{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2024.3.1"}, "schedule": {"url": "https://cfp.all-systems-go.io/ASG2019/schedule/", "version": "0.8", "base_url": "https://cfp.all-systems-go.io", "conference": {"acronym": "ASG2019", "title": "All Systems Go! 2019", "start": "2019-09-20", "end": "2019-09-22", "daysCount": 3, "timeslot_duration": "00:05", "time_zone_name": "Europe/Berlin", "colors": {"primary": "#000000"}, "rooms": [{"name": "Loft", "guid": "f9590e89-4284-5247-b082-43683bed6db0", "description": null, "capacity": null}, {"name": "Cage", "guid": "2c5612db-90ce-5572-933d-872b3b59d536", "description": null, "capacity": null}], "tracks": [], "days": [{"index": 1, "date": "2019-09-20", "day_start": "2019-09-20T04:00:00+02:00", "day_end": "2019-09-21T03:59:00+02:00", "rooms": {"Loft": [{"url": "https://cfp.all-systems-go.io/ASG2019/talk/A3KZGD/", "id": 170, "guid": "54225488-d685-57fb-9065-481bd2450f5e", "date": "2019-09-20T09:30:00+02:00", "start": "09:30", "logo": null, "duration": "00:10", "room": "Loft", "slug": "ASG2019-170-opening", "title": "Opening", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "Opening of All Systems Go!", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "4967f7d9-f800-5a78-a9e8-d2f363599a20", "id": 77, "code": "7VRYAG", "public_name": "Chris Kuehl", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/XJAWA7/", "id": 162, "guid": "3d439f1d-e67a-5e92-96b6-3a9c5ad30965", "date": "2019-09-20T09:45:00+02:00", "start": "09:45", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-162-effective-infrastructure-monitoring-with-grafana", "title": "Effective infrastructure monitoring with Grafana", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "In this talk David will show Grafana's advanced features to manage a fleet of Linux hosts. He will also show relevant metrics and logging datasources and how they can be combined to get a full picture of what is going on.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d498833e-b1e2-549a-b6f1-b7e122b43d29", "id": 106, "code": "LKH39C", "public_name": "David Kaltschmidt", "avatar": "https://cfp.all-systems-go.io/media/grafanacon.jpg", "biography": "David is the Director of UX at Grafana Labs and focuses mainly on workflows around monitoring with Prometheus. Previously he worked at companies such as Kausal, Weaveworks, Oracle, and Siemens Research. David has been building UIs for the networking industry for over a decade. He\u2019s recently joined the sourdough train and is now baking way too much bread.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/98A9LW/", "id": 159, "guid": "2dd3d338-37ae-5b15-8292-1f124c0235a4", "date": "2019-09-20T10:30:00+02:00", "start": "10:30", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-159-traceloop-for-systemd-and-kubernetes-inspektor-gadget", "title": "Traceloop for systemd and Kubernetes + Inspektor Gadget", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Presenting [traceloop](https://github.com/kinvolk/traceloop), a \u201ctime travel\u201d tracing tool to trace system calls in cgroups using BPF and overwritable ring buffers.", "description": "Many people use the \u201cstrace\u201d tool to synchronously trace system calls using ptrace. [Traceloop](https://github.com/kinvolk/traceloop) similarly traces system calls but asynchronously in the background, using BPF and tracing per cgroup. I\u2019ll show how it can be integrated with systemd and with Kubernetes via [Inspektor Gadget](https://github.com/kinvolk/inspektor-gadget).\r\n\r\nTraceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. As opposed to \u201cstrace\u201d, the tracing could be permanently enabled on systemd services or Kubernetes pods and inspected in case of a crash. This is like a always-on \u201cstrace in the past\u201d.\r\n\r\nTraceloop uses BPF through the gobpf library. Several new features have been added in gobpf for the needs of traceloop: support for overwritable ring buffers and swapping buffers when the userspace utility dumps the buffer.\r\n\r\nhttps://github.com/kinvolk/traceloop\r\nhttps://github.com/kinvolk/inspektor-gadget\r\nhttps://github.com/iovisor/gobpf\r\n\r\nSlides: https://docs.google.com/presentation/d/1zIZUrTrD7FkS9pHnWz87ZmoLTrO1g9-J_lDMD7E5kdo/edit", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9da02c52-3fed-543e-8210-182d8174775b", "id": 28, "code": "MQVR9X", "public_name": "Alban Crequy", "avatar": "https://cfp.all-systems-go.io/media/photo-alban.jpg", "biography": "Originally from France, Alban currently lives in Berlin where he is a CTO & co-founder at Kinvolk. He is a contributor to rkt, a container runtime for Linux, Weave Scope, a container visualization & monitoring tool, and is actively working on BPF-related projects. Before falling into containers, Alban worked on various projects core to modern Linux; kernel IPC and storage, dbus performance and security, etc. His current technical interests revolve around networking, security, systemd and containers at the lower-levels of the system.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/PVYETJ/", "id": 146, "guid": "5ca3e1c8-3349-50aa-ba63-f209fcaad3f7", "date": "2019-09-20T11:30:00+02:00", "start": "11:30", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-146-rootless-reproducible-hermetic-secure-container-build-showdown", "title": "Rootless, Reproducible & Hermetic: Secure Container Build Showdown", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "How can we build hostile and untrusted code in containers? There are many options available, but not all of them are as safe as they claim to be...", "description": "Rootless container image builds (as distinct from rootless container runtimes) have crept ever closer with orca-build, BuildKit, and img proving the concept. They are desperately needed: a build pipeline with an exposed Docker socket can be used by a malicious actor to escalate privilege - and is probably a backdoor into most Kubernetes-based CI build farms.\r\n\r\nWith a slew of new rootless tooling emerging including Red Hat\u2019s buildah, Google\u2019s Kaniko, and Uber\u2019s Makisu, we will see build systems that support building untrusted Dockerfiles? How are traditional build and packaging requirements like reproducibility and hermetic isolation being approached? In this talk we: \r\n- Detail attacks on container image builds\r\n- Compare the strengths and weaknesses of modern container build tooling\r\n- Chart the history and future of container build projects\r\n- Explore the safety of untrusted builds", "recording_license": "", "do_not_record": false, "persons": [{"guid": "00e67904-8bb4-5b99-b31a-d93c1edf116c", "id": 31, "code": "JSBJTJ", "public_name": "Andrew Martin", "avatar": "https://cfp.all-systems-go.io/media/andrew_martin.jpg", "biography": "Andrew has an incisive security engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and operations, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened experience delivering containerised solutions to enterprise clients. He is a co-founder at https://control-plane.io", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/", "id": 164, "guid": "878e4754-c346-5b93-96d2-1ca8bf5109c3", "date": "2019-09-20T12:15:00+02:00", "start": "12:15", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-164-reinventing-home-directories", "title": "Reinventing Home Directories", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Let's bring the UNIX concept of Home Directories into the 21st century.", "description": "The concept of home directories on Linux/UNIX has little changed in the last  39 years. It's time to have a closer look, and bring them up to today's standards, regarding encryption, storage, authentication, user records, and more.\r\n\r\nIn this talk we'll talk about \"systemd-homed\", a new component for systemd, that reworks how we do home directories on Linux, adds strong encryption that makes sense, supports automatic enumeration and hot-plugged home directories and more.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "4652e1d6-54e2-54b4-9d86-6cfaa34ae195", "id": 78, "code": "UNJXNH", "public_name": "Lennart Poettering", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/GTYJFV/", "id": 131, "guid": "99754f29-ce19-55cf-bd1d-07332a6a794e", "date": "2019-09-20T14:05:00+02:00", "start": "14:05", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-131-how-microsoft-sql-server-went-multi-platform-sqlpal", "title": "How Microsoft SQL Server Went Multi-Platform: SQLPAL", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "How did Microsoft made SQL Server available on Linux, Containers and ARM CPUs? Come hear the story from the SQL Server engineering team.", "description": "We'd love to tell the story on how we made SQL Server available to ecosystems outside of Windows in this talk. It's a great story that involves quite a bit of interesting technologies and we'd like to share that with everyone!", "recording_license": "", "do_not_record": false, "persons": [{"guid": "43779147-7df8-5690-aabf-0599c641c5e8", "id": 94, "code": "DPL3ZJ", "public_name": "Argenis Fernandez", "avatar": "https://cfp.all-systems-go.io/media/avatars/a3034282fe7aa1abd4a8e0b4b08ce3df_L9ZAFOE.jpg", "biography": "Argenis Fernandez is a Principal Program Manager with the Microsoft Database Systems team based in Redmond, WA. He has worked with SQL Server since 1998. \r\n\r\nPreviously Argenis worked as a Principal Architect for Pure Storage, as a Lead Database Operations Engineer at SurveyMonkey, and Senior Consultant on SQL Server Core for Microsoft Consulting Services. In 2013 he founded the Security Virtual Chapter for the Professional Association for SQL Server (PASS) (http://security.sqlpass.org). \r\n\r\nArgenis is a SQL community enthusiast and speaks frequently at major SQL Server conferences, including the PASS Summit, PASS SQL Rally, IT/Dev Connections, SQLBits, and TechEd. He is also a Microsoft Certified Master on SQL Server, an avid Twitter user (you can follow him at @DBArgenis), and occasional blogger on SQL Server topics at www.0xSQL.com.", "answers": []}, {"guid": "740bbef9-bcc1-5f79-864e-c1b5a87f8413", "id": 114, "code": "SAW9GF", "public_name": "Brian Gianforcaro", "avatar": null, "biography": "TBA", "answers": []}, {"guid": "9ac02f78-4625-5797-8007-9f2c987aa5d7", "id": 117, "code": "N7ZACG", "public_name": "Eugene Birukov", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/KEK3MD/", "id": 133, "guid": "21aca390-bc0c-5eef-a867-1b57a7ee36ab", "date": "2019-09-20T14:50:00+02:00", "start": "14:50", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-133-resource-control-facebook-2019", "title": "Resource control @ Facebook - 2019", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Resource control is reaching feature completeness and the focus at facebook is shifting towards productionizing. Let's go over what feature completeness means and the productionizing efforts.", "description": "Until recently, we never had all the kernel and system features needed to implement work-conserving comprehensive resource control. With the recent additions of senpai, io.weight and cpu.headroom and others, we now have all pieces to implement protection, stacking and side-loading.