»Pre-registration meetup« ; talk (3 hours)

Pre-registration meetup with talks where attendees can pickup badges and hangout.


»Opening« ; default (15 minutes)


»Little Services, Big Risks« David Strauss; talk (30 minutes)

As we isolate functionality into services distributed across networks, we increasingly strain the concept of trust boundaries. Hosts are no longer simply trusted or untrusted, and each host comes with a new foothold for attackers. This risk is called the Confused Deputy Problem, and it’s part of ...


»Fedora CoreOS« Ben Breard; talk (30 minutes)

What exactly is Red Hat up with CoreOS .....and what were they thinking when they announced a Fedora CoreOS? In this talk, we'll briefly look at some of the excellent work pioneered by the Container Linux team around the self-driving, container focused operating system. We'll also overlay how the...


»A debugger from scratch « Liz Rice; talk (30 minutes)

At some stage in your programming life you may well have used a debugger, but did you wonder how it was able to step into and control your executable? In this talk we'll see how debuggers work by building one from scratch in a few lines of Go.


»From Physical to Cloud to Container« Klaus Kämpf; talk (30 minutes)

Uyuni, an opinionated fork of the Spacewalk project, provides open source lifecycle management for today's datacenter. With the help of Salt for configuration management it keeps your workloads up to date and secure.


»Resource Control @FB« Tejun Heo, Johannes Weiner; talk (45 minutes)

After years of development and experimentation, we finally have comprehensive OS-level work-conserving resource isolation working and are now in the process of deploying for various applications including workload protection and container stacking. This talk examines the project and the resulting...


»Monitoring File System Syscalls in a Distributed Architecture« Daniel Feinberg; talk (30 minutes)

In a distributed world, monitoring system calls with kauditd can present challenges. In this talk we will address some of those challenges and give a use case of how we build an event pipeline for monitoring file system events.


»Monitoring Linux Capabilities in the Container using BPF« William Smith; talk (15 minutes)

Modern container engines such as systemd.nspawn and rkt provide a means of restricting privilege by limiting Linux capabilities. At Facebook, however, the heterogeneity of services and complexity of libraries running inside the container, along with our full init system model, make determining th...


»Fluent Bit: Solving Logging Challenges for Cloud Native Environments« Eduardo Silva; talk (30 minutes)

Logging could be considered simple when dealing with a few applications, but in environments with distributed systems where log data comes from multiple sources and likely in different formats it becomes complex and data analysis harder.

In this session I will dig into the challenges of logging f...


»Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security« Thomas Graf; talk (30 minutes)


»oomd« Daniel Xu; talk (30 minutes)

Running out of memory on a host is a particularly nasty scenario. In the Linux kernel, if memory is being overcommitted, it results in the kernel out-of-memory (OOM) killer kicking in. In this talk, Daniel Xu will cover why the Linux kernel OOM killer is surprisingly ineffective and how oomd, a n...


»Container Run-times and Fun-times« Lindsay Salisbury; talk (30 minutes)

A dive into the world of running systemd as an in container process manager at Facebook.


»Portable Services are Ready to Use« Lennart Poettering; talk (45 minutes)

Portable Services bring certain aspects of containers to classic system service management. Let's discuss them in technical detail!


»Is my system fast?« Frank Becker; talk (45 minutes)

Computer systems are complex. Most software applications are distributed and expected to scale. That does not make them any simpler. Further, there is the real world all of that is expected to work in. To analyze performance of such a system isn't less complex. Luckily, there is help. The Open So...


»LinuxBoot and booting fast« Paul Menzel; talk (45 minutes)

In contrast to most firmware, like UEFI based or the BIOS, Linux is free software, has drivers for everything and is well known to the administrator. So why not use it in the firmware too? Some work has to be done though to fit it into the flash ROM chip and make it fast.


»HTTP tunneling in Go using HTTP/2 streams« Iago López Galeiras; talk (30 minutes)

This talk describes our experience developing Wormhole Connector, a distributed proxy component that connects external enterprise systems to a Kyma Kubernetes cluster. The connection between the Wormhole Connector and the Kubernetes cluster is based on HTTP/2, taking advantage of the stream conce...


