From josh at nitrotech.org Mon Nov 9 12:57:53 2015 From: josh at nitrotech.org (Joshua Hesketh) Date: Mon, 9 Nov 2015 12:57:53 +1100 Subject: [Announce] Job listings on linux.org.au Message-ID: <563FFDA1.8090204@nitrotech.org> Hey all, Just a friendly reminder that there is a separate mailing list for receiving job advertisements. We have had a number of jobs listed there recently, and want to make sure that anyone who is interested is aware of this channel. If you are interested in currently available jobs postings, or would like to be kept informed in future, consider signing up to the jobs mailing list. You can sign up here: http://lists.linux.org.au/mailman/listinfo/jobs and you can also find them listed on the website here: http://linux.org.au/jobs If you are currently hiring for a linux or open source related position, please visit http://linux.org.au/node/add/job-post and follow the instructions. Cheers, Linux Australia (with thanks to Tennessee Leeuwenburg for the draft email) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From nicholas.farrell at gmail.com Sun Nov 15 19:13:20 2015 From: nicholas.farrell at gmail.com (Nick Farrell) Date: Sun, 15 Nov 2015 19:13:20 +1100 Subject: [Announce] Call for Special Events @ PyCon AU 2016 Message-ID: PyCon Australia 2016 is being held in Melbourne from Friday August 12 to Tuesday August 16. The first day of the conference is the Specialist Day (previously called miniconfs). Email the organising committee at contact at pycon-au.org to register your interest as soon as possible, just let us know who you are and what you might be interested in running. We?ll then send you the information pack which contains more information on key questions and some helpful pointers for running the events. In previous years, special events associated with PyCon Australia have been organised by invitation of the main conference organising committee. This year, an open call will be issued so that any group wishing to organise a special event may apply (including to organisers of special events in previous years). The organising committee will then review and select the events to include in the PyCon Australia 2016 program. Special event organisers will then be brought on as an event organising team, working with the main organising committee and other special event organisers to put together a great community driven event. Examples of special events that could be included in the program: - Up to 4 specialist tracks (aka "miniconfs") for Friday's Specialist Day (e.g. DjangoCon AU, Python in Education seminar) - Workshops running in parallel with the sprints (e.g. DjangoGirls, Young Coders) - Associated events run independently, but take advantage of the presence of a large contingent of Pythonistas in Melbourne (e.g. Software Carpentry workshops) - Icebreaker events for Friday evening or social events during the sprints These events are all hailed as a major highlight by conference attendees and rely on community members coming forward to help organise them. It?s also our chance to help out these groups, as organisers can take advantage of the gathered forces of the Australian Python community without the full burden of organising a national event. This is our call to the community: please put up your hand and make yourself known. Schedule: Call for expressions of interest: 15 November - 20 December Shortlisting of submissions: 20 December 2015 - 15th January Finalising of shortlisted bids: 30 January 2015 Special event list finalised: 5 February 2015 In previous years, some special events have been organised late in the piece. This schedule is a nominal time-frame to encourage people to engage earlier, however the committee will consider late submissions if they will improve the conference. Early submissions will have priority for rooms and other support. -------------- next part -------------- An HTML attachment was scrubbed... URL: From president at linux.org.au Sun Nov 22 13:43:36 2015 From: president at linux.org.au (Joshua Hesketh) Date: Sun, 22 Nov 2015 13:43:36 +1100 Subject: [Announce] Linux Australia archived wiki data leak Message-ID: <56512BD8.2020500@linux.org.au> Dear Linux Australia Members, It is with regret that we write to inform you of a data leak from one of Linux Australia's servers. The incident has resulted in the release of a limited amount of personal information and this communication provides full disclosure of the nature of the leak and the actions undertaken by Linux Australia. We wish to be very clear from the outset that only a very small number of individuals have been affected by this in any way (See below). However, in accordance with our values of transparency and openness, we believe it is correct to share this with the wider community as a matter of best practice. Am I affected (tl;dr)? ====================== This data leak impacted Linux Australia's legacy wiki system, which was only used by a small number of current and non-current members (Approx 0.5%). We are contacting these members individually with specific details. If you are not contacted separately by a member of the Linux Australia Council regarding this data leak, you will not have had an account (or other info) on the archived wiki and the data leak will not affect you. Further Details: ================ In line with guidelines provided by the Office of the Australian Information Commissioner, specific information regarding the data