{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2024.3.1"}, "schedule": {"url": "https://cfp.all-systems-go.io/ASG2017/schedule/", "version": "v1", "base_url": "https://cfp.all-systems-go.io", "conference": {"acronym": "ASG2017", "title": "All Systems Go! 2017", "start": "2017-10-20", "end": "2017-10-22", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "UTC", "colors": {"primary": "#3aa57c"}, "rooms": [{"name": "Event Loft", "guid": "4d4de03b-f5ab-5847-864f-e5e0199c3e63", "description": null, "capacity": null}, {"name": "Galerie", "guid": "ca1cc080-f439-567c-890b-96bd4bc87ce0", "description": null, "capacity": null}, {"name": "Kinvolk Office", "guid": "7f921f7e-6458-5ed5-a688-5d90492412c6", "description": null, "capacity": null}], "tracks": [{"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "Monitoring & Tracing", "color": ""}, {"name": "Debugging & Tooling", "color": ""}, {"name": "Service Management", "color": ""}, {"name": "default", "color": ""}, {"name": "Networking", "color": ""}, {"name": "default", "color": ""}, {"name": "Process Isolation", "color": ""}, {"name": "default", "color": ""}, {"name": "Security", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}, {"name": "default", "color": ""}], "days": [{"index": 1, "date": "2017-10-20", "day_start": "2017-10-20T04:00:00+00:00", "day_end": "2017-10-21T03:59:00+00:00", "rooms": {"Kinvolk Office": [{"url": "https://cfp.all-systems-go.io/ASG2017/talk/142/", "id": 1, "guid": "4808bb85-a73d-5af3-9f19-19b5a4907e16", "date": "2017-10-20T16:30:00+00:00", "start": "16:30", "logo": null, "duration": "03:00", "room": "Kinvolk Office", "slug": "ASG2017-1-pre-registration-event", "title": "Pre-Registration Event", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Meet-up at the Kinvolk Office!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}, {"index": 2, "date": "2017-10-21", "day_start": "2017-10-21T04:00:00+00:00", "day_end": "2017-10-22T03:59:00+00:00", "rooms": {"Event Loft": [{"url": "https://cfp.all-systems-go.io/ASG2017/talk/141/", "id": 2, "guid": "1b5b20e6-a696-5745-b137-8f631a6922cd", "date": "2017-10-21T07:30:00+00:00", "start": "07:30", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-2-opening", "title": "Opening", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Check In and Say Hello!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/115/", "id": 3, "guid": "ed2561d7-673f-59b1-b494-b9cbeca41448", "date": "2017-10-21T07:45:00+00:00", "start": "07:45", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-3-really-crazy-container-troubleshooting-stories", "title": "Really crazy container troubleshooting stories", "subtitle": "", "track": "Monitoring & Tracing", "type": "presentation", "language": "en", "abstract": null, "description": "In this talk, the presenter will share a few container troubleshooting stories that were encountered in the life of an infrastructure operator. The use cases are deliberately chosen to be a bit advanced and focused around exploring the inner workings of core libraries and kernel, to remind everyone that even the lowest level of modern systems need some love.\n\nThe talk will follow a hands-on agenda, interactively iterating over all the key points of the troubleshooting process, focusing on the different tools used and providing immediate value to the listener, who should be able to apply the various workflows to other scenarios.\n\nExample use cases presented:\n\n- Troubleshooting resource isolation between containers\n- Tracing the root cause of a crashing containerized application\n- Monitoring memory and performance issues in containers", "recording_license": "", "do_not_record": false, "persons": [{"guid": "57fee58f-3de7-5439-8af7-8bc9104c3f41", "id": 3, "code": "NG33PJ", "public_name": "Gianluca Borello", "avatar": "https://cfp.all-systems-go.io/media/IMG_0828.JPG", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/118/", "id": 4, "guid": "7e1d21bc-0a55-5d8f-8321-f495e4c91fb2", "date": "2017-10-21T08:30:00+00:00", "start": "08:30", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-4-rust-memory-management", "title": "Rust memory management", "subtitle": "", "track": "Debugging & Tooling", "type": "presentation", "language": "en", "abstract": "A quick introduction to the unique memory management concepts of Rust.", "description": "Rust is a systems programming language that focuses on safety and performance at the same time. Most people new to Rust, often struggle with memory management. The goal of this talk is to give a very quick overview of Rust's memory management.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "afdf7b59-f273-5a3a-a58b-e6407f707831", "id": 4, "code": "WPLP97", "public_name": "Zeeshan Ali Khan", "avatar": "https://cfp.all-systems-go.io/media/avatars/61135589_10161767937715082_2372000757000962048_n_gvfft37.jpg", "biography": "", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/104/", "id": 5, "guid": "06a67ba0-2420-5097-bd7e-16f6018c8788", "date": "2017-10-21T09:00:00+00:00", "start": "09:00", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-5-incremental-adoption-of-open-services-with-habitat", "title": "Incremental Adoption of Open Services with Habitat", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Open services mark a paradigm shift similar to the disruption caused by open-source software in the 90s, but the path to effective adoption of open services tooling is sometimes unclear. Blake will share patterns and learnings from his experience integrating one such tool, Habitat, at smartB GmbH.", "description": "The modern computing world revolves around delivering applications as services. Until recently, massively scalable services were the specialized domain of tech giants, and attempts by small teams to reproduce the tooling available to Fortune 100 players often led to frustration and wasted time.\n\nHabitat is part of a new family of tools aimed at making application runtimes and service orchestration layers safe, repeatable and fully open.\n\nAt smartB, Blake has brought Habitat to his org to reduce operational  complexity, guarantee application runtime behavior and provide dependency isolation and transparency for applications and their corollary security profiles. smartB is his 5th startup in 10 years and his first foray into sustainability engineering.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "865eb15d-25f4-589a-8e3d-dc62bf9678eb", "id": 5, "code": "NUALJN", "public_name": "Blake Irvin", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/144/", "id": 6, "guid": "862581db-7de3-5f4a-b8ae-281080236cd9", "date": "2017-10-21T09:15:00+00:00", "start": "09:15", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-6-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/93/", "id": 7, "guid": "e309c105-1dd9-582b-ad8e-106a351faa5a", "date": "2017-10-21T09:30:00+00:00", "start": "09:30", "logo": null, "duration": "00:45", "room": "Event Loft", "slug": "ASG2017-7-azure-networking-integration-challenges", "title": "Azure networking integration challenges", "subtitle": "", "track": "Networking", "type": "presentation", "language": "en", "abstract": "The introduction on Accelerated Networking on Azure created challenges integrating support in Linux distributions. The original method using bonding had issues that were solved by introducing a new mode called \"Transparent VF\". This mode solves issues with udev, cloudinit and distribution specific network initialization. This talk will also cover the process of how Linux support for Azure is integrated with upstreamand distributions.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "3f562ccb-1757-579f-a609-c3009179bd8d", "id": 6, "code": "JRWJWJ", "public_name": "Stephen Hemminger", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/146/", "id": 8, "guid": "10b90da8-d7b6-5a47-983c-d722fdaab5f9", "date": "2017-10-21T10:15:00+00:00", "start": "10:15", "logo": null, "duration": "01:30", "room": "Event Loft", "slug": "ASG2017-8-lunch", "title": "Lunch", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Yummy food available from food trucks in the courtyard\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/126/", "id": 9, "guid": "a00de056-311a-55b8-bd90-57c20d72e5be", "date": "2017-10-21T11:45:00+00:00", "start": "11:45", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-9-systemd-facebook-a-year-later", "title": "systemd @ Facebook \u2014 a year later", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "We'll be talking about what we learned throughout the past year running systemd in production at Facebook: new challenges that have come up, how the integration process went and the areas of improvement we discovered. We'll also discuss our efforts building a monitoring solution for system services based on systemd.", "description": "This talk is a followup to <a href=\"https://www.youtube.com/watch?v=LhYd0S3qiMY\">Deploying systemd at scale</a> that was presented at systemd.conf 2016, and covers the aftermath of the migration of our fleet to CentOS 7. Now that systemd is available everywhere, we found more and more services that started adopting it for their deployment, leveraging its features and occasionally exposing interesting behaviors. At the same time, we've been able to hone our process for integrating and rolling out new versions of systemd on the fleet, and started building tooling to manage and monitor it at scale.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "0b734b81-150f-5d08-b89f-cdd27ff18d35", "id": 7, "code": "3SCYJP", "public_name": "Davide Cavalca", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/123/", "id": 10, "guid": "74df8413-3027-59c2-a25d-5b7e96071cff", "date": "2017-10-21T12:30:00+00:00", "start": "12:30", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-10-state-of-the-rkt-container-runtime", "title": "State of the rkt container runtime", "subtitle": "", "track": "Process Isolation", "type": "presentation", "language": "en", "abstract": "rkt is a modern container runtime, built for security, efficiency, and composability. It is one of the container runtimes supported by Kubernetes but the current implementation (\u201crktnetes\u201d) doesn\u2019t support the Container Runtime Interface (CRI). The work-in-progress CRI implementation is called rktlet.\n\nThis presentation will give an update on the rkt project, what new features were implemented recently and what\u2019s coming up. It will also give an update on the state of the rktlet: what features are missing and what workarounds should be removed before it becomes a complete implementation of the CRI.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "ac91207a-6035-596a-b58a-0c1eb3d2285b", "id": 8, "code": "GEWR7G", "public_name": "Iago L\u00f3pez Galeiras", "avatar": "https://cfp.all-systems-go.io/media/headshot_rGd2I7D.jpg", "biography": "I'm a Production Engineer at Facebook on the Operating Systems team.