All Things Open 2019

On October 13-15 I atteneded the All Things Open conference in Raleigh, NC. The vast array of presentations and workshops drew a crowd of about five thousand to the Raleigh Convention Center. Here is a brief summary of the sessions I attended. There were always three or more topics that I wanted to attend in each time slot so making a choice was often difficult. I spent an hour or so each night before the sessions just reading their descriptions and listing my targets for the next day.

Blockchain Convergence with John Wolpert, Jerry Cuomo, and Joe Lupin

Forking a blockchain codebase, especially while it is running, is a powerful move that forces community consensus. Ethereum 2 will bring a lot of new capabilities and will be released in three phases beginning in the first quarter of 2020 with the next two by the end of the year. Lupin described version 2 as a maximum decentralized system. Cuomo described some case studies such as the Media Ocean project that manages the huge Nike advertising budget. He also emphasized the need for a Certificate of Originality to avoid historical problems such as the Linux / SCO lawsuits in early open source development.

PASETO - Randall Oktadev

This was a spirited overview of platform-agnostic security tokens (PASETO) which were created to overcome the short comings of JSON Web Tokens (JWT). Like JWT’s, PASETO have cryptographically signed Base 64 encoded JSON data. A PASETO is different in that it can only be used once and is only valid for a few seconds. A major problem with JWT’s are their use with extremely long durations which leave them open to compromise. PASETO’s also have local and public versions with the local version supporting encryption.

Open Source in Government - Amin Mehr

The federal government now has a mandate for all agencies to have 20% of their code open sourced. A guide to this code can be found at which is an informational layer over the government’s GitHub repository. The government spends an estimated six billion dollars annually on code development.

Advanced Blockchain Technology - Jim Zhong

This talk concentrated on privacy and scalability. Data isolation is implemented by using separate state trees or having states partitioned. This can also be accomplished using separate blockchains but the overhead for this can be high due to the large number of permutations. Address generation using a single key per transaction is used to create hides trading patters. Trusted compute is implemented using a Zero Knowledge Proof (ZKP) or a Trusted Execution Environment (TEE). TEE is a hardware-based solution while a ZKP is implemented in software. ZKP essentially means “Show you know item A without divulging Item A.” An example using a Sudoku puzzle was presented with the steps of permutation of numbers and exchange of masked “commitments”. I’m sure ZKP has been the subject of many doctoral theses.

Open Source Mapping - Leila Alderman

Google maps are great but their details of an area are limited by what is called the Starbucks radius - what is economically feasible for a map provider to cover. offers greater detail and coverage in many countries that Google or Bing maps does not. These open source maps often have more data points such as bicycle racks and even tree location in parks. There are two ways data is entered into the system. There is GPS trip tracking and map tracing. Leila encouraged everyone to help by using map tracing. This involves drawing with a mouse drag over satellite photo.

Modernizing .NET Applications with Docker - Steven Follis

There are many .NET applications that were written 15 to 20 years ago and are not ready for cloud deployment. Docker offers a convenient way to update applications. Steven gave a demo using a simple ASP.Net 2.0 application that was originally published on the pre-GitHub site Codeplex. Start with a representative application in your company preferably one that has an application owner with knowledge of how to install it. Leave out the database in your initial attempt since this usually has complex problems. The Docker Web Management Service should be used to help with Active Directory authentication / authorization. Not all Windows domains are joined but you can pass in your AD using the credential file gmsa-cred-spec.

Telco’s Aren’t the Future, You Are - Coco Tang is developing an alternative for IOT communications to reduce the cost of connecting to the internet through telco connections. Their system uses internet connected routers that use the 900 MHz Industrial, Scientific, and Medical band (ISM). This band does not require a license. Hotspots that carry network traffic earn a new token also called Helium. The network is designed for small amounts of data and packet size is 24 bytes. Hotspots are being sold for $495 or you can build one using a Raspberry Pi and a LoRa radio.

Advanced Git - Brent Laster

This session went well beyond setting up a repository and making commits. Rebase, stash, reset, revert, rerere, and rebase were explained in detail. Brent fills his 45 minute session with a constant barrage of information and you leave with a good idea of the workings of many of these commands many of which I have never used.

Web Performance and the Mini Profiler - Nick Craver

Nick of Stack Overflow gave an overview of building a well performing web site. He noted that simplicity is a desired feature as much as performance is. The importance of measuring performance was stressed. The Mini Profiler is a simple but effective profiler for .NET, Ruby, Go and Node.js. It is open sourced and updated frequently.