Der Chaos Computer Club ist die größte europäische Hackervereinigung, und seit über 25 Jahren Vermittler im Spannungsfeld technischer und sozialer Entwicklungen.
…
continue reading
Closing session of All Systems Go! 2023about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/PKSMVD/
…
continue reading
1
antlir2: Deterministic image builds with buck2 (asg2023)
23:20
23:20
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
23:20
In this talk we’ll discuss antlir2, Meta’s solution to building container and bare metal operating system images. We’ll talk about how we have built performant, hermetic and deterministic image building infrastructure on top of buck2 (Meta’s new open source build system) and how we enable users to compose their own multi-language projects with full…
…
continue reading
1
asynchronous dbus with C++ co-routines (asg2023)
25:40
25:40
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:40
sdbusplus generates ergonomic and compile-time type-checked dbus bindings built atop sd-bus. This library is heavily used within the OpenBMC project to provide all IPC between its many userspace processes. This talk will give an overview of how OpenBMC leverages dbus, how sdbusplus facilitates its usage, as well as an introduction on our approach f…
…
continue reading
1
Microsoft Azure Boost: Image-based Linux powering the Azure fleet. Wait, what? Really?! Yes! (asg2023)
25:44
25:44
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:44
A quick journey through the Azure infrastructure, specifically looking at how image-based Linux is used for Azure Boost, what it enables, what interesting security and performance features were added and where to find them upstream.Believe it or not, today Linux is right at the core of Microsoft Azure's infrastructure, on the very nodes that run al…
…
continue reading
1
Building image-based OSes with BuildStream (asg2023)
14:51
14:51
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
14:51
BuildStream is a tool for building / integrating software stacks. In a way, it has a similar goal to bitbake / yocto and Android repo, but takes a completely different approach. It can be used to take software from various sources, build it with various buildsystems in a reproducible sandbox, and cache results for speedy rebuilds.In this talk I giv…
…
continue reading
1
Wolfi: A Secure-by-Default Distro for Curing Container CVE Chaos (asg2023)
38:16
38:16
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
38:16
Are you using container images with hundreds of known vulnerabilities?The majority of us are using images based on the Docker official images available on the Docker Hub. This includes base images – such as Debian and Ubuntu – as well as application images such as nginx and redis. Unfortunately these images often have hundreds of known vulnerabilit…
…
continue reading
1
mkosi: Building Bespoke Operating System Images (asg2023)
36:14
36:14
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
36:14
mkosi is a tool for building operating system images. In this talk we'll give an introduction to mkosi, how we use it to develop systemd and discuss how we want to support running and updating systems with mkosi and other systemd tooling.Github repository: https://github.com/systemd/mkosi/Initial blog post on mkosi: https://0pointer.net/blog/mkosi-…
…
continue reading
1
openSUSE Aeon - Desktop Linux finally done right? (asg2023)
40:52
40:52
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
40:52
openSUSE Aeon (formerly MicroOS Desktop) aims to be a fully fledged modern Linux Desktop leveraging as many of the latest user space innovations available including:- Immutable OS with Transactional Updates- Secure Boot- TPM Encryption- Flatpaks & OCI containers as primary application deliveryThis talk will introduce the distribution, highlight the…
…
continue reading
1
Exploring RAUC: A Flexible Building Block for Image-Based Updates (asg2023)
35:51
35:51
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
35:51
Recently, atomic updates via image based systems have become more relevant forservers and desktops, as they allow predictable management of large fleets. In theembedded Linux space, this approach has been the default for many years andproven updaters exist already.In this talk, we will delve into RAUC and look at how its design and featureshave bee…
…
continue reading
1
systemd-repart: Building Discoverable Disk Images (asg2023)
33:00
33:00
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
33:00
systemd-repart has recently learned many features to make it useful for building discoverable disk images. In this talk, we'll give a deep-dive on the new features and how they can be used to assemble discoverable disk images.about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/VPQADA/…
…
continue reading
1
Replica.one: A Software-defined Operating System (asg2023)
37:11
37:11
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
37:11
Network operating systems commonly provide a stable userspace platform for networking devices. Integration of userspace applications as well as low-level hardware support are handled by firmware build systems.Existing build systems for network operating systems display numerous limitations by either targeting only distinct types of devices, using c…
…
continue reading
1
A/B partitioning - let's talk about the dirty RW files (asg2023)
25:45
25:45
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:45
