»Pre-Registration Event« ; default (3 hours)


»Opening« ; default (15 minutes)


»Really crazy container troubleshooting stories« Gianluca Borello; presentation (40 minutes)


»Rust memory management« Zeeshan Ali; presentation (25 minutes)

A quick introduction to the unique memory management concepts of Rust.


»Incremental Adoption of Open Services with Habitat« Blake Irvin; presentation (15 minutes)

Open services mark a paradigm shift similar to the disruption caused by open-source software in the 90s, but the path to effective adoption of open services tooling is sometimes unclear. Blake will share patterns and learnings from his experience integrating one such tool, Habitat, at smartB GmbH.


»Break« ; default (15 minutes)


»Azure networking integration challenges« Stephen Hemminger; presentation (45 minutes)

The introduction on Accelerated Networking on Azure created challenges integrating support in Linux distributions. The original method using bonding had issues that were solved by introducing a new mode called "Transparent VF". This mode solves issues with udev, cloudinit and distribution specifi...


»Lunch« ; default (90 minutes)


»systemd @ Facebook — a year later« Davide Cavalca; presentation (40 minutes)

We'll be talking about what we learned throughout the past year running systemd in production at Facebook: new challenges that have come up, how the integration process went and the areas of improvement we discovered. We'll also discuss our efforts building a monitoring solution for system servic...


»State of the rkt container runtime« Iago López Galeiras; presentation (25 minutes)

rkt is a modern container runtime, built for security, efficiency, and composability. It is one of the container runtimes supported by Kubernetes but the current implementation (“rktnetes”) doesn’t support the Container Runtime Interface (CRI). The work-in-progress CRI implementation is called rk...


»Portals, dynamic permissions in Flatpak« Alexander Larsson; presentation (40 minutes)

Desktop application sandboxing is quite different than traditional container isolation, learn how flatpak does it, using the concept of portals.


»Containers: What Did We Learn?« Eric Myhre; presentation (15 minutes)

Containers: love 'em or hate 'em -- whether you think they're the hottest new thing or yesteryear's same ideas in new clothing -- the both rapid and sustained rate of adoption of recent container technologies says one thing clearly: We Were Missing Something. But what, exactly? And have we found ...


»Break« ; default (15 minutes)


»Fix, forget, or forge a new path?« Brian 'redbeard' Harrington; presentation (40 minutes)

As Infrastructure operators we're exposed to a lot of plumbing and not a lot of porcelain. Worse, because our concerns are often esoteric (in the eyes of application developers) we have to fix our own pipes too. Often this leads to the "homeowners dilemma"... Making the call of when to patch thi...


»Streamlining systemd's code and safety« David Strauss; presentation (25 minutes)

Today, the systemd project uses a non-standard superset of C to get destructor-like functionality. But, we pay a heavy price for doing it this way: we lose compiler portability, use hundreds of boilerplate macros, and confuse static analysis tools (which don't always realize why we're not leaking...


»A gentle introduction to [e]BPF« Michael Schubert; presentation (25 minutes)

BPF is a Linux in-kernel virtual machine that is used for networking, tracing, seccomp and more. This talk will give an introduction to the extended BPF subsystem in Linux, an overview on how it works, show available tools to work with and explain possibilities as well as limits.


»Containers without a Container Manager, with systemd« Lennart Poettering; presentation (30 minutes)

systemd service management today supports a number of the features that container management is known for, but for classic system services. Let's see which ones, and how to make use of them.


»Introducing Bluetooth Mesh« Marcel Holtmann; presentation (40 minutes)

Bluetooth technology has been extended with a brand new mesh feature. This presentation gives an introduction to Bluetooth Mesh and its impacts on the ecosystem. It shows the new and exciting use cases that a mesh enabled Bluetooth low energy enables. The presentation will also put a focus on Lin...


»High-performance Linux monitoring with eBPF« Alfonso Acosta; presentation (25 minutes)

Extended Berkeley Packet Filter (eBPF) allows for high-performance introspection of the Linux kernel execution. eBPF is widely available (part of the mainline kernel and enabled by most distributions), flexible (any kernel code path can be probed) and safe (driven from userspace and statically ve...


»Network troubleshooting in heterogeneous cloud environment with Skydive« Sylvain Afchain; presentation (15 minutes)

With the growing number of network cloud services it becomes essential to be able to monitor, troubleshoot and analyze different virtualization or container technologies. Being able to monitor complex heterogeneous federated cloud environments is key.