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/114/", "id": 11, "guid": "374a08c1-3218-5b73-a455-b3a8985ce985", "date": "2017-10-21T13:00:00+00:00", "start": "13:00", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-11-portals-dynamic-permissions-in-flatpak", "title": "Portals, dynamic permissions in Flatpak", "subtitle": "", "track": "Process Isolation", "type": "presentation", "language": "en", "abstract": "Desktop application sandboxing is quite different than traditional\ncontainer isolation, learn how flatpak does it, using the concept of\nportals.\n", "description": "Flatpak is a distribution independent bundling and deployment system\nfor Linux, focusing on desktop applications. One core aspect of flatpak\nis application sandboxing, which has very different requirements on\nthe desktop than in the traditional container space. Applications need\nto be isolated from the system, yet in order to be easy and intuitive to use\nthey must integrate with the desktop environment in complex ways.\n\nFlatpak solves this by using a concept called Portals. This talk will\ndiscuss how Flatpak sandboxing/security works and the how Portals fit\nin this system.\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "68c8e351-d9dd-573e-8c79-ac3b99fec49b", "id": 9, "code": "KBBBGM", "public_name": "Alexander Larsson", "avatar": "https://cfp.all-systems-go.io/media/alex_face2.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/100/", "id": 12, "guid": "7d11aaed-6aee-5a57-ac58-b40947b29e72", "date": "2017-10-21T13:45:00+00:00", "start": "13:45", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-12-containers-what-did-we-learn-", "title": "Containers: What Did We Learn?", "subtitle": "", "track": "Process Isolation", "type": "presentation", "language": "en", "abstract": "Containers: love 'em or hate 'em -- whether you think they're the hottest new thing or yesteryear's same ideas in new clothing -- the both rapid and sustained rate of adoption of recent container technologies says one thing clearly: We Were Missing Something. But what, exactly? And have we found \"it\"? Or are we just beginning to uncover something new about the way we all, in our deepest hearts, wish computers would be?  In this talk, we'll survey where containers came from, and question where they\u2019re going: a discussion that crosses package management, releasing, deployment, immutability, reproducibility, and questions how meanings of all these things are now changing.", "description": "Containers have brought a lot of new patterns and behaviors into focus.  For example, atomic deploys have become part of everyday conversation; fully captured dependencies and snapshots are now the norm; and the very concept of \"releasing\" software is beginning to morph.\n\nBut many of these concepts -- at least, as implemented in popular container systems today -- seem to be somewhere between poorly integrated or outright in conflict with our present understanding of \"package managers\" and \"config management\".\n\nWhat do containers need to learn from the decades of package management before today?  And what hints do the package managers we all know and love need to take from the explosion of containers?  Containers are an exciting opportunity to revisit many of our oldest assumptions about how to design systems: let's take this opportunity to think carefully and ask tough questions.\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "7ca6e92a-b497-567c-8d4c-f54302c70a13", "id": 10, "code": "KWCMGE", "public_name": "Eric Myhre", "avatar": "https://cfp.all-systems-go.io/media/file1506110845172.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/148/", "id": 13, "guid": "ef8235b5-d71d-5bf4-8e05-1ac5d4e7da32", "date": "2017-10-21T14:00:00+00:00", "start": "14:00", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-13-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/159/", "id": 14, "guid": "9a3757dd-619f-552d-bcc6-99c1b9b6e516", "date": "2017-10-21T14:15:00+00:00", "start": "14:15", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-14-fix-forget-or-forge-a-new-path-", "title": "Fix, forget, or forge a new path?", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "As Infrastructure operators we're exposed to a lot of plumbing and not a lot of porcelain. Worse, because our concerns are often esoteric (in the eyes of application developers) we have to fix our own pipes too.  Often this leads to the \"homeowners dilemma\"... Making the call of when to patch things up, when to rip out the pipes, and when to abandon gas lamps for electricity.\n\nWe outline a number of aging pipes, proposed (and implemented) solutions, and ideas for dragging our systems into the future. ", "description": "On the systems side AAA services haven't kept up with the pace of application development, our hardware is aging, and there are components of infrastructure that have fallen by the wayside.  Modern switches still support (non-TLS) RADIUS and TACACS+, other networking gear still only supports SNMP v1, and then we've got logging...\n\nIn this talk we take stock of the landscape and discuss which pieces should be fixed, which desperately need to be abandoned, and which we have been thinking about all wrong.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "58cac371-f2cf-557a-ab92-206f059bbc18", "id": 11, "code": "FVGL9F", "public_name": "Brian 'redbeard' Harrington", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/124/", "id": 15, "guid": "54a422f2-5538-510f-bed3-11b45f8f36b0", "date": "2017-10-21T15:00:00+00:00", "start": "15:00", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-15-streamlining-systemd-s-code-and-safety", "title": "Streamlining systemd's code and safety", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Today, the systemd project uses a non-standard superset of C to get destructor-like functionality. But, we pay a heavy price for doing it this way: we lose compiler portability, use hundreds of boilerplate macros, and confuse static analysis tools (which don't always realize why we're not leaking memory). At compilation, the cleanup functionality gets mapped to the same facilities that handle C++ destructors. So, essentially, we're already using a non-standard version of C++ as well as a non-standard version of C. We can end this charade by following in GCC's footsteps and <a href=\"https://lwn.net/Articles/542457/\">explicitly using a subset of C++</a>. By doing so, we can shed thousands of lines of C-trying-to-be-C++. We can also improve memory safety and code readability -- <a href=\"https://medium.com/@davidtstrauss/choosing-some-c-over-c-f5acb3dce4f5\">all while keeping the feel of C</a>.", "description": "<p>Today, the systemd project uses a non-standard superset of C to get destructor-like functionality. But, we pay a heavy price for doing it this way: we lose compiler portability, use hundreds of boilerplate macros, and confuse static analysis tools (which don't always realize why we're not leaking memory). At compilation, the cleanup functionality gets mapped to the same facilities that handle C++ destructors. So, essentially, we're already using a non-standard version of C++ as well as a non-standard version of C. We can end this charade by following in GCC's footsteps and <a href=\"https://lwn.net/Articles/542457/\">explicitly using a subset of C++</a>. By doing so, we can shed thousands of lines of C-trying-to-be-C++. We can also improve memory safety and code readability -- <a href=\"https://medium.com/@davidtstrauss/choosing-some-c-over-c-f5acb3dce4f5\">all while keeping the feel of C</a>.</p>\n\n<p>In this presentation, we'll consider options for systems'd codebase:</p>\n<ul>\n<li>Converting instances of \"cleanup\" to destructors. This should allow us to discard a couple thousand lines of boilerplate and many \"goto cleanup\" situations.</li>\n<li>Converting raw pointers to equivalents with enforced semantics. For internal APIs, this should clarify handoff of memory ownership. For event loops, this should allow typed user data.</li>\n<li>While I'm no advocate of object-orientation, our concept of a \"unit\" cleanly maps to an abstract superclass. IDEs and code analysis tools will benefit from moving away from homegrown inheritance.</li>\n<li>We often return error codes as ints, and it would be good to explicitly use a real type instead. This will make refactoring easier if we change a function between returning an int vs. error vs. boolean.</li>\n<li>The journal would benefit from a higher-level storage library like RocksDB (which offers a slim version for resource-constrained environments). Libraries like RocksDB are possible to use from C but have a richer (and easier-to-use) C++ API.</li>\n</ul>", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e5e44d7a-6545-5487-97c3-7777adb19b1c", "id": 12, "code": "8SUNZD", "public_name": "David Strauss", "avatar": "https://cfp.all-systems-go.io/media/2019-less-background-small.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/92/", "id": 16, "guid": "c93c61f4-6484-50b6-91eb-4be5dd1aca3f", "date": "2017-10-21T15:30:00+00:00", "start": "15:30", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-16-a-gentle-introduction-to-e-bpf", "title": "A gentle introduction to [e]BPF", "subtitle": "", "track": "Monitoring & Tracing", "type": "presentation", "language": "en", "abstract": "BPF is a Linux in-kernel virtual machine that is used for networking, tracing, seccomp and more. This talk will give an introduction to the extended BPF subsystem in Linux, an overview on how it works, show available tools to work with and explain possibilities as well as limits.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "8ebd0940-8562-53ef-b74d-a47070e12fc0", "id": 13, "code": "SHL9CH", "public_name": "Michael Schubert", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/101/", "id": 17, "guid": "213e9b6a-0277-59a2-9cf9-107d2e1ab8c9", "date": "2017-10-21T16:00:00+00:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Event Loft", "slug": "ASG2017-17-containers-without-a-container-manager-with-systemd", "title": "Containers without a Container Manager, with systemd", "subtitle": "", "track": "Process Isolation", "type": "presentation", "language": "en", "abstract": "systemd service management today supports a number of the features that container management is known for, but for classic system services. Let's see which ones, and how to make use of them.", "description": "systemd service management today supports a number of the features that container management is known for, but for classic system services. Let's see which ones, and how to make use of them.\n\nWe'll talk about sandboxing, resource bundling, service management and resource management, and more. We'll discuss what container managers can do, that systemd service management can't and vice versa. Last but not least we'll have a look at systemd-nspawn, systemd's very own container manager and what it adds on top of systemd's native service management.