“Custom cgroup-bpf programs in systemd” Julia Kartseva · 20 min talk + 5 min Q&A (25 minutes)

The primary focus is to gather feedback from systemd community regarding ongoing and future work to introduce custom cgroup-bpf programs to systemd.
The motivation is to give a user a capability to attach their own cgroup-bpf programs to systemd containers.

This is a continuation of started at ASG…

“Boot Loader Specification + sd-boot” Lennart Poettering · 35 min talk + 5 min Q&A (40 minutes)

The boot loader specification defines a generic drop-in based solution for defining boot targets. sd-boot is a boot loader for UEFI systems, and included in the systemd source tree. In this talk we’ll have a closer look on the what, the why and the how of the specification and the boot loader.

“Transactional Updates with Btrfs” Ignaz Forster · 35 min talk + 5 min Q&A (40 minutes)

Transactional updates (also called atomic updates) are a way to update a system without interfering with the currently running system - making this a rock-solid way to update any machine, from embedded systems to cluster nodes.

“Privacy-Respecting Linux Desktop Monitoring” David Strauss · 35 min talk + 5 min Q&A (40 minutes)

Whether to support users, ensure their security, or meet compliance goals, organizations need to deploy monitoring of their desktop machines. Yet, many approaches overreach by effectively being rootkits. In this presentation, we'll examine:

  • What data a monitoring system needs to collect
  • Where the …

“pidfds: Process file descriptors on Linux” Christian Brauner · 35 min talk + 5 min Q&A (40 minutes)

Traditionally processes are identified globally via process identifiers (PIDs). Due to how pid allocation works the kernel is free to recycle PIDs once a process has been reaped. As such, PIDs do not allow another process to maintain a private, stable reference on a process. On systems under pressu…

“Trust is good, control is better - A (short) story about Network Policies” Maximilian Bischoff, Johannes Scheuermann · 35 min talk + 5 min Q&A (40 minutes)

Testing the effectiveness of Kubernetes Network Policies can be done in different approaches. In this talk we will show you the benefits and drawbacks of different approaches and what solution we finally chose.

“Purely Functional Package Management” Franz Pletz · 35 min talk + 5 min Q&A (40 minutes)

Ever experienced a broken system by simply upgrading packages? No more! This talk introduces the purely functional package manager Nix and the advancements all software distributions can benefit from - with some of those already implemented in mainstream package managers like snap.

“Revamping libcontainer's systemd driver” Filipe Brandenburger · 20 min talk + 5 min Q&A (25 minutes)

In this talk, I'll go through my efforts to revamp libcontainer's systemd driver, in particular to support the unified cgroup hierarchy.

“Building Portable Service Images with Buck” Lindsay Salisbury · 20 min talk + 5 min Q&A (25 minutes)

Buck is an opensource build system. At Facebook, we’ve taught it to build container images that work with systemd.

“Reinventing Home Directories” Lennart Poettering · 35 min talk + 5 min Q&A (40 minutes)

Let's bring the UNIX concept of Home Directories into the 21st century.

“News from the coreboot land” Paul Menzel · 20 min talk + 5 min Q&A (25 minutes)

What happened in the coreboot based firmware world since last year? How to get started?

“Microcontroller Firmware from Scratch” Nikolai Kondrashov · 20 min talk + 5 min Q&A (25 minutes)

Follow a journey of writing STM32 microcontroller firmware from scratch, using open-source tools.

“Time-limited login sessions” Philip Withnall · Lightning talk (5 minutes)

How Endless are implementing time-limited scopes in systemd, using that to implement time-limited login sessions, and then using that to implement parental controls on the desktop.

“Atomic updates and configuration files in /etc” Ignaz Forster · 35 min talk + 5 min Q&A (40 minutes)

Atomic Updates and user modified configuration files in /etc often lead to hard to resolve conflicts. In this talk, I want to show the most common and biggest problems and possible solutions.

“Using RPMs for systemd development” Filipe Brandenburger · Lightning talk (5 minutes)

Using RPMs can be very advantageous during development of systemd on Fedora. In order to make that viable, we need to build them from a git checkout and have the ability to use incremental builds.