\r\n\r\nOur focus at facebook is gradually shifting towards productionizing resource control so that service owners can obtain high resource reliability and utilization without worrying about the details.\r\n\r\nLet's go over how resource control features come together to form the basic resource profiles and how we're trying to productionize them.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "c8b65aed-a1ac-53c6-992c-4c25dbde972a", "id": 45, "code": "DFQYHR", "public_name": "Tejun Heo", "avatar": null, "biography": "Tejun has been working on various aspects of the Linux kernel for over a decade and is currently focusing on cgroup2 and resource control at Facebook.", "answers": []}, {"guid": "880e8191-d597-5a77-8f24-e56ab4ff70a6", "id": 113, "code": "BSW8GF", "public_name": "Dan Schatzberg", "avatar": null, "biography": "Dan Schatzberg is a Research Scientist at Facebook New York, focusing on pushing server utilization to its limits. He currently works on integrating resource control mechanisms in the Linux kernel with container and host configuration systems. Prior to Facebook, he pursued his Ph.D at Boston University exploring novel kernel architectures for high performance applications.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/E88Z7V/", "id": 120, "guid": "259c3989-a0c3-57a0-8515-c10f29613830", "date": "2019-09-20T15:35:00+02:00", "start": "15:35", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-120-container-live-migration", "title": "Container Live Migration", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "The difficult task to checkpoint and restore a process is used in many container runtimes to implement container live migration. This talk will give details how CRIU is able to checkpoint and restore processes, how it is integrated in different container runtimes and which optimizations CRIU offers to decrease the downtime during container migration.", "description": "In this talk I want to provide details how CRIU checkpoints and restores a process. Starting from ptrace() to pause the process, how parasite code is injected into the process to checkpoint the process from its own address space. How CRIU transforms itself to the restored process during restore. How SELinux and seccomp is restored.\r\n\r\nI also want to give an overview how CRIU uses userfaultfd for lazy migration and dirty page tracking for pre-copy migration.\r\n\r\nI want to end this talk with an overview about how CRIU is integrated in different container runtimes to implement container live migration.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "3451ea7b-2290-5a28-8b41-8bf5843c5ff4", "id": 83, "code": "EQARQM", "public_name": "Adrian Reber", "avatar": "https://cfp.all-systems-go.io/media/2018-adrian.jpg", "biography": "Adrian is a Principal Software Engineer at Red Hat and is migrating processes at least since 2010. He started to migrate processes in a high performance computing environment and at some point he migrated so many processes that he got a PhD for that. Occasionally he still migrates single processes.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/YPU3HL/", "id": 151, "guid": "0ca00408-9684-58d3-a7c3-7d7b6cae6b75", "date": "2019-09-20T16:20:00+02:00", "start": "16:20", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-151-revamping-libcontainer-s-systemd-driver", "title": "Revamping libcontainer's systemd driver", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "In this talk, I'll go through my efforts to revamp libcontainer's systemd driver, in particular to support the unified cgroup hierarchy.", "description": "libcontainer is part of runc (opencontainers/runc in GitHub) and is used by the Docker and containerd ecosystem to spawn containers. This work is trying to bridge the gap between the Docker/containerd/Kubernetes ecosystem and cgroup2 through the unified hierarchy, using systemd as an authoritative container manager. I'll also touch on alternative approaches (such as crun and systemd-nspawn) and briefly talk about the OCI standard and the need for it to evolve to properly support cgroup2 semantics.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ebb052fe-4b2d-5920-9d51-cc4abf0a7a10", "id": 102, "code": "YZH3GV", "public_name": "Filipe Brandenburger", "avatar": "https://cfp.all-systems-go.io/media/avatars/61737e0b179eb5d8e6078b6e72ccb776_tacIJvj.jpg", "biography": "I'm a Linux plumber and I have been involved in systemd development for about 5 years now. I'm also a Fedora packager.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/M8DVWG/", "id": 144, "guid": "8617d047-766c-5837-9350-a35c6d29d7cb", "date": "2019-09-20T16:50:00+02:00", "start": "16:50", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-144-custom-cgroup-bpf-programs-in-systemd", "title": "Custom cgroup-bpf programs in systemd", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "The primary focus is to gather feedback from systemd community regarding ongoing and future work to introduce custom cgroup-bpf programs to systemd.\r\nThe motivation is to give a user a capability to attach their own cgroup-bpf programs to systemd containers.\r\n\r\nThis is a continuation of <a href=\"https://github.com/systemd/systemd/issues/10227\" title=\"discussion\"> started at ASG2018 and followed by <a href=\"https://github.com/systemd/systemd/pull/12151\" title=\"PR12151\"> and <a href=\"https://github.com/systemd/systemd/pull/12419\" title=\"PR12419\">.", "description": "Currently systemd utilizes BPF macro-assembly which is poorly extendable and maintainable, so the 1st iteration would be introducing `libbpf` library to systemd. The first attempt was made and it raised valid questions about `libbpf` testability and dependencies it introduces. We\u2019d like to address that.\r\nAnother topic of focus may be implementation details, such as how to store libbpf programs: either as bytecode or as restricted C which compiles with the rest of systemd.\r\nFor attendees with no context a brief intro to eBPF will be made including new initiatives which may be of use to systemd, e.g. \u201cCompile once, run everywhere\u201d.\r\nSince this is ongoing work the agenda may vary depending on activity in PRs.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "8344cfff-00f8-5e11-b969-2726ce1c5c14", "id": 100, "code": "DDXBXF", "public_name": "Julia Kartseva", "avatar": null, "biography": "Software Engineer at Facebook, ex Yandex.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/8RB73U/", "id": 132, "guid": "faa5c5e3-6a1e-5c6d-bd90-eb270142ec6e", "date": "2019-09-20T17:20:00+02:00", "start": "17:20", "logo": null, "duration": "00:05", "room": "Loft", "slug": "ASG2019-132-time-limited-login-sessions", "title": "Time-limited login sessions", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "How Endless are implementing time-limited scopes in systemd, using that to implement time-limited login sessions, and then using that to implement parental controls on the desktop.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "85e32970-a816-5590-8d3d-9ab0b8097403", "id": 68, "code": "WHSLQT", "public_name": "Philip Withnall", "avatar": "https://cfp.all-systems-go.io/media/2019-07-31-13-05-45-4f74cde9-58fc-490c-80ba-805ff49e067d.jpg", "biography": "Software developer at Endless, working at the toolkit and system level. Recent work has included metered data, parental controls, peer to peer support for OSTree and flatpak, and some GLib maintenance. I\u2019m interested in sustainability.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/DG3YDE/", "id": 167, "guid": "a738a107-7051-544d-98cf-b6c3adce4a3f", "date": "2019-09-20T17:25:00+02:00", "start": "17:25", "logo": null, "duration": "00:05", "room": "Loft", "slug": "ASG2019-167-impact-of-zstd", "title": "Impact of zstd", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "Zstandard (zstd) is a new lossless compression algorithm with a very attractive compression rate and performance.  In production environments it comes with some quantifiable benefits but also with some surprising issues.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "0bf79d25-93be-5bd4-8791-fd370f8f2ded", "id": 110, "code": "CJLSAB", "public_name": "Oskari Saarenmaa", "avatar": "https://cfp.all-systems-go.io/media/oskarilallicrop.jpg", "biography": "Oskari Saarenmaa is the CEO and one of the founders of Aiven, a cloud technology startup turning the best open source technologies into managed cloud services. Oskari was previously as a software architect designing secure, large-scale database systems and network security infrastructure and continues to be an open source enthusiast with numerous contributions into popular open source database and infrastructure projects.", "answers": []}, {"guid": "da953ad0-6e3e-56f3-8942-91c47a91c050", "id": 121, "code": "HPZDD3", "public_name": "Ville Tainio", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/JFC7VC/", "id": 157, "guid": "40aa2960-6288-5a2f-bf6f-268746f0ecdf", "date": "2019-09-20T17:30:00+02:00", "start": "17:30", "logo": null, "duration": "00:05", "room": "Loft", "slug": "ASG2019-157-alternatives-to-standard-utilities", "title": "Alternatives to standard utilities", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "Several of the standard tools like `grep` and `find` have rewritten alternatives, performing the tasks much quicker and have a more intuitive interface. Present some of them.