A/B partitioning is great - you hermetically drop-in the whole new OS and bootinto it. Although, how can we manage and migrate the RW configuration and statefiles that lie within? Can we do that reliably on both OS upgrades anddowngrades?This talk will explore the design used on the SteamDeck, the issueswe've seen while drawing analogies, and futur…
…
continue reading
1
Oxidizing the Arch Linux packaging infrastructure (asg2023)
35:26
35:26
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
35:26
Arch Linux has worked with its own packaging framework - Arch Linux Package Management (ALPM) - for about 20 years.This talk is about an effort to rewrite low-level components and to create specifications for related metadata files using the Rust programming language.It will cover new projects in the ALPM (https://gitlab.archlinux.org/archlinux/alp…
…
continue reading
1
A story of a bootloader^W^Wthree bootloaders (asg2023)
17:37
17:37
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
17:37
This talk will explore the ideas from Lennart's "Fitting Everything Together"blog post, particularly the A/B partitioning scheme and its bootloader design,comparing it with the approach used on the SteamDeck. Spoiler alert, we're notusing sd-boot.We will focus on the requirements that drove us to the latter design, some implementation details, and …
…
continue reading
1
Fast, correct, reproducible builds with Nix + Bazel (asg2023)
38:40
38:40
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
38:40
The build system should get out of the way to let us focus on our tasks, not be distracted by slow or unreliable builds, get fast feedback on changes, and let us know what’s in the software we’re shipping to our users. But, what does it take for a build system to be really fast and reliable? What does it take to know what’s in the software?It requi…
…
continue reading
1
Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative (asg2023)
25:12
25:12
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:12
Modification of the kernel command line has historically been one of the easiest ways to customize system behavior. Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.System behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications fr…
…
continue reading
1
systemd-boot integration in openSUSE (asg2023)
25:55
25:55
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:55
openSUSE is a general purpose, rpm based distribution. One of it's unique features is the use of btrfs snapshots to offer rollback of the root file system of both traditional as well as transactional systems. This talk explains the challenges faced to integrate systemd-boot into openSUSE.about this event: https://cfp.all-systems-go.io/all-systems-g…
…
continue reading
1
Writing your own NixOS modules for fun and (hopefully) profit (asg2023)
23:24
23:24
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
23:24
This talk will be a whirlwind overview of NixOS modules and the lessons I've learned with maintaining and writing new ones.Nix modules are the core of how you organize configuration and service config, but there's a lot of "draw the rest of the owl" subtext as to how you actually go about writing them. This talk covers some best practices for how t…
…
continue reading
1
Trusted, Confidential and Cloud Native Workloads. An intro to the Confidential Containers project (asg2023)
24:38
24:38
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
24:38
The talk wants to provide a brief introduction into Confidential Containers Project. We'll discuss the rationale behind Confidential Computing and how concepts like Trusted Computing or Remote Attestation can be leveraged by end-users to guard their workloads not only from malicious actors but also their cloud service provider. Confidential Contain…
…
continue reading
1
Talos Linux - TrustedBoot for a minimal Immutable OS (asg2023)
17:56
17:56
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
17:56
The Talos Linux distribution is built from scratch with the goal of providing a secure, verified, and minimal-footprint operating system for running Kubernetes clusters. Talos is designed to be immutable, minimal, and secure. Talos includes only the bare minimum required to run Kubernetes.This talk will cover how Talos uses Unified Kernel Images (U…
…
continue reading
1
Adventures of Linux Userspace at Meta (asg2023)
23:50
23:50
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
23:50
The Linux Userspace team at Meta aims to make significant contributions to upstream userspace projects, while also ensuring that Meta is able to leverage those improvements. In this talk we'll give an overview of the team and brief history of how it was formalized. Then we'll dive deeper into some of the efforts we've worked on with the open source…
…
continue reading
1
Confidential Compute: State-of-the-art and how to get started (asg2023)
40:09
40:09
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
40:09
Confidential compute is a new compute and programming paradigm to run an application in enclave, a run-time encrypted and authenticated trusted execution environment. We give an overview of the current technologies provided by AMD, Intel and ARM. We also give an overview of open source tools to leverage compute along a tutorial to enclave any appli…
…
continue reading
All Systems Go! lightning talkabout this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/8P7XKH/Von Adrian Vovk
…
continue reading
