify that the primary publishing destination of the packages tarball is a true representation of the github repository? (providing some kind of green tick on GitHub that the referenced tarball (presumably on another site) is legitimate) -N On Sun, 31 Mar 2024 at 09:41, Brian May via linux-aus < linux-aus at lists.linux.org.au> wrote: > An?bal Monsalve Salazar via luv-main writes: > > > How could we get society to adequately fund free software developers to > > avoid this type of security threat? > > > > At this time, the consequences of this injection of malicious code into > > xz-utils are not yet known with certainty. > > On one had, free software developers do need to be funded. Especially if > people are using and relying on their software. > > https://xkcd.com/2347/ > > On the other hand, it is perfectly normal part of OSS for one maintainer > to pass the reins on to another developer. I have seen it happen > numerous times (as orginal developer, as new developer, and as > user). And I am the maintainer of a number of projects that I only > barely keep up with. > > This requires the new users trust the new maintainer. But I imagine in > many cases users aren't even aware that there is a new maintainer. > > Even if you trust the new maintainer, do you also trust their security > practises? There was at least one case where malware was found due to a > hacked account. > > > https://therecord.media/malware-found-in-npm-package-with-millions-of-weekly-downloads > > Most of the time none of is a news worthy story however. Either The new > maintainers do a good job of contining the project. Or the circumstances > change and the new maintainers end up in the exact same situation as the > old maintainer. I have seen both sitations happen. > > This story reminds me of an npm package. The maintainer passed on the > job to a new maintainer as they were no longer interested in maintaining > the package. The new maintainer added a dependancy on another package > which had back door code. Or something like that. Oh, think I found it: > > > https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 > > Then again for another example, have a look at redis. Seems they managed > to alienate the entire community with one PR > (https://github.com/redis/redis/pull/13157). As a result there are a > number of forks, such as keydb. How do we know we can trust the new > maintainers? It probably is going to be OK, right? But is anybody > checking the commits they make? > > It also makes me a bit uncomfortable with how shared libraries work. The > recent attack demonstrates that a shared library can compromise a > completely unrelated binary. It is a bit unfair to blame systemd here, > it could be a NSS or PAM module that pulls in the compromised > library. Makes me think maybe we need better isolation - but not sure > how you would do this or if it is feasible. > -- > Brian May @ Linux Penguins > _______________________________________________ > linux-aus mailing list > linux-aus at lists.linux.org.au > http://lists.linux.org.au/mailman/listinfo/linux-aus > > To unsubscribe from this list, send a blank email to > linux-aus-unsubscribe at lists.linux.org.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From sflees at suse.de Thu Apr 4 14:40:17 2024 From: sflees at suse.de (Simon Lees) Date: Thu, 4 Apr 2024 14:10:17 +1030 Subject: [Linux-aus] How could we get society to adequately fund free software developers In-Reply-To: References: <2fbfdafc-31f1-43df-be49-f6b0725bfb3e@aerusso.net> <61e2abfa-b041-4f8d-af9b-a7183cc653e1@gmail.com> <87wmpkgrma.fsf@hope.eyrie.org> <2629DB93-AC76-488E-A894-B59B15862522@2023.bluespice.org> <87il138hs4.fsf@linuxpenguins.xyz> Message-ID: <1c565eb0-e5b7-4a3f-88da-2f02e2d9644d@suse.de> On 4/4/24 10:55 AM, Nathan Bailey via linux-aus wrote: > In both examples (xz-utils and the event-stream example Brian points to > below), there was a divergence between the tarball and github. > > Perhaps a github-based function should be developed to verify that the > primary publishing destination of the packages tarball is a true > representation of the github repository? > (providing some kind of green tick on GitHub that the referenced tarball > (presumably?on another site) is legitimate) > -N With both Github and Gitlab it is possible to create releases from artifacts created as part of pipelines / actions. When using this for a release process it would be much harder for this kind of attack to happen. Although both still allow manual uploads and there doesn't seem to be a good indication of what is manual vs auto