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "95b506b7-b71c-5f79-9b2c-09f7573853c0", "id": 14, "code": "PEZUVF", "public_name": "Lennart Poettering", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}], "Galerie": [{"url": "https://cfp.all-systems-go.io/ASG2017/talk/105/", "id": 18, "guid": "a691f731-e464-5437-bef4-7306206059d1", "date": "2017-10-21T07:45:00+00:00", "start": "07:45", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-18-introducing-bluetooth-mesh", "title": "Introducing Bluetooth Mesh", "subtitle": "", "track": "Networking", "type": "presentation", "language": "en", "abstract": "Bluetooth technology has been extended with a brand new mesh feature. This presentation gives an introduction to Bluetooth Mesh and its impacts on the ecosystem. It shows the new and exciting use cases that a mesh enabled Bluetooth low energy enables. The presentation will also put a focus on Linux and Zephyr operating systems and its integration with Bluetooth Mesh.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "fb697998-32b0-5fe4-9661-e16e9a136322", "id": 15, "code": "BEJQWM", "public_name": "Marcel Holtmann", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/139/", "id": 19, "guid": "c4ead1cf-65e0-5d4b-b67e-4c61f35b34b1", "date": "2017-10-21T08:30:00+00:00", "start": "08:30", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-19-high-performance-linux-monitoring-with-ebpf", "title": "High-performance Linux monitoring with eBPF", "subtitle": "", "track": "Monitoring & Tracing", "type": "presentation", "language": "en", "abstract": "Extended Berkeley Packet Filter (eBPF) allows for high-performance introspection of the Linux kernel execution. eBPF is widely available (part of the mainline kernel and enabled by most distributions), flexible (any kernel code path can be probed) and safe (driven from userspace and statically verified). In this talk, I will introduce eBPF, explaining how it can be used to track TCP connections in real time. On the way I will demonstrate it is possible to access eBPF from languages other than C (Golang) and remove undesirable runtime dependencies (LLVM compiler and kernel-headers). At Weaveworks we are using eBPF for the connection-tracker of the Weave Scope visualization tool.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "cb255f3a-c0bd-5231-b4d8-adb45b003dd5", "id": 16, "code": "KGK8YU", "public_name": "Alfonso Acosta", "avatar": "https://cfp.all-systems-go.io/media/FonsAvatar.jpeg", "biography": "David Herrmann is a software engineer at Red Hat working on the linux kernel.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/113/", "id": 20, "guid": "8b97610d-23f6-5fc9-b973-86bb8c0239bf", "date": "2017-10-21T09:00:00+00:00", "start": "09:00", "logo": null, "duration": "00:15", "room": "Galerie", "slug": "ASG2017-20-network-troubleshooting-in-heterogeneous-cloud-environment-with-skydive", "title": "Network troubleshooting in heterogeneous cloud environment with Skydive", "subtitle": "", "track": "Networking", "type": "presentation", "language": "en", "abstract": "With the growing number of network cloud services it becomes essential to be able to monitor, troubleshoot and analyze different virtualization or container technologies. Being able to monitor complex heterogeneous federated cloud environments is key.\n\nSkydive is a real-time and post-mortem topology and packet analyzer. To do so, it listens for networking kernel events, monitors network namespaces, watches external components such as OVSDB and Docker. Skydive can make use of AF_PACKET or eBPF programs to capture traffic. Thanks to its classifier Skydive is able to map the network traffic with the topology.", "description": "With the growing number of network cloud services it becomes essential to be able to monitor, troubleshoot and analyze different virtualization or container technologies. Being able to monitor complex heterogeneous federated cloud environments is key.\n\nSkydive is a real-time and post-mortem topology and packet analyzer. To do so, it listens for networking kernel events, monitors network namespaces, watches external components such as OVSDB and Docker. Skydive can make use of AF_PACKET or eBPF programs to capture traffic. Thanks to its classifier Skydive is able to map the network traffic with the topology.\n\nWe will show through a demo how Skydive can help operators to visualize, understand and troubleshoot packet forwarding from point to point.\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "7922781b-c4f0-51c2-aeba-909911184b21", "id": 17, "code": "GYY9MR", "public_name": "Sylvain Afchain", "avatar": null, "biography": " * Education: Dresden University of Technology, diploma in Computer Science\r\n * 2004 - 2016: Ubuntu developer at Canonical, most recently focusing on plumbing (particularly systemd), building distribution-wide CI, and release management\r\n * since 2017: Developing <a href=\"http://cockpit-project.org/\">Cockpit</a> at Red Hat", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/145/", "id": 21, "guid": "da808332-4f1c-53be-b4ae-cccb2a28e076", "date": "2017-10-21T09:15:00+00:00", "start": "09:15", "logo": null, "duration": "00:15", "room": "Galerie", "slug": "ASG2017-21-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/103/", "id": 22, "guid": "6e9517cf-a380-551d-9a8a-72e601969cb9", "date": "2017-10-21T09:30:00+00:00", "start": "09:30", "logo": null, "duration": "00:45", "room": "Galerie", "slug": "ASG2017-22-getting-started-with-habitat", "title": "Getting Started with Habitat", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Habitat is the best way for software developers to build, deploy, and manage modern applications - regardless of their expertise. Habitat provides a self-healing, self-configuring, stack-agnostic, frictionless abstraction for running applications\u2014regardless of their complexity on whatever infrastructure you prefer, from physical hardware and virtual machines to containers and everything in between. This session will show you how to build and run your own application. You will learn how scaffolding helps you quickly and easily package your application. Explore the build system used for generating Habitat artifacts. Run an application using the Habitat supervisor. This is the talk for anyone who's just learning about Habitat or those that are interested in seeing some of the newer features of the framework.", "description": "Habitat is the best way for software developers to build, deploy, and manage modern applications - regardless of their expertise. Habitat provides a self-healing, self-configuring, stack-agnostic, frictionless abstraction for running applications\u2014regardless of their complexity on whatever infrastructure you prefer, from physical hardware and virtual machines to containers and everything in between. This session will show you how to build and run your own application. You will learn how scaffolding helps you quickly and easily package your application. Explore the build system used for generating Habitat artifacts. Run an application using the Habitat supervisor. This is the talk for anyone who's just learning about Habitat or those that are interested in seeing some of the newer features of the framework.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "4048b0e6-7481-5f01-9629-f6312bbc8d7f", "id": 18, "code": "AMBPJS", "public_name": "Jamie Winsor", "avatar": "https://cfp.all-systems-go.io/media/avatar-2-crop.jpeg", "biography": "CTO & co-founder at Kinvolk. Into rkt, bpf, systemd, kubernetes.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/147/", "id": 23, "guid": "b6839bc0-0839-5b02-a385-7a97ee6f600a", "date": "2017-10-21T10:15:00+00:00", "start": "10:15", "logo": null, "duration": "01:30", "room": "Galerie", "slug": "ASG2017-23-lunch", "title": "Lunch", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Yummy food available from food trucks in the courtyard\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/129/", "id": 24, "guid": "923c037d-b436-5073-88f3-bf13ea8c35fe", "date": "2017-10-21T11:45:00+00:00", "start": "11:45", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-24-the-iot-botnet-wars-linux-devices-and-the-absence-of-basic-security-hardening", "title": "The IoT botnet wars, Linux devices, and the absence of basic security hardening", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.\n\nSome of the fundamental security concepts we will cover include:\n\nClosing unused open network ports\nIntrusion detection systems\nEnforcing password complexity and policies\nRemoving unnecessary services\nFrequent software updates to fix bugs and patch security vulnerabilities\n\nWe will also delve into the arguments and counter-arguments of vigilante hacking with Hajime and BrickerBot as examples and the potential long-term consequences in this new age of connected devices.", "description": "This talk will cover the ongoing battle being waged is leveraging insecure Linux-based Internet of Things (IoT) devices. BrickerBot is an example of a recent malware strain attacking connected devices and causing them to \u201cbrick,\u201d making an electronic device completely useless in a permanent denial-of-service (PDoS) attack.\n\nAdditionally, the Mirai botnet consisted of connected printers, IP cameras, residential gateways, and baby monitors that flooded DNS servers. Mirai was behind the largest DDoS attack of its kind ever in October 2016, with an estimated throughput of 1.2 terabits per second. It leveraged these enslaved devices to bring down large portions of the internet, including services such as Netflix, GitHub, HBO, Amazon, Reddit, Twitter, and DIRECTV. BrickerBot\u2019s goal appears to counter Mirai\u2019s: Bricking insecure Linux devices so that malware such as Mirai can\u2019t subjugate these devices in another DDoS attack. We will take an in-depth look at the anatomy of the attack.\n\nWe will then dive into basic some security hardening principles which would have helped protect against many of these attacks. Some of the fundamental security concepts we will cover include:\n\nClosing unused open network ports\nIntrusion detection systems\nEnforcing password complexity and policies\nRemoving unnecessary services\nFrequent software updates to fix bugs and patch security vulnerabilities", "recording_license": "", "do_not_record": false, "persons": [{"guid": "19d8fd06-1d54-5ecf-9885-7e906f8f2e47", "id": 19, "code": "RALD8A", "public_name": "Drew Moseley ", "avatar": "https://cfp.all-systems-go.io/media/drew.