Skydive is a real-time and post-mortem topolo...


»Break« ; default (15 minutes)


»Getting Started with Habitat« Jamie Winsor; presentation (45 minutes)

Habitat is the best way for software developers to build, deploy, and manage modern applications - regardless of their expertise. Habitat provides a self-healing, self-configuring, stack-agnostic, frictionless abstraction for running applications—regardless of their complexity on whatever infrast...


»Lunch« ; default (90 minutes)


»The IoT botnet wars, Linux devices, and the absence of basic security hardening« Drew Moseley ; presentation (40 minutes)

We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security ha...


»Cockpit: A Linux sysadmin session in your Browser« Stef Walter; presentation (25 minutes)

Cockpit is an open source project that has built the new system admin UI for Linux. It turns Linux server into something discoverable and usable. Its goal is to remove the steep learning curve for Linux deployments.

Cockpit lets you immediately dive into things like storage, network configuration...


»Reproducible Builds - where do we want to go tomorrow?« Holger Levsen; presentation (40 minutes)

A status report on Reproducible builds, which enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries.


»Building containers all day« Cornelius Schumacher; lighning_talk (15 minutes)

Containers have become a popular way of packaging and running applications, especially for server applications using microservice architectures. As containers can be started in no time, building new container images replacing old ones has become the predominant way of applying updates. Having con...


»Break« ; default (15 minutes)


»Using systemd for containers @ Facebook« Zeal Jagannatha, Zoltan Puskas; presentation (40 minutes)

To achieve faster and easier containerization at Facebook we have started utilizing Chef, Btrfs and Systemd to improve our container system. These tools helped us to design a robust base for our cluster management will allow us to concentrate more higher level functionality. Our version of image ...


»Landlock LSM: Towards unprivileged sandboxing« Michael Schubert; presentation (25 minutes)

Landlock is a proposal for a new Linux Security Module (LSM) to create secure sandboxes with the goal “to empower any process, including unprivileged ones, to securely restrict themselves.” This presentation will give an overview on what Landlock is, discuss the current status of the patchset and...


»Software updates for connected Linux devices: key requirements« Drew Moseley ; presentation (25 minutes)

A key requirement for connected Linux devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.

As part of the Mender.io project, we have interviewed more than 100 embedded d...


»Securing Home Automation with Tor« Kalyan Dikshit; default (30 minutes)

Today the technological worlds centralize principle is to automate each conceivable thing for simplicity in life, providing security, saving electricity and time. <cite>Home automation is “The Internet of Things"…The way that all of our devices and appliances will be networked together to ...


»Social Event« ; default (4.9 hours)


»What If Component xxx Dies? Introducing Self-Healing Kubernetes« Max Leonard Inden; presentation (25 minutes)

Kubernetes promises healing your application on all kinds of failure scenarios, but why not self-heal Kubernetes itself?


»kubernetes for toasters?« Arvid E. Picciani; presentation (40 minutes)

Potential solutions to achieving containerization on constrained devices.

  1. Why?
  2. a content addressable elf linker (bolter)
  3. space efficient container imaging (korhal)
  4. oci compliant runtime (railcar)


»Using BPF in Kubernetes« Alban Crequy; presentation (30 minutes)

In this talk, I will present different use cases for using BPF in a Kubernetes cluster. BPF is a Linux in-kernel virtual machine and there are different kinds of BPF programs for different subsystems that will be considered: kprobes, traffic control, cgroups, LSM. I’ll follow with concrete exampl...


»Break« ; default (15 minutes)


»Simulate hardware for integration testing« Martin Pitt; presentation (25 minutes)

How to get a slightly broken hard disk for testing file systems or udisks? A wifi access point which supports the old 802.11b standard for writing a test case for NetworkManager? Downloading a photo from a particular camera model which you don't own, but got a libgphoto bug report for? In this ha...


»Cyborg Teams« Stef Walter; presentation (45 minutes)

n the Cockpit project we’ve done something amazing: We’ve built “robot” contributors to an Open Source project. “Cockpituous”, our project’s #5 contributor, is actually our automated team members.

Bots do the mundane tasks that would otherwise use up the time of human contributors. During the tal...


»Lunch« ; default (90 minutes)


»Meson and the changing Linux build landscape« Jussi Pakkanen; presentation (40 minutes)

The Meson build system has been picking up steam this year and many fundamental projects have transitioned to it from their old build systems. In this talk we shall look at the advantages and disadvantages these transitions have brought, what we can expect from the future of build systems and wha...