generated. Github by default also uses a different naming and compression format to what most open source upstreams expect so changing this would also make it easier for more projects to adopt. Ie the current github format is just v2.7.1.tar.gz based off the tag name where as historically most upstreams will use project-name-2.7.1.tar.xz -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From brian at linuxpenguins.xyz Thu Apr 4 16:59:49 2024 From: brian at linuxpenguins.xyz (Brian May) Date: Thu, 04 Apr 2024 16:59:49 +1100 Subject: [Linux-aus] How could we get society to adequately fund free software developers In-Reply-To: <1c565eb0-e5b7-4a3f-88da-2f02e2d9644d@suse.de> References: <2fbfdafc-31f1-43df-be49-f6b0725bfb3e@aerusso.net> <61e2abfa-b041-4f8d-af9b-a7183cc653e1@gmail.com> <87wmpkgrma.fsf@hope.eyrie.org> <2629DB93-AC76-488E-A894-B59B15862522@2023.bluespice.org> <87il138hs4.fsf@linuxpenguins.xyz> <1c565eb0-e5b7-4a3f-88da-2f02e2d9644d@suse.de> Message-ID: <878r1t7jmy.fsf@linuxpenguins.xyz> Simon Lees via linux-aus writes: > With both Github and Gitlab it is possible to create releases from > artifacts created as part of pipelines / actions. When using this for a > release process it would be much harder for this kind of attack to > happen. Although both still allow manual uploads and there doesn't seem > to be a good indication of what is manual vs auto generated. The attacker could potentially modify the pipelines / actions to include mallacious code in the released archive. Not sure how easy it would be to obscure this, but after seeing the XZ attack, I think anything could be possible here. Even if the source code release is OK, what about prebuilt binaries? Reproducible builds here could help a little. But not if the build steps add the mallacious code every time. Typically upstream tar balls to have legitimate changes from git, such as autogenerated autotools files for example. Which in turn could be hiding mallacious code. Maybe we need to move to using git code and archives autogenerated by trusted entity (e.g. github) more and more. Even if this means user's need to build the autotools files themselves. -- Brian May @ Linux Penguins From sflees at suse.de Thu Apr 4 17:26:03 2024 From: sflees at suse.de (Simon Lees) Date: Thu, 4 Apr 2024 16:56:03 +1030 Subject: [Linux-aus] How could we get society to adequately fund free software developers In-Reply-To: <878r1t7jmy.fsf@linuxpenguins.xyz> References: <2fbfdafc-31f1-43df-be49-f6b0725bfb3e@aerusso.net> <61e2abfa-b041-4f8d-af9b-a7183cc653e1@gmail.com> <87wmpkgrma.fsf@hope.eyrie.org> <2629DB93-AC76-488E-A894-B59B15862522@2023.bluespice.org> <87il138hs4.fsf@linuxpenguins.xyz> <1c565eb0-e5b7-4a3f-88da-2f02e2d9644d@suse.de> <878r1t7jmy.fsf@linuxpenguins.xyz> Message-ID: On 4/4/24 4:29 PM, Brian May wrote: > Simon Lees via linux-aus writes: > >> With both Github and Gitlab it is possible to create releases from >> artifacts created as part of pipelines / actions. When using this for a >> release process it would be much harder for this kind of attack to >> happen. Although both still allow manual uploads and there doesn't seem >> to be a good indication of what is manual vs auto generated. > > The attacker could potentially modify the pipelines / actions to include > mallacious code in the released archive. Not sure how easy it would be > to obscure this, but after seeing the XZ attack, I think anything could > be possible here. They could, but generally these modifications are also committed to the git repository which means for any project with multiple active contributors hopefully such changes would get reviewed. For smaller projects with only one main author this is always going to be a risk that's hard to mitigate. > Even if the source code release is OK, what about prebuilt binaries? > Reproducible builds here could help a little. But not if the build steps > add the mallacious code every time. Again at the upstream level all these files should be committed to the git repo so if changes are being made here they should be reviewed the same as any other source code. At a distro level for openSUSE atleast we have an enforced policy of atleast someone reviewing all changes to spec files and patches, we also have ways of verifying the tarball that the packager uploads matches the one from upstream. > Typically upstream tar balls to have legitimate changes from git, such > as autogenerated autotools files for example. Which in turn could be > hiding mallacious code. Maybe we need to move to using git code and > archives autogenerated by trusted entity (e.g. github) more