leak, and the data which may have been disclosed, is outlined below. Whilst the nature of this leak is small and the majority of our members are not impacted, the Linux Australia council believe that making these issues public is the correct approach. Security is a continual journey and when issues are discovered, we believe transparency is critical in maintaining the trust of our membership. We encourage all organisations to be open and transparent when faced with similar incidents, no matter how trivial they may seem. What was the nature of the leak and how did the leak occur? ----------------------------------------------------------- The council maintained a wiki which contained both public and private information - pages such as conference HowTo's, council minutes and (limited) contact details. Some years ago (around 2011) the council moved to a new mediawiki system and archived the existing wiki on a separate site for historical reference. Within the last 6-12 months the archived wiki deployment was misconfigured and apache directory listings was enabled. Due to the nature of the wiki system used, this exposed all of the wiki data, both pages and system information. What type of personal information was disclosed? ------------------------------------------------ The council have meticulously combed through all data contained in the website in order to determine exactly what was made available. At a high level, all of the archived wiki data was exposed including, but not limited to: - All wiki pages, including protected ones. These were examined individually for potentially sensitive data. - Account information including email addresses and hashed passwords. Please note that the accounts are NOT the user IDs and passwords for the Linux Australia membership system or associated Conference/Event sites (eg linux.conf.au or PyConAU). This is limited only to those people who had logons to the wiki. How was the leak identified, investigated and validated? -------------------------------------------------------- The council was alerted to the data leak by a community member. Since the wiki was unused it went unnoticed for a period of time. Once alerted the admin-team and council immediately took the website offline. This removed access to the exposed data. From there an inspection of the data took place. What are the implications of the data leak and what should I do? ---------------------------------------------------------------- If you had an account on the wiki, your email address and hashed password may have been exposed. These accounts however were only created by a limited number of Linux Australia members and we are reaching out individually to people who are affected by this. If you are not contacted separately by us and don't specifically recall creating a wiki account, it is highly unlikely that you are impacted. How did Linux Australia respond to the leak? -------------------------------------------- The Admin Team immediately removed the website, including contents. Once the website was removed, the Council examined the data to identify each page of the archived wiki that may be deemed sensitive or reveal personal information. Was this related to the earlier linux.conf.au breach? ----------------------------------------------------- No. The events are entirely unrelated. Unfortunately this has been a tough and busy year for the council and admin-team. The archived wiki leak is partially the result of limited human resources we have helping maintain both the systems and content of our websites and services. If you would like to help out, please contact us (see below). What steps were taken to prevent the threat of a similar leak in the future? ------------------------------------------------------------------ The Linux Australia Council invites members to assist with the upkeep/maintenance of our webpages and the current wiki. We are a volunteer organisation and many hands do make for light work. The Linux Australia Council and Admin Team are currently reviewing or have completed the following: - Moved sensitive information into a secure password database. - Identified and started the shutdown of unused services such as our current wiki. - A review of our current websites is underway with the view to update, upgrade and/or deprecate unused features. - The identified exposed data has been taken offline - A Motion by JOSHUA HESKETH was passed unanimously during the Council Face-to-face meeting: "At least once per year the council will review all websites that contain sensitive information including how the data is being stored and secured. Following this, a determination will be made around whether the current methodology is still adequate or if processes need to be improved. All information that is no longer required will be deleted or moved into an offline archive." Who should I contact for more information? ------------------------------------------ Thank you for your patience, understanding and support. If you have any questions, concerns or wish to express interest in assisting us with the maintenance of our services, please do not hesitate to contact the Linux Australia Council at council at linux.org.au or if you would like speak in camera please contact the Secretary at secretary at linux.org.au [0]. Signed, The Linux Australia Council --- [0] Please note that this is an archived email address but steps will be taken to protect your privacy.