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "b8ed668a-1d24-593a-af03-bcf6dcdc0654", "id": 104, "code": "ZQNRDQ", "public_name": "Paul Menzel", "avatar": null, "biography": "Paul Menzel got his degree in Economic Mathematics at the Technical University of Berlin. But since late high school, he spent all his time in the FLOSS world, and got hooked by the coreboot project, and is a user and supported for over ten years. After working three years at a Web application development company, he is now part of the IT group of the Max Planck Institute for Molecular Genetics.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/JM7GDN/", "id": 149, "guid": "0caaa7aa-f6bd-55ba-8ccc-e698afa5c9df", "date": "2019-09-20T17:35:00+02:00", "start": "17:35", "logo": null, "duration": "00:05", "room": "Loft", "slug": "ASG2019-149-using-rpms-for-systemd-development", "title": "Using RPMs for systemd development", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "Using RPMs can be very advantageous during development of systemd on Fedora. In order to make that viable, we need to build them from a git checkout and have the ability to use incremental builds.", "description": "I will explore tooling I've been using and building to use RPMs during systemd development. I'll quickly cover the motivation and advantages while I manage to build one during a lightning demo.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "ebb052fe-4b2d-5920-9d51-cc4abf0a7a10", "id": 102, "code": "YZH3GV", "public_name": "Filipe Brandenburger", "avatar": "https://cfp.all-systems-go.io/media/avatars/61737e0b179eb5d8e6078b6e72ccb776_tacIJvj.jpg", "biography": "I'm a Linux plumber and I have been involved in systemd development for about 5 years now. I'm also a Fedora packager.", "answers": []}], "links": [], "attachments": [], "answers": []}], "Cage": [{"url": "https://cfp.all-systems-go.io/ASG2019/talk/KYTCJV/", "id": 119, "guid": "9dbd53a6-97d6-55b6-8ef0-e339aae4ff20", "date": "2019-09-20T09:45:00+02:00", "start": "09:45", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-119-atomic-updates-and-configuration-files-in-etc", "title": "Atomic updates and configuration files in /etc", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Atomic Updates and user modified configuration files in /etc often lead to hard to resolve conflicts. In this talk, I want to show the most common and biggest problems and possible solutions.", "description": "More and more Linux Distributors have a Distribution using atomic updates to update the system. They all have the problem of updating the files in /etc, as an admin could do changes after the update but before the reboot to activate the updates. But everybody come up with another solution which solves their usecase, but is not generic useable. Additional there is the \"Factory Reset\" of systemd, which no big distribution has really fully implemented today. A unique handling of /etc for atomic updates could also help to convince upstream developers to add support to their applications, while currently they hesitate to add distribution specific patches and support.\r\n\r\nDuring this talk, I will describe the different areas of problems and possible solutions. The goal is to provide a concept working for all Linux Distributors (like the FHS). My dream is, that no package installs anything in /etc, it should only contain changes made by the system administrator or configuration files managed by the system administrator.\r\n\r\nFor some problems, it would be already enough today if Linux distributors would adjust the configuration of applications or use all features of them. Other requires minimal to intrusive changes to packages, and for the last kind complete new concepts are necessary.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "a511ed9b-65dc-526a-8875-0d93a8ef29b4", "id": 91, "code": "8RVSVG", "public_name": "Ignaz Forster", "avatar": "https://cfp.all-systems-go.io/media/avatar.png", "biography": "Has been working on Linux distributions for over 10 years and joined SUSE as a Research Engineer in 2018; currently working on transactional-update, Ignition, IMA/EVM and openSUSE MicroOS related topics.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/3ZKVWF/", "id": 175, "guid": "3349eaff-53ab-5345-afa9-b6ed4203ce6a", "date": "2019-09-20T10:30:00+02:00", "start": "10:30", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-175-privacy-respecting-linux-desktop-monitoring", "title": "Privacy-Respecting Linux Desktop Monitoring", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Whether to support users, ensure their security, or meet compliance goals, organizations need to deploy monitoring of their desktop machines. Yet, many approaches overreach by effectively being rootkits. In this presentation, we'll examine:\r\n\r\n* What data a monitoring system needs to collect\r\n* Where the data we need lives on a modern Linux desktop\r\n* Which data sources expose sandbox-friendly API access\r\n* Sandboxing the monitoring daemon itself", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "e5e44d7a-6545-5487-97c3-7777adb19b1c", "id": 12, "code": "8SUNZD", "public_name": "David Strauss", "avatar": "https://cfp.all-systems-go.io/media/2019-less-background-small.jpg", "biography": "David is the CTO and co-founder at Pantheon, a platform for supporting website operations for content management. He has been a systemd contributor since 2011 and a Drupal contributor since 2006, both with a focus on performance and security optimization.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/AXPVZ3/", "id": 117, "guid": "8f67b425-117b-5575-839f-f6d9e3604f3a", "date": "2019-09-20T11:30:00+02:00", "start": "11:30", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-117-postgresql-at-low-level-stay-curious-", "title": "PostgreSQL at low level: stay curious!", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Have you ever encountered a transient performance issue, that was hard to\r\ninvestigate only from the database point of view? On top of how many layers of\r\nabstraction your database is working? What is the difference between running\r\nyour database on a bare metal, VM or inside a container?\r\n\r\nPostgreSQL does not work in the vacuum, it heavily relies on functionality\r\nprovided by an underlying platform. And sometimes to answer these questions\r\nabove one needs to step back and look at a problem not only from a database\r\npoint of view. In this talk we will discuss how to achieve that, how to tame\r\nsuch tools as strace, perf or eBPF to troubleshoot intricate issues and stay\r\ncurious.", "description": "Have you ever encountered a transient performance issue, that was hard to\r\ninvestigate only from the database point of view? On top of how many layers of\r\nabstraction your database is working? What is the difference between running\r\nyour database on a bare metal, VM or inside a container?\r\n\r\nPostgreSQL does not work in the vacuum, it heavily relies on functionality\r\nprovided by an underlying platform. And sometimes to answer these questions\r\nabove one needs to step back and look at a problem not only from a database\r\npoint of view. In this talk we will discuss how to achieve that, how to tame\r\nsuch tools as strace, perf or eBPF to troubleshoot intricate issues and stay\r\ncurious.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "f9f82fcf-da9e-5414-b8b0-c8becc44ea52", "id": 80, "code": "PTB9XG", "public_name": "Dmitrii Dolgov", "avatar": "https://cfp.all-systems-go.io/media/avatars/ce97cc5a38992847cc85da5a47944d3a_3eSAmqK.jpg", "biography": "Software engineer at Zalando, PostgreSQL contributor.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/H3YZZM/", "id": 136, "guid": "4fb36c1f-144d-54a4-b4de-873384e98c40", "date": "2019-09-20T12:15:00+02:00", "start": "12:15", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-136-securing-bare-metal-micro-services-service-mesh", "title": "Securing Bare Metal Micro Services: Service Mesh", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Learn how a Service Mesh can secure your bare-metal (non-virtualized) workloads quickly without any code modifications to improve your security posture.", "description": "Zero Trust is an information security mantra to not implicitly trust any the underlying infrastructure (hardware, network, software, etc). For many organizations, this extends into the cloud where this philosophy is applied to workloads running in public, virtualized clouds. We'll be taking this philosophy to protect an insecure application, the Fortune Cookie Micro Service, running atop a bare metal cloud with a Service Mesh to provide authentication and encryption of data in motion without the complexities of virtualization or containerization. This walkthrough uses all open source software (Terraform for the deployment atop the Packet bare metal cloud and Consul for the service mesh) atop Ubuntu physical nodes.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "b97490e9-9f63-5326-ab50-6788c6a2e471", "id": 96, "code": "E9YDQA", "public_name": "John Studarus", "avatar": "https://cfp.all-systems-go.io/media/avatars/73871688a371c826e32b4d819ddc10c2_0Z9c7Ui.jpg", "biography": "John is a technology evangelist merging together his interests in computing infrastructure, networking, and software security. His background includes leading product teams, writing prototype code and examining distributed systems at Fortune 500s and startups alike. He brings a rare combination of technical expertise and product strategy and is just as comfortable writing code as he is developing a product strategy.