To see our schedule with full functionality, like timezone conversion and personal scheduling, please enable JavaScript and go here.
09:30
09:30
10min
Opening
Chris Kuehl

Opening of All Systems Go!

Loft
09:45
09:45
40min
Atomic updates and configuration files in /etc
Ignaz Forster

Atomic Updates and user modified configuration files in /etc often lead to hard to resolve conflicts. In this talk, I want to show the most common and biggest problems and possible solutions.

Cage
09:45
40min
Effective infrastructure monitoring with Grafana
David Kaltschmidt

In this talk David will show Grafana's advanced features to manage a fleet of Linux hosts. He will also show relevant metrics and logging datasources and how they can be combined to get a full picture of what is going on.

Loft
10:30
10:30
40min
Privacy-Respecting Linux Desktop Monitoring
David Strauss

Whether to support users, ensure their security, or meet compliance goals, organizations need to deploy monitoring of their desktop machines. Yet, many approaches overreach by effectively being rootkits. In this presentation, we'll examine:

  • What data a monitoring system needs to collect
  • Where the data we need lives on a modern Linux desktop
  • Which data sources expose sandbox-friendly API access
  • Sandboxing the monitoring daemon itself
Cage
10:30
40min
Traceloop for systemd and Kubernetes + Inspektor Gadget
Alban Crequy

Presenting traceloop, a “time travel” tracing tool to trace system calls in cgroups using BPF and overwritable ring buffers.

Loft
11:30
11:30
40min
PostgreSQL at low level: stay curious!
Dmitrii Dolgov

Have you ever encountered a transient performance issue, that was hard to
investigate only from the database point of view? On top of how many layers of
abstraction your database is working? What is the difference between running
your database on a bare metal, VM or inside a container?

PostgreSQL does not work in the vacuum, it heavily relies on functionality
provided by an underlying platform. And sometimes to answer these questions
above one needs to step back and look at a problem not only from a database
point of view. In this talk we will discuss how to achieve that, how to tame
such tools as strace, perf or eBPF to troubleshoot intricate issues and stay
curious.

Cage
11:30
40min
Rootless, Reproducible & Hermetic: Secure Container Build Showdown
Andrew Martin

How can we build hostile and untrusted code in containers? There are many options available, but not all of them are as safe as they claim to be...

Loft
12:15
12:15
40min
Reinventing Home Directories
Lennart Poettering

Let's bring the UNIX concept of Home Directories into the 21st century.

Loft
12:15
40min
Securing Bare Metal Micro Services: Service Mesh
John Studarus

Learn how a Service Mesh can secure your bare-metal (non-virtualized) workloads quickly without any code modifications to improve your security posture.

Cage
14:05
14:05
40min
GNU poke, an extensible editor for structured binary data
Jose E. Marchesi

GNU poke is a new interactive editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.

Cage
14:05
40min
How Microsoft SQL Server Went Multi-Platform: SQLPAL
Argenis Fernandez, Brian Gianforcaro, Eugene Birukov

How did Microsoft made SQL Server available on Linux, Containers and ARM CPUs? Come hear the story from the SQL Server engineering team.

Loft
14:50
14:50
40min
Resource control @ Facebook - 2019
Tejun Heo, Dan Schatzberg

Resource control is reaching feature completeness and the focus at facebook is shifting towards productionizing. Let's go over what feature completeness means and the productionizing efforts.

Loft
14:50
40min
Transactional Updates with Btrfs
Ignaz Forster

Transactional updates (also called atomic updates) are a way to update a system without interfering with the currently running system - making this a rock-solid way to update any machine, from embedded systems to cluster nodes.

Cage
15:35
15:35
25min
Container Live Migration
Adrian Reber

The difficult task to checkpoint and restore a process is used in many container runtimes to implement container live migration. This talk will give details how CRIU is able to checkpoint and restore processes, how it is integrated in different container runtimes and which optimizations CRIU offers to decrease the downtime during container migration.

Loft
15:35
25min
Microcontroller Firmware from Scratch
Nikolai Kondrashov

Follow a journey of writing STM32 microcontroller firmware from scratch, using open-source tools.

Cage
16:20
16:20
25min
News from the coreboot land
Paul Menzel

What happened in the coreboot based firmware world since last year? How to get started?

