“Fix, forget, or forge a new path?” Brian 'redbeard' Harrington · presentation (40 minutes)

As Infrastructure operators we're exposed to a lot of plumbing and not a lot of porcelain. Worse, because our concerns are often esoteric (in the eyes of application developers) we have to fix our own pipes too. Often this leads to the "homeowners dilemma"... Making the call of when to patch thing…


“Break” · default (15 minutes)


“Azure networking integration challenges” Stephen Hemminger · presentation (45 minutes)

The introduction on Accelerated Networking on Azure created challenges integrating support in Linux distributions. The original method using bonding had issues that were solved by introducing a new mode called "Transparent VF". This mode solves issues with udev, cloudinit and distribution specific …


“Network troubleshooting in heterogeneous cloud environment with Skydive” Sylvain Afchain · presentation (15 minutes)

With the growing number of network cloud services it becomes essential to be able to monitor, troubleshoot and analyze different virtualization or container technologies. Being able to monitor complex heterogeneous federated cloud environments is key.

Skydive is a real-time and post-mortem topology…


“Lunch” · default (90 minutes)


“Journal as a Storage and Other Adventures in User Session Recording” Nikolai Kondrashov · presentation (25 minutes)

See how Red Hat's Session Recording project is using Systemd Journal to store and playback recordings of terminal sessions. Wonder at the challenges the project faces, such as dealing with various terminal types, character encodings, random playback positioning, etc.


“Rust memory management” Zeeshan Ali · presentation (25 minutes)

A quick introduction to the unique memory management concepts of Rust.


“Social Event” · default (4.9 hours)


“High-performance Linux monitoring with eBPF” Alfonso Acosta · presentation (25 minutes)

Extended Berkeley Packet Filter (eBPF) allows for high-performance introspection of the Linux kernel execution. eBPF is widely available (part of the mainline kernel and enabled by most distributions), flexible (any kernel code path can be probed) and safe (driven from userspace and statically veri…


“Tango with systemd” Maxime Hadjinlian · presentation (25 minutes)

Used by many major distributions, systemd is widely known in the desktop and
server world. But it is not so common to find it in embedded product.
In this talk, we will show how systemd can be a real benefit for the embedded
world; for both your sanity and your time.
We will discuss how systemd was…


“systemd @ Facebook — a year later” Davide Cavalca · presentation (40 minutes)

We'll be talking about what we learned throughout the past year running systemd in production at Facebook: new challenges that have come up, how the integration process went and the areas of improvement we discovered. We'll also discuss our efforts building a monitoring solution for system services…


“State of the rkt container runtime” Iago López Galeiras · presentation (25 minutes)

rkt is a modern container runtime, built for security, efficiency, and composability. It is one of the container runtimes supported by Kubernetes but the current implementation (“rktnetes”) doesn’t support the Container Runtime Interface (CRI). The work-in-progress CRI implementation is called rktl…


“Break” · default (15 minutes)


“Software updates for connected Linux devices: key requirements” Drew Moseley · presentation (25 minutes)

A key requirement for connected Linux devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.

As part of the Mender.io project, we have interviewed more than 100 embedded dev…


“Building a secure boot chain to userland” Matthew Garrett · presentation (40 minutes)

Secure boot as it currently exists in desktop Linux distributions is sufficient to verify that the bootloader and kernel have not been tampered with, but generally does nothing to ensure that userland is secure. How can we fix that?


“Which network to use when - Socket Intents” Theresa Enghardt · presentation (40 minutes)

Nowadays, most end devices have multiple network interfaces to connect to the Internet. They usually pick a statically configured default interface, such as WiFi, which they prefer over LTE when both are available, but this is not necessarily the choice that provides the best performance to the app…


“Creating your own 1password clone” Carlos Martín Nieto · presentation (30 minutes)

AgileBits, the company behind the 1password password manager, published a spec for their “opvault” format to show how confident they are in its design. This eliminates the need to reverse-engineer the encryption when trying to read from such a vault on a system where they
don’t provide their tool.


“Updating Embedded Systems -- Putting it all Together” Michael Olbrich · presentation (25 minutes)

Updating embedded systems reliably requires more than just the actual
update process. This presentation gives an overview of the overall design
and components needed for successful system updates.