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/99/", "id": 25, "guid": "419d6895-afa9-5787-8787-9620dd760358", "date": "2017-10-21T12:30:00+00:00", "start": "12:30", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-25-cockpit-a-linux-sysadmin-session-in-your-browser", "title": "Cockpit: A Linux sysadmin session in your Browser", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Cockpit is an open source project that has built the new system admin UI for Linux. It turns Linux server into something discoverable and usable. Its goal is to remove the steep learning curve for Linux deployments.\n\nCockpit lets you immediately dive into things like storage, network configuration, system log diagnosis, container troubleshooting and Kubernetes orchestration. All while being zero-footprint: It goes away when not in use. Cockpit interacts well with other management configuration tools, it reacts instantly to system changes made elsewhere.\n\nWe'll look at how Cockpit is an actual linux user session that you drive through your browser, running with user privileges, and accesses to the native system APIs and tools.\n\nYou'll be able to build new pieces of sysadmin UI as fast as you write a shell script. In fact we'll do it on stage in a few minutes.\n", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "ccb6c87d-77aa-5df7-85e1-b21d56f69cd2", "id": 20, "code": "EYRNSC", "public_name": "Stef Walter", "avatar": "https://cfp.all-systems-go.io/media/logo.png", "biography": "Ben Breard is the Technology Product Manager for Linux Containers at Red Hat where he focuses on  driving the container roadmap, RHEL Atomic Host, and evangelizing open source technology in his free time. ", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/117/", "id": 26, "guid": "2aaa4c03-fd5e-520e-ac24-c68a220722d9", "date": "2017-10-21T13:00:00+00:00", "start": "13:00", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-26-reproducible-builds-where-do-we-want-to-go-tomorrow-", "title": "Reproducible Builds - where do we want to go tomorrow?", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "A status report on Reproducible builds, which enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries. ", "description": "We've made lots of progress, but we are still far from our goals of changing the (software) world\nThis talk will report on the state of reproducible builds in various distributions (Debian, Archlinux, coreboot, F-Droid, Fedora, FreeBSD, Guix, NetBSD, OpenWrt, SuSE, and Qubes OS - to name a few) and thus should be interesting and insightful for anyone working on any free software project.\n\nHolger will explain how he started working on this in the Debian context and how his focus shifted slightly over the time. So he will start with explaining the status of Reproducible Debian, but this is quickly followed by an overview of common problems and solutions, followed by a quick explaination of the shared test infrastructure for reproducible tests of any project. You will learn how the community was broadened, what future plans we have to address what might be needed beyond being able to reproducible build something, so this becomes truly meaningful for users in practice.\n\nIn this talk you will also learn about the challanges we're facing to deliver on the promise. Being able to reproducibly build in theory is not enough, one needs to be able to do so in practice. And enabling this on a distro scale is much harder than we thought\u2026\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e83eb39b-aaa3-579d-a76e-bf3eea85b519", "id": 21, "code": "Q9BFMA", "public_name": "Holger Levsen", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/95/", "id": 27, "guid": "30bf58fc-b494-52cd-9100-b271868d553f", "date": "2017-10-21T13:45:00+00:00", "start": "13:45", "logo": null, "duration": "00:15", "room": "Galerie", "slug": "ASG2017-27-building-containers-all-day", "title": "Building containers all day", "subtitle": "", "track": "Debugging & Tooling", "type": "lighning_talk", "language": "en", "abstract": "Containers have become a popular way of packaging and running applications, especially for server applications using microservice architectures. As containers can be started in no time, building new container images replacing old ones has become the predominant way of applying updates. Having continuous delivery pipelines for building these images becomes a key problem. This talk will show how the Open Build Service provides a way to automate container builds including tracking updates and automatic rebuilds of dependent containers. This makes it easy to create secure and up to date containers all day.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "a312019b-dae4-5826-b453-7f63e6a7ebef", "id": 22, "code": "3LEAKQ", "public_name": "Cornelius Schumacher", "avatar": null, "biography": "Daniel Walsh has worked in the computer security field for over 30 years.\r\nDan is a Consulting Engineer at Red Hat.  He joined Red Hat in August 2001.\r\nDan leads the Red Hat Container Engineering team since August 2013, but has\r\nbeen working on container technology for several years.  Dan has made many\r\ncontributions to the docker project.  Dan has also developed a lot of the\r\nsoftware on Project Atomic. He has led the SELinux project, concentrating on\r\nthe application space and policy development.  Dan helped developed sVirt,\r\nSecure Virtualization as well as the SELinux Sandbox back in RHEL6 an early\r\ndesktop container tool.  Previously, Dan worked Netect/Bindview's on\r\nVulnerability Assessment Products and at Digital Equipment Corporation working on the Athena Project, AltaVista Firewall/Tunnel (VPN) Products.\r\nDan has a BA in Mathematics from the College of the Holy Cross and a MS in\r\nComputer Science from Worcester Polytechnic Institute.\r\nTwitter: rhatdan\r\nBlog: danwalsh.livejournal.com\r\nEmail: dwalsh@redhat.com\r\n", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/149/", "id": 28, "guid": "8bc82ba9-7086-55a6-b49b-89aef025f546", "date": "2017-10-21T14:00:00+00:00", "start": "14:00", "logo": null, "duration": "00:15", "room": "Galerie", "slug": "ASG2017-28-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate! \n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/135/", "id": 29, "guid": "d091d9ed-fd69-59bd-b2ac-7867936dba6f", "date": "2017-10-21T14:15:00+00:00", "start": "14:15", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-29-using-systemd-for-containers-facebook", "title": "Using systemd for containers @ Facebook", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "To achieve faster and easier containerization at Facebook we have started utilizing Chef, Btrfs and Systemd to improve our container system. These tools helped us to design a robust base for our cluster management will allow us to concentrate more higher level functionality. Our version of image and task handling tries address some issues common both to Facebook and the industry.\n", "description": "Co-presented by Zoltan Puskas and Zeal Jagannatha", "recording_license": "", "do_not_record": false, "persons": [{"guid": "43f105c2-22b3-5d9b-9d58-89027c3b84c7", "id": 23, "code": "WENXF9", "public_name": "Zeal Jagannatha", "avatar": "https://cfp.all-systems-go.io/media/22007443_1885184078478234_1441894857250066750_n.jpg", "biography": "Software engineer at Endocode (https://endocode.com), Berlin.", "answers": []}, {"guid": "2b4c2a69-e297-5cc0-afbd-5970f619a08a", "id": 24, "code": "ZPME7A", "public_name": "Zoltan Puskas", "avatar": null, "biography": "Djalal is an Open Source developer, systemd project maintainer, and a Linux kernel developer. Currently Djalal works on Embedded Linux projects and device drivers. He also works on the Linux kernel Self Protection Project, adding security mechanism for Containers, Embedded Systems and IoT. In the past, he worked on several research projects around Security and Software Verification based on compilers and GCC plug-ins.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/110/", "id": 30, "guid": "a3f980bc-b408-55e9-889a-4af44576226e", "date": "2017-10-21T15:00:00+00:00", "start": "15:00", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-30-landlock-lsm-towards-unprivileged-sandboxing", "title": "Landlock LSM: Towards unprivileged sandboxing", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "Landlock is a proposal for a new Linux Security Module (LSM) to create secure sandboxes with the goal \u201cto empower any process, including unprivileged ones, to securely restrict themselves.\u201d This presentation will give an overview on what Landlock is, discuss the current status of the patchset and demonstrate how Landlock works, as well as its differences compared to other Linux security modules.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "8ebd0940-8562-53ef-b74d-a47070e12fc0", "id": 13, "code": "SHL9CH", "public_name": "Michael Schubert", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/122/", "id": 31, "guid": "d5c63f9c-b491-59db-994a-8cfc6df886ed", "date": "2017-10-21T15:30:00+00:00", "start": "15:30", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-31-software-updates-for-connected-linux-devices-key-requirements", "title": "Software updates for connected Linux devices: key requirements", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "A key requirement for connected Linux devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.\n\nAs part of the Mender.io project, we have interviewed more than 100 embedded developers to understand best practices and the current state of enabling software updates for connected devices today. The key requirements found during this study can be split into the following areas we cover:\n\n- Robustness\n- Ease\n- Performant\n- Secure\n- Extensible", "description": "In order to address these requirements, design trade-offs need to be made.\n\nIn this presentation, we will cover the most common update strategies, such as using A/B dual rootfs, maintenance-mode updates, package managers, tarballs, and see the trade-offs of each approach.\n\n\nRemote Software Updates for Connected Devices: Key Considerations\n\nA key requirement for connected devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.\n\nAs part of the Mender.io project, we have interviewed more than 100 embedded developers to understand best practices and the current state of enabling software updates for connected devices today.\n\nThe key requirements found during this study can be split into the following areas:\n\nRobust - the cost of bricking devices is high\nEase - teams generally do not have much time to invest in an updater mechanism\nPerformant - bandwidth is the key limiting resource for connected devices, but other system resources should also be conserved during the update process. Downtime during the update process should be kept to a minimum.\nSecure - the update process must not enable attackers to deploy malicious software to the devices\nExtensible - connected devices vary greatly and the updater must be generic and extensible to support the majority of them\n\nIn order to address these requirements, design tradeoffs need to be made.