“How Microsoft SQL Server Went Multi-Platform: SQLPAL” Argenis Fernandez · 35 min talk + 5 min Q&A (40 minutes)
How did Microsoft made SQL Server available on Linux, Containers and ARM CPUs? Come hear the story from the SQL Server engineering team.
“Reinventing Home Directories” Lennart Poettering · 35 min talk + 5 min Q&A (40 minutes)
Let's bring the UNIX concept of Home Directories into the 21st century.
“Development and testing with lrun” Marcel Holtmann · 20 min talk + 5 min Q&A (25 minutes)
During development and testing it is often needed to test different kernels or run various sets of unit tests quickly. With lrun it is possible to do exactly that. It utilizes existing technology including UML, KVM and Namespaces to facility different environments. It has been in active use for tes…
“Buildroot : Using embedded tools to build container images” Jérémy Rosen · 20 min talk + 5 min Q&A (25 minutes)
The embedded world has dealt with image creation for decades.
Why not use those decade of experience to reliably create image for the datacenter world ?
“The state of Thunderbolt on GNU/Linux” Christian Kellner · 20 min talk + 5 min Q&A (25 minutes)
A summary of the current state of Thunderbolt, kernel as well as user space, including the latest development where the the input–output memory management unit (IOMMU) is used to prevent Direct Memory Access (DMA) attacks. A brief explanation and discussion of such such an attack, the recent Thunde…
“Alternatives to standard utilities” Paul Menzel · Lightning talk (5 minutes)
Several of the standard tools like
find have rewritten alternatives, performing the tasks much quicker and have a more intuitive interface. Present some of them.
“Effective infrastructure monitoring with Grafana” David Kaltschmidt · 35 min talk + 5 min Q&A (40 minutes)
In this talk David will show Grafana's advanced features to manage a fleet of Linux hosts. He will also show relevant metrics and logging datasources and how they can be combined to get a full picture of what is going on.
“Building Portable Service Images with Buck” Lindsay Salisbury · 20 min talk + 5 min Q&A (25 minutes)
Buck is an opensource build system. At Facebook, we’ve taught it to build container images that work with systemd.
“Senpai - Automatic memory sizing for containers” Johannes Weiner · 20 min talk + 5 min Q&A (25 minutes)
Due to virtual memory and optimistic caching strategies, true memory consumption of an application, and true utilization of a system's RAM, are mostly unknowns on modern operating systems. This has always made memory provisioning a tough and error-prone trial-and-error task, but it's aggravated wit…
“Trust is good, control is better - A (short) story about Network Policies” Maximilian Bischoff, Johannes Scheuermann · 35 min talk + 5 min Q&A (40 minutes)
Testing the effectiveness of Kubernetes Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose.
“Container Live Migration” Adrian Reber · 20 min talk + 5 min Q&A (25 minutes)
The difficult task to checkpoint and restore a process is used in many container runtimes to implement container live migration. This talk will give details how CRIU is able to checkpoint and restore processes, how it is integrated in different container runtimes and which optimizations CRIU offers…
“Impact of zstd” Oskari Saarenmaa · Lightning talk (5 minutes)
Zstandard (zstd) is a new lossless compression algorithm with a very attractive compression rate and performance. In production environments it comes with some quantifiable benefits but also with some surprising issues.
“Boot Loader Specification + sd-boot” Lennart Poettering · 35 min talk + 5 min Q&A (40 minutes)
The boot loader specification defines a generic drop-in based solution for defining boot targets. sd-boot is a boot loader for UEFI systems, and included in the systemd source tree. In this talk we’ll have a closer look on the what, the why and the how of the specification and the boot loader.
“News from the coreboot land” Paul Menzel · 20 min talk + 5 min Q&A (25 minutes)
What happened in the coreboot based firmware world since last year? How to get started?
“eBPF support in the GNU Toolchain” Jose E. Marchesi · 35 min talk + 5 min Q&A (40 minutes)
This talk covers the ongoing effort about adding eBPF support to the GNU Toolchain. eBPF is a virtual machine running within the Linux kernel; initially intended for user-level packet capture and filtering, eBPF has since been generalized to also serve as a general-purpose infrastructure for non-n…
“Traceloop for systemd and Kubernetes + Inspektor Gadget” Alban Crequy · 35 min talk + 5 min Q&A (40 minutes)
Presenting traceloop, a “time travel” tracing tool to trace system calls in cgroups using BPF and overwritable ring buffers.
“GNU poke, an extensible editor for structured binary data” Jose E. Marchesi · 35 min talk + 5 min Q&A (40 minutes)
GNU poke is a new interactive editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.
“systemd @ Facebook in 2019” Davide Cavalca · 20 min talk + 5 min Q&A (25 minutes)
We'll be covering happenings, learnings and new challenges running and supporting systemd in production on the Facebook fleet throughout the past year.
“BMC management with bmc-toolbox” Joel Rebello · 35 min talk + 5 min Q&A (40 minutes)
The bmc-toolbox is a set of tools to inventorize, configure and manage Baseboard Management Controllers from various vendors, this talk is about how its used to manage the lifecycle for ~50k baremetal servers in Booking.com
“Securing Bare Metal Micro Services: Service Mesh” John Studarus · 35 min talk + 5 min Q&A (40 minutes)
Learn how a Service Mesh can secure your bare-metal (non-virtualized) workloads quickly without any code modifications to improve your security posture.
“Atomic updates and configuration files in /etc” Thorsten Kukuk · 35 min talk + 5 min Q&A (40 minutes)
Atomic Updates and user modified configuration files in /etc often lead to hard to resolve conflicts. In this talk, I want to show the most common and biggest problems and possible solutions.
