The second time in much appreciated new location at Bunnik Postillion Hotel. This time I was prepared for the walk from the train station to the venue, I brought and used my folding bike. Like any NLUUG I attended the last years, right from the start I met a lot of ex-colleges and people I know in the IT business.
After a interesting working life, Bill (from "Firewalls and Internet Security" fame) now lives in the Mountains of the valley from his savings. He is now a mountain guy, overview the IT landscape. His mother, uses a PC, when Bill visits he has to clean her PC and make it useable again. Comparing Cars and IT not appropriate? Bill has come around. Knowing that IT is still in its childhood (I agree), one does not look at modern cars (this is where IT it will be in the future) but at the first cars. The first cars where complicated to drive due the many controls, but had an electronic starting engine. Using the swing was still possible but a hazard as it could rip our arm of, so use your hand you don't use for writing. Bill is convinced that in the end IT (and security) will become mature and when a computer literate visits his mother there is no needs to look a her PC, just talk about life, the universe and everything.
Jan-Piet gave an extensive overview of the central logging facilities of Logstash and Graylog2. Both solutions can use Elasticsearch as its backend. Logstash and/or Graylog2 will filter the incoming logs from different sources, into a log message with a timestamp that is the same for all logs and place it in elesticsearch. There is a way to (graphically) inspect the logs in Elasticsearch. For Logstash Kibana is the tool, for Graylog2 its Graylog2 web. Advantage of the last one is the authentication that can be arranged. Thanks to this presentation I want to try Logstash and/or Graylog2.
A bit addressed in its keynote Bill now goes deeper into the problem with passwords. The current constrains to create a password results in an difficult to remember but therefore not more difficult to crack, password. Bill suggests some alternatives of which some he can demo is his self written iPhone app. The entropy of 6 randomly chosen words (with spaces in between) i already very high. And when you take words that the dictionary of the IPhone already has, typo's in your password will be autocorrected, how cool. An other example is zooming in on a Mandelbrot figure to a specific location. It also generates a enough entropy but is maybe a bit hard to remember. Bill noted that this was maybe the first ever useful application of the Mandelbrot figure.
This annual member meeting of the NLUUG showed that the end of the current crisis in our economy is also noticeable in the results of the NLUUG: from going down it is now stabilizing like it should for a foundation.
Jeroen and Tom describe in this presentation the hurdles they had to take to use puppet for a number of DTAP (Development Test Acceptance Production) environments. They solved it inventing a "Meta Puppetmaster" and using the Hiera template engine, using an undocumented feature. This Meta Puppetmaster can create Puppetmasters that are the configuration tool for an DTAP environment. When Puppetlabs (the maintainer of Puppet) was asked about the designed solution the reactions was: "We wouldn't do it like that". When asked "How then" there was no answer.
SDN (Software Defined Networking) is a hot item now a days. Michael tried to make it clear that all tough virtualization is possible for systems, it is not possible for routing and switching. As someone employed by a hardware vendor this is the statement you get when your business is based on selling hardware and not solutions. The demo running on routers/switches in VirtualBox showed how it is possible to send TCP/IP packages to an other network with the same subnet using VxLAN (Virtual Extensible LAN). Sounds a bit like NAT, but it isn't, is a "overlay technology".
Docker is based on linux containers that are available since Kernel 3.1. For developers docker looks like a great tool, just install it, create your own environment and ship that environment as a whole to ops, who just needs to start it up and maintain the infrastructure around it. This all sounds very easy but as a ops person i'm still a bit afraid when dev starts doing the ops. To host the Docker containers a Linux server is needed, an issue on MAC and Windows OS, but linux of course can run in a virtual environment. To create such a server easily Steeve created boot2docker. This iso based on Damn Small Linux (DSL) can boot a fully functional docker-server on either a virtual or physical environment. Some hurdles had to be taken, DSL wasn't based on the 3.1 Kernel for example. After a few tries Steeve succeeded and now the boot2docker project has numerous contributors and the iso can be build using docker.
RIPE is the Dutch foundation assigning and maintaining the dutch IP space. One of their projects to monitor that space is RIPE Atlas. Based on probes (currently around 5000) and nodes (around 50). These (mini)systems can do monitor certain aspects of the IP space, like routes, ping times and DNS queries. All probes can be queried by RIPE and RIPE-members and are managed by RIPE, but can be placed by anyone, anywhere. If a non-member hosts a Probe or Node, one gets credits to query all the probes. The very cheap probes can be requested online. The part of this lecture about RIPE Stats (also available online) was a bit minimal due to time limits and the upcoming drinks.
During the breaks and the final drinks it was very nice to talk with a lot persons and find out what they are doing now a days. I even some of them for the first time, but I it's a smell world afterall, in the end the were "second degree". During the train trip back I applied for a RIPE Atlas probe online and remembered I must test the logging tools.