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/BKXVJQ/", "id": 127, "guid": "bc369d82-ced8-535d-a824-32b2efdf9528", "date": "2019-09-20T14:05:00+02:00", "start": "14:05", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-127-gnu-poke-an-extensible-editor-for-structured-binary-data", "title": "GNU poke, an extensible editor for structured binary data", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "GNU poke is a new interactive editor for binary data.  Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.", "description": "GNU poke is a new interactive editor for binary data.  Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.  Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes.  The program comes with a library of already written descriptions (or \"pickles\" in poke parlance) for many binary formats.\r\n\r\nGNU poke is useful in many domains.  It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers.  This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs.  Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively.  It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files.\r\n\r\nThis talk (unlike Gaul) is divided into four parts.  First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures.  Then I will show some of the internals, and how poke is implemented.  The third block will cover the way of using Poke to describe user data, which is to say the art of writing \"pickles\".  The presentation ends with a status of the project, a call for hackers, and a hint at future works.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9ef127be-d49d-5ed1-ad7d-9950047c5558", "id": 90, "code": "XRVJ3C", "public_name": "Jose E. Marchesi", "avatar": "https://cfp.all-systems-go.io/media/avatars/d52cf15f0e713089403c5c91a283832b_hnX7e7o.jpg", "biography": "GNU hacker and maintainer.\r\nMember of the GNU Advisory Committee.\r\nFounder of GNU Spain back in 1999.\r\nCurrent maintainer of sed, recutils, ferret.\r\nPast maintainer of gv and ghostscript.\r\nMaintainer of the SPARC and BPF ports of binutils.\r\nMaintainer of the SPARC port of elfutils.\r\nContributor to many GNU programs and other free software projects.\r\nTech Lead of the Toolchain Team at Oracle Inc.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/SXENPK/", "id": 128, "guid": "1ea14c32-c58c-513c-ab1f-40ac082e985c", "date": "2019-09-20T14:50:00+02:00", "start": "14:50", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-128-transactional-updates-with-btrfs", "title": "Transactional Updates with Btrfs", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Transactional updates (also called atomic updates) are a way to update a system without interfering with the currently running system - making this a rock-solid way to update any machine, from embedded systems to cluster nodes.", "description": "What do openSUSE MicroOS, Fedora CoreOS, Chrome OS, Ubuntu Core and Android have in common? All of them are using a *read-only root file system* and so called *transactional / atomic updates* to update a system safely - without having to worry that a broken update could leave your system in some undefined state.\r\n\r\nThis talk will focus on how to use *btrfs*' snapshot feature to implement such a transactional system and explain where the pitfalls of implementing such a system compared to a traditional read-write system are.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "a511ed9b-65dc-526a-8875-0d93a8ef29b4", "id": 91, "code": "8RVSVG", "public_name": "Ignaz Forster", "avatar": "https://cfp.all-systems-go.io/media/avatar.png", "biography": "Has been working on Linux distributions for over 10 years and joined SUSE as a Research Engineer in 2018; currently working on transactional-update, Ignition, IMA/EVM and openSUSE MicroOS related topics.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/JDCVYP/", "id": 161, "guid": "2d010334-8e60-5428-b831-b0bf7b3ba6af", "date": "2019-09-20T15:35:00+02:00", "start": "15:35", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-161-microcontroller-firmware-from-scratch", "title": "Microcontroller Firmware from Scratch", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "Follow a journey of writing STM32 microcontroller firmware from scratch, using open-source tools.", "description": "Follow Nikolay Kondrashov's journey of learning to write firmware for an STM32 microcontroller (the Blue Pill one) from scratch, using only open-source tools. From blinking LEDs, to controlling a toy car, without the complicated, and license-restricted manufacturer's libraries, or the comfortable crutches of the Arduino stack. Learn where to look for information, which tools you might need, and how to do it yourself with a similar or a different microcontroller.\r\n\r\nSee the slides at https://slides.com/spbnick/microcontroller-firmware-from-scratch/", "recording_license": "", "do_not_record": false, "persons": [{"guid": "74e0d801-f296-521f-9a5a-5568ef70a078", "id": 42, "code": "ADBHD7", "public_name": "Nikolai Kondrashov", "avatar": "https://cfp.all-systems-go.io/media/avatars/82fca0b4be71150e13329805cd6867f5_jOkiBME.jpg", "biography": "A self-taught software engineer, born in Russia, living in Finland. Working at Red Hat, and doing embedded and electronics as a hobby.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/UUYNXW/", "id": 156, "guid": "dcabb3af-fcac-5e83-a77d-5aa655cd95b3", "date": "2019-09-20T16:20:00+02:00", "start": "16:20", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-156-news-from-the-coreboot-land", "title": "News from the coreboot land", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "What happened in the coreboot based firmware world since last year? How to get started?", "description": "In September, coreboot 4.10 will have been released, and the Open Source Firmware Conference took place. Take this opportunity to present the latest news and changes in the coreboot based firmware world. AMD devices are available with coreboot, and after Google and Puri.sm more vendors like System76 ship their devices with coreboot. While at it, give a quick introduction how to get started.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "b8ed668a-1d24-593a-af03-bcf6dcdc0654", "id": 104, "code": "ZQNRDQ", "public_name": "Paul Menzel", "avatar": null, "biography": "Paul Menzel got his degree in Economic Mathematics at the Technical University of Berlin. But since late high school, he spent all his time in the FLOSS world, and got hooked by the coreboot project, and is a user and supported for over ten years. After working three years at a Web application development company, he is now part of the IT group of the Max Planck Institute for Molecular Genetics.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/B7D7BC/", "id": 124, "guid": "b5ead4a4-e2f5-55d1-8ce1-ae27fbab329c", "date": "2019-09-20T16:50:00+02:00", "start": "16:50", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-124-buildroot-using-embedded-tools-to-build-container-images", "title": "Buildroot : Using embedded tools to build container images", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "The embedded world has dealt with image creation for decades. \r\nWhy not use those decade of experience to reliably create image for the datacenter world ?", "description": "Building an OS image in a reliable, reproducible, tracable and archivable way is a hard problem,  but it is a problem that the embedded world has been working on for decades and where mature and easy to use tools exist\r\n\r\nNowdays, the world of containers is rediscovering these problems and most tools do not provide the level of tracability and reliability needed to be able to properly track the content of an image in every detail and be confident that it is possible to report what changes are local and what licenses are used.\r\n\r\nBuildroot is one of the tools the embedded world provides to solve that problem. It is robust, mature, deadly simple to use and can really help getting back the control on container images.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d2858be2-6e83-538d-823d-4d1c0b4f11ea", "id": 88, "code": "XFGGRD", "public_name": "J\u00e9r\u00e9my Rosen", "avatar": "https://cfp.all-systems-go.io/media/jrosen.jpg", "biography": "Jeremy Rosen is a French engineer with more than fifteen years of experience in all aspects of embedded linux systems and open-source developement. He manages the expertise branche of Smile-ECS and gives courses in various embedded linux developement and integration, specializing in the \u201cplumbing\u201d layer of linux.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}, {"index": 2, "date": "2019-09-21", "day_start": "2019-09-21T04:00:00+02:00", "day_end": "2019-09-22T03:59:00+02:00", "rooms": {"Loft": [{"url": "https://cfp.all-systems-go.io/ASG2019/talk/CF7FSX/", "id": 145, "guid": "df4ceb70-2c63-538c-b581-e60adc89f261", "date": "2019-09-21T09:30:00+02:00", "start": "09:30", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-145-distributing-freedesktop-sdk-applications-to-flatpak-snapd-and-docker", "title": "Distributing Freedesktop SDK applications to Flatpak, Snapd and Docker", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "BuildStream is used to build Freedesktop SDK for different deployment systems allowing applications based on it to be distributed at once to multiple systems.", "description": "Flatpak, Snapd and Docker are similar. They are all used for deployment and applications use their own runtime.\r\n\r\nEach system has its own tools for development. Flatpak uses Flatpak Builder. Snapd uses Snapcraft. Docker development is based on `Dockerfile`s.\r\n\r\nFreedesktop SDK was developed to be the runtime of Flatpak. It used to be partly built with Flatpak Builder. It has since changed to be built with a deployment system agnostic tool: BuildStream. For this reason we can export the Freedesktop SDK to multiple formats.