1 00:00:07,254 --> 00:00:07,504 Right, good afternoon 2 00:00:07,817 --> 00:00:12,360 It is the lightning talks sessions at DebConf Hamburg 2018 3 00:00:13,019 --> 00:00:17,895 We've got seven speakers, and I guess we'll just get going 4 00:00:18,352 --> 00:00:22,107 Starting with Tobias Platn???, talking about Debian on Power9. 5 00:00:27,528 --> 00:00:36,302 Yesterday I, hm no, on friday, I received my new Power9 machine. 6 00:00:36,519 --> 00:00:37,710 A Talos 9 (II). 7 00:00:40,456 --> 00:00:44,680 And it has an IBM Power9 processor 8 00:00:45,658 --> 00:00:52,946 So, the only distro that I know that will work is Debian. 9 00:00:55,748 --> 00:01:01,820 Then, this is a new PowerPC 64 bits architecture, 10 00:01:02,330 --> 00:01:06,553 that can run in little-endian mode. 11 00:01:07,255 --> 00:01:10,823 I downloaded a Debian installer. 12 00:01:11,834 --> 00:01:16,531 First, I chosed the stable version, but 13 00:01:17,492 --> 00:01:21,211 that crashed during install. 14 00:01:21,733 --> 00:01:28,208 And, then I retried a different version, a daily version. 15 00:01:29,265 --> 00:01:37,455 And this one, which is based on Buster, correctly installed. 16 00:01:38,264 --> 00:01:44,682 I can even have a graphical environment, working out of the box. 17 00:01:45,696 --> 00:01:52,899 And, the installer then complained that there is no boot partition 18 00:01:53,862 --> 00:02:04,744 for older PowerPCs, and this boot partition is not needed, since the TalosII 19 00:02:05,162 --> 00:02:13,166 has a newer systems starting with power7 used petitboot. 20 00:02:16,038 --> 00:02:22,581 So, that needs to be fixed in the Debian installer, 21 00:02:23,259 --> 00:02:29,066 that it doesn't produce the warning on Power machines. 22 00:02:32,143 --> 00:02:37,359 And now I have a working Debian installation, 23 00:02:38,079 --> 00:02:40,300 which I can use. 24 00:02:49,707 --> 00:02:52,912 (thanks) [applause] 25 00:02:54,093 --> 00:02:55,411 Thank you very much, that was very quick. 26 00:02:55,639 --> 00:02:57,328 Next up is Thimothée Jaussoin, 27 00:02:57,890 --> 00:03:01,721 talking about Movim, the XMPP social platform. 28 00:03:05,572 --> 00:03:07,427 Give him a moment to get set up. 29 00:04:32,681 --> 00:04:34,262 I think it's a bit better this way. 30 00:04:34,755 --> 00:04:36,976 Who already heard about the platform Movim? 31 00:04:38,679 --> 00:04:44,207 OK, so we have a couple of people that know about the project here. 32 00:04:45,054 --> 00:04:48,307 Just to present you what I ??? could be a parallel universe 33 00:04:48,481 --> 00:04:50,653 but is actually the current universe we're living with. 34 00:04:52,233 --> 00:04:54,307 Lots of different chat platforms. 35 00:04:54,594 --> 00:04:56,036 The same thing on social networks. 36 00:04:56,779 --> 00:05:00,051 We keep reinventing the wheel all the time. 37 00:05:02,563 --> 00:05:03,455 We don't have this problem with e-mails 38 00:05:03,742 --> 00:05:07,157 hopefully actually the e-mail standards came way before before all of those 39 00:05:08,182 --> 00:05:09,515 proprietary solutions 40 00:05:10,092 --> 00:05:15,089 So we have ??? and Google and Microsoft are still using SMTP, IMAP, for now. 41 00:05:15,567 --> 00:05:19,559 So everything is compatible, and we have a lot of clients on top of that. 42 00:05:19,773 --> 00:05:21,747 But for chat, and social networks, it's not the case. 43 00:05:22,750 --> 00:05:26,054 So the idea of Movim is to build a social platform. 44 00:05:28,958 --> 00:05:32,801 In there, we can put a little couple of ingredients. 45 00:05:33,414 --> 00:05:37,407 First, it needs to be Open-Source, for the transparency, for the fact that you can 46 00:05:37,584 --> 00:05:41,829 have feedback and improvements, for the security part. Bring some trust 47 00:05:42,035 --> 00:05:47,128 I think that you guys here know about the advantages of Free Software, and 48 00:05:47,578 --> 00:05:52,731 especially on the communication part, on social networks, but it's not enough. 