Last weekend on 05/06.08.2023, the 18th FrOSCon conference took place as usual as a hybrid event at the Bonn-Rhein-Sieg University of Applied Sciences in Sankt Augustin. Due to scheduling conflicts with the Chaos Communication Camp 2023, the date was brought forward by a few weeks. This year's programme again consisted of numerous lectures and workshops. Numerous exhibitor stands and the obligatory Social Event on Saturday evening invited to networking and exchange. Compared to last year, the number of visitors rose from 750 to approx. 1,300, which is almost back to the pre-Covid level.

Lectures

The lecture programme was, as usual, lavish. Visitors could choose between a total of 86 workshops and lectures – free of charge, as always. For me, there were again some exciting lectures on both days – and the backlog of lectures I want to have a look at afterwards is not quite finished yet. As usual, the individual sessions were streamed live by the video team of the Chaos Computer Club (C3VOC). and made available online at short notice (via own mirror server and YouTube).

For example, Rainer-Maria Fritsch reported significantly on everyday experiences with AsciiDoc and AsciiDoctor in his lecture Asciidoc und Ascidoctor für Entwickler, Techniker und Admins (📽️). I have been using AsciiDoc in a professional context for some time, but am probably still pretty much scratching the surface of the markup language – I found the numerous tips from everyday life very useful.

AsciiDoc has been in development for 15 years and is often used where Markdown offers too few features and LaTeX is too complex. AsciiDoctor complements as a text processor by converting to HTML5, DocBook and other formats and is therefore often part of CI/CD pipelines. For Technical Writer, the SSG Antora might also be interesting.

Rainer-Maria also mentioned the official Theming Guide and PlantUML, which can be used for extensive drawings. A valuable tip for me was BookStack, which is a self-hostable wiki based on optional Markdown. The tool helps to give less experienced users access to technical documentation.

I found the workshop YaCy - eine dezentrale Suchmaschine by Walter Ebert and Udo Meisen no less interesting. YaCy (Yet another Cyberspace) sees itself as a decentral, self-hostable search engine that is easy to set up. For example, there are ready-made Docker images that can be consumed directly. Among other things, Apache Solr is used under the bonnet. The search engine can either be made publicly accessible or only used internally in the intranet. After installation, YaCy requires the configuration of sources to be indexed by crawlers. Besides web pages, FTP sites, classic file paths, Samba shares and RSS feeds are supported. Advanced filter settings help to achieve meaningful results. Optionally, the local index can participate in a federated index.

Every time entertaining is the annual State of the Union: Das Open-Source Jahr-Talk (📽️) of the podcast The Open Source Couch. In this talk, Michael Kleinhenz, Oliver Zendel and Nils Magnus summarised special curiosities and excitements of the open source scene in recent months. In addition to the lack of media competence of public educational institutions, this time the main topics were misapplied AI and curses in source code.

In the lecture SinglePageApplications mit Vue.js (📽️) Sven Schumann gave a comprehensive introduction to the web framework Vue.js in version 3.0. I liked that the focus was completely on the framework and not on other tools from the JavaScript ecosystem, such as Node or Webpack. Admittedly, I have always avoided frameworks such as Vue.js because the complexity of npm and co. put me off. The lecture was very comprehensive and offered many practical examples, which can be found also on GitHub. Also worth mentioning is the adequate quantitative use of memes. 😆

As a supplement to last year, Jürgen Pabel reported on his voice assistant project in his presentation Der eigene digitale (offline) Sprachassistent - das Ziel ist (fast) erreicht (📽️). Compared to last year, the look and feel of the HAL9000 replica has been improved – there are now stylistically appropriate boot and shutdown animations. The communication between the Raspberry Pi Zero 2 and the I/O multiplexer for the buttons and sensors has also been solved more elegantly. Troubleshooting was made easier by generating help URLs via QR codes. An additional web interface written in Flet simplifies the use of the voice assistant. Flet makes it easy to create Flutter applications in Python - an exciting framework that I was not aware of before.

My personal highlight was the talk Qualitative und freie Sprachsynthese - darf’s ein bisschen weniger Cloud sein (📽️) by Thorsten Müller. Thorsten is an enthusiast for speech technologies and offers many good tutorials on his YouTube channel. He has also recorded his own voice and made it into various speech models freely available online. Besides an overview of different voice solutions, Thorsten talked mainly about things like the process of voice production. He outlined common mistakes he initially made during well over 40 hours of recording. These lessons learned were particularly valuable if you are thinking about turning your own voice into a voice model yourself.

I also found Christoph Stoettner's talk Dotfiles verwalten (📽️) very interesting. He dealt with a problem that should be familiar to many users: the central maintenance of programme** configurations** for several systems. Anyone who uses more than one Linux computer is confronted with a wide range of conceivable solutions.

Christoph's answer is the consistent use of Ansible and GNU Stow. The latter sees itself as a frontend for managing symbolic links for extensive configuration files or directories. Required application configurations can be swapped out to Git repositories, which Ansible then makes accessible accordingly via stow using the corresponding paths. Besides configuration files, Christoph also uses dconf for the extensive configuration of the GNOME desktop. This looks familiar – I had created an Ansible role for this some time ago, which I still use for it today.

A novelty for me was that Firefox is able to make configurations via a dedicated user.js file. Previously, I was only familiar with the way via the about:config tab. If the file is placed in the corresponding profile folder below ~/.mozilla/firefox, all settings are automatically applied – however, it is then no longer possible to use about:config. For Ansible, the staticdev.firefox role exists here.

Admittedly, other tools such as Home Manager or chezmoi have been developed for exactly this problem. However, these tools cannot be used everywhere (e.g. on limited client systems) and also have a somewhat higher learning curve.

No less entertaining was Christoph's second lecture Was man besser nicht mit einer Tabellenkalkulation macht (📽️). Here, various and unfortunately very well-known negative examples and conceivable alternatives were mentioned.

I was also allowed to contribute to the programme again – this time with a presentation on the topic Linux Host Security (📽️).The main topic was how to harden Linux systems that are omnipresent nowadays. Contrary to expectations, these are not particularly secure in the basic configuration most of the time - something unattractive when you consider that e.g. 80% of Azure workloads are run on Linux.Fortunately, the Linux ecosystem offers a whole zoo of meaningful tools for optimising security. However, in addition to prominent frameworks such as SELinux, AIDE and fail2ban, there are also less widely used tools such as NBDE, OpenSCAP and Dev-Sec. In combination with IaC tools, such as Ansible, a significantly higher security baseline can be quickly established. The presentation consisted mainly of lessons learned from various projects that I was allowed to accompany.

I was very pleased with the large number of audience members (I've never had so many audience members before!) and their mostly very valuable feedback. I got to know many new tools and can thus revise the presentation.

Conclusion

I had a lot of fun at the conference again. Due to the significantly larger number of visitors, more conversations were possible – so I saw a lot of new and old faces. The social event was fun despite the bad weather – even if fewer new groups were formed as a result. I am already looking forward to the 19th FrOSCon! 🙂