\r\n\r\nWe will show how it is possible to build an application for the three systems at once.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "6a426b18-3592-53c6-b9e2-a68a3319d3e5", "id": 101, "code": "LVCFZY", "public_name": "Valentin David", "avatar": "https://cfp.all-systems-go.io/media/avatars/d8a4c7e8701f19e7a9d61c46453d8636_4JLdAP5.jpg", "biography": "Developer at Codethink. Working on Freedesktop SDK and BuildStream projects.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/DQX3DH/", "id": 135, "guid": "dad4ba00-7141-5e7d-af7d-02f492f4b5e5", "date": "2019-09-21T10:00:00+02:00", "start": "10:00", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-135-oomd2-and-beyond-a-year-of-improvements", "title": "oomd2 and beyond: a year of improvements", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "oomd is a userspace out-of-memory killer. This talk covers past, present, and future development along with possible plans for systemd integration.", "description": "Running out of memory on a host is a particularly nasty scenario. In the Linux kernel, if memory is being overcommitted, it results in the kernel out-of-memory (OOM) killer kicking in. Perhaps surprisingly, the kernel does not often handle this well. oomd builds on top of recent kernel development to effectively implement OOM killing in userspace. This results in a faster, more predictable, and more accurate handling of OOM scenarios.\r\n\r\noomd has gained a number of new features and interesting deployments in the last year. The most notable feature is a complete redesign of the control plane which enables arbitrary but \"gotcha\"-free configurations. In this talk, Daniel Xu will cover past, present, future, and path-not-taken development plans along with experiences gained from overseeing large deployments of oomd. Anita Zhang will close the talk with a discussion of why oomd would be a great addition to systemd.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "38971578-ea5a-5e10-a7f9-e833409c771e", "id": 51, "code": "MPQM8J", "public_name": "Daniel Xu", "avatar": null, "biography": "I'm currently a production engineer at Facebook. I've worked and work on various open source projects and hope to continue to do so in the future.", "answers": []}, {"guid": "c3ac096d-d292-5893-a60d-b84262ba4b11", "id": 98, "code": "CTSNXF", "public_name": "Anita Zhang", "avatar": null, "biography": "Anita is a software engineer on the Containers team at Facebook. Her primary work is around supporting systemd in the Facebook ecosystem.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/K7E7T7/", "id": 143, "guid": "d4f88c04-93ec-56ce-ae97-973a04b96fbd", "date": "2019-09-21T10:30:00+02:00", "start": "10:30", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-143-building-portable-service-images-with-buck", "title": "Building Portable Service Images with Buck", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "Buck is an opensource build system.  At Facebook, we\u2019ve taught it to build container images that work with systemd.", "description": "At Facebook we use an open-source build system called Buck.  Buck is a build system designed to provide more strong guarantees of incremental builds, reproducibility, and dependency management.  Open-source Buck can now be used to construct fully described and fully self-contained container images that work with systemd! I will show how we use this tool internally at Facebook and how it can be used externally (It\u2019s open-source!) to build service containers for use by systemd.  I will dive into the the details of how these builds are performed with systemd-nspawn, how we use the Buck system to define the systemd services and their dependencies, and how these images work at runtime.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d7888686-1741-5e80-9be2-025a61fde239", "id": 52, "code": "37BA99", "public_name": "Lindsay Salisbury", "avatar": null, "biography": "I am a Production Engineer at Facebook working on their large scale Container system called Tupperware.  I have spoken previously at All Systems Go about our specialized use of the Portable Services concept called 'Composable Services'.  I have a strong interest in container runtimes, how they operate, and how the images they run are constructed.  I also like Cats.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/TPS8TS/", "id": 172, "guid": "355ea6a0-d58b-5a47-a613-312ede6b1859", "date": "2019-09-21T11:00:00+02:00", "start": "11:00", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-172-pidfds-process-file-descriptors-on-linux", "title": "pidfds: Process file descriptors on Linux", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Traditionally processes are identified globally via process identifiers (PIDs). Due to how pid allocation works the kernel is free to recycle PIDs once a process has been reaped. As such, PIDs do not allow another process to maintain a private, stable reference on a process. On systems under pressure it is thus possible that a PID is recycled without other (non-parent) processes being aware of it. This becomes rather problematic when (non-parent) processes are in charge of managing other processes as is the case for system managers or userspace implementations of OOM killers.\r\n\r\nOver the last months we have been working on solving these and other problems by introducing pidfds \u2013 process file descriptors. Among other nice properties, the allow callers to maintain a private, stable reference on a process.\r\n\r\nIn this talk we will look at challenges we faced and the different approaches people pushed for. We will see what already has been implement and pushed upstream, look into various implementation details and outline what we have planned for the future.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "4b0dbc14-e0f7-52c2-93c7-12db1b02204a", "id": 92, "code": "UJNAGB", "public_name": "Christian Brauner", "avatar": "https://cfp.all-systems-go.io/media/cover.jpg", "biography": "Kernel Engineer", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/CV9R3N/", "id": 121, "guid": "b231881d-afaf-56f5-a57a-eaaab6668d79", "date": "2019-09-21T11:55:00+02:00", "start": "11:55", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-121-squeezing-water-from-stone-kornshell-in-2019", "title": "Squeezing Water from Stone - KornShell in 2019", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "Despite of it's old age, ksh still remains one of the most popular shells. In 2013, David Korn and others who worked on ksh were laid off from AT&T Bell Labs. This lead to speculations of death of ksh. In 2017, Siteshwar Vashisht and Kurtis Rader resumed it's development on GitHub. This talk will be about what makes ksh so challenging to maintain and how new developers are trying to revive it.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "03a98b38-3a17-5515-b659-8ec5701ad1b4", "id": 84, "code": "JGWLQB", "public_name": "Siteshwar Vashisht", "avatar": "https://cfp.all-systems-go.io/media/avatars/48869621343_1960d68cd8_o_w8S5zVo.jpg", "biography": "I work as a Senior Software Engineer at Red Hat and maintain Bash, KornShell and few other packages. In past I have been involved in number of projects like fish shell, Sailfish OS etc. Currently I am one of the upstream maintainers of KornShell.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/VMTEPT/", "id": 123, "guid": "b9883475-56ad-5749-9c65-e178a1e6bbfb", "date": "2019-09-21T12:25:00+02:00", "start": "12:25", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-123-ociv2-container-images-considered-harmful", "title": "OCIv2: Container Images Considered Harmful", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Most modern container image formats use tar-based linear archives to represent root filesystems, which results in many issues when using modern container images. In this talk, we will demonstrate a solution to this problem that we plan to propose for standardisation within the Open Container Initiative (code-named \"OCIv2 images\").", "description": "This talk is specific to the Open Container Initiative's image specification, but the same techniques could be applied to other systems (though we'd obviously recommend using OCI). \r\n\r\nIn order to avoid the [numerous issues with tar archives](https://www.cyphar.com/blog/post/ociv2-images-i-tar) it is necessary to come up with a different format. In addition, layer representations result in needless wasted space for storage of files which are no longer relevant to running containers. Massive amounts of duplication are also rampant within OCI images because tar archives are completely opaque to OCI's content-addressable store.\r\n\r\nLuckily the problem of representing a container root filesystem for distribution is very similar to existing problems within backup systems, and we can take advantage of prior art such as [restic](https://restic.net/) to show us how we can get significant space-savings and possibly efficiency savings.\r\n\r\nHowever, we also must ensure that the runtime cost of using this new system is equivalent to existing container images. Container images are efficient at runtime because they map directly to how overlay filesystems represent change-sets as layers, but with some tricks it is possible for us to obtain most of the improvements we also gained in distribution with de-duplication.\r\n\r\nOur proposed solution to all of these problems will be laid out, with opportunities for feedback and discussion.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "5f8ed01c-abbf-5b29-a517-fee473f54b1e", "id": 86, "code": "MADETY", "public_name": "Aleksa Sarai", "avatar": "https://cfp.all-systems-go.io/media/avatars/MADETY_xn5NNY6.jpg", "biography": "Aleksa Sarai is a core developer and maintainer of runc and umoci, contributor\r\nto the Open Container Initiative specifications, and a Linux kernel\r\ncontributor. He works on the containers team at SUSE, maintaining various core\r\nparts of the lower levels of the containers stack and related software for both\r\nSUSE Linux Enterprise and openSUSE; he is also committed to working in the\r\nopen, and is a strong proponent of Free Software.