49 00:05:53,745 --> 00:05:56,915 We also need to be in control, actually in this social network. 50 00:05:57,382 --> 00:05:59,249 So it need to be simple and transparent 51 00:05:59,532 --> 00:06:02,121 on the UI but also on the protocol level. 52 00:06:02,345 --> 00:06:07,222 On the really deep below stacks. 53 00:06:08,183 --> 00:06:10,276 So we'll need to have a strong and reliable encryption, 54 00:06:10,493 --> 00:06:14,743 so don't reinvent also an encryption - talking about Telegram, here - 55 00:06:15,987 --> 00:06:19,209 And, yeah, need some trusts in sights here. 56 00:06:19,439 --> 00:06:22,300 I mean a community, and not a company that you will blindly trust 57 00:06:22,844 --> 00:06:25,718 to take care of all of your communications. 58 00:06:25,937 --> 00:06:26,953 But it's not enough. 59 00:06:27,661 --> 00:06:32,071 It needs to be decentralized. Because centralized social networks, 60 00:06:32,274 --> 00:06:33,482 even if it's opensource, 61 00:06:33,687 --> 00:06:36,727 if it's only one instance, you have to still trust the instance. So would like to 62 00:06:36,917 --> 00:06:39,509 deploy your instance, you would like to trust someone else, 63 00:06:39,674 --> 00:06:42,656 you can only, sometimes, trust only yourself in seldom cases 64 00:06:44,050 --> 00:06:46,627 Decentralization also brings robustness 65 00:06:50,497 --> 00:06:54,605 So that's too many times that actually one server is failing, think Signal 66 00:06:55,078 --> 00:06:59,115 had an issue recently, about this kind of thing there. 67 00:06:59,272 --> 00:07:02,567 The issue was with the Amazon servers, the whole thing didn't worked 68 00:07:02,731 --> 00:07:04,077 for a couple of hours. 69 00:07:04,429 --> 00:07:06,660 And then, resist against censorship and control. 70 00:07:06,865 --> 00:07:09,145 Same thing with Telegram, I think in Russia. 71 00:07:09,307 --> 00:07:13,995 I'm talking more about the IM part, but it's also applicable to social networks. 72 00:07:14,179 --> 00:07:18,439 It's exactly the same thing, just that the exchanges of information are a bit different. 73 00:07:18,976 --> 00:07:20,749 So, you need these steps but 74 00:07:21,552 --> 00:07:23,845 all those platforms here 75 00:07:24,962 --> 00:07:33,484 (I just made this conference 3 years ago, just added Mastodon recently) 76 00:07:37,125 --> 00:07:43,934 So i might talk about different sorts of platforms 77 00:07:44,452 --> 00:07:46,932 There is communication between those platforms, kind of standards that are 78 00:07:47,108 --> 00:07:50,036 starting to come in, especially between Diaspora and Mastodon, 79 00:07:50,257 --> 00:07:51,944 but there is still a lot of work to do there. 80 00:07:52,828 --> 00:07:56,406 So, the secret ingredient is about compatibility, about extensibility. 81 00:07:56,885 --> 00:07:58,634 Don't try to reinvent the wheel again, 82 00:07:58,843 --> 00:08:00,232 don't try to create another social network, 83 00:08:00,612 --> 00:08:03,790 or another IM platform that will have all those communication troubles. 84 00:08:04,145 --> 00:08:05,253 So, I mean a long-term vision. 85 00:08:07,652 --> 00:08:10,517 And, actually, the secret ingredient is standardization, in these things. 86 00:08:11,240 --> 00:08:18,348 So, this standard should have a couple of features, 87 00:08:19,535 --> 00:08:23,706 support news feeds, communities, IM, chatroom presences, know who's online, profiles, 88 00:08:24,084 --> 00:08:26,961 video conferencing security, bridges to the Web. 89 00:08:28,240 --> 00:08:29,524 And then it will be real-time. 90 00:08:31,799 --> 00:08:32,973 And, 1 minute? 