WEBVTT 99:59:59.999 --> 99:59:59.999 Welcome back, the next talk will be Jan Kiszka 99:59:59.999 --> 99:59:59.999 on Getting more Debian into our civil infrastructure. 99:59:59.999 --> 99:59:59.999 Thank you Michael. 99:59:59.999 --> 99:59:59.999 So my name is Jan Kiszka, 99:59:59.999 --> 99:59:59.999 you may not know me, I'm not a Debian Developer, not a Debian Maintainer. 99:59:59.999 --> 99:59:59.999 I'm just an upstream hacker. 99:59:59.999 --> 99:59:59.999 I'm working for Siemens 99:59:59.999 --> 99:59:59.999 and part of the Linux team there for now 10 years actually, 99:59:59.999 --> 99:59:59.999 more than 10 years. 99:59:59.999 --> 99:59:59.999 We are supporting our business units in getting Linux into the products successfully 99:59:59.999 --> 99:59:59.999 for that long time, even longer actually. 99:59:59.999 --> 99:59:59.999 Today, I'm representing a collaborative project that has some relationship 99:59:59.999 --> 99:59:59.999 with Debian, and more soon. 99:59:59.999 --> 99:59:59.999 First of all, maybe a surprise to some of you, 99:59:59.999 --> 99:59:59.999 our civilization is heavily running on Linux and you may now think about 99:59:59.999 --> 99:59:59.999 this kind of devices where some kind of Linux inside, 99:59:59.999 --> 99:59:59.999 or you may think of the cloud servers running Linux inside. 99:59:59.999 --> 99:59:59.999 But actually, this is about devices closer to us. 99:59:59.999 --> 99:59:59.999 In all our infrastructure, 99:59:59.999 --> 99:59:59.999 there are control systems, there are management systems included 99:59:59.999 --> 99:59:59.999 and many many of them run Linux inside. 99:59:59.999 --> 99:59:59.999 Maybe if you are traveling with Deutsche Bahn to this event these days, 99:59:59.999 --> 99:59:59.999 there was some Linux system on the train as well, 99:59:59.999 --> 99:59:59.999 as they were on the ???, so on the control side. 99:59:59.999 --> 99:59:59.999 Energy generation. 99:59:59.999 --> 99:59:59.999 Power plants, they are also run with Linux 99:59:59.999 --> 99:59:59.999 in very interesting ways, in positive ways 99:59:59.999 --> 99:59:59.999 Industry automation, the factories, they have control systems inside 99:59:59.999 --> 99:59:59.999 and quite a few are running Linux inside. 99:59:59.999 --> 99:59:59.999 And also other systems like health care, diagnostic systems. 99:59:59.999 --> 99:59:59.999 These big balls up there, they're magnetic resonance imaging systems, 99:59:59.999 --> 99:59:59.999 they're running on Linux for over a decade now. 99:59:59.999 --> 99:59:59.999 Building automation, not at home but in the professional building area. 99:59:59.999 --> 99:59:59.999 Actually, as I said, the train systems are going to be more on Debian soon. 99:59:59.999 --> 99:59:59.999 We have Debian for quite a while in power generation. 99:59:59.999 --> 99:59:59.999 "We", in this case, Siemens. 99:59:59.999 --> 99:59:59.999 We have the box underneath, on the third row, 99:59:59.999 --> 99:59:59.999 the industrial switch there is running Debian. 99:59:59.999 --> 99:59:59.999 And the health care device is still on Ubuntu, but soon will be Debian as well. 99:59:59.999 --> 99:59:59.999 Just to give some examples. 99:59:59.999 --> 99:59:59.999 These are the areas where we, as a group, and we, as Siemens, are active. 99:59:59.999 --> 99:59:59.999 But there are some problems with this. 99:59:59.999 --> 99:59:59.999 Just take an example from a railway system. 99:59:59.999 --> 99:59:59.999 Usually, this kind of devices installation, they have a lifetime 99:59:59.999 --> 99:59:59.999 of 25, 30 years. 99:59:59.999 --> 99:59:59.999 It used to be quite simple with these old devices, 99:59:59.999 --> 99:59:59.999 simple in the sense that it was mechanic, it was pretty robust 99:59:59.999 --> 99:59:59.999 I was once told that one of these locking systems, 99:59:59.999 --> 99:59:59.999 they were basically left in a box out there for 50 years and no one entered the ??? 99:59:59.999 --> 99:59:59.999 No one touched the whole thing for 50 years 99:59:59.999 --> 99:59:59.999 These times are a little bit over. 99:59:59.999 --> 99:59:59.999 Nowadays, we have more electronic systems in these systems 99:59:59.999 --> 99:59:59.999 and they contain of course software. 99:59:59.999 --> 99:59:59.999 What does it mean? 99:59:59.999 --> 99:59:59.999 Just to give you an idea, how this kind of development looks like in this domain. 99:59:59.999 --> 99:59:59.999 So ??? 