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/983XHL/", "id": 142, "guid": "b0b3fa50-d9db-511a-9fb1-9edb96bd3401", "date": "2019-09-21T14:05:00+02:00", "start": "14:05", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-142-systemd-facebook-in-2019", "title": "systemd @ Facebook in 2019", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "We'll be covering happenings, learnings and new challenges running and supporting systemd in production on the Facebook fleet throughout the past year.", "description": "This talk is a followup to [State of systemd @ Facebook](https://cfp.all-systems-go.io/ASG2018/talk/192/) that was presented last year. We'll cover the latest developments, how we're leveraging new systemd features, the design of our CI/CD pipeline for systemd, and finally discuss a number of interesting case studies.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "0b734b81-150f-5d08-b89f-cdd27ff18d35", "id": 7, "code": "3SCYJP", "public_name": "Davide Cavalca", "avatar": null, "biography": "Davide Cavalca is a Production Engineer at Facebook on the Operating Systems team. Davide has been working in the systems space for over 10 years, always with a strong focus towards open source and automation.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/HFJMLU/", "id": 163, "guid": "53354cbe-c92f-5c48-82e3-194690b28f0c", "date": "2019-09-21T14:35:00+02:00", "start": "14:35", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-163-boot-loader-specification-sd-boot", "title": "Boot Loader Specification + sd-boot", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "The boot loader specification defines a generic drop-in based solution for defining boot targets. sd-boot is a boot loader for UEFI systems, and included in the systemd source tree. In this talk we\u2019ll have a closer look on the what, the why and the how of the specification and the boot loader.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "4652e1d6-54e2-54b4-9d86-6cfaa34ae195", "id": 78, "code": "UNJXNH", "public_name": "Lennart Poettering", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/MAYDS8/", "id": 126, "guid": "147efef1-ba80-5748-9655-fb5cd41f61f9", "date": "2019-09-21T15:20:00+02:00", "start": "15:20", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-126-ebpf-support-in-the-gnu-toolchain", "title": "eBPF support in the GNU Toolchain", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "This talk covers the ongoing effort about adding eBPF support to the GNU Toolchain.  eBPF is a virtual machine running within the Linux kernel; initially intended for user-level packet capture and filtering, eBPF has since been generalized to also serve as a general-purpose infrastructure for non-networking purposes.", "description": "This talk covers the ongoing effort about adding eBPF support to the GNU Toolchain.  eBPF is a virtual machine running within the Linux kernel; initially intended for user-level packet capture and filtering, eBPF has since been generalized to also serve as a general-purpose infrastructure for non-networking purposes.\r\n\r\nBinutils support is already upstream [1].  This includes a CGEN cpu description, assembler, disassembler and linker.  By the time of the conference a simulator will be available as well, along with GDB support. A GCC backend will be submitted for inclusion upstream before September.\r\n\r\nThe first part of the talk will be a brief general description of the project, its components, what motivated us to start working on it, and an update on the project's status at the time of the conference.\r\n\r\nThen we will discuss the particular challenges of supporting a target like eBPF:\r\n\r\nOn one hand, the kernel virtual machine has some unique characteristics that have a definitive impact on the tooling, like the in-kernel validator and the specialized contexts in which eBPF programs run.  We will show how the tools can help improving the eBPF programmer's experience.\r\n\r\nOn the other hand, the exact shape of compiled eBPF code is still subject to change, and is in fact rapidly changing and evolving.  Initially quite simple in terms of toolchain needs (single compilation units, no linking) this is changing as more kernel systems are being changed/written to be based on eBPF, and as the in-kernel validator is becoming more and more sophisticated.  Along with bigger and more complex programs comes the need for more abstraction, hence modularity and code reuse.  Kernel hackers are already discussing about bpf-to-bpf calls, run-time linking, and so on. This increased level of ambition and sophistication imposes additional requirements on the tools.\r\n\r\nFinally, interoperability with clang/llvm (the other available toolchain supporting eBPF) will be also discussed, in the more general context of ABI and conventions for compiled eBPF, which are still to be (well) defined and documented.\r\n\r\n[1] https://sourceware.org/ml/binutils/2019-05/msg00306.html", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9ef127be-d49d-5ed1-ad7d-9950047c5558", "id": 90, "code": "XRVJ3C", "public_name": "Jose E. Marchesi", "avatar": "https://cfp.all-systems-go.io/media/avatars/d52cf15f0e713089403c5c91a283832b_hnX7e7o.jpg", "biography": "GNU hacker and maintainer.\r\nMember of the GNU Advisory Committee.\r\nFounder of GNU Spain back in 1999.\r\nCurrent maintainer of sed, recutils, ferret.\r\nPast maintainer of gv and ghostscript.\r\nMaintainer of the SPARC and BPF ports of binutils.\r\nMaintainer of the SPARC port of elfutils.\r\nContributor to many GNU programs and other free software projects.\r\nTech Lead of the Toolchain Team at Oracle Inc.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/US8XA9/", "id": 125, "guid": "595b1468-e708-5711-9879-404a83be790f", "date": "2019-09-21T16:30:00+02:00", "start": "16:30", "logo": null, "duration": "00:40", "room": "Loft", "slug": "ASG2019-125-linux-distro-should-be-an-upstream-contributor-too", "title": "Linux distro should be an upstream contributor too", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Come and learn about packit: tooling which enables you to integrate your upstream project into Fedora linux.", "description": "Imagine a world where Linux distributions provide feedback about using your upstream project back to the project. So that when you are working on a change, you'll know right away:\r\n* if it builds or a project Z changed API again\r\n* if it works or that your change doesn't work with older systemd which this distro has\r\n* or if your change breaks components which depend on your project\r\n\r\nThat's not all! If we have a service which can do all of this, why not propose a new upstream release automatically as a change to the linux distro once the release is done? Wouldn't it be awesome if upstream developers could control and track in which version their software is in Fedora 30?\r\n\r\nSounds interesting? Please join us in this session and learn more about the packit tool and the packit service: tooling which makes your dream come true.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "67af56f2-b672-5bca-ba0d-83e578149f70", "id": 112, "code": "UWY3GD", "public_name": "Martin Sehnoutka", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/HXLJNF/", "id": 150, "guid": "fd85bb93-e67e-5ecc-ad41-8470024119fe", "date": "2019-09-21T17:15:00+02:00", "start": "17:15", "logo": null, "duration": "00:25", "room": "Loft", "slug": "ASG2019-150-the-state-of-thunderbolt-on-gnu-linux", "title": "The state of Thunderbolt on GNU/Linux", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "A summary of the current state of Thunderbolt, kernel as well as user space, including the latest development where the the input\u2013output memory management unit (IOMMU) is used to prevent Direct Memory Access (DMA) attacks. A brief explanation and discussion of such such an attack, the recent Thunderclap attacks, will be given including with a focus on how it is related to the IOMMU feature on Linux.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "08addad4-4582-53ff-bfec-7ef4cd1d873f", "id": 60, "code": "8ZMF8L", "public_name": "Christian Kellner", "avatar": "https://cfp.all-systems-go.io/media/avatars/0514b5d5298696cbfb4c7b3fd2adb37f_QD07Vye.jpg", "biography": "Code Monkey at RedHat - Linux Desktop Hardware Enablement. Neuroscientist & Philosopher in former lives. [he / him]", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/WB9TFT/", "id": 171, "guid": "83df2d55-c0b0-502d-b2c7-330d3aa654e7", "date": "2019-09-21T17:45:00+02:00", "start": "17:45", "logo": null, "duration": "00:15", "room": "Loft", "slug": "ASG2019-171-closing", "title": "Closing", "subtitle": "", "track": null, "type": "Lightning talk", "language": "en", "abstract": "Closing of All Systems Go! 2019", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "4967f7d9-f800-5a78-a9e8-d2f363599a20", "id": 77, "code": "7VRYAG", "public_name": "Chris Kuehl", "avatar": null, "biography": null, "answers": []}], "links": [], "attachments": [], "answers": []}], "Cage": [{"url": "https://cfp.all-systems-go.io/ASG2019/talk/XNU7NE/", "id": 141, "guid": "3c8f6eff-42ef-5c5d-abfd-00fb58b4d6e8", "date": "2019-09-21T09:30:00+02:00", "start": "09:30", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-141-coinboot-cost-effective-diskless-gpu-clusters-for-blockchain-hashing-and-beyond", "title": "Coinboot - Cost effective, diskless GPU clusters for blockchain hashing and beyond", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "How to run clusters for GPU computing based blockchain hashing diskless on cost effective commodity hardware.", "description": "Running the nodes of a cluster diskless is quite common in HPC environments. The challenges to run diskless in the context of blockchain hashing for cryptocurrencies are different. There are constraints like to run sufficiently on hundreds of machines with commodity 1 Gbit/s network hardware or the modest RAM size of 4 Gigabyte. This talk will provide insights in the technical approaches that made it possible to run GPU-clusters for blockchain hashing diskless and provide an outlook to  other potential GPU-based use cases beyond blockchain hashing.