“Using RPMs for systemd development” Filipe Brandenburger · Lightning talk (5 minutes)
Using RPMs can be very advantageous during development of systemd on Fedora. In order to make that viable, we need to build them from a git checkout and have the ability to use incremental builds.
“Resource control @ Facebook - 2019” Tejun Heo · 35 min talk + 5 min Q&A (40 minutes)
Resource control is reaching feature completeness and the focus at facebook is shifting towards productionizing. Let's go over what feature completeness means and the productionizing efforts.
“Stateful systems on immutable infrastructure” Hannu Valtonen · 35 min talk + 5 min Q&A (40 minutes)
Lessons learned operating thousands of stateful production clusters on top of Fedora and systemd-nspawn.
“Closing” Chris Kuehl · Lightning talk (5 minutes)
Closing of All Systems Go! 2019
“Generating seccomp profiles for containers using podman and eBPF” Dan Walsh · 20 min talk + 5 min Q&A (25 minutes)
Currently everyone uses the same seccomp rules for running their containers. This tool allows us to generate seccomp rules based on what the container actually requires and allows us to lock down the container.
“Distributing Freedesktop SDK applications to Flatpak, Snappy and Docker” Valentin David · 20 min talk + 5 min Q&A (25 minutes)
BuildStream is used to build Freedesktop SDK for different deployment systems allowing applications based on it to be distributed at once to multiple systems.
“PostgreSQL at low level: stay curious!” Dmitrii Dolgov · 35 min talk + 5 min Q&A (40 minutes)
Have you ever encountered a transient performance issue, that was hard to
investigate only from the database point of view? On top of how many layers of
abstraction your database is working? What is the difference between running
your database on a bare metal, VM or inside a container?
“Rootless, Reproducible & Hermetic: Secure Container Build Showdown” Andrew Martin · 35 min talk + 5 min Q&A (40 minutes)
How can we build hostile and untrusted code in containers? There are many options available, but not all of them are as safe as they claim to be...
“Linux distro should be an upstream contributor too” Martin Sehnoutka · 35 min talk + 5 min Q&A (40 minutes)
Come and learn about packit: tooling which enables you to integrate your upstream project into Fedora linux.
“Opening” Chris Kuehl · Lightning talk (5 minutes)
Opening of All Systems Go!
“Purely Functional Package Management” Franz Pletz · 35 min talk + 5 min Q&A (40 minutes)
Ever experienced a broken system by simply upgrading packages? No more! This talk introduces the purely functional package manager Nix and the advancements all software distributions can benefit from - with some of those already implemented in mainstream package managers like snap.
“Squeezing Water from Stone - KornShell in 2019” Siteshwar Vashisht · 20 min talk + 5 min Q&A (25 minutes)
Despite of it's old age, ksh still remains one of the most popular shells. In 2013, David Korn and others who worked on ksh were laid off from AT&T Bell Labs. This lead to speculations of death of ksh. In 2017, Siteshwar Vashisht and Kurtis Rader resumed it's development on GitHub. This talk wi…
“Custom cgroup-bpf programs in systemd” Julia Kartseva · 20 min talk + 5 min Q&A (25 minutes)
The primary focus is to gather feedback from systemd community regarding ongoing and future work to introduce custom cgroup-bpf programs to systemd.
The motivation is to give a user a capability to attach their own cgroup-bpf programs to systemd containers.
This is a continuation of started at ASG…
“Yomi - an openSUSE installer based on SaltStack” Alberto Planas Dominguez · 35 min talk + 5 min Q&A (40 minutes)
We will present Yomi, a new proposal for installing Linux using SaltStack. This installer is designed to be used in heterogeneous clusters, where you need a bit of intelligence during the installation and be integrated as one more step in the provisioning process.
“Coinboot - Cost effective, diskless GPU clusters for blockchain hashing and beyond” Gunter Miegel · 20 min talk + 5 min Q&A (25 minutes)
How to run clusters for GPU computing based blockchain hashing diskless on cost effective commodity hardware.
“iwd - State of the union” Marcel Holtmann · 20 min talk + 5 min Q&A (25 minutes)
The open source wireless daemon iwd has been introduced about 5 years ago and has seen an active development since its inception. The last year has been focused on behind the scenes work for new Wi-Fi standards that make connection setup faster, make roaming smoother and also introduce new security…
“Microcontroller Firmware from Scratch” Nikolai Kondrashov · 20 min talk + 5 min Q&A (25 minutes)
Follow a journey of writing STM32 microcontroller firmware from scratch, using open-source tools.
“OCIv2: Container Images Considered Harmful” Aleksa Sarai · 35 min talk + 5 min Q&A (40 minutes)
Most modern container image formats use tar-based linear archives to represent root filesystems, which results in many issues when using modern container images. In this talk, we will demonstrate a solution to this problem that we plan to propose for standardisation within the Open Container Initia…
“oomd2 and beyond: a year of improvements” Anita Zhang, Daniel Xu · 20 min talk + 5 min Q&A (25 minutes)
oomd is a userspace out-of-memory killer. This talk covers past, present, and future development along with possible plans for systemd integration.
“Transactional Updates with Btrfs” Ignaz Forster · 35 min talk + 5 min Q&A (40 minutes)
Transactional updates (also called atomic updates) are a way to update a system without interfering with the currently running system - making this a rock-solid way to update any machine, from embedded systems to cluster nodes.
“Revamping libcontainer's systemd driver” Filipe Brandenburger · 20 min talk + 5 min Q&A (25 minutes)
In this talk, I'll go through my efforts to revamp libcontainer's systemd driver, in particular to support the unified cgroup hierarchy.