\n\nIn this presentation, we will cover the most common update strategies, such as using A/B dual rootfs, maintenance-mode updates, package managers, tarballs, and see the tradeoffs of each approach.\n\nWe will also consider other important design aspects of an updater, such as validating deployment compatibility, integrity, authenticity, sanity-checking after the update, handling update failures, identifying extension points, device portability, persistent user-data, and reducing bandwidth consumption and downtime.\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "19d8fd06-1d54-5ecf-9885-7e906f8f2e47", "id": 19, "code": "RALD8A", "public_name": "Drew Moseley ", "avatar": "https://cfp.all-systems-go.io/media/drew.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/119/", "id": 32, "guid": "64b66162-cc8b-5cab-8925-d3c5cdfbfdc4", "date": "2017-10-21T16:00:00+00:00", "start": "16:00", "logo": null, "duration": "00:30", "room": "Galerie", "slug": "ASG2017-32-securing-home-automation-with-tor", "title": "Securing Home Automation with Tor", "subtitle": "", "track": "Security", "type": "default", "language": "en", "abstract": "Today the technological worlds centralize principle is to automate each conceivable thing for simplicity in life, providing security,\nsaving electricity and time. \n<cite>Home automation is \u201cThe Internet of Things\"\u2026The way that all of our devices and appliances will be networked together to provide us with a seamless control over all aspects of our home and more.</cite>\n\nAlso a step toward what is referred to as the \"Internet of Things,\" in which everything has an assigned IP address, and can be monitored and accessed remotely.\n\nThe idea of automating each appliance in the home is done from many years ago, it started with connecting two electric wires to the battery and close the circuit by connecting load as a light. ", "description": "Be Safe. Be Secure\nAutomation is, unsurprisingly, one of the two main characteristics of home automation. Automation refers to the ability to program and schedule events for the devices on the network. The programming may include time-related commands, such as having your lights turn on or off at specific times each day. It can also include non-scheduled events, such as turning on all the lights in your home when your security system alarm is triggered.\n\nHome automation systems are advancement to the mechanization processes wherein human efforts are needed with the machinery equipments to operate various loads in homes.The popularity of home automation has been expanding incredibly because of much higher reasonableness and straightforwardness through Smartphones and wireless networks. \n\n<cite>\"Internet of Things\"</cite> is interlinked through these networks; because of the popularity of the home automation is improved by the quality of service provided by the devices. Different home automation systems are developed  for automatically on and off the appliances with different applications.\n\nOnce you start to understand the possibilities of home automation scheduling, you can come up with any number of useful and creative solutions to make your life better.\nIn present days most of the automation systems utilize the combination of hardwired and wireless systems for controlling the appliances. \n\nSecurity is extremely important for achieving this goal. As this worldwide network of interconnected objects can be exploited anywhere by anyone and anytime, it is necessary to enhance it with strong security foundations able to give birth to a world-changing paradigm.\n\nTor is a cumulative routing system that has helped many towards \u201cSafe and Secure Browsing\u201d. \nTor can be used to secure our Home Automation, and in unlocking its workings, we will avoid being locked out of our smart home physically.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "76767e31-ad24-584d-acb4-68af6270eb7a", "id": 25, "code": "CC8LRX", "public_name": "Kalyan Dikshit", "avatar": "https://cfp.all-systems-go.io/media/42542438911_22304b91e7_o.jpg", "biography": "Michael Olbrich is an open-source developer with a focus on platform integration on embedded Linux. He works as a full-time Linux developer for Pengutronix. His job is to provide a smooth Linux experience on embedded devices from init systems to graphics and multimedia frameworks. He is the main maintainer for PTXdist, an embedded Linux distribution. He has contributed to systemd in an effort to increase its usefulness on embedded systems.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/143/", "id": 33, "guid": "6e934c83-9257-54e5-8b05-3f79ab367a6e", "date": "2017-10-21T17:00:00+00:00", "start": "17:00", "logo": null, "duration": "04:55", "room": "Galerie", "slug": "ASG2017-33-social-event", "title": "Social Event", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Meet people and be merry!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}]}}, {"index": 3, "date": "2017-10-22", "day_start": "2017-10-22T04:00:00+00:00", "day_end": "2017-10-23T03:59:00+00:00", "rooms": {"Event Loft": [{"url": "https://cfp.all-systems-go.io/ASG2017/talk/137/", "id": 34, "guid": "de621a3c-c947-5a4d-a2c1-f7e2769f7329", "date": "2017-10-22T07:30:00+00:00", "start": "07:30", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-34-what-if-component-xxx-dies-introducing-self-healing-kubernetes", "title": "What If Component xxx Dies? Introducing Self-Healing Kubernetes", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Kubernetes promises healing your application on all kinds of failure scenarios, but why not self-heal Kubernetes itself?", "description": "This talk introduces self-hosted Kubernetes (K8s inside itself) to autonomously recover from failure scenarios with the help of e.g. itself, systemd and checkpointing. We will ask and answer questions like \u201cWhat happens when xxx dies\u201d. The theory will be followed by a demo on a live cluster showcasing what happens when we kill central Kubernetes components, like the API-Server. Let\u2019s see how well Kubernetes recovers.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "b7f40248-1c04-584f-be75-c0814f7ad112", "id": 26, "code": "FACLVG", "public_name": "Max Leonard Inden", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/108/", "id": 35, "guid": "8ba00aa1-0ce1-5185-865b-c726d4eb3713", "date": "2017-10-22T08:00:00+00:00", "start": "08:00", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-35-kubernetes-for-toasters-", "title": "kubernetes for toasters?", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Potential solutions to achieving containerization on constrained devices.\n\n1. Why?\n2. a content addressable elf linker (bolter)\n3. space efficient container imaging (korhal)\n4. oci compliant runtime (railcar)", "description": "potential solutions to achieving containerization on constrained devices.\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d23564b0-faa1-5ec8-818c-b0378e564434", "id": 27, "code": "87PTXE", "public_name": "Arvid E. Picciani", "avatar": "https://cfp.all-systems-go.io/media/136926.png", "biography": "A mindful polyglot, Vincent Batts has spent the last 15 years participating in the Linux and open source community. Presently involved on the Open Containers Initiative as a maintainer and on the technical board. Still a current member of Slackware Core Team and has been a maintainer on the Docker project as well as the Go programming language for Fedora and Red Hat. He is currently working on container architecture in Red Hat's Office of Technology.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/134/", "id": 36, "guid": "2400b3ce-5808-5693-a8e4-5a6fa14ac930", "date": "2017-10-22T08:45:00+00:00", "start": "08:45", "logo": null, "duration": "00:30", "room": "Event Loft", "slug": "ASG2017-36-using-bpf-in-kubernetes", "title": "Using BPF in Kubernetes", "subtitle": "", "track": "Monitoring & Tracing", "type": "presentation", "language": "en", "abstract": "In this talk, I will present different use cases for using BPF in a Kubernetes cluster. BPF is a Linux in-kernel virtual machine and there are different kinds of BPF programs for different subsystems that will be considered: kprobes, traffic control, cgroups, LSM. I\u2019ll follow with concrete examples, such as Weave Scope\u2019s HTTP Statistics plugin. Finally, I\u2019ll share tips and tricks on how to develop your own BPF programs in Kubernetes with the libraries bcc and gobpf, and show ways of easily test those with SemaphoreCI and rkt.\n", "description": "Linux superpowers in the cloud\nBPF and Kubernetes are both Open Source technologies on Linux but their respective communities initially had little overlaps. I want to bring more visibility of what BPF can offer to Kubernetes users and developers.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9da02c52-3fed-543e-8210-182d8174775b", "id": 28, "code": "MQVR9X", "public_name": "Alban Crequy", "avatar": "https://cfp.all-systems-go.io/media/photo-alban.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/150/", "id": 37, "guid": "a97c8898-8cde-597c-8660-4b07417188bf", "date": "2017-10-22T09:15:00+00:00", "start": "09:15", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-37-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/121/", "id": 38, "guid": "713dae0e-6277-5729-9906-56d2f9c7f5de", "date": "2017-10-22T09:30:00+00:00", "start": "09:30", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-38-simulate-hardware-for-integration-testing", "title": "Simulate hardware for integration testing", "subtitle": "", "track": "Debugging & Tooling", "type": "presentation", "language": "en", "abstract": "How to get a slightly broken hard disk for testing file systems or udisks? A wifi access point which supports the old 802.11b standard for writing a test case for NetworkManager? Downloading a photo from a particular camera model which you don't own, but got a libgphoto bug report for? In this hands-on presentation and live demo of various Linux kernel and userspace tools I will show you how.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "92baef32-05ad-5e4a-9f29-4d21bcf84b86", "id": 29, "code": "XBBFZ7", "public_name": "Martin Pitt", "avatar": "https://cfp.all-systems-go.io/media/martinpitt-hackergotchi192.png", "biography": "", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/130/", "id": 39, "guid": "a08daf2b-f682-5257-b196-93f6bb15d4d8", "date": "2017-10-22T10:00:00+00:00", "start": "10:00", "logo": null, "duration": "00:45", "room": "Event Loft", "slug": "ASG2017-39-cyborg-teams", "title": "Cyborg Teams", "subtitle": "", "track": "Debugging & Tooling", "type": "presentation", "language": "en", "abstract": "n the Cockpit project we\u2019ve done something amazing: We\u2019ve built \u201crobot\u201d contributors to an Open Source project. \u201cCockpituous\u201d, our project\u2019s #5 contributor, is actually our automated team members.