»nettools« Tom Gundersen, David Herrmann; talk (30 minutes)

nettools is a yet-to-be-released project providing low-level libraries for network configuration. Within the scope of the project falls protocols like DHCP, NDP, IPv4 Address Conflict Detection, and IPv4LL. The first library scheduled to be released is IPv4ACD, a pre-release version of which is a...


»Being compliant with Open Container Initiative Spec« Dongsu Park; talk (30 minutes)

Open Container Initiative (OCI) started in 2015 to make different implementations of container runtimes and images compliant with well-defined specifications. Together with other folks at Kinvolk, I have been involved in various OCI projects since months, and encountered various issues that occur...


»Playing with casync @ instagram« Alvaro Leiva Geisse; talk (15 minutes)

In Instagram, we have been experimenting with casync as an alternative package format for deployment of the site. This talks describe our findings


»Path-agnostic binaries, co-installable libraries, and How To Have Nice Things« Eric Myhre; talk (30 minutes)

Portability is a shining goal for all software -- an objective since the beginning of computing through the present. And yet, it also remains illusive. We once sought to develop software "portable" between whole OSes and kernels; today, we've lost control of our build and distribution pipelines...


»To Run an App With Guarantees We Must First Create The Universe « Blake Irvin; talk (30 minutes)

We’ll look at patterns and anti-patterns for self-contained, immutable runtime environment for applications using Habitat, with a focus on special cases, integrated testing and advanced hacks.


»systemd in 2018« Lennart Poettering; talk (30 minutes)


»dbus-broker« Tom Gundersen, David Herrmann; talk (30 minutes)

dbus-broker is an implementation of the DBus specification, intended to be a drop-in replacement for the reference implementation on Linux. It is now scheduled to be the default system and user bus in the next Fedora release. This talks shows some of the lessons learned during this relatively you...


»Titus: Adventures in Multi-tenant Scheduling« Sargun Dhillon; talk (30 minutes)

Titus is a multitenant scheduler that runs a variety of workloads that vary from online workloads which serve customer traffic to big data workloads which perform machine learning. Getting all of these workloads to cooperate on a shared pool of resources together. Just to add a bit of complexity ...


»Thunderbolt 3 hardware enablement for GNU/Linux« Christian Kellner; talk (30 minutes)

Thunderbolt 3 is a high-speed IO technology that can be used to connect docks, graphic cards or other peripherals requiring high speed. However, the mechanism that allows these high speeds also poses a security risk because malicious devices could obtain sensitive information from the computer's ...


»BPF and the future of the kernel extensibility« Alexei Starovoitov; talk (30 minutes)


»Social event« ; default (4.8 hours)

TBA


»CRI-O: All the Runtime Kubernetes need« Antonio (runcom) Murdaca; talk (30 minutes)


»State of systemd @ Facebook« Davide Cavalca; talk (30 minutes)

We'll be covering happenings, learnings and new challenges running and supporting systemd in production on the Facebook fleet throughout the past year.


»Container Runtimes: draw some lines« Vincent Batts; talk (30 minutes)

Future of connecting to the container runtime as docker phases out


»Passive filesystem verification« Vincent Batts; talk (15 minutes)

A more generic approach to ensure you have what you'd expect to have


»Flatpak, a technical walkthrough« Alexander Larsson; talk (45 minutes)

Flatpak is a desktop-focused application distribution and deployment system for linux. This talk will walk through the technical details of the core functionallity and explain how it work and why it works that way.


»Kexec/Kdump under the hood « Matthias Brugger; talk (45 minutes)

Kdump is a vital tool for debugging severe kernel crashes, especially if the failure can't be reproduced easily or an direct access to the system is not possible.


»Using Machine Learning to find Linux bugs« Stef Walter; talk (30 minutes)

I’d like to show you how to find bugs in Linux systems using machine learning, when paired with the totally seemingly useless and annoying false positives that come out of your integration tests.


»Replacing Docker with Podman« Dan Walsh; talk (45 minutes)

This talk will describe all of the reasons for podman, all of its features demonstrate its functionality,


»Fearless Multimedia Programming« Zeeshan Ali; talk (30 minutes)

Whether you are interested in multimedia programming in specific or curious about how Rust programming language can enable you to write almost-bug-free code without having to compromise on efficiency, this talk is for you.


»Netboot21: Bootloaders in the 21st Century« Chris Koch; talk (30 minutes)

Sick of insecure PXE booting over TFTP? Come learn about our efforts to write modern boot loaders in Linux's user space.