Cage
16:20
25min
Revamping libcontainer's systemd driver
Filipe Brandenburger

In this talk, I'll go through my efforts to revamp libcontainer's systemd driver, in particular to support the unified cgroup hierarchy.

Loft
16:50
16:50
25min
Buildroot : Using embedded tools to build container images
Jérémy Rosen

The embedded world has dealt with image creation for decades.
Why not use those decade of experience to reliably create image for the datacenter world ?

Cage
16:50
25min
Custom cgroup-bpf programs in systemd
Julia Kartseva

The primary focus is to gather feedback from systemd community regarding ongoing and future work to introduce custom cgroup-bpf programs to systemd.
The motivation is to give a user a capability to attach their own cgroup-bpf programs to systemd containers.

This is a continuation of started at ASG2018 and followed by and .

Loft
17:20
17:20
5min
Time-limited login sessions
Philip Withnall

How Endless are implementing time-limited scopes in systemd, using that to implement time-limited login sessions, and then using that to implement parental controls on the desktop.

Loft
17:25
17:25
5min
Impact of zstd
Oskari Saarenmaa, Ville Tainio

Zstandard (zstd) is a new lossless compression algorithm with a very attractive compression rate and performance. In production environments it comes with some quantifiable benefits but also with some surprising issues.

Loft
17:30
17:30
5min
Alternatives to standard utilities
Paul Menzel

Several of the standard tools like grep and find have rewritten alternatives, performing the tasks much quicker and have a more intuitive interface. Present some of them.

Loft
17:35
17:35
5min
Using RPMs for systemd development
Filipe Brandenburger

Using RPMs can be very advantageous during development of systemd on Fedora. In order to make that viable, we need to build them from a git checkout and have the ability to use incremental builds.

Loft
09:30
09:30
25min
Coinboot - Cost effective, diskless GPU clusters for blockchain hashing and beyond
Gunter Miegel

How to run clusters for GPU computing based blockchain hashing diskless on cost effective commodity hardware.

Cage
09:30
25min
Distributing Freedesktop SDK applications to Flatpak, Snapd and Docker
Valentin David

BuildStream is used to build Freedesktop SDK for different deployment systems allowing applications based on it to be distributed at once to multiple systems.

Loft
10:00
10:00
25min
Development and testing with lrun
Marcel Holtmann

During development and testing it is often needed to test different kernels or run various sets of unit tests quickly. With lrun it is possible to do exactly that. It utilizes existing technology including UML, KVM and Namespaces to facility different environments. It has been in active use for testing Bluetooth and Wi-Fi features on Linux and can be easily extended to other technologies in the future. This presentation will introduce lrun and its design. It will also show demos of its current use cases.

Cage
10:00
25min
oomd2 and beyond: a year of improvements
Daniel Xu, Anita Zhang

oomd is a userspace out-of-memory killer. This talk covers past, present, and future development along with possible plans for systemd integration.

Loft
10:30
10:30
25min
Building Portable Service Images with Buck
Lindsay Salisbury

Buck is an opensource build system. At Facebook, we’ve taught it to build container images that work with systemd.

Loft
10:30
40min
Trust is good, control is better - A (short) story about Network Policies
Maximilian Bischoff, Johannes Scheuermann

Testing the effectiveness of Kubernetes Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose.

Cage
11:00
11:00
40min
pidfds: Process file descriptors on Linux
Christian Brauner

Traditionally processes are identified globally via process identifiers (PIDs). Due to how pid allocation works the kernel is free to recycle PIDs once a process has been reaped. As such, PIDs do not allow another process to maintain a private, stable reference on a process. On systems under pressure it is thus possible that a PID is recycled without other (non-parent) processes being aware of it. This becomes rather problematic when (non-parent) processes are in charge of managing other processes as is the case for system managers or userspace implementations of OOM killers.

Over the last months we have been working on solving these and other problems by introducing pidfds – process file descriptors. Among other nice properties, the allow callers to maintain a private, stable reference on a process.

In this talk we will look at challenges we faced and the different approaches people pushed for. We will see what already has been implement and pushed upstream, look into various implementation details and outline what we have planned for the future.

Loft
11:55
11:55
25min
Squeezing Water from Stone - KornShell in 2019
Siteshwar Vashisht

Despite of it's old age, ksh still remains one of the most popular shells. In 2013, David Korn and others who worked on ksh were laid off from AT&T Bell Labs. This lead to speculations of death of ksh. In 2017, Siteshwar Vashisht and Kurtis Rader resumed it's development on GitHub. This talk will be about what makes ksh so challenging to maintain and how new developers are trying to revive it.