91 00:08:33,451 --> 00:08:35,350 This protocol actually exists, it's called XMPP. 92 00:08:36,176 --> 00:08:40,060 So the goal of the project is: - take XMPP implemented 93 00:08:40,710 --> 00:08:43,859 - and doing a lot of innovation on top of the project 94 00:08:44,493 --> 00:08:48,857 So, server-side it's a simple XMPP client, webserver, simple to install 95 00:08:49,342 --> 00:08:51,121 (PHP, MySQL PostgreSQL) 96 00:08:51,684 --> 00:08:55,472 And user-side, it's also super simple to use, you need simply a browser, 97 00:08:57,505 --> 00:09:02,207 it's responsive, it's light, it's fast and is built actually for small communities. 98 00:09:03,426 --> 00:09:05,195 There are pods all around the world. 99 00:09:05,471 --> 00:09:07,347 You're really invited to deploy your own pods. 100 00:09:07,834 --> 00:09:11,255 There is already ten thousands accounts on the official pod 101 00:09:11,470 --> 00:09:12,417 30 languages 102 00:09:12,651 --> 00:09:13,889 Debian packages coming soon 103 00:09:14,137 --> 00:09:16,619 Thanks to the help of some people in this room. 104 00:09:17,506 --> 00:09:19,666 And, that's it ! 105 00:09:20,578 --> 00:09:22,690 So if you want more information, everything is on the website, 106 00:09:22,913 --> 00:09:25,174 you can join the chat room. 107 00:09:25,385 --> 00:09:26,527 Or, the twitter. 108 00:09:27,210 --> 00:09:30,576 [applause] 109 00:09:31,005 --> 00:09:32,163 Thank you very much. 110 00:09:32,620 --> 00:09:35,902 Next up is Thomas Lange, Mrfai, talking about dracut. 111 99:59:59,999 --> 99:59:59,999 Today, I'm not talking about FAI but about dracut. 112 99:59:59,999 --> 99:59:59,999 dracut is a replacement for initramfs which is used by most other distributions. 113 99:59:59,999 --> 99:59:59,999 If I'm correct, only Ubuntu and Debian and derivatives are using initramfs-tools 114 99:59:59,999 --> 99:59:59,999 All other distributions already moved to dracut. 115 99:59:59,999 --> 99:59:59,999 Today I want to show how you can get an experience with dracut 116 99:59:59,999 --> 99:59:59,999 without deinstalling initramfs-tools. 117 99:59:59,999 --> 99:59:59,999 Ben Hutchings did some patches, I think two years ago, so it's possible. 118 99:59:59,999 --> 99:59:59,999 What you have to do, there's a package called "dracut-core", 119 99:59:59,999 --> 99:59:59,999 which does not conflict with initramfs-tools. 120 99:59:59,999 --> 99:59:59,999 I have a virtual machine. 121 99:59:59,999 --> 99:59:59,999 So, debian/fai… 122 99:59:59,999 --> 99:59:59,999 On this machine, I will now install the dracut-core package 123 99:59:59,999 --> 99:59:59,999 and that's it. 124 99:59:59,999 --> 99:59:59,999 We still have one initrd. 125 99:59:59,999 --> 99:59:59,999 And now I can say… 126 99:59:59,999 --> 99:59:59,999 Oh no, first I have to copy the dracut version and then I can generate 127 99:59:59,999 --> 99:59:59,999 a new initrd with dracut. 128 99:59:59,999 --> 99:59:59,999 dracut uses the usual hooks or module system, 129 99:59:59,999 --> 99:59:59,999 it does not use the hooks from the initramfs things but it already includes 130 99:59:59,999 --> 99:59:59,999 a lot of hooks, so for example if you have a cryptsetup, 131 99:59:59,999 --> 99:59:59,999 you do not need the hooks for initramfs-tools from the cryptsetup package 132 99:59:59,999 --> 99:59:59,999 because dracut already includes this and a lot of other things. 133 99:59:59,999 --> 99:59:59,999 After generating a new initrd, you update your grub and you see 134 99:59:59,999 --> 99:59:59,999 we have now two entries in the grub. 135 99:59:59,999 --> 99:59:59,999 One with the old initrd which was created by… 136 99:59:59,999 --> 99:59:59,999 the default one is the initrd which is created by initramfs-tools 137 99:59:59,999 --> 99:59:59,999 and here you have the boot entry for the new dracut initrd 138 99:59:59,999 --> 99:59:59,999 and it boots up and works. 139 99:59:59,999 --> 99:59:59,999 What we need is that more people are using it and giving it a try. 140 99:59:59,999 --> 99:59:59,999 In your environment, on your hardware, does dracut work? 141 99:59:59,999 --> 99:59:59,999 We had a discussion, like 5 years ago, if Debian… 142 99:59:59,999 --> 99:59:59,999 When will Debian switch from initramfs-tools to dracut? 