»Insecure containers?« Andrew Martin; presentation (40 minutes)


»Creating your own 1password clone« Carlos Martín Nieto; presentation (30 minutes)

AgileBits, the company behind the 1password password manager, published a spec for their “opvault” format to show how confident they are in its design. This eliminates the need to reverse-engineer the encryption when trying to read from such a vault on a system where they don’t provide their tool...


»Break« ; default (15 minutes)


»Building a secure boot chain to userland« Matthew Garrett; presentation (40 minutes)

Secure boot as it currently exists in desktop Linux distributions is sufficient to verify that the bootloader and kernel have not been tampered with, but generally does nothing to ensure that userland is secure. How can we fix that?


»Updating Embedded Systems -- Putting it all Together« Michael Olbrich; presentation (25 minutes)

Updating embedded systems reliably requires more than just the actual update process. This presentation gives an overview of the overall design and components needed for successful system updates.


»Closing« ; default (30 minutes)


»kube-spawn: testing multi-node Kubernetes clusters on Linux systems« Dongsu Park; presentation (25 minutes)

kube-spawn is a tool to easily start a local, multi-node Kubernetes cluster on a Linux machine. While it was originally meant to be used mainly by developers of Kubernetes, it has been turned into a tool that is great for just trying Kubernetes out. In this talk, I will give a general introductio...


»cgroupv2: Linux's new unified control group hierarchy« Chris Down; presentation (40 minutes)

cgroupv1 (or just "cgroups") has helped revolutionise the way that we manage and use containers over the past 8 years. A complete overhaul is coming -- cgroupv2. This talk will go into why a new control group system was needed, the changes from cgroupv1, and practical uses that you can apply to i...


»What's in a container? The OCI Answer« Jon Boulle; presentation (10 minutes)

The container has become one of the most overloaded industry buzzwords of the last five years. From Jails to LXC to Zones to systemd-nspawn Docker to rkt - there's an assortment of different tools on different platforms that call themselves containers, and no clear consensus what it means when it...


»Unbreaking reloads: strategies for fast and non-blocking reconfiguration« David Strauss; presentation (30 minutes)

When configuration changes, daemon-reload stops the world in an increasingly unsustainable way. The problem is getting worse for two reasons: (1) heavier use of systemd means more units and longer reload times and (2) expanded use of socket activation/D-Bus activation/automount means more things ...


»Break« ; default (15 minutes)


»Modern deployment for Embedded Linux and IoT« Djalal Harouni; presentation (25 minutes)

In a world of connected devices, IoT and embedded systems, building robust products needs a modern deployment workflow where security and constant updates are as important as the product itself. The abilities of these systems to protect themselves, isolate applications inside sandboxes or contain...


»Synchronizing images with casync« Lennart Poettering; presentation (45 minutes)

casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it.


»Lunch« ; default (90 minutes)


»Which network to use when - Socket Intents« Theresa Enghardt; presentation (40 minutes)

Nowadays, most end devices have multiple network interfaces to connect to the Internet. They usually pick a statically configured default interface, such as WiFi, which they prefer over LTE when both are available, but this is not necessarily the choice that provides the best performance to the a...


»Virtualization: what changed in the last decade« Hugo Tavares Reis; presentation (40 minutes)

Containers are pretty cool, but in scenarios where they don't satisfy all the requirements, service providers still rely on virtualization. Hardware virtualization became mainstream 1 decade ago and it never stopped evolving. I even dare to say that virtualization is not boring anymore! In this p...


»Update on new WiFi daemon for Linux« Marcel Holtmann; presentation (30 minutes)

This presentation is about a new 802.11 wireless daemon for Linux. It is a lightweight daemon handling all aspects around WiFi support for Linux. It is designed with a tiny footprint for IoT use cases in mind. After its initial release last year, this provides the update on the progress and its i...


»Break« ; default (15 minutes)


»Tango with systemd« Maxime Hadjinlian; presentation (25 minutes)

Used by many major distributions, systemd is widely known in the desktop and server world. But it is not so common to find it in embedded product. In this talk, we will show how systemd can be a real benefit for the embedded world; for both your sanity and your time. We will discuss how systemd w...


»Journal as a Storage and Other Adventures in User Session Recording« Nikolai Kondrashov; presentation (25 minutes)

See how Red Hat's Session Recording project is using Systemd Journal to store and playback recordings of terminal sessions. Wonder at the challenges the project faces, such as dealing with various terminal types, character encodings, random playback positioning, etc.