Message parsing and community building: All Things Open 2016

Last week I visited All Things Open, one of the largest open source conferences of the US East Coast. The venue was the monumental building of the Raleigh Convention Center, just two blocks from Red Hat’s headquarters. I was presenting syslog-ng in the Operations track of the conference, but luckily I had a chance to stay for the full two days of the event.

There were over 2400 visitors at the conference, so registration and check-in already started the day before. Those who leveraged this opportunity could not just avoid the crowd next morning, but also receive a nice t-shirt together with the conference badge:

balabit_at_ATO_2016

The conference started with four short, but very good opening keynotes. The first one was given by Jim Whitehurst, CEO of Red Hat. My actual favorite was given by Mark Hinkle from the Linux Foundation, who compared open source development to punk rock. This is very much in line with my own experience: 22 years ago I could count the number of friends using Linux on the fingers of a single hand and we were considered lunatics. We did not change much, but everything we do is now mainstream and popular. 🙂 Neha Narkhede, CTO of Confluent talked about Kafka and the importance of real-time in her presentation. Kafka is already supported as a destination in syslog-ng, and a Google Summer of Code student created a Kafka source as well, which is waiting for integration.

My presentation about scaling syslog-ng started right after the opening keynotes. It was in the Operations track in a fully packed room. As usual, I gave a quick introduction to syslog and the basic roles of syslog-ng. Next, I talked about message parsing possibilities in syslog-ng. At the end, I described a few scenarios, how syslog-ng can be scaled, and how it can be used to optimize SIEM and log analysis systems. There was a very busy QA session after my talk and there were many interesting questions and feedback during the break as well.

I talked a lot about message parsing with PatternDB and why it is better than using regular expressions. Soon after my talk, Jamie Jennings from IBM presented the Rosie Pattern Language. It is partially based on regular expressions, but is easier to write in and works a lot more efficiently. It is used by IBM to parse log messages generated by its cloud infrastructure. It is on my to-do list to take a close look at it and see if it can be combined with syslog-ng for logs which are not yet covered by one of the available parsers.

Recent social media channels have been full of posts and articles about IoT-related security problems. Luckily, there is a fun side of IoT as well, which was presented by Dan Thyer, CTO of Logical Advantage. Scaring friends at Halloween with the help of a remotely controlled flamethrower, feeding pets, home automation – you can do all of these using the latest gadgets, cloud applications and of course, open source software.

With the last talk I attended on day 1, I switched from technical topics to community topics. It was about writing about open source topics for technical and non-technical audiences, and was given by Rikki Endsley, the editor and community manager at opensource.com. Most of Stephen King’s books are not for me, but I should definitely read “On Writing: A Memoir of the Craft” based on quotes she shared with us during her talk.

On day 2, I mostly attended community-related talks. The first one was given by Jono Bacon, who was previously community manager of Ubuntu, GitHub and other interesting sites. He talked about how to build successful communities by lowering the barriers of entry, and by being open. Brandon Mathis of Smashing Boxes and Laura Hilliger of Greenpeace also covered these topics, drawing on their personal experience. I hope to utilize in my work what I learned here.

There were many good keynote talks also on the second day, too. I’ve spent over 20 years working with with servers and the web, and it was good to see some of the early history recalled in different presentations. Mitchell Hashimoto, founder of HashiCorp, talked about tooling the data center and how time needed to start a new service has shortened from months to minutes. Rachel Andrew recalled the history of HTML & CSS and how one can participate in the related standardization work.

The bottom line is that I would like to go back next year – both to give a talk, as I had a particularly active and enthusiastic audience, and also to learn from and get inspiration from the many interesting presentations.