143 99:59:59,999 --> 99:59:59,999 And still there's no real need because initramfs-tools works for everybody 144 99:59:59,999 --> 99:59:59,999 but I think in the long term, we will switch it, 145 99:59:59,999 --> 99:59:59,999 so please help us, write bug reports 146 99:59:59,999 --> 99:59:59,999 or just give it a try, if it works for you or not. 147 99:59:59,999 --> 99:59:59,999 That's it. 148 99:59:59,999 --> 99:59:59,999 [Applause] 149 99:59:59,999 --> 99:59:59,999 Next up is TecKids talking about their organization. 150 99:59:59,999 --> 99:59:59,999 Ok, those of you who attended the Skolelinux talk already heard about TecKids. 151 99:59:59,999 --> 99:59:59,999 I want to give a few details about what else we do. 152 99:59:59,999 --> 99:59:59,999 TecKids is a non-profit organization based in Germany, but 153 99:59:59,999 --> 99:59:59,999 we're working internationally and 154 99:59:59,999 --> 99:59:59,999 we are completely centered around free software and we do basically everything 155 99:59:59,999 --> 99:59:59,999 concerning free software in education in the context of children and adolescents, 156 99:59:59,999 --> 99:59:59,999 young people. 157 99:59:59,999 --> 99:59:59,999 More than 50% of our active members are minors. 158 99:59:59,999 --> 99:59:59,999 There's an "s" missing, sorry. 159 99:59:59,999 --> 99:59:59,999 They are of course not minor but they are minors. 160 99:59:59,999 --> 99:59:59,999 Sorry, kids, if you are watching this. 161 99:59:59,999 --> 99:59:59,999 They're minors and we are a fully democratic organization 162 99:59:59,999 --> 99:59:59,999 like in the FOSS spirit 163 99:59:59,999 --> 99:59:59,999 and the most important thing is that we get children involved with all the parts 164 99:59:59,999 --> 99:59:59,999 of the organization, both operational and tutoring and workshops 165 99:59:59,999 --> 99:59:59,999 and working with free software projects, giving presentations. 166 99:59:59,999 --> 99:59:59,999 Normally some children would be here but as this conference was right in the middle of 167 99:59:59,999 --> 99:59:59,999 schooltime, this was not so easy. 168 99:59:59,999 --> 99:59:59,999 So what do we do. 169 99:59:59,999 --> 99:59:59,999 First of all, we want to get children interested in programming, in coding, 170 99:59:59,999 --> 99:59:59,999 in technical stuff and also in free software. 171 99:59:59,999 --> 99:59:59,999 This we do by running youth programs at free software conferences 172 99:59:59,999 --> 99:59:59,999 like the FrOSCon where normally around 100 to 120 children attend and 173 99:59:59,999 --> 99:59:59,999 use Debian and all that cool stuff and learn what they can do with it. 174 99:59:59,999 --> 99:59:59,999 We do peer learning, so those children who already know many things and 175 99:59:59,999 --> 99:59:59,999 are very interested, they start tutoring other children. 176 99:59:59,999 --> 99:59:59,999 Of course we have non-tech fun together, we are outside, 177 99:59:59,999 --> 99:59:59,999 there is a social program with staying over night, having a barbecue and 178 99:59:59,999 --> 99:59:59,999 all that stuff that helps building a community. 179 99:59:59,999 --> 99:59:59,999 Those who are even more interested can get actively involved in preparing workshops, 180 99:59:59,999 --> 99:59:59,999 organizing events, preparing talks, looking at open source projects, 181 99:59:59,999 --> 99:59:59,999 helping others get a free messenger instead of WhatsApp, 182 99:59:59,999 --> 99:59:59,999 working on HowTo, how to spread the word among youths and all of that. 183 99:59:59,999 --> 99:59:59,999 And then ??? at conference and raise awareness, 184 99:59:59,999 --> 99:59:59,999 this is our presentation team from the Chemnitz Linux Days 185 99:59:59,999 --> 99:59:59,999 and they are presenting the whole ??? of free software in education 186 99:59:59,999 --> 99:59:59,999 at our SchulFrei booth which is "School free" in German. 