\r\nI will discuss like how some early userspace trickery and state of the art RAM compression is used. How to handle the modest given RAM size and how a neat toolset based on container-runtimes helps to easily build boot images and plug-in packages. And how to use plug-in packages as an elegant way for adding further software like proprietary GPU drivers to the computing nodes of the clusters.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "b6cc5a6b-c66a-5ea7-bba6-5466069cecd9", "id": 99, "code": "KCWYPN", "public_name": "Gunter Miegel", "avatar": "https://cfp.all-systems-go.io/media/avatar_squared.jpg", "biography": "As a System Engineer Gunter appreciates Software Craftsmanship and is dedicated to Open Source Technology. He has gained over 10 years of experience with Open Source Technology in the tech industry - mostly in the domain of IT infrastructure - from planing and developing to running and operating it. \r\n2018 he founded the Coinboot project. \r\n[Twitter](https://twitter.com/rg_frzb) \r\n[LinkedIn](https://www.linkedin.com/in/gunter-miegel-a4966b182/)", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/N8YRKX/", "id": 148, "guid": "06a90eaf-78a4-52d6-b29d-ce47622c4955", "date": "2019-09-21T10:00:00+02:00", "start": "10:00", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-148-development-and-testing-with-lrun", "title": "Development and testing with lrun", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "During development and testing it is often needed to test different kernels or run various sets of unit tests quickly. With lrun it is possible to do exactly that. It utilizes existing technology including UML, KVM and Namespaces to facility different environments. It has been in active use for testing Bluetooth and Wi-Fi features on Linux and can be easily extended to other technologies in the future. This presentation will introduce lrun and its design. It will also show demos of its current use cases.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "fb697998-32b0-5fe4-9661-e16e9a136322", "id": 15, "code": "BEJQWM", "public_name": "Marcel Holtmann", "avatar": null, "biography": "Marcel Holtmann is part of Intel's Open Source Technology Center. He is the maintainer of the BlueZ open source Bluetooth stack and has been working on Bluetooth technology since 2001. Marcel chairs the Bluetooth Internet Working Group and is a member of the Bluetooth Architectural Review Board. Marcel is involved in open source projects including oFono, iwd, ConnMan involving a wide variety of modern wireless technologies.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/QXMUUW/", "id": 138, "guid": "8a203dd4-c4d8-51af-b01e-8a199a515c16", "date": "2019-09-21T10:30:00+02:00", "start": "10:30", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-138-trust-is-good-control-is-better-a-short-story-about-network-policies", "title": "Trust is good, control is better - A (short) story about Network Policies", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Testing the effectiveness of Kubernetes Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose.", "description": "Probably everybody who uses Kubernetes in a productive environment with multiple users possibly has looked at policies. Often the operators of the cluster(s) just trust the policies but in some cases it might be useful to control if the policies actually have taken action and often there are just to many Policies in the cluster setup to manually test them all (and obviously you don\u2019t want to do this). Testing the effectiveness of the Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose. Also we will show you some other tools and how they complement our solution. As a takeaway you will get an overview of different testing strategies for policies, as well as understanding challenges in testing policies in general and the Kubernetes ecosystem. We will get a feeling that it\u2019s not always the best idea to just trust other plugins to implement the policies correctly. Our solution is open-sourced under https://github.com/inovex/illuminatio/", "recording_license": "", "do_not_record": false, "persons": [{"guid": "08747979-d3b9-50a9-a7ce-094fba9489a5", "id": 97, "code": "EWJ8ZL", "public_name": "Maximilian Bischoff", "avatar": "https://cfp.all-systems-go.io/media/maxi-bischoff-mittel.JPG", "biography": "Maximilian Bischoff joined inovex as a Cloud Platform Engineer in 2018 and has since worked on topics such as testing kubernetes, edge computing and observability. He authored illuminatio, a tool for testing kubernetes network policies, as part of his master thesis.\r\nCurrently he is leading the implementation of istio on top of the Kubernetes platform of 1&1 Mail and Media (web.de, GMX, etc.).", "answers": []}, {"guid": "4d495620-3c65-5861-bb3c-0027e23226cf", "id": 107, "code": "PRWNLG", "public_name": "Johannes Scheuermann", "avatar": "https://cfp.all-systems-go.io/media/profil_bild_mini.JPG", "biography": "Johannes Scheuermann has been working as a Cloud Platform Engineer at inovex since 2014. His daily work involves innovative technologies and topics all around the modern data center environment, like Kubernetes, immutable infrastructure and \u2013 quite obviously \u2013 cloud platforms. Amongst other things Johannes supported the construction of the waipu.tv platform for EXARING and multiple big Kubernetes platforms for 1&1 Internet (web.de, GMX etc.) in a leading role.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/WBJNQQ/", "id": 147, "guid": "7bc76c4b-311d-55e4-b60e-1c837b15ed7b", "date": "2019-09-21T11:55:00+02:00", "start": "11:55", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-147-iwd-state-of-the-union", "title": "iwd - State of the union", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "The open source wireless daemon iwd has been introduced about 5 years ago and has seen an active development since its inception. The last year has been focused on behind the scenes work for new Wi-Fi standards that make connection setup faster, make roaming smoother and also introduce new security standards including WPA3. This presentation will demonstrate the new advances in Wi-Fi support for Linux and show how they improve the usage from within Network Manager and other connection managers.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "fb697998-32b0-5fe4-9661-e16e9a136322", "id": 15, "code": "BEJQWM", "public_name": "Marcel Holtmann", "avatar": null, "biography": "Marcel Holtmann is part of Intel's Open Source Technology Center. He is the maintainer of the BlueZ open source Bluetooth stack and has been working on Bluetooth technology since 2001. Marcel chairs the Bluetooth Internet Working Group and is a member of the Bluetooth Architectural Review Board. Marcel is involved in open source projects including oFono, iwd, ConnMan involving a wide variety of modern wireless technologies.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/7WMKLH/", "id": 165, "guid": "9796777f-c3ca-5018-b6f5-b88e0fc24f6d", "date": "2019-09-21T12:25:00+02:00", "start": "12:25", "logo": "https://cfp.all-systems-go.io/media/ASG2019/images/7WMKLH/bmc-toolbox.png", "duration": "00:40", "room": "Cage", "slug": "ASG2019-165-bmc-management-with-bmc-toolbox", "title": "BMC management with bmc-toolbox", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "This talk is about the bmc-toolbox, an open-source project that leverages the _Baseboard Management Controller_ (iLOs iDracs and similar)  to help manage a large fleet (>50K) of bare metal servers at Booking.com\r\n\r\n[bmc-toolbox.github.io](https://bmc-toolbox.github.io/)\r\n\r\nIts goal is to provide vendor agnostic tooling to manage the lifecycle of bare metal servers,\r\nthis talk describes the tools part of bmc-toolbox and various aspects of managing a large fleet of bare metal servers.", "description": "The bmc-toolbox leverages the _Baseboard Management Controller_ to help manage the lifecycle of datacenter bare metal.  It provides vendor agnostic tools and a library in Go lang to *inventorize*, *configure*, *manage**, **update* a large fleet of bare metal assets with the help of the BMC.\r\n\r\n- *bmclib* - A Go lang library that provides a consistent set of methods to interface with BMCs.                                                                                                                   \r\n- *dora* - tool to **inventorize** a fleet of bare metal servers and chassis assets.                                                                                                                               \r\n- *bmcbutler* - tool to handle **configuration management**  for a fleet of bare metal server and chassis BMCs.                                                                                                    \r\n- *actor* - A single **API webservice** endpoint to interact with a fleet of bare metal BMCs.                                                                                                                      \r\n- *bmcldap* - LDAP based **authentication/authorization** service/proxy for BMCs.                                                                                                                                  \r\n- *bmcfwupd* - tool to **update** the BMC firmware.\r\n\r\nThis talk covers,\r\n- The challenges managing the provisioning and lifecycle of a *not yet hyperscale* size set of bare metal servers.