\n\nBots do the mundane tasks that would otherwise use up the time of human contributors. During the talk you can see them self-organizing, finding issues, contributing code changes, making decisions, releasing the software into Linux distros and containers. They work in a completely distributed, organic way, and run in containers.\n\nWe\u2019ll talk about how humans are pair-programming with bots, and moving at a pace that would be unthinkable otherwise. \n\nTreating the bots as team members is fundamental to achieving this. I\u2019m excited to show you how to pull that off.\n", "description": "Happy humans, tired machines\n", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ccb6c87d-77aa-5df7-85e1-b21d56f69cd2", "id": 20, "code": "EYRNSC", "public_name": "Stef Walter", "avatar": "https://cfp.all-systems-go.io/media/logo.png", "biography": "Ben Breard is the Technology Product Manager for Linux Containers at Red Hat where he focuses on  driving the container roadmap, RHEL Atomic Host, and evangelizing open source technology in his free time. ", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/152/", "id": 40, "guid": "c71d85e5-70fa-519b-a4ca-cca95c54ee8f", "date": "2017-10-22T10:45:00+00:00", "start": "10:45", "logo": null, "duration": "01:30", "room": "Event Loft", "slug": "ASG2017-40-lunch", "title": "Lunch", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Yummy food available from food trucks in the courtyard\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/111/", "id": 41, "guid": "bfb1f653-1ee0-51fb-9805-0c43cef65d70", "date": "2017-10-22T12:15:00+00:00", "start": "12:15", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-41-meson-and-the-changing-linux-build-landscape", "title": "Meson and the changing Linux build landscape", "subtitle": "", "track": "Debugging & Tooling", "type": "presentation", "language": "en", "abstract": "The Meson build system has been picking up steam this year and many\nfundamental projects have transitioned to it from their old build\nsystems. In this talk we shall look at the advantages and disadvantages these transitions have brought, what we can expect from the future of build systems and what effect this change may have on the larger Linux ecosystem.", "description": "The build system may seem like a simple and unimportant part of software development but it turns out to have implications that are both wide and deep. For example when Debian changed their package builds of systemd to use Meson, the build time on mips machines dropped from almost two hours to less than one. These sorts of changes enable workflows and process changes that simply were not possible or feasible with old tools.\n\nIn addition to single projects, this transition has wider implications for distros and other aggregate works. We shall look into some of these changes ranging from full distro rebuilds to the core dependencies and tooling needed to build a modern Linux distro and how that might change in the future.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "abf9ba75-b0a7-5c6d-9c47-9e3298c41403", "id": 30, "code": "XAYQJF", "public_name": "Jussi Pakkanen", "avatar": null, "biography": "Marcel Holtmann is working at Intel's Open Source Technology Center. He is the maintainer of the BlueZ open source Bluetooth stack and has been working on Bluetooth technology since 2001. Marcel chairs the Bluetooth Internet Working Group and is a member of the Bluetooth Architectural Review Board.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/160/", "id": 42, "guid": "67cf9956-7810-5f93-91e1-a6dec4448668", "date": "2017-10-22T13:00:00+00:00", "start": "13:00", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-42-insecure-containers-", "title": "Insecure containers?", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": null, "description": "Open Source Software underpins the internet and many enterprises, but has repeatedly proven itself vulnerable to accident and tampering. As we fight to continuously secure millions of servers from attack, have we found a crucial panacea in containers?\n\nThis talk examines the anatomy of major vulnerabilities, demonstrates their applicability to containerised applications, and explores container native security tooling throughout the pipeline.\n\nIt covers recent major CVEs, container security models and extensions (cgroups, namespaces, rlimits, capabilities, Seccomp, AppArmor), their implementation in Docker and Kubernetes (flags, configuration best practices, entitlements), container breakout and hardening live demos, and container native security tooling (static/dynamic analysis, secret leakage prevention, IDS).", "recording_license": "", "do_not_record": false, "persons": [{"guid": "00e67904-8bb4-5b99-b31a-d93c1edf116c", "id": 31, "code": "JSBJTJ", "public_name": "Andrew Martin", "avatar": "https://cfp.all-systems-go.io/media/andrew_martin.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/158/", "id": 43, "guid": "9fab664d-ad52-54f1-888f-21ae80162c07", "date": "2017-10-22T13:45:00+00:00", "start": "13:45", "logo": null, "duration": "00:30", "room": "Event Loft", "slug": "ASG2017-43-creating-your-own-1password-clone", "title": "Creating your own 1password clone", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "AgileBits, the company behind the 1password password manager, published a spec for their \u201copvault\u201d format to show how confident they are in its design. This eliminates the need to reverse-engineer the encryption when trying to read from such a vault on a system where they\ndon\u2019t provide their tool.\n\nIn this talk we\u2019ll see an overview of the design of the format, such as the key derivation or the decision to split the meta-data from the details such as username and passwords.\n\nAt the same time, the talk will follow the implementation of a library to read this format in Rust, which started as a way to practice the language but now has grown a GUI to display these entries so I can use the vault on my desktop.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "00d4153b-7aaf-5b30-881b-a4aeab99f8c7", "id": 32, "code": "PPUCKY", "public_name": "Carlos Mart\u00edn Nieto", "avatar": "https://cfp.all-systems-go.io/media/Untitled.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/154/", "id": 44, "guid": "b0ab9c16-59d3-5c89-b454-2920d96bba93", "date": "2017-10-22T14:15:00+00:00", "start": "14:15", "logo": null, "duration": "00:15", "room": "Event Loft", "slug": "ASG2017-44-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/140/", "id": 45, "guid": "5b2e3eeb-4458-5fa3-9ddc-8f38596a2653", "date": "2017-10-22T14:30:00+00:00", "start": "14:30", "logo": null, "duration": "00:40", "room": "Event Loft", "slug": "ASG2017-45-building-a-secure-boot-chain-to-userland", "title": "Building a secure boot chain to userland", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "Secure boot as it currently exists in desktop Linux distributions is sufficient to verify that the bootloader and kernel have not been tampered with, but generally does nothing to ensure that userland is secure. How can we fix that?", "description": "Full system security requires the ability to determine that the entire system is in a trustworthy state. Secure Boot as currently implemented in Linux gets us partway there, but not all the way. Going further involves tying into additional security functionality, much of which already exists but is poorly integrated. This presentation will cover what needs to be done, the components required to do it and the integration work that distributions will need to do to make it viable.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e53426ec-483c-5d47-934f-989b4cae2f23", "id": 33, "code": "E3HZLF", "public_name": "Matthew Garrett", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/133/", "id": 46, "guid": "64f0a0af-8e8e-5311-a532-660d8869f0ff", "date": "2017-10-22T15:15:00+00:00", "start": "15:15", "logo": null, "duration": "00:25", "room": "Event Loft", "slug": "ASG2017-46-updating-embedded-systems-putting-it-all-together", "title": "Updating Embedded Systems -- Putting it all Together", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "Updating embedded systems reliably requires more than just the actual\nupdate process. This presentation gives an overview of the overall design\nand components needed for successful system updates.\n", "description": "With the security issues in recent year, the fact that updates are\nnecessary is no longer in question. Still, for embedded systems updates\nremain a challenge. With no administrator to handle unexpected problems, a\nfailed update can render the device unusable, which is not acceptable.\n\nPerforming updates reliably is only possible when updating is considered in\nthe design of the entire system, from the bootloader to the application.\n\nThis presentation gives an overview of the building blocks and decisions made\nto create such a design. The configuration and boot choices in the bootloader,\nwatchdog handling, monitoring at boot- and runtime and, of course, the actual\nupdate process itself.\n\nThe result is showcased using various open source components such as\nbarebox, systemd, rauc and casync.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "f4406744-1423-5f8a-9bdc-da46ce6151fb", "id": 34, "code": "88RHMV", "public_name": "Michael Olbrich", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/156/", "id": 47, "guid": "71b47890-5d9c-5279-81e8-a27e595bbb3c", "date": "2017-10-22T15:45:00+00:00", "start": "15:45", "logo": null, "duration": "00:30", "room": "Event Loft", "slug": "ASG2017-47-closing", "title": "Closing", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Till the next time!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}], "Galerie": [{"url": "https://cfp.all-systems-go.io/ASG2017/talk/109/", "id": 48, "guid": "d29893d0-ac25-508b-9d45-10906e8d677b", "date": "2017-10-22T07:30:00+00:00", "start": "07:30", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-48-kube-spawn-testing-multi-node-kubernetes-clusters-on-linux-systems", "title": "kube-spawn: testing multi-node Kubernetes clusters on Linux systems", "subtitle": "", "track": "Debugging & Tooling", "type": "presentation", "language": "en", "abstract": "kube-spawn is a tool to easily start a local, multi-node Kubernetes cluster on a Linux machine. While it was originally meant to be used mainly by developers of Kubernetes, it has been turned into a tool that is great for just trying Kubernetes out. In this talk, I will give a general introduction to kube-spawn and cover integration issues.", "description": "kube-spawn aims to become the easiest means of testing and fiddling with Kubernetes on Linux. It provides an environment that Kubernetes will eventually be running on, a full Linux OS. On the host side, end users are able to run native Kubernetes command-line tools to get every nodes and pods to work. For each container, kube-spawn bootstaps each instance based on CoreOS Container Linux, with the help of systemd-nspawn.