All Systems Go! lightning talkabout this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/AKNDS3/Von flokli
…
continue reading
All Systems Go! lightning talkabout this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/VAY88J/Von Daniel Maslowski
…
continue reading
The journey of developing a Linux platform to require very little in the way of configuration management, and how to virtually eliminate the need to modify code to change configuration. From configuration via scripts and evolving through a couple of configuration management products, we have used the idea of matching actions to timescales to transf…
…
continue reading
A quick overview of the work in progress to plumb PID FDs through Linux userspace, to achieve resilience and security improvementsProcess ID File Descriptors were introduced in Linux v5.3. They allow tracking a process reliably, without risking races and reuse attacks, as they always refer to one single process regardless of the actual PID, so if t…
…
continue reading
Image based OS updates are the future. One way to handle updates is viacontent-addressable synchronisation software, like casync and desync.This talk with give a presentation about the two - their overall design,feature set and strengths and weaknesses. It will also demonstrate a realworld use-case of them.about this event: https://cfp.all-systems-…
…
continue reading
Some quick numbers and maybe curiousities from our work on evaluating which libraries need to be rebuilt for 64-bit time_t on armhf in Ubuntu using abi-compliance-checker.about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/R3SWBQ/Von Julian Andres Klode
…
continue reading
1
Y2038: replace utmp with logind (asg2023)
24:35
24:35
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
24:35
The utmp implementation of glibc uses on quite some 64bit architectures a 32bit time variable, which leads to an overflow on 03:14:07 UTC on 19 January 2038. This talk will explain the current work on replacing utmp with logind.The year 2038 problem (also known as Y2038) is a time formatting bug on Unix systems with representing times after 03:14:0…
…
continue reading
1
Making a magic deduplicating tar using the FICLONE ioctl (asg2023)
24:19
24:19
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
24:19
A walkthrough of an interesting use case for the `FICLONE` ioctl: cloning file data into a tar archive, and cloning files out of it again. "Free" archiving and unarchiving at zero-copy speeds!Topics:- Copy-on-write and the `FICLONE` ioctl- The ancient `tar` format- A trick for adding arbitrary padding to the `tar` format in order to force file syst…
…
continue reading
1
WIP: Sandboxing APT (asg2023)
21:55
21:55
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
21:55
A short case study on where we are with sandboxing APT; what gaps there are and what technologies we looked at.Downloading packages, verifying packages, installing packages, protecting user data from snoopy or broken maintainer scripts. A package manager has a lot of places that can need some sort of sandboxing.APT currently employs a minimal sandb…
…
continue reading
1
Booting fast: Why does power-on to login still last longer than one second? (asg2023)
25:59
25:59
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:59
In light of the climate crises, and despite hardware getting faster and faster, fully powering down systems and back on on demand – the obvious choice – is still inconvenient, as boot times are still very long. Even ChromeOS still has not lowered its limit from ten seconds since years. Show the current status of the hobby project on x86 hardware, a…
…
continue reading
1
Disaggregated networks: Is network hardware special? (asg2023)
38:25
38:25
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
38:25
Despite being ordinary computers with an ASIC for switching, in reality network hardware must still be treated differently from normal servers. In recent years a lot has improved, and vendors offer white box switches, allowing users to install a (network) operating system of their choice. Of course, the NOS needs to support the firmware interface f…
…
continue reading
1
An Unified TPM Event Log for Linux (asg2023)
26:17
26:17
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
26:17
The TPM event log contains a history of all measurements made with the TPM.Complete with some context information for each measurement it is intended tohelp with recreating the current PCR contents. What was meant as a debuggingtool turns out to be of vital importance when trying to remotely attest reallife systems. This is mostly because of the ov…
…
continue reading
1
New Mount API (asg2023)
41:53
41:53
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
41:53
This talk will discuss new features provided by the new kernel mount API interfaceabout this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/NYLYDK/Von Christian Brauner
…
continue reading
Let's get you up to speed on Trusted Platform Modules (TPM 2.0) and Linux. Specifically, the various additions to basic Linux userspace, i.e. systemd in our goal to make measured boot a default on Linux.about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/HSEJY9/Von Lennart Poettering
…
continue reading
1
bpfilter: a BPF-based packet filtering framework (asg2023)
20:43
20:43
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
20:43