»Efficient Network Analytics with BPF/eBPF using Skydive« Sylvain Afchain; talk (30 minutes)

Efficient monitoring of large-scale networks poses a delicate balance between capture granularity on the one hand and the imposed overheads and performance penalties on the other. Skydive is an open source real-time network topology and protocol analyzer, featuring smart network collection which ...


»Lightning Talks« ; talk (30 minutes)

Please submit your talks to mpitt [at] redhat [dot] com or to organizers at the venue


»Closing« ; default (30 minutes)


»Scale Your Auditing Events« Philipp Krenn; talk (30 minutes)

The Linux Audit daemon is responsible for writing audit records to the disk, which you can then access with ausearch and aureport. However, it turned out that parsing and centralizing these records is not as easy as you would hope. Elastic's new Auditbeat fixes this by keeping the original config...


»Peer to peer OS and flatpak updates« Philip Withnall; talk (30 minutes)

Recently, work that we have been doing on Endless OS to allow peer to peer OS and flatpak updates has been reaching maturity and nearing wider deployment. This talk will give an overview of how we support LAN and USB updates of OSTrees, how it fits in upstream in OSTree and flatpak, and what you’...


»Running Android on the Mainline Graphics Stack« Robert Foss; talk (30 minutes)

It is now possible to run Android ontop of an entirely Open Source Linux Graphics stack, this talk will dig into how you can do it too!


»Chef in Strange Places« Zeal Jagannatha; talk (15 minutes)

How Facebook uses Chef to manage many different largescale heterogenous environments.


»The State of Your Supply Chain« Andrew Martin; talk (30 minutes)

Container security often focuses on runtime best-practices whilst neglecting delivery of the software in the supply chain. Application, library, and OS vulnerabilities are a likely route to data exfiltration, and emerging technologies in the container ecosystem offer a new opportunity to mitigate...


»The Future of Networking APIs« Theresa Enghardt; talk (30 minutes)

This talk presents TAPS (Transport Services), a proposed abstraction for a new Networking API, and calls for the Linux community to get involved.


»2018 Desktop Linux Platform Issues« Simon Peter; talk (30 minutes)

TL;DR: Stop making "Desktop Linux" a moving target by agreeing on a minimal baseline that third-party application can take for granted to exist on each Desktop Linux system.


»Configuration Driven Event Tracing with Traceleft and eBPF« Suchakra Sharma, Alban Crequy; talk (45 minutes)

Traceleft is a framework built upon eBPF which allows generation of system events such as file operations and network calls via a configuration driven system. It can act as a foundation for building auditing and incident analysis or monitoring tools that work at the system level and need targeted...


»libcapsule« Vivek Das Mohapatra; talk (45 minutes)

libcapsule is a project that allows segregated dynamic linking: Access to the symbols of a library without being exposed to any of the dependencies of that library without requiring recompilation of the binary that pulls it in.


»Is Cockpit Secure?« Stef Walter; talk (30 minutes)

Cockpit makes Linux discoverable. But it's really a Linux session in a web browser, accessing the native system APIs and tools directly from javascript.

Does that sound scary? How can we be sure that accessing Linux from a web browser is secure? What about the web server stack? What about authent...


»Past, present and future of system containers« Stéphane Graber; talk (30 minutes)

System containers, the oldest type of containers, focus on running an entire Linux distribution, including all its services in very much the same way it would on a physical system or virtual machine.


»Using systemd to high level languages« Alvaro Leiva Geisse; talk (30 minutes)

There is so much more than you can so, than just starting and stooping your service, when you start to interact with systemd from within your application. Lets find out!!!


»Early boot provisioning systems« Dalton Hubble; talk (30 minutes)

Early boot provisioning systems aim to enable automated, declarative, immutable patterns for Linux systems. In this talk, I'll discuss the CoreOS Ignition system and illustrate how it works and addresses real-world use cases on bare-metal, cloud providers, and hypervisors. I'll share experiences ...


»Hackfests (Among others: systemd Hackfest)« ; default (8 hours)

The All Systems Go! Hackfest. Everyone is welcome to join, form groups and collectively, or individually, work on and discuss projects. We'll have white boards for planning this during all the conference days.

Currently confirmed hackfests:

  1. systemd hackfest/talkfest/BoF/miniconf (Propose topics ...