and > more. Even if this means user's need to build the autotools files > themselves. It is possible to do these steps for autotools using pipelines / actions and then use the resulting artifacts in a github release. Obviously this is atleast some amount of effort that someone probably needs to learn which is why many projects don't have this setup. Maybe an upside of this will be that more projects adopt such an approach or that several people who know how to set this up go through and send pull requests to add it to a large number of projects. Such an approach will still have the potential for issues but hopefully it means that tarballs match whats in git and people will have the chance to pick up malicious changes in reviews in the same way they currently do for code. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From brian at linuxpenguins.xyz Fri Apr 5 09:11:04 2024 From: brian at linuxpenguins.xyz (Brian May) Date: Fri, 05 Apr 2024 09:11:04 +1100 Subject: [Linux-aus] How could we get society to adequately fund free software developers In-Reply-To: <87il138hs4.fsf@linuxpenguins.xyz> References: <2fbfdafc-31f1-43df-be49-f6b0725bfb3e@aerusso.net> <61e2abfa-b041-4f8d-af9b-a7183cc653e1@gmail.com> <87wmpkgrma.fsf@hope.eyrie.org> <2629DB93-AC76-488E-A894-B59B15862522@2023.bluespice.org> <87il138hs4.fsf@linuxpenguins.xyz> Message-ID: <87y19s6ao7.fsf@linuxpenguins.xyz> Brian May via luv-main writes: > This story reminds me of an npm package. The maintainer passed on the > job to a new maintainer as they were no longer interested in maintaining > the package. The new maintainer added a dependancy on another package > which had back door code. Or something like that. Oh, think I found it: > > https://medium.com/intrinsic-blog/compromised-npm-package-event-stream-d47d08605502 Now another example: https://www.securityweek.com/xz-utils-backdoor-attack-brings-another-similar-incident-to-light/ Sure, maybe this was on honest mistake, but it does seem very suspicious. https://social.librem.one/@eighthave/112194828562355097 https://gitlab.com/fdroid/fdroidclient/-/merge_requests/889 -- Brian May @ Linux Penguins From xrobau at gmail.com Sat Apr 6 08:55:46 2024 From: xrobau at gmail.com (Rob Thomas) Date: Sat, 6 Apr 2024 07:55:46 +1000 Subject: [Linux-aus] Everything Open 2024, IT'S HAPPENING! Message-ID: Hi! I'm Troy McClure... Uh, I mean xrobau (or Rob), and you may remember me from such things as 'Honest' Rob's Used Car (and VoIP) Emporium at EO2023, or 'Why am I being given a phone number just because I'm at LCA?' Well, for those that don't know, my bluff was called, and I'm running Everything Open up here in Gladstone in about ... 10 days from now. https://2024.everythingopen.au/ For those that are thinking of physically attending, NOW IS THE TIME TO GET YOUR TICKETS! For those that are paying for their own flights, we have a subsidised shuttle to get you up here to Gladstone - all you need to do is get to Brisbane, and we'll get you up here and back (make sure you select that when purchasing a ticket!) APNIC have also spotted the fantastic opportunity to help out regional QLD, and are running RPKI and IPv6 courses on the Monday and Friday before and after EO2024. These courses are *free* for EO Delegates (but you don't need to be an EO delegate to attend, you can just do the courses on Monday and Friday if you're nearby!) However, if you can't make it in person, we understand, which is why we're offering an Online-only ticket, which will be ALMOST as good as being here, without having to actually travel. These are pretty much at-cost, and are quite limited, so if you're interested, PLEASE register now. We only have a limited number of remote slots, and it's going to be first in, best dressed. (I'm not sure if APNIC are planning on offering remote/online tickets to their courses - I suspect they are, but please ask them, that's nothing to do with us!) We have an amazing list of talks and keynotes from some amazing people such as Geoff Houston (AM), Jana Dekanovska, and Professor Aaron Quigley. Please see their, and everyone else's, talks on https://2024.everythingopen.au Moving on, now all the serious stuff is over, I'm sure no one AT ALL is surprised that I have a bunch of NON serious stuff planned, that I hope everyone will have fun with. Most of it is only going to be relevant to people who managed to make it here, but one thing that we had a great time with previously was 'LCA Plays Pokemon'. Last time, that was done through our internal LCA phone system, but THIS time I'm hoping we can do it through the web, but *only* EO Delegates will be able to send commands. Everyone else will only be able to watch via Twitch/YouTube/something. I should warn you that I haven't even STARTED to set this up, because it's a bit more important that I do actual critical stuff to run the conference, but I feel pretty confident that I'll have some time to get that up and running (I suspect it may be done through a bot account on Mastodon.au, so make sure you have fediverse account somewhere!) Finally, we also have a Matrix Room - feel free to join it at https://app.element.io/#/room/#everythingopen:matrix.org For REAL and SERIOUS announcements, we're putting them up on a couple of places, https://fosstodon.org/@everythingopen and https://www.facebook.com/EverythingOpenConference as well as LinkedIn at https://www.linkedin.com/showcase/everythingopen/ and I strongly suggest you follow all of them. For extremely unreliable, non-serious announcements and quite probably a large amount of whinging and complaining, you will find me at https://facebook.com/xrobau and https://mastodon.au/@xrobau (I am also the sucker that RUNS mastodon.au, so if you're not on the Fediverse already, feel free to sign up there) where everyone will be able to watch me have a quiet (or possibly not so quiet?) meltdown over the next week as the conference gets closer and closer! I hope to see you all here, either physically or not! --Rob Thomas Conference Lead, Everything Open 2024, Gladstone, Australia From laura.steynes72 at gmail.com Sat Apr 6 21:46:08 2024 From: laura.steynes72 at gmail.com (Laura Steynes) Date: Sat, 6 Apr 2024 20:46:08 +1000 Subject: [Linux-aus] cancelling membership of Linux Australia; NLA losing bookmarks when they migrated to FOLIO In-Reply-To: <2816421.XrmoMso0CX@xev> References: <3084842.ktpJ11cQ8Q@xev> <2816421.XrmoMso0CX@xev> Message-ID: Bit late to this conversation however I was enjoying my European vacation. On Thu, Feb 29, 2024 at 10:29?PM Russell Coker via linux-aus < linux-aus at lists.linux.org.au> wrote: > > You had a disagreement with one person who is involved with running Linux > Australia. It's probably the case that I havd had a more serious > disagreement > with the majority of members of the LA Council at one time or another. It > doesn't make me want to leave LA. I will remain here to correct them the > next > time they are wrong! ;) > Unless they mark your cards, put you in the naughty corner for few months but leave you there indefinitely ignoring you hoping you'll eventually go away like it is alleged members of council did to that guy last year, I remember reading the blog at bit.ly/4aGmr56 and LA's list archives at Christmas. Regarding LA membership. When a company charges monthly fees and is unable > to > process unsubscribe requests before a billing period that's a big > problem. > If you resign from a real association, it must be in writing, I'd agree expecting someone to email council to leave is fair and reasonable, as it is for council to action that request within a reasonable amount of time. -------------- next part -------------- An HTML attachment was scrubbed... URL: From laura.steynes72 at gmail.com Sat Apr 6 21:50:14 2024 From: laura.steynes72 at gmail.com (Laura Steynes) Date: Sat, 6 Apr 2024 20:50:14 +1000 Subject: [Linux-aus] cancelling membership of Linux Australia In-Reply-To: References: <3084842.ktpJ11cQ8Q@xev> Message-ID: > > > Why is this a problem? They don't bill you for it. > People have a right to remove themselves if they wish to, it comes down to privacy, also, will avoid having the list learned as spam, and prevents inflating member numbers, ask Donal Trump about that :P -------------- next part -------------- An HTML attachment was scrubbed... URL: From russell at coker.com.au Sat Apr 6 21:55:28 2024 From: russell at coker.com.au (Russell Coker) Date: Sat, 06 Apr 2024 21:55:28 +1100 Subject: [Linux-aus] cancelling membership of Linux Australia In-Reply-To: References: Message-ID: <9314304.rMLUfLXkoz@cupcakke> On Saturday, 6 April 2024 21:50:14 AEDT Laura Steynes wrote: > > Why is this a problem? They don't bill you for it. > > People have a right to remove themselves if they wish to, it comes down to > privacy, also, will avoid having the list learned as spam, and prevents > inflating member numbers, ask Donal Trump about that :P You can unsubscribe from the lists at any time independently of resigning from the organisation. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From cherie at openmedia.co.nz Mon Apr 8 18:55:59 2024 From: cherie at openmedia.co.nz (Cherie Ellis) Date: Mon, 8 Apr 2024 20:55:59 +1200 Subject: [Linux-aus] Fwd: Linux Australia and the link to New Zealand In-Reply-To: References: <9a1f253e-04a8-4b45-89fc-8547da625c93@kathyreid.id.au>