99:59:59.999 --> 99:59:59.999 development takes quite a long time until the product is ready, 99:59:59.999 --> 99:59:59.999 3 to 5 years. 99:59:59.999 --> 99:59:59.999 Then, in the railway domain, it's mostly about customizing the systems 99:59:59.999 --> 99:59:59.999 for specific installations of the railway systems, 99:59:59.999 --> 99:59:59.999 not only in Europe, they are kind of messy regarding the differences. 99:59:59.999 --> 99:59:59.999 So you have specific requirements of the customer, the railway operators 99:59:59.999 --> 99:59:59.999 to adjust these systems for their needs. 99:59:59.999 --> 99:59:59.999 And you see by then, 99:59:59.999 --> 99:59:59.999 after 5 years already, a Debian version would be out of maintenance and 99:59:59.999 --> 99:59:59.999 if you add an other year, you can start over again. 99:59:59.999 --> 99:59:59.999 So, in the development time, you may change still the system 99:59:59.999 --> 99:59:59.999 but later on, it's getting hard to change the system ??? 99:59:59.999 --> 99:59:59.999 because then the interesting parts start in this domain, not only in this domain, 99:59:59.999 --> 99:59:59.999 that's safety and security assessment and approval for these systems. 99:59:59.999 --> 99:59:59.999 And that also takes time. 99:59:59.999 --> 99:59:59.999 For example, in Germany, you go for the Eisenbahn ??? 99:59:59.999 --> 99:59:59.999 and you ask to get a permission to run that train on the track 99:59:59.999 --> 99:59:59.999 and if they say "Mmh, not happy with it", you do it over again 99:59:59.999 --> 99:59:59.999 and it takes time 99:59:59.999 --> 99:59:59.999 and if you change something in the system, it becomes interesting 99:59:59.999 --> 99:59:59.999 because some of these certification aspects become invalid, 99:59:59.999 --> 99:59:59.999 you have to redo it. 99:59:59.999 --> 99:59:59.999 And then of course, these trains on the installation, 99:59:59.999 --> 99:59:59.999 the have a long life as I mentioned before. 99:59:59.999 --> 99:59:59.999 So how do you deal with this in an electronic device and 99:59:59.999 --> 99:59:59.999 in software-driven devices over this long phase? 99:59:59.999 --> 99:59:59.999 That's our challenge 99:59:59.999 --> 99:59:59.999 and just one example and there are more in this area. 99:59:59.999 --> 99:59:59.999 At the same time, what we see now is these fancy buzzwords 99:59:59.999 --> 99:59:59.999 from cloud business entering our conservative, slowly moving domain. 99:59:59.999 --> 99:59:59.999 We talk about IoT, industrial IoT, so connected devices. 99:59:59.999 --> 99:59:59.999 We talk about edge computing, it means getting the power of the cloud 99:59:59.999 --> 99:59:59.999 to the device in the field, closer to where the real things happen. 99:59:59.999 --> 99:59:59.999 So, networking becomes a topic. 99:59:59.999 --> 99:59:59.999 In the past, you basically built a system, you locked it up physically 99:59:59.999 --> 99:59:59.999 you never touched it again, except the customer complains that 99:59:59.999 --> 99:59:59.999 there were some bug inside. 99:59:59.999 --> 99:59:59.999 These days, the customer asks us to do a frequent update. 99:59:59.999 --> 99:59:59.999 And actually the customers ??? ask for this. 99:59:59.999 --> 99:59:59.999 So you have to have some security maintenance concept in this 99:59:59.999 --> 99:59:59.999 which means regular updates, regular fixes 99:59:59.999 --> 99:59:59.999 and that is of course ??? for this kind of doing the way you have 99:59:59.999 --> 99:59:59.999 slow running and long running support cycles. 99:59:59.999 --> 99:59:59.999 To summarize, there's a very long time we have to maintain our devices in the field 99:59:59.999 --> 99:59:59.999 and so far, this was mostly done individually. 99:59:59.999 --> 99:59:59.999 So each company, and sometimes quite frequently also inside the company, 99:59:59.999 --> 99:59:59.999 each product group, development ??? did it individually. 99:59:59.999 --> 99:59:59.999 So everyone was having their own kernel, everyone was having their own base system, 99:59:59.999 --> 99:59:59.999 it was easy to build up so it should be easy to maintain. 99:59:59.999 --> 99:59:59.999 Of course it's not. 99:59:59.999 --> 99:59:59.999 This was one thing, one important thing. 99:59:59.999 --> 99:59:59.999 And then, of course, we not always are completely happy 99:59:59.999 --> 99:59:59.999 with what the free software gives us. 99:59:59.999 --> 99:59:59.999 There are some needs to make things more robust, 99:59:59.999 --> 99:59:59.999 to make things more secure, reliable. 