Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

Wir haben seit einigen Wochen ein neues Gerät in unserem Hackspace. Nach langem überlegen, welches Modell wir kaufen wollen, wie wir es anschließen und wie wir die Abluft lösen können, haben wir uns für den Lasercutter Flux Hexa entschieden.Dieser 60W CO2 Laser hat eine Arbeitsfläche von 73 x 41 cm und kann unter Idealbedingungen Holz bis zu einer …

Wir haben seit einigen Wochen ein neues Gerät in unserem Hackspace. Nach langem überlegen, welches Modell wir kaufen wollen, wie wir es anschließen und wie wir die Abluft lösen können, haben wir uns für den Lasercutter Flux Hexa entschieden.Dieser 60W CO2 Laser hat eine Arbeitsfläche von 73 x 41 cm und kann unter Idealbedingungen Holz bis zu einer …

Wir haben seit einigen Wochen ein neues Gerät in unserem Hackspace. Nach langem überlegen, welches Modell wir kaufen wollen, wie wir es anschließen und wie wir die Abluft lösen können, haben wir uns für den Lasercutter Flux Hexa entschieden.Dieser 60W CO2 Laser hat eine Arbeitsfläche von 73 x 41 cm und kann unter Idealbedingungen Holz bis zu einer …

Wir haben seit einigen Wochen ein neues Gerät in unserem Hackspace. Nach langem überlegen, welches Modell wir kaufen wollen, wie wir es anschließen und wie wir die Abluft lösen können, haben wir uns für den Lasercutter Flux Hexa entschieden.Dieser 60W CO2 Laser hat eine Arbeitsfläche von 73 x 41 cm und kann unter Idealbedingungen Holz bis zu einer …

Wir haben seit einigen Wochen ein neues Gerät in unserem Hackspace. Nach langem überlegen, welches Modell wir kaufen wollen, wie wir es anschließen und wie wir die Abluft lösen können, haben wir uns für den Lasercutter Flux Hexa entschieden.Dieser 60W CO2 Laser hat eine Arbeitsfläche von 73 x 41 cm und kann unter Idealbedingungen Holz bis zu einer …

Wir haben seit einigen Wochen ein neues Gerät in unserem Hackspace. Nach langem überlegen, welches Modell wir kaufen wollen, wie wir es anschließen und wie wir die Abluft lösen können, haben wir uns für den Lasercutter Flux Hexa entschieden.Dieser 60W CO2 Laser hat eine Arbeitsfläche von 73 x 41 cm und kann unter Idealbedingungen Holz bis zu einer …

In der modernen Kill Chain verlassen sich bösartige Akteure nicht auf Malware oder schwachstellenbasierte Angriffe. Stattdessen nutzen sie Social-Engineering-Taktiken. Ein datenzentrierter Ansatz hilft, alle Geräte und Netzwerkzugangspunkte in der gesamten Infrastruktur zu schützen. Doch wie wirkt eine datenzentrierte Sicherheit konkret gegen die m…

Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/Von Adrian Vovk

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/Von Adrian Vovk

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/Von Adrian Vovk

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

This presentation introduces a novel approach to enhance the trust in SPIFFE by leveraging confidential computing technologies, specifically Confidential Virtual Machines.The presentation will provide an introduction to the realm of confidential computing, as well as an overview of SPIFFE/SPIRE. Armed with this knowledge we will demonstrate a pract…

How do you continually test and release new versions of systemd with confidence? Also, once released, how do you monitor PID 1 itself and your PID 1 usage across your server fleet? This talk dives into Meta’s way of answering these questions so we can minimize the risk of breaking changes and fun each systemd release brings us. Some of the technolo…

This presentation introduces a novel approach to enhance the trust in SPIFFE by leveraging confidential computing technologies, specifically Confidential Virtual Machines.The presentation will provide an introduction to the realm of confidential computing, as well as an overview of SPIFFE/SPIRE. Armed with this knowledge we will demonstrate a pract…

How do you continually test and release new versions of systemd with confidence? Also, once released, how do you monitor PID 1 itself and your PID 1 usage across your server fleet? This talk dives into Meta’s way of answering these questions so we can minimize the risk of breaking changes and fun each systemd release brings us. Some of the technolo…

This presentation introduces a novel approach to enhance the trust in SPIFFE by leveraging confidential computing technologies, specifically Confidential Virtual Machines.The presentation will provide an introduction to the realm of confidential computing, as well as an overview of SPIFFE/SPIRE. Armed with this knowledge we will demonstrate a pract…

How do you continually test and release new versions of systemd with confidence? Also, once released, how do you monitor PID 1 itself and your PID 1 usage across your server fleet? This talk dives into Meta’s way of answering these questions so we can minimize the risk of breaking changes and fun each systemd release brings us. Some of the technolo…

In this talk, I will discuss how Linux distributions can integrate and benefit from using systemd soft-reboot. Using openSUSE Tumbleweed as an example, I will show where and how it makes sense for traditional Linux distributions to use it and where the pitfalls are. With openSUSE MicroOS, we have a distribution with a read-only root file system tha…