“Lunch” · default (90 minutes)


“What's in a container? The OCI Answer” Jon Boulle · presentation (10 minutes)

The container has become one of the most overloaded industry buzzwords of the last five years. From Jails to LXC to Zones to systemd-nspawn Docker to rkt - there's an assortment of different tools on different platforms that call themselves containers, and no clear consensus what it means when it c…


“cgroupv2: Linux's new unified control group hierarchy” Chris Down · presentation (40 minutes)

cgroupv1 (or just "cgroups") has helped revolutionise the way that we manage and use containers over the past 8 years. A complete overhaul is coming -- cgroupv2. This talk will go into why a new control group system was needed, the changes from cgroupv1, and practical uses that you can apply to imp…


“Break” · default (15 minutes)


“Break” · default (15 minutes)


“A gentle introduction to [e]BPF” Michael Schubert · presentation (25 minutes)

BPF is a Linux in-kernel virtual machine that is used for networking, tracing, seccomp and more. This talk will give an introduction to the extended BPF subsystem in Linux, an overview on how it works, show available tools to work with and explain possibilities as well as limits.


“Closing” · default (30 minutes)


“Containers: What Did We Learn?” Eric Myhre · presentation (15 minutes)

Containers: love 'em or hate 'em -- whether you think they're the hottest new thing or yesteryear's same ideas in new clothing -- the both rapid and sustained rate of adoption of recent container technologies says one thing clearly: We Were Missing Something. But what, exactly? And have we found "i…


“Streamlining systemd's code and safety” David Strauss · presentation (25 minutes)

Today, the systemd project uses a non-standard superset of C to get destructor-like functionality. But, we pay a heavy price for doing it this way: we lose compiler portability, use hundreds of boilerplate macros, and confuse static analysis tools (which don't always realize why we're not leaking m…


“What If Component xxx Dies? Introducing Self-Healing Kubernetes” Max Leonard Inden · presentation (25 minutes)

Kubernetes promises healing your application on all kinds of failure scenarios, but why not self-heal Kubernetes itself?


“Insecure containers?” Andrew Martin · presentation (40 minutes)


“Lunch” · default (90 minutes)


“Virtualization: what changed in the last decade” Hugo Tavares Reis · presentation (40 minutes)

Containers are pretty cool, but in scenarios where they don't satisfy all the requirements, service providers still rely on virtualization. Hardware virtualization became mainstream 1 decade ago and it never stopped evolving. I even dare to say that virtualization is not boring anymore!
In this pre…


“Containers without a Container Manager, with systemd” Lennart Poettering · presentation (30 minutes)

systemd service management today supports a number of the features that container management is known for, but for classic system services. Let's see which ones, and how to make use of them.


“Break” · default (15 minutes)


“Opening” · default (15 minutes)


“Modern deployment for Embedded Linux and IoT” Djalal Harouni · presentation (25 minutes)

In a world of connected devices, IoT and embedded systems, building robust products needs a modern deployment workflow where security and constant updates are as important as the product itself. The abilities of these systems to protect themselves, isolate applications inside sandboxes or container…


“Securing Home Automation with Tor” Kalyan Dikshit · default (30 minutes)

Today the technological worlds centralize principle is to automate each conceivable thing for simplicity in life, providing security,
saving electricity and time.
<cite>Home automation is “The Internet of Things"…The way that all of our devices and appliances will be networked together to pr…


“Pre-Registration Event” · default (3 hours)


“Simulate hardware for integration testing” Martin Pitt · presentation (25 minutes)

How to get a slightly broken hard disk for testing file systems or udisks? A wifi access point which supports the old 802.11b standard for writing a test case for NetworkManager? Downloading a photo from a particular camera model which you don't own, but got a libgphoto bug report for? In this hand…


“Using systemd for containers @ Facebook” Zeal Jagannatha, Zoltan Puskas · presentation (40 minutes)

To achieve faster and easier containerization at Facebook we have started utilizing Chef, Btrfs and Systemd to improve our container system. These tools helped us to design a robust base for our cluster management will allow us to concentrate more higher level functionality. Our version of image an…


“Incremental Adoption of Open Services with Habitat” Blake Irvin · presentation (15 minutes)

Open services mark a paradigm shift similar to the disruption caused by open-source software in the 90s, but the path to effective adoption of open services tooling is sometimes unclear. Blake will share patterns and learnings from his experience integrating one such tool, Habitat, at smartB GmbH.


“Synchronizing images with casync” Lennart Poettering · presentation (45 minutes)

casync is a novel tool for delivering OS images across the Internet. While there are many tools like this around, casync has some features that set it apart. In this talk we'll discuss why it is useful for delivering your IoT, container, application or OS images, and how you can make use of it.