\n\nIn this talk I will introduce kube-spawn briefly from the perspective of end users. After that, I'm going to cover several integration issues, which have been discovered during implementation. It will range from administration tools like kubeadm to low-level issues such as btrfs-based storage pools.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e6a3d12b-9717-5d9f-9e14-10820823f5ed", "id": 35, "code": "ATCTEK", "public_name": "Dongsu Park", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/96/", "id": 49, "guid": "c3016d8c-e625-5dca-ab20-914741042a62", "date": "2017-10-22T08:00:00+00:00", "start": "08:00", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-49-cgroupv2-linux-s-new-unified-control-group-hierarchy", "title": "cgroupv2: Linux's new unified control group hierarchy", "subtitle": "", "track": "Monitoring & Tracing", "type": "presentation", "language": "en", "abstract": "cgroupv1 (or just \"cgroups\") has helped revolutionise the way that we manage and use containers over the past 8 years. A complete overhaul is coming -- cgroupv2. This talk will go into why a new control group system was needed, the changes from cgroupv1, and practical uses that you can apply to improve the level of control you have over the processes on your servers.\n\nWe will go over:\n\n- Design decisions and deviations for cgroupv2 compared to v1\n- Pitfalls and caveats you may encounter when migrating to cgroupv2\n- Discussion of the internals of cgroupv2\n- Practical information about how we are using cgroupv2 inside Facebook", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "c6249045-c4d5-51dd-bf51-502f00e60e7c", "id": 36, "code": "LGUAN9", "public_name": "Chris Down", "avatar": "https://cfp.all-systems-go.io/media/headshot.jpg", "biography": "Tom works at Red Hat, and hacks on networkd and bus1.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/131/", "id": 50, "guid": "7bc0642e-7c1b-5137-97f0-6a55ea7405d3", "date": "2017-10-22T08:45:00+00:00", "start": "08:45", "logo": null, "duration": "00:30", "room": "Galerie", "slug": "ASG2017-50-unbreaking-reloads-strategies-for-fast-and-non-blocking-reconfiguration", "title": "Unbreaking reloads: strategies for fast and non-blocking reconfiguration", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "When configuration changes, daemon-reload stops the world in an increasingly unsustainable way. The problem is getting worse for two reasons: (1) heavier use of systemd means more units and longer reload times and (2) expanded use of socket activation/D-Bus activation/automount means more things urgently need PID 1's attention. There are ways to fix this up, but we'll need to move away from stopping the world (the main event loop), throwing out most loaded state, reloading state, and then resuming event handling.", "description": "<p>When configuration changes, daemon-reload stops the world in an increasingly unsustainable way. The problem is getting worse for two reasons: (1) heavier use of systemd means more units and longer reload times and (2) expanded use of socket activation/D-Bus activation/automount means more things urgently need PID 1's attention. There are ways to fix this up, but we'll need to move away from stopping the world (the main event loop), throwing out most loaded state, reloading state, and then resuming event handling.</p>\n\n<p>We'll explore these options:</p>\n<ul>\n<li>Incremental state reloading, possibly when dependencies and other cascading configuration remains the same</li>\n<li>Amortized state reloading with an atomic switch on completion</li>\n<li>Offloading configuration loading to a separate thread or process, followed by an atomic switch-over on completion.</li>\n</ul>\n\n<p>We'll need to be careful to maintain the memory footprint on resource-constrained devices, but we have options:</p>\n<ul>\n<li>Choosing to still stop the world when a system is resource-constrained</li>\n<li>Storing unit data in a tree that supports snapshots and copy-on-write, which would constrain the maximum footprint during reload to barely more than it is today</li>\n</ul>", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e5e44d7a-6545-5487-97c3-7777adb19b1c", "id": 12, "code": "8SUNZD", "public_name": "David Strauss", "avatar": "https://cfp.all-systems-go.io/media/2019-less-background-small.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/151/", "id": 51, "guid": "0fb8ae41-b813-5b93-8adb-d85b93e360be", "date": "2017-10-22T09:15:00+00:00", "start": "09:15", "logo": null, "duration": "00:15", "room": "Galerie", "slug": "ASG2017-51-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/112/", "id": 52, "guid": "7dfabf2f-d26b-5955-a2a4-46bda7f785f3", "date": "2017-10-22T09:30:00+00:00", "start": "09:30", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-52-modern-deployment-for-embedded-linux-and-iot", "title": "Modern deployment for Embedded Linux and IoT", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "In a world of connected devices, IoT and embedded systems, building robust products needs a modern deployment workflow where security and constant updates are as important as the product itself. The abilities of these systems to protect themselves, isolate applications inside sandboxes or containers, and support constant updates will enhance the product's security, its longevity and all the offered services around it. In this regard, Linux containers are one of the mechanisms that may allow to solve some of the Embedded and IoT systems problems, however their adoption is still facing some challenges such how can these mechanisms fit in the final embedded environment ?\n\nIn order to improve container integration in the Embedded Linux world, we will explore in this presentation some upcoming systemd and Linux kernel features, notably a new Security Permission model for systemd, a new lightweight container environment that allows to deploy and sandbox portable applications, some new kernel hardening features that can be used by both containers and the kernel itself to protect the entire system. Additionally we will discuss how to apply constant updates, how we can integrate this with systemd, and how to update the entire system. Some of this or all of it is already or will be available by default in Yocto project. To conclude we will demonstrate some results on how to block real life vulnerabilities in such Embedded Linux systems.", "description": "In a world of connected devices, IoT and embedded systems, building robust products needs a modern deployment workflow where security and constant updates are as important as the product itself. The abilities of these systems to protect themselves, isolate applications inside sandboxes or containers, and support constant updates will enhance the product's security, its longevity and all the offered services around it. In this regard, Linux containers are one of the mechanisms that may allow to solve some of the Embedded and IoT systems problems, however their adoption is still facing some challenges such how can these mechanisms fit in the final embedded environment ?\n\nIn order to improve container integration in the Embedded Linux world, we will explore in this presentation some upcoming systemd and Linux kernel features, notably a new Security Permission model for systemd, a new lightweight container environment that allows to deploy and sandbox portable applications, some new kernel hardening features that can be used by both containers and the kernel itself to protect the entire system. Additionally we will discuss how to apply constant updates, how we can integrate this with systemd, and how to update the entire system. Some of this or all of it is already or will be available by default in Yocto project. To conclude we will demonstrate some results on how to block real life vulnerabilities in such Embedded Linux systems.\n\nThis presentation will contain: some kernel hardening measures, lightweight containers, new sandbox model and system updates. Also the integration with Yocto will be discussed so we can create better secure embedded Linux systems.\n\nAnyone who is interested in shipping portable secure applications for Embedded Linux systems, improving Embedded Linux and IoT security, kernel hardening and Linux kernel Self Protection projects bits for embedded systems is welcome. The Embedded and IoT industry is facing major security challenges, therefore there is a huge need for improvements.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "860b5020-0488-5943-9abc-fa239c634d2b", "id": 37, "code": "GQLRGP", "public_name": "Djalal Harouni", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/125/", "id": 53, "guid": "733b26a6-43d9-53aa-9e9a-4b3c558c6f9b", "date": "2017-10-22T10:00:00+00:00", "start": "10:00", "logo": null, "duration": "00:45", "room": "Galerie", "slug": "ASG2017-53-synchronizing-images-with-casync", "title": "Synchronizing images with casync", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it.", "description": "casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "95b506b7-b71c-5f79-9b2c-09f7573853c0", "id": 14, "code": "PEZUVF", "public_name": "Lennart Poettering", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/153/", "id": 54, "guid": "49a5bd93-fd7c-5d67-be83-72afd8d992d9", "date": "2017-10-22T10:45:00+00:00", "start": "10:45", "logo": null, "duration": "01:30", "room": "Galerie", "slug": "ASG2017-54-lunch", "title": "Lunch", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Yummy food available from food trucks in the courtyard\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/138/", "id": 55, "guid": "72fbb681-9e40-5a91-be2f-75162554e248", "date": "2017-10-22T12:15:00+00:00", "start": "12:15", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-55-which-network-to-use-when-socket-intents", "title": "Which network to use when - Socket Intents", "subtitle": "", "track": "Networking", "type": "presentation", "language": "en", "abstract": "Nowadays, most end devices have multiple network interfaces to connect to the Internet. They usually pick a statically configured default interface, such as WiFi, which they prefer over LTE when both are available, but this is not necessarily the choice that provides the best performance to the application. Socket Intents is a research prototype that addresses the problem of finding policies of which network interface to pick for what kind of traffic or application. It provides several networking APIs through which an application can specify its \"Intents\", i.e., what it knows or assumes about its own traffic. The prototype then decides which of the available network interfaces to use.", "description": "Hacking the Socket API for fun and research\nThe Socket Intents framework is a