187 99:59:59,999 --> 99:59:59,999 They are presenting all projects that are involved in this common booth and 188 99:59:59,999 --> 99:59:59,999 care for free software education. 189 99:59:59,999 --> 99:59:59,999 If you are interested in that, maybe because you have children or 190 99:59:59,999 --> 99:59:59,999 want to have children or are involved in education in some way, 191 99:59:59,999 --> 99:59:59,999 there are quite a few things that you can do. 192 99:59:59,999 --> 99:59:59,999 You can help working on projects, you can work with mentoring the children 193 99:59:59,999 --> 99:59:59,999 in coding or organisational activities. 194 99:59:59,999 --> 99:59:59,999 You can help spreading the word, also raising awareness that 195 99:59:59,999 --> 99:59:59,999 many many software projects do have some involvement with children, 196 99:59:59,999 --> 99:59:59,999 even indirectly, like a web browser like Firefox, 197 99:59:59,999 --> 99:59:59,999 such applications are used by children and they may have other needs, 198 99:59:59,999 --> 99:59:59,999 and they may have other views on that, 199 99:59:59,999 --> 99:59:59,999 so it's very important to at least think about what children or schools or 200 99:59:59,999 --> 99:59:59,999 teachers as well do with this software. 201 99:59:59,999 --> 99:59:59,999 Pardon? One minute, thank you. 202 99:59:59,999 --> 99:59:59,999 We need help with presentations at conferences, 203 99:59:59,999 --> 99:59:59,999 so not every time the same people have to get a day off at work and travel to conferences 204 99:59:59,999 --> 99:59:59,999 there's much more manpower needed. 205 99:59:59,999 --> 99:59:59,999 And of course, every ngo, every non-profit organization is lacking money, 206 99:59:59,999 --> 99:59:59,999 so if you have already donated to Debian and still have money left, 207 99:59:59,999 --> 99:59:59,999 you might want to give your money to the future, which is children. 208 99:59:59,999 --> 99:59:59,999 Don't forget donating to Debian. 209 99:59:59,999 --> 99:59:59,999 I don't know if I am shot if I don't say that. 210 99:59:59,999 --> 99:59:59,999 [laughter] 211 99:59:59,999 --> 99:59:59,999 And there's also liberapay, it's a free donation platform, 212 99:59:59,999 --> 99:59:59,999 just have a look at it and if you want to help us, actively just go to our web site, 213 99:59:59,999 --> 99:59:59,999 find some communication means or just talk to someone you find 214 99:59:59,999 --> 99:59:59,999 at any conference who is wearing this shirt with our logo. 215 99:59:59,999 --> 99:59:59,999 Thank you. 216 99:59:59,999 --> 99:59:59,999 [Applause] 217 99:59:59,999 --> 99:59:59,999 Next up is Thomas Koch, talking about containers. 218 99:59:59,999 --> 99:59:59,999 Almost ready. 219 99:59:59,999 --> 99:59:59,999 We do have one more space at the end if anybody feels, you know, 220 99:59:59,999 --> 99:59:59,999 inspired to tell us all the things. 221 99:59:59,999 --> 99:59:59,999 I mean, we did have one very last minute sign up. 222 99:59:59,999 --> 99:59:59,999 Meanwhile, I guess I can make announcements while I'm here. 223 99:59:59,999 --> 99:59:59,999 Front desk will be available again after lunch, as will t-shirts. 224 99:59:59,999 --> 99:59:59,999 Anybody who hasn't had a t-shirt yet, 225 99:59:59,999 --> 99:59:59,999 basically, if you signed up, you're allowed to get a t-shirt, come see me, 226 99:59:59,999 --> 99:59:59,999 yes, free of charge, 227 99:59:59,999 --> 99:59:59,999 come see me at front desk when it's open again after lunch. 