99:59:59.999 --> 99:59:59.999 So we have to work with these components and improve them, mostly upstream, 99:59:59.999 --> 99:59:59.999 and that, of course, is not a challenge we have to address in this area. 99:59:59.999 --> 99:59:59.999 And catch up with a trend coming in from the service space on the cloud space. 99:59:59.999 --> 99:59:59.999 So with this challenge… 99:59:59.999 --> 99:59:59.999 it was the point where we, in this case, a number of big users of 99:59:59.999 --> 99:59:59.999 industrial open source systems, 99:59:59.999 --> 99:59:59.999 came together and created a new collaborative project. 99:59:59.999 --> 99:59:59.999 That's what you do in the open source area. 99:59:59.999 --> 99:59:59.999 This project is called Civil Infrastructure Platform. 99:59:59.999 --> 99:59:59.999 It's under the umbrella of the Linux Foundation, 99:59:59.999 --> 99:59:59.999 there are many projects of the Linux Foundation you may have seen, 99:59:59.999 --> 99:59:59.999 but most of them are more in the area of cloud computing 99:59:59.999 --> 99:59:59.999 or in the area of media. 99:59:59.999 --> 99:59:59.999 Automotive computing, this one is actually even more conservative than the other ones 99:59:59.999 --> 99:59:59.999 and it's also comparably small. 99:59:59.999 --> 99:59:59.999 Our goal is to build this open source base layer for these application scenarios 99:59:59.999 --> 99:59:59.999 based on free software, based on Linux. 99:59:59.999 --> 99:59:59.999 We started two years ago. 99:59:59.999 --> 99:59:59.999 That's basically our structure, to give you an idea. 99:59:59.999 --> 99:59:59.999 Member companies, the 3 on the top are founding platinum companies, 99:59:59.999 --> 99:59:59.999 Hitachi, Toshiba and Siemens. 99:59:59.999 --> 99:59:59.999 We have Codethink and Plat'Home on board, 99:59:59.999 --> 99:59:59.999 we had them on board for the first time as well. 99:59:59.999 --> 99:59:59.999 Renesas joined us and just recently also Moxa. 99:59:59.999 --> 99:59:59.999 So if you compare this with other collaborative projects, 99:59:59.999 --> 99:59:59.999 it's a pretty small one, comparatively small one, 99:59:59.999 --> 99:59:59.999 so our budget is also limited. 99:59:59.999 --> 99:59:59.999 It's still decent enough, but, well, we are growing. 99:59:59.999 --> 99:59:59.999 And based on this budget, we have some developers being paid, 99:59:59.999 --> 99:59:59.999 Ben is paid this way, you will see later on why. 99:59:59.999 --> 99:59:59.999 And we have people working from the companies in the communities 99:59:59.999 --> 99:59:59.999 and we are ramping up on working with communities 99:59:59.999 --> 99:59:59.999 to improve the base layers for our needs. 99:59:59.999 --> 99:59:59.999 Everything is open source, we have a GitLab repo as well and 99:59:59.999 --> 99:59:59.999 you can look up there what's going on there. 99:59:59.999 --> 99:59:59.999 So, the main areas of activities where we are working on right now. 99:59:59.999 --> 99:59:59.999 4 areas. 99:59:59.999 --> 99:59:59.999 Kernel maintenance, 99:59:59.999 --> 99:59:59.999 we started with declaring one kernel as the CIP kernel to have 99:59:59.999 --> 99:59:59.999 an extended support phase for this kernel of 10 years. 99:59:59.999 --> 99:59:59.999 This is what we're aiming for, which is feasible already 99:59:59.999 --> 99:59:59.999 for some enterprise distros in a specific area 99:59:59.999 --> 99:59:59.999 but here we are talking about an industrial area, an embedded area 99:59:59.999 --> 99:59:59.999 so there is some challenge. 99:59:59.999 --> 99:59:59.999 I'm saying 10 years, there's sometimes written 15 years, 99:59:59.999 --> 99:59:59.999 we will see after 10 years if we follow on to this. 99:59:59.999 --> 99:59:59.999 Along with this, of course, comes the need for real time support. 99:59:59.999 --> 99:59:59.999 Currently, it's a separated branch, but it's going to be integrated eventually 99:59:59.999 --> 99:59:59.999 to have the PREEMPT_RT branch ??? doing this. 99:59:59.999 --> 99:59:59.999 As I mentioned before, Ben is currently our 4.4 CIP kernel maintainer. 99:59:59.999 --> 99:59:59.999 This is the core, basically where we started activities. 99:59:59.999 --> 99:59:59.999 We continued in extending this on test infrastructure, 99:59:59.999 --> 99:59:59.999 so we invested a bit in improving on ??? infrastructure, 99:59:59.999 --> 99:59:59.999 we are now ramping up an internal ??? just to enable 99:59:59.999 --> 99:59:59.999 the kernel testing of course.