“systemd @ Facebook in 2019” Davide Cavalca · 20 min talk + 5 min Q&A (25 minutes)

We'll be covering happenings, learnings and new challenges running and supporting systemd in production on the Facebook fleet throughout the past year.

“Yomi - an openSUSE installer based on SaltStack” Alberto Planas Dominguez · 35 min talk + 5 min Q&A (40 minutes)

We will present Yomi, a new proposal for installing Linux using SaltStack. This installer is designed to be used in heterogeneous clusters, where you need a bit of intelligence during the installation and be integrated as one more step in the provisioning process.

“Rootless, Reproducible & Hermetic: Secure Container Build Showdown” Andrew Martin · 35 min talk + 5 min Q&A (40 minutes)

How can we build hostile and untrusted code in containers? There are many options available, but not all of them are as safe as they claim to be...

“Effective infrastructure monitoring with Grafana” David Kaltschmidt · 35 min talk + 5 min Q&A (40 minutes)

In this talk David will show Grafana's advanced features to manage a fleet of Linux hosts. He will also show relevant metrics and logging datasources and how they can be combined to get a full picture of what is going on.

“Resource control @ Facebook - 2019” Tejun Heo, Dan Schatzberg · 35 min talk + 5 min Q&A (40 minutes)

Resource control is reaching feature completeness and the focus at facebook is shifting towards productionizing. Let's go over what feature completeness means and the productionizing efforts.

“Linux distro should be an upstream contributor too” Martin Sehnoutka · 35 min talk + 5 min Q&A (40 minutes)

Come and learn about packit: tooling which enables you to integrate your upstream project into Fedora linux.

“Generating seccomp profiles for containers using podman and eBPF” Dan Walsh · 20 min talk + 5 min Q&A (25 minutes)

Currently everyone uses the same seccomp rules for running their containers. This tool allows us to generate seccomp rules based on what the container actually requires and allows us to lock down the container.

“Closing” Chris Kuehl · Lightning talk (5 minutes)

Closing of All Systems Go! 2019

“Opening” Chris Kuehl · Lightning talk (5 minutes)

Opening of All Systems Go!

“Securing Bare Metal Micro Services: Service Mesh” John Studarus · 35 min talk + 5 min Q&A (40 minutes)

Learn how a Service Mesh can secure your bare-metal (non-virtualized) workloads quickly without any code modifications to improve your security posture.

“Impact of zstd” Oskari Saarenmaa, Ville Tainio · Lightning talk (5 minutes)

Zstandard (zstd) is a new lossless compression algorithm with a very attractive compression rate and performance. In production environments it comes with some quantifiable benefits but also with some surprising issues.

“Buildroot : Using embedded tools to build container images” Jérémy Rosen · 20 min talk + 5 min Q&A (25 minutes)

The embedded world has dealt with image creation for decades.
Why not use those decade of experience to reliably create image for the datacenter world ?

“Stateful systems on immutable infrastructure” Hannu Valtonen · 35 min talk + 5 min Q&A (40 minutes)

Lessons learned operating thousands of stateful production clusters on top of Fedora and systemd-nspawn.

“The state of Thunderbolt on GNU/Linux” Christian Kellner · 20 min talk + 5 min Q&A (25 minutes)

A summary of the current state of Thunderbolt, kernel as well as user space, including the latest development where the the input–output memory management unit (IOMMU) is used to prevent Direct Memory Access (DMA) attacks. A brief explanation and discussion of such such an attack, the recent Thunde…

“Container Live Migration” Adrian Reber · 20 min talk + 5 min Q&A (25 minutes)

The difficult task to checkpoint and restore a process is used in many container runtimes to implement container live migration. This talk will give details how CRIU is able to checkpoint and restore processes, how it is integrated in different container runtimes and which optimizations CRIU offers…

“Traceloop for systemd and Kubernetes + Inspektor Gadget” Alban Crequy · 35 min talk + 5 min Q&A (40 minutes)

Presenting traceloop, a “time travel” tracing tool to trace system calls in cgroups using BPF and overwritable ring buffers.