\r\n- The purpose of the tools included of bmc-toolbox, how they help make our lives easier\r\n- How the tooling interacts with the BMCs (vendor specific APIs, Redfish)\r\n- The current state of Redfish in the wild", "recording_license": "", "do_not_record": false, "persons": [{"guid": "9eb80e3a-f036-5fdd-a078-39f8882bc718", "id": 108, "code": "TFRAYB", "public_name": "Joel Rebello", "avatar": "https://cfp.all-systems-go.io/media/me.jpeg", "biography": "I'm a Site Reliability Engineer at Booking.com,\r\nwhere I help build tooling to automate lifecycle management for our fleet of bare metal servers,\r\nthe [bmc-toolbox](https://github.com/bmc-toolbox) project was the result of our attempt to break free from vendor specific hardware.", "answers": []}, {"guid": "9c046011-acf1-572c-b721-0ba945ce3677", "id": 116, "code": "Q8UGKA", "public_name": "Juliano Martinez", "avatar": "https://cfp.all-systems-go.io/media/avatars/a981ca9ea57b6ff406af95d6267c0f49_5zMQh43.jpg", "biography": "I'm a Systems Engineer who loves to play with software and hardware at scale.  I'm currently working at Booking.com where I have fun working on bmc-toolbox and helping to develop and improve our bare-metal provisioning system.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/ACEWHG/", "id": 140, "guid": "18b9979c-f66d-5009-b3e7-7d5184fd185e", "date": "2019-09-21T14:05:00+02:00", "start": "14:05", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-140-generating-seccomp-profiles-for-containers-using-podman-and-ebpf", "title": "Generating seccomp profiles for containers using podman and eBPF", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "Currently everyone uses the same seccomp rules for running their containers.  This tool allows us to generate seccomp rules based on what the container actually requires and allows us to lock down the container.", "description": "We had a GSOC student this summer  who instrumented podman to allow it to run containers and then genrate the seccomp rules for the container based on the syscalls that the container actually made.  \r\n\r\nOnce you have this newly generate seccomp file and are satisfied that you have thoroughly tested the container, you can run the container inproduction using the seccomp.json file.\r\n\r\nThis talk will explain how the tool works and demonstrate it in action.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "6e7c6f51-ed21-5551-86e4-6e1ad1402ba3", "id": 65, "code": "XWBLSH", "public_name": "Dan Walsh", "avatar": "https://cfp.all-systems-go.io/media/avatars/75d88487c07b14b6c7aa0599fce600bf_nnm4Iue.jpg", "biography": "Daniel Walsh is a Senior Distinguished Engineer at Red Hat. Joined Red Hat in August 2001. Red Hat Container Runtime Engineering team Architect. Focuses on CRI-O, Buildah, Podman,  containers/storage and containers/image. Previos leader of the SELinux project.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/KDEYJZ/", "id": 118, "guid": "04ca5cae-20ff-516b-a362-94c7b2dc5c6a", "date": "2019-09-21T14:35:00+02:00", "start": "14:35", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-118-yomi-an-opensuse-installer-based-on-saltstack", "title": "Yomi - an openSUSE installer based on SaltStack", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "We will present [Yomi](https://github.com/openSUSE/yomi), a new proposal for installing Linux using [SaltStack](https://github.com/saltstack/salt). This installer is designed to be used in heterogeneous clusters, where you need a bit of intelligence during the installation and be integrated as one more step in the provisioning process.", "description": "[Yomi](https://github.com/openSUSE/yomi) is a new kind of installer for the [open]SUSE family based on SaltStack and independent of AutoYaST.\r\n\r\nThe goal of this project is to make the installation of Linux (currently openSUSE) when:\r\n\r\n* You have a cluster of heterogeneous nodes (different profiles of memory, storage, CPU and network configurations)\r\n* The installation needs to be unattended\r\n* The installer needs to make decisions based on local profiles and external data\r\n* The installation process needs to be integrated, as one step more, into a more complicated provisioning workflow.\r\n\r\nThe dependencies of Yomi are minimal, as only Salt and a very few CLI tools are required, which make it ideal to be deployed a booted from PXE Boot.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "d44ca212-d5dc-5674-ae1a-6256ff6c978f", "id": 81, "code": "A3AKZ7", "public_name": "Alberto Planas Dominguez", "avatar": "https://cfp.all-systems-go.io/media/avatars/6f9e8d753f489c664f16d79682cb8215_NjsX3Qp.jpg", "biography": "Mostly a Python developer, working on SUSE Linux GmbH since 2012.", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/AD8VYE/", "id": 155, "guid": "895baa61-c621-50c3-8b3b-1e69333f76a2", "date": "2019-09-21T15:20:00+02:00", "start": "15:20", "logo": "https://cfp.all-systems-go.io/media/ASG2019/images/AD8VYE/nixos-logo-only-hires.png", "duration": "00:40", "room": "Cage", "slug": "ASG2019-155-purely-functional-package-management", "title": "Purely Functional Package Management", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Ever experienced a broken system by simply upgrading packages? No more! This talk introduces the purely functional package manager Nix and the advancements all software distributions can benefit from - with some of those already implemented in mainstream package managers like snap.", "description": "", "recording_license": "", "do_not_record": false, "persons": [{"guid": "acd3eccc-a062-5f61-ab18-3e4adccbc496", "id": 103, "code": "BAS87X", "public_name": "Franz Pletz", "avatar": "https://cfp.all-systems-go.io/media/fpletz-breznak.png", "biography": "Franz has been herding Linux systems since 20 years and was a Debian contributor before being sucked into the NixOS community a few years ago. He was NixOS release manager for two releases and is a member of the NixOS security team.\r\n\r\nhttps://github.com/fpletz", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/RLCDFS/", "id": 166, "guid": "090131ec-ac5c-5b60-85a0-6d080ea4054c", "date": "2019-09-21T16:30:00+02:00", "start": "16:30", "logo": null, "duration": "00:40", "room": "Cage", "slug": "ASG2019-166-stateful-systems-on-immutable-infrastructure", "title": "Stateful systems on immutable infrastructure", "subtitle": "", "track": null, "type": "35 min talk + 5 min Q&A", "language": "en", "abstract": "Lessons learned operating thousands of stateful production clusters on top of Fedora and systemd-nspawn.", "description": "Aiven is a cloud data platform operating thousands of production clusters on top of different cloud infrastructure providers (e.g. AWS, GCP).  We offer the latest open source database & streaming engines to our users around the world, and implement most of our platform using the latest open source software including Fedora and systemd-nspawn.\r\n\r\nWe wanted to base our platform on a fast moving Linux distribution like Fedora to gain quick access to new technology and avoid having to backport a lot of things.  Fast moving distributions are typically not supported for a long time, but implementing an immutable infrastructure where deployed machines are not touched afterwards makes it possible to use them in production.\r\n\r\nIn this talk we\u2019ll share the details of our architecture and the lessons we\u2019ve learned as well as problems we\u2019ve faced over the years operating hundreds of thousands of virtual machines and containers with it on top of six different public clouds.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "46db63f4-e873-5c08-b399-cd09cc48186e", "id": 109, "code": "373JMQ", "public_name": "Hannu Valtonen", "avatar": "https://cfp.all-systems-go.io/media/hannu.jpg", "biography": "Hannu Valtonen is the maintainer of the PostgreSQL extension pgmemcache, the PostgreSQL backup daemon pghoard and the replication/failover monitor pglookout. For the last decade his day job's have revolved around developing very large scale distributed systems.\r\n\r\nIn 2015 he co-founded Aiven and has been working there on next generation cloud database services as VP Product. (https://aiven.io)", "answers": []}], "links": [], "attachments": [], "answers": []}, {"url": "https://cfp.all-systems-go.io/ASG2019/talk/TCBLRG/", "id": 134, "guid": "47ead120-c630-5091-bf6e-5b72c6f98ec8", "date": "2019-09-21T17:15:00+02:00", "start": "17:15", "logo": null, "duration": "00:25", "room": "Cage", "slug": "ASG2019-134-senpai-automatic-memory-sizing-for-containers", "title": "Senpai - Automatic memory sizing for containers", "subtitle": "", "track": null, "type": "20 min talk + 5 min Q&A", "language": "en", "abstract": "Senpai is a userspace tool to auto-tune cgroup memory limits.", "description": "Due to virtual memory and optimistic caching strategies, true memory consumption of an application, and true utilization of a system's RAM, are mostly unknowns on modern operating systems. This has always made memory provisioning a tough and error-prone trial-and-error task, but it's aggravated with containerization, where the stated goal is thinner margins and higher resource efficiency.\r\n\r\nSenpai is a userspace tool that harnesses recently developed Linux kernel features to automatically shrink cgroups to their smallest possible memory size without notably affecting the performance of the contained applications.\r\n\r\nThis talk goes over the motivation to develop senpai, how it works, and success stories from the Facebook fleet.", "recording_license": "", "do_not_record": false, "persons": [{"guid": "41bb910e-9cd0-5c7b-9654-ba649f833b70", "id": 95, "code": "XCSWFM", "public_name": "Johannes Weiner", "avatar": "https://cfp.all-systems-go.io/media/IMG_20180930_143327_1.jpg", "biography": "Johannes has been working on Linux memory management since 2008, and cgroups since 2011. He is currently on the Facebook kernel team where he focuses on memory efficiency and containerization.", "answers": []}], "links": [], "attachments": [], "answers": []}]}}, {"index": 3, "date": "2019-09-22", "day_start": "2019-09-22T04:00:00+02:00", "day_end": "2019-09-23T03:59:00+02:00", "rooms": {}}]}}}