Message-ID: I think that this is a decision for the New Zealand members to make, and not for anyone else to decide what to call our country. I would like to initiate a discussion?with?the intent to deliver a resolution to the LA council to use a title that is acceptable to all of us Kiwis. Cherie Ellis ---------- Forwarded message --------- From: *Kathy Reid via linux-aus* Date: Mon, 8 Jan 2024, 18:00 Subject: Re: [Linux-aus] Linux Australia and the link to New Zealand To: In the spirit of inclusivity, I would like to advocate for us referring to the country in question as Aotearoa New Zealand in recognition of both decolonial efforts and M?ori heritage. Ng? mihi, Kathy Reid On 8/1/24 15:52, Mark Foster via linux-aus wrote: > > Having had a look at the Annual Report... a question... > > I realise it's "Linux Australia" but it would be lovely to see some > language in the LA 'official pubs' that references, and is thus > inclusive of, New Zealand. > > The recent news involving NZPUG and the fact that several LCA events > have been held in New Zealand over the years only proves my point, to > be honest. > > If Linux Australia does not, overtly, seek to 'aim to represent and > assist the groups and individuals who make up the Free Software and > Open Source communities in Australia' /and New Zealand/ (refer: "Our > Values" section of the annual report) then I wonder why this is the > case, and whether LA needs to be more explicitly inclusive of New Zealand. > > Sincerely, a New Zealand member of Linux Australia :-) > > > _______________________________________________ > linux-aus mailing list > linux-aus at lists.linux.org.au > http://lists.linux.org.au/mailman/listinfo/linux-aus > > To unsubscribe from this list, send a blank email to > linux-aus-unsubscribe at lists.linux.org.au _______________________________________________ linux-aus mailing list linux-aus at lists.linux.org.au http://lists.linux.org.au/mailman/listinfo/linux-aus To unsubscribe from this list, send a blank email to linux-aus-unsubscribe at lists.linux.org.au -- Cherie Ellis OpenMedia Limited 021 293 9746 -------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From jackson.lyndsey at gmail.com Sun Apr 14 07:39:04 2024 From: jackson.lyndsey at gmail.com (Lyndsey Jackson) Date: Sun, 14 Apr 2024 07:09:04 +0930 Subject: [Linux-aus] Request/suggestion: Open source drone BoF at Everything Open Message-ID: Hi - we tried hard to be able to make it to lovely Gladstone, Qld, but time, finances, and opportunity look like they got away from us. I have been doing years of work of work (yes it takes that long) locally to get some very small towns (5,000 people) supportive of drones. I have a concept for a drone art holiday program. I was really hoping to talk Open Source drones and find people that might be interested in hardware and Skybrush, also GIS/mapping. So if there are people interested in this too, and you can, could you have a BoF and let me chat too? I could come in using Big Blue Button etc. I am also pursuing an opportunity in agtech in India. This is agtech and GIS and open source/knowledge. Thanks, Lyndsey -------------- next part -------------- An HTML attachment was scrubbed... URL: From dap at zepherin.com Mon Apr 15 16:48:43 2024 From: dap at zepherin.com (dap at zepherin.com) Date: Mon, 15 Apr 2024 06:48:43 +0000 Subject: [Linux-aus] LCA2022 SwagBadge In-Reply-To: References: Message-ID: Still waiting for my LCA2022 SwagBadge. Are they ever going to be delivered? Who do I have to ask for a refund? Sent with Proton Mail secure email. On Tuesday, May 17th, 2022 at 22:02, permezel wrote: > I paid for the LCA2022 SwagBadge? from last conference. > All I got was an email saying it would not be ready in time for the conference. > Attempts to follow up with various parties has resulted in nothing. > > Anyone know whats up? > Did it ever get built? > Did it ever get delivered? > > > Sent with ProtonMail secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: publickey - dap at zepherin.com - 0x2DD13951.asc Type: application/pgp-keys Size: 645 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: From linux-aus at ewen.mcneill.gen.nz Fri Apr 19 14:34:05 2024 From: linux-aus at ewen.mcneill.gen.nz (Ewen McNeill) Date: Fri, 19 Apr 2024 16:34:05 +1200 Subject: [Linux-aus] LCA2022 SwagBadge In-Reply-To: References:

Message-ID: On 2024-04-15 18:48, Damon Permezel via linux-aus wrote: > Still waiting for my LCA2022 SwagBadge. > Are they ever going to be delivered? > > Who do I have to ask for a refund? My understanding[0] is that most of the 2022 SwagBadges were handed at in person at the "before Everything Open, separate" Hardware Miniconf in Melbourne in 2023. Which obviously only worked for people who actually got to that pre-EO2023 in person event. I believe that Linux Australia collected (and held) the money for the SwagBadges in 2022, until the hardware was finished/delivered (which for various reasons didn't happen until 2023). So I'd suggest contacting the Linux Australia council directly to ask about a refund (or to get them to chase up the LCA2022 Hardware Miniconf people to post out the 2022 SwagBadges that didn't get handed out in person a year ago). My guess is that Linux Australia probably still has your money held in trust. Ewen [0] as someone who tried to order one in 2022, and had the order cancelled because I was "too remote and it wouldn't get to me in time" :-) From russell at coker.com.au Thu Apr 25 21:44:59 2024 From: russell at coker.com.au (Russell Coker) Date: Thu, 25 Apr 2024 21:44:59 +1000 Subject: [Linux-aus] Meeting this Saturday Message-ID: <47924500.XUcTiDjVJD@xev> https://flounder.linux.org.au/events/flounder-apr-2024-eo/ April Everything Open retrospective. A day of discussing new things from Everything Open and Yifei giving a possibly condensed version of the lecture he gave. Meeting will be at http://b.coker.com.au. No need to register just click on the link on the day. Meeting officially opens at 1pm Melbourne time (03:00UTC) on the 27th of Apr. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From russell at coker.com.au Sun Apr 28 21:22:26 2024 From: russell at coker.com.au (Russell Coker) Date: Sun, 28 Apr 2024 21:22:26 +1000 Subject: [Linux-aus] building the community Message-ID: <10458432.nUPlyArG6x@xev> https://fosdem.org/2024/schedule/event/fosdem-2024-2776-building-an-open-source-community-one-friend-at-a-time/ I think this talk has some useful ideas. We need to increase the number of active members in the Australian FOSS community. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From kathy at kathyreid.id.au Sun Apr 28 21:56:35 2024 From: kathy at kathyreid.id.au (Kathy Reid) Date: Sun, 28 Apr 2024 21:56:35 +1000 Subject: [Linux-aus] building the community In-Reply-To: <10458432.nUPlyArG6x@xev> References: <10458432.nUPlyArG6x@xev> Message-ID: <2c9ad9e7-c250-43bc-9b8c-3441d31e56c5@kathyreid.id.au> Hi Russell, Thanks for sharing this. What specific tasks / projects / activities are you proposing to take the ideas into actions, and what resourcing do they require? Regards, Kathy Reid On 28/4/24 21:22, Russell Coker via linux-aus wrote: > https://fosdem.org/2024/schedule/event/fosdem-2024-2776-building-an-open-source-community-one-friend-at-a-time/ > > I think this talk has some useful ideas. We need to increase the number of > active members in the Australian FOSS community. > From jonhall80 at comcast.net Mon Apr 29 05:00:56 2024 From: jonhall80 at comcast.net (jon.maddog.hall@gmail.com) Date: Sun, 28 Apr 2024 15:00:56 -0400 (EDT) Subject: [Linux-aus] building the community In-Reply-To: <10458432.nUPlyArG6x@xev> References: <10458432.nUPlyArG6x@xev> Message-ID: <1006582679.2328239.1714330856808@connect.xfinity.com> A good video. One thing I typically say during a conference is to challenge people attending my talk to "Bring two windows users next year". People laugh at this, but I am serious. Remember the story of invention of the chess board. One grain of rice on the first square, two on the second, four on the third....and by the time you get to the 64th square there are more grains of rice than in the entire world. If all the people in FOSS today "brought two windows people" and they each brought two more windows people by the end of 10 years we would have world domination. Now that I am not traveling as much I am re-starting our local user group. I always included these parts of the meeting: o welcome and agenda o Newbie talk (one hour) o Mingle time (along with questions on first talk) o Advanced talk o Questions and migrate to local watering hole The meetings always started long enough after work that people could get there, but ended early enough (other than the watering hole) that people could get home. I ran it for ten years (1995 to 2005) but traveling made continuing that post impractical. Unfortunately the people that followed did not keep it up. Now the technology has changed and the new user's group will be hybrid, with a live stream