“Break” · default (15 minutes)


“Landlock LSM: Towards unprivileged sandboxing” Michael Schubert · presentation (25 minutes)

Landlock is a proposal for a new Linux Security Module (LSM) to create secure sandboxes with the goal “to empower any process, including unprivileged ones, to securely restrict themselves.” This presentation will give an overview on what Landlock is, discuss the current status of the patchset and d…


“Cockpit: A Linux sysadmin session in your Browser” Stef Walter · presentation (25 minutes)

Cockpit is an open source project that has built the new system admin UI for Linux. It turns Linux server into something discoverable and usable. Its goal is to remove the steep learning curve for Linux deployments.

Cockpit lets you immediately dive into things like storage, network configuration, …


“The IoT botnet wars, Linux devices, and the absence of basic security hardening” Drew Moseley · presentation (40 minutes)

We will discuss the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. We will walk the audience through specific vectors they used to exploit devices and cover some basics in security hard…


“Break” · default (15 minutes)


“Reproducible Builds - where do we want to go tomorrow?” Holger Levsen · presentation (40 minutes)

A status report on Reproducible builds, which enable everyone to verify that a given binary is made from the source it is claimed to be made from, by enabling anyone to create bit by bit identical binaries.


“kube-spawn: testing multi-node Kubernetes clusters on Linux systems” Dongsu Park · presentation (25 minutes)

kube-spawn is a tool to easily start a local, multi-node Kubernetes cluster on a Linux machine. While it was originally meant to be used mainly by developers of Kubernetes, it has been turned into a tool that is great for just trying Kubernetes out. In this talk, I will give a general introduction …


“kubernetes for toasters?” Arvid E. Picciani · presentation (40 minutes)

Potential solutions to achieving containerization on constrained devices.

  1. Why?
  2. a content addressable elf linker (bolter)
  3. space efficient container imaging (korhal)
  4. oci compliant runtime (railcar)


“Update on new WiFi daemon for Linux” Marcel Holtmann · presentation (30 minutes)

This presentation is about a new 802.11 wireless daemon for Linux. It is a lightweight daemon handling all aspects around WiFi support for Linux. It is designed with a tiny footprint for IoT use cases in mind. After its initial release last year, this provides the update on the progress and its int…


“Meson and the changing Linux build landscape” Jussi Pakkanen · presentation (40 minutes)

The Meson build system has been picking up steam this year and many
fundamental projects have transitioned to it from their old build
systems. In this talk we shall look at the advantages and disadvantages these transitions have brought, what we can expect from the future of build systems and what …


“Using BPF in Kubernetes” Alban Crequy · presentation (30 minutes)

In this talk, I will present different use cases for using BPF in a Kubernetes cluster. BPF is a Linux in-kernel virtual machine and there are different kinds of BPF programs for different subsystems that will be considered: kprobes, traffic control, cgroups, LSM. I’ll follow with concrete examples…


“Cyborg Teams” Stef Walter · presentation (45 minutes)

n the Cockpit project we’ve done something amazing: We’ve built “robot” contributors to an Open Source project. “Cockpituous”, our project’s #5 contributor, is actually our automated team members.

Bots do the mundane tasks that would otherwise use up the time of human contributors. During the talk …


“Break” · default (15 minutes)


“Really crazy container troubleshooting stories” Gianluca Borello · presentation (40 minutes)


“Introducing Bluetooth Mesh” Marcel Holtmann · presentation (40 minutes)

Bluetooth technology has been extended with a brand new mesh feature. This presentation gives an introduction to Bluetooth Mesh and its impacts on the ecosystem. It shows the new and exciting use cases that a mesh enabled Bluetooth low energy enables. The presentation will also put a focus on Linux…


“Portals, dynamic permissions in Flatpak” Alexander Larsson · presentation (40 minutes)

Desktop application sandboxing is quite different than traditional
container isolation, learn how flatpak does it, using the concept of
portals.


“Building containers all day” Cornelius Schumacher · lighning_talk (15 minutes)

Containers have become a popular way of packaging and running applications, especially for server applications using microservice architectures. As containers can be started in no time, building new container images replacing old ones has become the predominant way of applying updates. Having conti…


“Unbreaking reloads: strategies for fast and non-blocking reconfiguration” David Strauss · presentation (30 minutes)

When configuration changes, daemon-reload stops the world in an increasingly unsustainable way. The problem is getting worse for two reasons: (1) heavier use of systemd means more units and longer reload times and (2) expanded use of socket activation/D-Bus activation/automount means more things ur…


“Getting Started with Habitat” Jamie Winsor · presentation (45 minutes)

Habitat is the best way for software developers to build, deploy, and manage modern applications - regardless of their expertise. Habitat provides a self-healing, self-configuring, stack-agnostic, frictionless abstraction for running applications—regardless of their complexity on whatever infrastru…


“Lunch” · default (90 minutes)