Let's discuss about `bpfilter`, a userspace daemon that empowers services to create efficient packet-filtering BPF programs using a high-level representation of filtering rules.For a significant period, `bpfilter` wasn't more than an empty [usermode helper](https://cateee.net/lkddb/web-lkddb/STATIC_USERMODEHELPER.html) and an [abandoned patch serie…
…
continue reading
1
Soft Reboot: atomically replace rootfs and reboot userspace without kernel restart (asg2023)
24:35
24:35
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
24:35
systemd v254 introduced a new reboot type: soft-reboot. It shortcuts the reboot process by not restarting the kernel, and instead shutting down userspace, followed by re-exec'ing systemd from the new rootfs, starting everything up again. Not only this allows to save time by virtue of doing less work, but it also allow select resources (File Descrip…
…
continue reading
1
Why would you still want to use strace in 2023? (asg2023)
26:28
26:28
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
26:28
strace is a traditional userspace tracer utility for Linux, implemented using ptrace API. Despite of the abundance of various kernel tracing interfaces nowadays, there are certain classes of tasks that are still better served by strace. In this talk the maintainer of strace will provide examples of such tasks.about this event: https://cfp.all-syste…
…
continue reading
1
Retake of service restarts (asg2023)
24:59
24:59
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
24:59
Stopping the old and starting a new service afresh -- that is what service restart is roughly about. We will look what it comprises in more detail from service manager perspective and also from the service's client end. Thus we will look at how FDSTORE API can be used to smooth service restart. Furthermore, we will review how unit instances may pro…
…
continue reading
1
System and Configuration Extensions for Image-based Linux Distros and Beyond (asg2023)
39:45
39:45
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
39:45
Using an image-based OS brings advantages and challenges. One challenge is the customization of a read-only image with additional host-level software and configuration, and how to manage this customization through the lifetime of a machine.For deeper changes in /usr, users might build their own images instead of following the official image updates…
…
continue reading
1
Forensic container checkpointing and analysis (asg2023)
43:34
43:34
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
43:34
With the introduction of "Forensic Container Checkpointing" in Kubernetes 1.25 it is possible to checkpoint containers. The ability to checkpoint containers opens up many new use cases. Containers can be migrated without loosing the state of the container, fast startup from existing checkpoints, using spot instances more effective. The primary use …
…
continue reading
1
Gaining Linux insights with Inspektor Gadget, an eBPF tool and systems inspection framework (asg2023)
35:51
35:51
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
35:51
In this presentation, we introduce Inspektor Gadget, a tool designed for the creation, deployment, and execution of eBPF programs (gadgets) across Kubernetes and Linux environments. Inspektor Gadget encapsulates eBPF programs into OCI containers, providing well-understood and easily distributable units.We'll delve into Inspektor Gadget's automatic …
…
continue reading
1
Encrypted Btrfs Subvolumes: Keeping Container Storage Safe (asg2023)
25:48
25:48
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
25:48
At Meta, we've been working to add encryption support to btrfs, with exciting implications for per-container security. Traditionally encryption has either dealt with whole disks, with LUKS, or with a few filesystems: ext4, f2fs, ubifs, and ceph, lacking in advanced volume management. Btrfs has several features these filesystems don't: deduplicating…
…
continue reading
1
Unified Kernel Images (UKIs) (asg2023)
47:16
47:16
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
47:16
UKIs are a fundamental building block of modern measured and trusted boot chains. Let's have a look at what happened in the area and discuss recently added new concepts, such as "add-ons", new PE sections, build tools and more.about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/ZEVAWH/…
…
continue reading
A welcome session for All Systems Go!about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/X89KG9/
…
continue reading
Closing, thank yous, sponsors, what's next, anything elseabout this event: https://talks.nixcon.org/nixcon-2023/talk/NRSXHT/Von Ron Efroni
…
continue reading
1
microvm.nix (nixcon2023)
34:12
34:12
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
34:12
microvm.nix builds NixOS for a few virtual machine managers in a few different use-casesFull virtualization suffers from overhead and performance degradation due to software emulation of real hardware. MicroVMs are optimized by replacing this emulation with interfaces that have been optimized for the virtual machine use-case: VirtIO.microvm.nix hel…
…
continue reading
1
Nix and Kubernetes: Deployments Done Right (nixcon2023)
33:49
33:49
Später Spielen
Später Spielen
Listen
Gefällt mir
Geliked
33:49
Nix is an amazing build tool not only for applications, but also for the infamous "yaml engineering". Join Volodymyr to learn about the journey of using nix along with argocd to deploy payloads into kubernetes.What you will learn:- Setting up nix to work with argocd- Deploying simple applications written purely in nix- Utilizing the public helm cha…
…
continue reading