being saved on disk drives a million of time larger than the 10 MB Winchester drive on my first Unix workstation.....and only half as expensive. The connection to my ISP is about 20000000 times faster than the 110 bps that I used to have. It is really hard to type fast enough to make use of that extra capacity. So we will be able to put the live stream online for people who miss the live meeting or people that join later. So remember, you need to bring two windows users to your next meeting. You do not have to whip them...just a cattle prod might be enough. md > On 04/28/2024 7:22 AM EDT Russell Coker via linux-aus wrote: > > > https://fosdem.org/2024/schedule/event/fosdem-2024-2776-building-an-open-source-community-one-friend-at-a-time/ > > I think this talk has some useful ideas. We need to increase the number of > active members in the Australian FOSS community. > > -- > My Main Blog http://etbe.coker.com.au/ > My Documents Blog http://doc.coker.com.au/ > > _______________________________________________ > linux-aus mailing list > linux-aus at lists.linux.org.au > http://lists.linux.org.au/mailman/listinfo/linux-aus > > To unsubscribe from this list, send a blank email to > linux-aus-unsubscribe at lists.linux.org.au From russell at coker.com.au Mon Apr 29 07:32:41 2024 From: russell at coker.com.au (Russell Coker) Date: Mon, 29 Apr 2024 07:32:41 +1000 Subject: [Linux-aus] building the community In-Reply-To: <2c9ad9e7-c250-43bc-9b8c-3441d31e56c5@kathyreid.id.au> References: <10458432.nUPlyArG6x@xev> <2c9ad9e7-c250-43bc-9b8c-3441d31e56c5@kathyreid.id.au> Message-ID: <4544468.8F6SAcFxjW@cupcakke> On Sunday, 28 April 2024 21:56:35 AEST Kathy Reid via linux-aus wrote: > What specific tasks / projects / activities are you proposing to take > the ideas into actions, and what resourcing do they require? The first most obvious step is for everyone to think of people they associate with who might be interested and inviting them. For what might be organised at a more formal level I'm not sure, I was hoping for people here to provide some good ideas. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From clinton.roy at gmail.com Mon Apr 29 08:58:42 2024 From: clinton.roy at gmail.com (Clinton Roy) Date: Mon, 29 Apr 2024 08:58:42 +1000 Subject: [Linux-aus] Australian Synchrotron Open Day 2024 Message-ID: Hello all, I'm just getting back to reading my work mail today. I did field a question on this during my talk, so I thought I would follow up here. This year's Australian Synchrotron Open Day is happening on the 13th October this year. Things change every open day, but essentially this is a free/low cost day to come and inspect the synchrotron. There will be a range of tours available, the most in depth ones will need to be booked early. I will follow up when more public details are available. -------------- next part -------------- An HTML attachment was scrubbed... URL: From svetlana at members.fsf.org Mon Apr 29 14:08:18 2024 From: svetlana at members.fsf.org (Svetlana Tkachenko) Date: Mon, 29 Apr 2024 14:08:18 +1000 Subject: [Linux-aus] building the community In-Reply-To: <4544468.8F6SAcFxjW@cupcakke> References: <10458432.nUPlyArG6x@xev> <2c9ad9e7-c250-43bc-9b8c-3441d31e56c5@kathyreid.id.au> <4544468.8F6SAcFxjW@cupcakke> Message-ID: <9ec09222-abb6-4f9e-9d9d-06337fa9ea2f@app.fastmail.com> > The first most obvious step is for everyone to think of people they associate > with who might be interested and inviting them. Inviting them to what? To the mailing list? Not everyone is comfortable with mailing lists. Some people prefer IRC, XMPP, Matrix, etc. This starting information could be good to know. From russell at coker.com.au Mon Apr 29 17:34:19 2024 From: russell at coker.com.au (Russell Coker) Date: Mon, 29 Apr 2024 17:34:19 +1000 Subject: [Linux-aus] building the community In-Reply-To: <9ec09222-abb6-4f9e-9d9d-06337fa9ea2f@app.fastmail.com> References: <10458432.nUPlyArG6x@xev> <4544468.8F6SAcFxjW@cupcakke> <9ec09222-abb6-4f9e-9d9d-06337fa9ea2f@app.fastmail.com> Message-ID: <2744306.mvXUDI8C0e@xev> On Monday, 29 April 2024 14:08:18 AEST Svetlana Tkachenko via linux-aus wrote: > > The first most obvious step is for everyone to think of people they > > associate with who might be interested and inviting them. > > Inviting them to what? To the mailing list? Not everyone is comfortable with > mailing lists. Some people prefer IRC, XMPP, Matrix, etc. This starting > information could be good to know. __ To whatever FOSS events/resources you think they would most enjoy. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/