Loft
11:55
25min
iwd - State of the union
Marcel Holtmann

The open source wireless daemon iwd has been introduced about 5 years ago and has seen an active development since its inception. The last year has been focused on behind the scenes work for new Wi-Fi standards that make connection setup faster, make roaming smoother and also introduce new security standards including WPA3. This presentation will demonstrate the new advances in Wi-Fi support for Linux and show how they improve the usage from within Network Manager and other connection managers.

Cage
12:25
12:25
40min
BMC management with bmc-toolbox
Joel Rebello, Juliano Martinez

This talk is about the bmc-toolbox, an open-source project that leverages the Baseboard Management Controller (iLOs iDracs and similar) to help manage a large fleet (>50K) of bare metal servers at Booking.com

bmc-toolbox.github.io

Its goal is to provide vendor agnostic tooling to manage the lifecycle of bare metal servers,
this talk describes the tools part of bmc-toolbox and various aspects of managing a large fleet of bare metal servers.

Cage
12:25
40min
OCIv2: Container Images Considered Harmful
Aleksa Sarai

Most modern container image formats use tar-based linear archives to represent root filesystems, which results in many issues when using modern container images. In this talk, we will demonstrate a solution to this problem that we plan to propose for standardisation within the Open Container Initiative (code-named "OCIv2 images").

Loft
14:05
14:05
25min
Generating seccomp profiles for containers using podman and eBPF
Dan Walsh

Currently everyone uses the same seccomp rules for running their containers. This tool allows us to generate seccomp rules based on what the container actually requires and allows us to lock down the container.

Cage
14:05
25min
systemd @ Facebook in 2019
Davide Cavalca

We'll be covering happenings, learnings and new challenges running and supporting systemd in production on the Facebook fleet throughout the past year.

Loft
14:35
14:35
40min
Boot Loader Specification + sd-boot
Lennart Poettering

The boot loader specification defines a generic drop-in based solution for defining boot targets. sd-boot is a boot loader for UEFI systems, and included in the systemd source tree. In this talk we’ll have a closer look on the what, the why and the how of the specification and the boot loader.

Loft
14:35
40min
Yomi - an openSUSE installer based on SaltStack
Alberto Planas Dominguez

We will present Yomi, a new proposal for installing Linux using SaltStack. This installer is designed to be used in heterogeneous clusters, where you need a bit of intelligence during the installation and be integrated as one more step in the provisioning process.

Cage
15:20
15:20
40min
Purely Functional Package Management
Franz Pletz

Ever experienced a broken system by simply upgrading packages? No more! This talk introduces the purely functional package manager Nix and the advancements all software distributions can benefit from - with some of those already implemented in mainstream package managers like snap.

Cage
15:20
40min
eBPF support in the GNU Toolchain
Jose E. Marchesi

This talk covers the ongoing effort about adding eBPF support to the GNU Toolchain. eBPF is a virtual machine running within the Linux kernel; initially intended for user-level packet capture and filtering, eBPF has since been generalized to also serve as a general-purpose infrastructure for non-networking purposes.

Loft
16:30
16:30
40min
Linux distro should be an upstream contributor too
Martin Sehnoutka

Come and learn about packit: tooling which enables you to integrate your upstream project into Fedora linux.

Loft
16:30
40min
Stateful systems on immutable infrastructure
Hannu Valtonen

Lessons learned operating thousands of stateful production clusters on top of Fedora and systemd-nspawn.

Cage
17:15
17:15
25min
Senpai - Automatic memory sizing for containers
Johannes Weiner

Senpai is a userspace tool to auto-tune cgroup memory limits.

Cage
17:15
25min
The state of Thunderbolt on GNU/Linux
Christian Kellner

A summary of the current state of Thunderbolt, kernel as well as user space, including the latest development where the the input–output memory management unit (IOMMU) is used to prevent Direct Memory Access (DMA) attacks. A brief explanation and discussion of such such an attack, the recent Thunderclap attacks, will be given including with a focus on how it is related to the IOMMU feature on Linux.

Loft
17:45
17:45
15min
Closing
Chris Kuehl

Closing of All Systems Go! 2019

Loft
No sessions on Sunday, Sept. 22, 2019.