research prototype developed at the INET group at TU Berlin, running in user space on Linux and Mac OS. It is written in C and released under a BSD license. Using the Socket Intents library, an application can set up a connection specifying its \"Intents\", e.g., whether the connection is going to be a small query or a large bulk transfer, whether it is intended to be a long-lived steady stream of data or a series of interactive bursts, and whether it is time-critical or background traffic. The client library then queries a daemon, the Multi Access Manager (MAM), to make a decision about which of the available network interfaces to bind this connection to, based on the Intents and on current performance estimates if available. \nSocket Intents aims to overcome the assumption that only one network interface would be available at a time, or that there is always the same statically configured \"default\" interface to use. By itself, the Socket API does not provide a good way to choose between different interfaces without placing the burden on the application. Instead of having each applications implement an interface selection logic by itself, Socket Intents provides one daemon, the Multi Access Manager, to gather as much information about the currently available network interfaces and their performance as possible. As it knows about the performance of the connected networks and about the needs of the application, based on its Intents, the Multi Access Manager can make decisions about which network interface to ues for what connection. It can also make decisions for individual objects, e.g., components of a web page, and schedule them among multiple persistens TCP connections that were established over multiple interfaces. Also, it is compatible with Multi-Path TCP (MPTCP) and can choose to schedule an object or connection over not a single interface, but multiple bundles interfaces.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "af93590d-8b67-5748-810c-5ef12207dcad", "id": 38, "code": "XPEVTP", "public_name": "Theresa Enghardt", "avatar": "https://cfp.all-systems-go.io/media/theri_by_beat.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/136/", "id": 56, "guid": "27c07c45-0d7b-5a30-b497-b44a2fdf119e", "date": "2017-10-22T13:00:00+00:00", "start": "13:00", "logo": null, "duration": "00:40", "room": "Galerie", "slug": "ASG2017-56-virtualization-what-changed-in-the-last-decade", "title": "Virtualization: what changed in the last decade", "subtitle": "", "track": "Process Isolation", "type": "presentation", "language": "en", "abstract": "Containers are pretty cool, but in scenarios where they don't satisfy all the requirements, service providers still rely on virtualization. Hardware virtualization became mainstream 1 decade ago and it never stopped evolving. I even dare to say that virtualization is not boring anymore!\nIn this presentation I will talk about the most significant hardware changes in the virtualization world.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "89666a88-ca6d-5e4c-9139-7a3962e5342c", "id": 39, "code": "VGTHK9", "public_name": "Hugo Tavares Reis", "avatar": "https://cfp.all-systems-go.io/media/1401650_10202194440052868_1380332548_o.jpg", "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/132/", "id": 57, "guid": "00bb87ad-054a-5ab9-9c6f-58bfb9990207", "date": "2017-10-22T13:45:00+00:00", "start": "13:45", "logo": null, "duration": "00:30", "room": "Galerie", "slug": "ASG2017-57-update-on-new-wifi-daemon-for-linux", "title": "Update on new WiFi daemon for Linux", "subtitle": "", "track": "Networking", "type": "presentation", "language": "en", "abstract": "This presentation is about a new 802.11 wireless daemon for Linux. It is a lightweight daemon handling all aspects around WiFi support for Linux. It is designed with a tiny footprint for IoT use cases in mind. After its initial release last year, this provides the update on the progress and its integration into ConnMan and Network Manager.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "fb697998-32b0-5fe4-9661-e16e9a136322", "id": 15, "code": "BEJQWM", "public_name": "Marcel Holtmann", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/155/", "id": 58, "guid": "7293f8c0-a26d-5bd9-93bf-2a637e4d7ead", "date": "2017-10-22T14:15:00+00:00", "start": "14:15", "logo": null, "duration": "00:15", "room": "Galerie", "slug": "ASG2017-58-break", "title": "Break", "subtitle": "", "track": "default", "type": "default", "language": "en", "abstract": null, "description": "Have a tea, coffee and/or Club Mate!\n", "recording_license": "", "do_not_record": false, "persons": [], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/157/", "id": 59, "guid": "214824e8-012d-53fe-92a5-1d8d2dba2651", "date": "2017-10-22T14:30:00+00:00", "start": "14:30", "logo": null, "duration": "00:10", "room": "Galerie", "slug": "ASG2017-59-what-s-in-a-container-the-oci-answer", "title": "What's in a container? The OCI Answer", "subtitle": "", "track": "Process Isolation", "type": "presentation", "language": "en", "abstract": "The container has become one of the most overloaded industry buzzwords of the last five years. From Jails to LXC to Zones to systemd-nspawn Docker to rkt - there's an assortment of different tools on different platforms that call themselves containers, and no clear consensus what it means when it comes to distributing containers or implementing the underlying technical details. The Open Container Initiative was formed in 2015 to try to remedy this situation by establishing a shared set of container standards for different implementers to agree on. With representatives from all major server operating system platforms, the Initiative has made great strides towards specifying a truly interoperable container. The two key OCI projects recently hit their canonical 1.0 version; this talk will explain what OCI is and what that milestone means for the container ecosystem.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"guid": "d25b4954-1540-5b13-95eb-8fa580f98971", "id": 40, "code": "R3HWED", "public_name": "Jon Boulle", "avatar": null, "biography": "Drew is currently part of the Mender.io open source project to deploy OTA software updates to embedded Linux devices. He has worked on embedded projects such as RAID storage controllers, Direct and Network attached storage devices and graphical pagers.\r\n\r\nHe has spent the last 7 hears working in Operating System\r\nProfessional Services helping customers develop production\r\nembedded Linux systems. He has spent his career in embedded\r\nsoftware and developer tools and has focused on Embedded Linux\r\nand Yocto for about 10 years. He is currently a Technical\r\nSolutions Engineer at Northern.Tech (the company behind the OSS project Mender.io), helping customers develop safer, more secure connected devices.  \r\n\r\nHe worked previously as a Technical Project Manager and Professional Services Engineer for Mentor Graphics. Previous to that, he has worked with Red Hat, Intel, and Monta Vista Software. He was raised in Tampa, Florida and attended the University of Florida.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/128/", "id": 60, "guid": "ab848276-925e-5eb7-8e94-8500fbf929c9", "date": "2017-10-22T14:45:00+00:00", "start": "14:45", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-60-tango-with-systemd", "title": "Tango with systemd", "subtitle": "", "track": "Service Management", "type": "presentation", "language": "en", "abstract": "Used by many major distributions, systemd is widely known in the desktop and\nserver world. But it is not so common to find it in embedded product.\nIn this talk, we will show how systemd can be a real benefit for the embedded\nworld; for both your sanity and your time.\nWe will discuss how systemd was integrated into Phantom, a speaker from\nDevialet, and what was the pro and cons of using it.", "description": "Building a product from scratch is a challenge, even more so with a small team.\nEvery line of code that you don't have to maintain; every hour you win by using\nan already existing piece of code that solve your problem, is more hours you\ncan spend creating new features for your product.\nUsing systemd in an embedded device is not a choice done by many, but it can be\nreally beneficial to your product, your team and yourself.\nWe'll first start discussing how to reduce systemd to debunk the fact that it's\nhuge.\nThen we will see the benefits of using systemd and how it can help you build\nyour system without worrying.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "129e6e58-5436-55a8-8651-f0e2ee2be0aa", "id": 41, "code": "STNLTG", "public_name": "Maxime Hadjinlian", "avatar": "https://cfp.all-systems-go.io/media/unnamed.jpg", "biography": "", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2017/talk/107/", "id": 61, "guid": "a3165a14-c768-5c89-b5b2-5bb95bd3300a", "date": "2017-10-22T15:15:00+00:00", "start": "15:15", "logo": null, "duration": "00:25", "room": "Galerie", "slug": "ASG2017-61-journal-as-a-storage-and-other-adventures-in-user-session-recording", "title": "Journal as a Storage and Other Adventures in User Session Recording", "subtitle": "", "track": "Security", "type": "presentation", "language": "en", "abstract": "See how Red Hat's Session Recording project is using Systemd Journal to store and playback recordings of terminal sessions. Wonder at the challenges the project faces, such as dealing with various terminal types, character encodings, random playback positioning, etc.", "description": "Red Hat's customers in financial, medical, government and other areas have been asking for a session recording feature for a while, and so the User Session Recording project was started.\n\nNikolai Kondrashov is going to introduce our project briefly and then show how we use Systemd Journal to store and playback recordings of terminal sessions for our Cockpit UI. He is going to talk about limitations of, and possible improvements for this solution, and then about other challenges the project faces: dealing with different terminal types, character encodings, implementing recording playback, etc. And, of course, there is going to be a demo!", "recording_license": "", "do_not_record": false, "persons": [{"guid": "74e0d801-f296-521f-9a5a-5568ef70a078", "id": 42, "code": "ADBHD7", "public_name": "Nikolai Kondrashov", "avatar": "https://cfp.all-systems-go.io/media/avatars/82fca0b4be71150e13329805cd6867f5_jOkiBME.jpg", "biography": "Chris Down is a Production Engineer on Facebook's Web Foundation team, based in London. He is responsible for debugging and resolving major production issues, and improving the reliability and efficiency of Facebook's systems. He also is a contributor to Facebook's open source efforts, including osquery, an operating system instrumentation framework for OS X and Linux.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}]}}}