“Development and testing with lrun” Marcel Holtmann · 20 min talk + 5 min Q&A (25 minutes)

During development and testing it is often needed to test different kernels or run various sets of unit tests quickly. With lrun it is possible to do exactly that. It utilizes existing technology including UML, KVM and Namespaces to facility different environments. It has been in active use for tes…

“Alternatives to standard utilities” Paul Menzel · Lightning talk (5 minutes)

Several of the standard tools like grep and find have rewritten alternatives, performing the tasks much quicker and have a more intuitive interface. Present some of them.

“eBPF support in the GNU Toolchain” Jose E. Marchesi · 35 min talk + 5 min Q&A (40 minutes)

This talk covers the ongoing effort about adding eBPF support to the GNU Toolchain. eBPF is a virtual machine running within the Linux kernel; initially intended for user-level packet capture and filtering, eBPF has since been generalized to also serve as a general-purpose infrastructure for non-n…

“Coinboot - Cost effective, diskless GPU clusters for blockchain hashing and beyond” Gunter Miegel · 20 min talk + 5 min Q&A (25 minutes)

How to run clusters for GPU computing based blockchain hashing diskless on cost effective commodity hardware.

“GNU poke, an extensible editor for structured binary data” Jose E. Marchesi · 35 min talk + 5 min Q&A (40 minutes)

GNU poke is a new interactive editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them.

“oomd2 and beyond: a year of improvements” Daniel Xu, Anita Zhang · 20 min talk + 5 min Q&A (25 minutes)

oomd is a userspace out-of-memory killer. This talk covers past, present, and future development along with possible plans for systemd integration.

“iwd - State of the union” Marcel Holtmann · 20 min talk + 5 min Q&A (25 minutes)

The open source wireless daemon iwd has been introduced about 5 years ago and has seen an active development since its inception. The last year has been focused on behind the scenes work for new Wi-Fi standards that make connection setup faster, make roaming smoother and also introduce new security…

“OCIv2: Container Images Considered Harmful” Aleksa Sarai · 35 min talk + 5 min Q&A (40 minutes)

Most modern container image formats use tar-based linear archives to represent root filesystems, which results in many issues when using modern container images. In this talk, we will demonstrate a solution to this problem that we plan to propose for standardisation within the Open Container Initia…

“Distributing Freedesktop SDK applications to Flatpak, Snapd and Docker” Valentin David · 20 min talk + 5 min Q&A (25 minutes)

BuildStream is used to build Freedesktop SDK for different deployment systems allowing applications based on it to be distributed at once to multiple systems.

“PostgreSQL at low level: stay curious!” Dmitrii Dolgov · 35 min talk + 5 min Q&A (40 minutes)

Have you ever encountered a transient performance issue, that was hard to
investigate only from the database point of view? On top of how many layers of
abstraction your database is working? What is the difference between running
your database on a bare metal, VM or inside a container?

PostgreSQL d…

“BMC management with bmc-toolbox” Joel Rebello, Juliano Martinez · 35 min talk + 5 min Q&A (40 minutes)

This talk is about the bmc-toolbox, an open-source project that leverages the Baseboard Management Controller (iLOs iDracs and similar) to help manage a large fleet (>50K) of bare metal servers at Booking.com


Its goal is to provide vendor agnostic tooling to manage the lif…

“Squeezing Water from Stone - KornShell in 2019” Siteshwar Vashisht · 20 min talk + 5 min Q&A (25 minutes)

Despite of it's old age, ksh still remains one of the most popular shells. In 2013, David Korn and others who worked on ksh were laid off from AT&T Bell Labs. This lead to speculations of death of ksh. In 2017, Siteshwar Vashisht and Kurtis Rader resumed it's development on GitHub. This talk wi…

“How Microsoft SQL Server Went Multi-Platform: SQLPAL” Argenis Fernandez, Brian Gianforcaro, Eugene Birukov · 35 min talk + 5 min Q&A (40 minutes)

How did Microsoft made SQL Server available on Linux, Containers and ARM CPUs? Come hear the story from the SQL Server engineering team.

“Senpai - Automatic memory sizing for containers” Johannes Weiner · 20 min talk + 5 min Q&A (25 minutes)

Senpai is a userspace tool to auto-tune cgroup memory limits.