228 99:59:59,999 --> 99:59:59,999 Because I do know some people been reticent to come up and, you know, 229 99:59:59,999 --> 99:59:59,999 ask one… 230 99:59:59,999 --> 99:59:59,999 I've probably given effectively a lightning talk on not giving… 231 99:59:59,999 --> 99:59:59,999 I think so. 232 99:59:59,999 --> 99:59:59,999 Right, here we go. 233 99:59:59,999 --> 99:59:59,999 Ein, zwei, ok. 234 99:59:59,999 --> 99:59:59,999 Hello, I'm Thomas Koch, I work for Google, 235 99:59:59,999 --> 99:59:59,999 I work in support for Google Container Engine, Google kubernetes engine. 236 99:59:59,999 --> 99:59:59,999 Who knows what Kubernetes is? 237 99:59:59,999 --> 99:59:59,999 Oh, so few, ok. 238 99:59:59,999 --> 99:59:59,999 It's a thing to orchestrate containers on many many nodes, 239 99:59:59,999 --> 99:59:59,999 up to thousands of nodes. 240 99:59:59,999 --> 99:59:59,999 It was started by Google, open sourced by Google in 2015 I believe. 241 99:59:59,999 --> 99:59:59,999 First contributor was Red Hat, it is 100% open source, it's written in Go 242 99:59:59,999 --> 99:59:59,999 and by now it has won the market of managing containers on large nodes. 243 99:59:59,999 --> 99:59:59,999 I just was at the KubeCon in Copenhagen with 4300 participants and 244 99:59:59,999 --> 99:59:59,999 every company you can imagine has an offering about Kubernetes. 245 99:59:59,999 --> 99:59:59,999 Just some logos of companies that use or contribute to Kubernetes 246 99:59:59,999 --> 99:59:59,999 and even more logos and these slides are outdated, so there are even more. 247 99:59:59,999 --> 99:59:59,999 Kubernetes, you have some masters that control kubelet on every node. 248 99:59:59,999 --> 99:59:59,999 A kubelet can start containers and can set up networking stuff 249 99:59:59,999 --> 99:59:59,999 and can set up volumes and the basic concept of computation, 250 99:59:59,999 --> 99:59:59,999 the basic primitive is a pod. 251 99:59:59,999 --> 99:59:59,999 A pod is one to many containers running together in one environment 252 99:59:59,999 --> 99:59:59,999 so that you have the possibility to have sidecars running beside your main containers 253 99:59:59,999 --> 99:59:59,999 that does additional stuff. 254 99:59:59,999 --> 99:59:59,999 It has proven useful in Google's internal ??? container management engine 255 99:59:59,999 --> 99:59:59,999 that you want to have certain containers always running containers 256 99:59:59,999 --> 99:59:59,999 and sharing resources. 257 99:59:59,999 --> 99:59:59,999 An other important primitive is volumes. 258 99:59:59,999 --> 99:59:59,999 Kubernetes can manage your storage and provision storage to be accessible 259 99:59:59,999 --> 99:59:59,999 to your containers. 260 99:59:59,999 --> 99:59:59,999 You can combine many parts that provide the same service to be accessible 261 99:59:59,999 --> 99:59:59,999 under the same IP address and so have failover enable like this 262 99:59:59,999 --> 99:59:59,999 and of course then you have controlers that scale your services, 263 99:59:59,999 --> 99:59:59,999 scale down your services, restart failed pods 264 99:59:59,999 --> 99:59:59,999 or drain nodes that you want to take away 265 99:59:59,999 --> 99:59:59,999 And my question now is what is the role of Debian in a world where 266 99:59:59,999 --> 99:59:59,999 Kubernetes becomes more and more popular even if not that many of you have heard about it 267 99:59:59,999 --> 99:59:59,999 I believe that Kubernetes will become even more popular 268 99:59:59,999 --> 99:59:59,999 and even as a Debian Maintainer, I'm enthusiastic about how easy it becomes now 269 99:59:59,999 --> 99:59:59,999 to run your stuff in Kubernetes. 270 99:59:59,999 --> 99:59:59,999 But you only need a very minimal host operating system to install Kubernetes 271 99:59:59,999 --> 99:59:59,999 on your servers, afterwards you need a bare image, a base image for your container 272 99:59:59,999 --> 99:59:59,999 which is normally also a very minimal image 273 99:59:59,999 --> 99:59:59,999 and you don't do "apt-get install apache2" anymore to have a web server, 274 99:59:59,999 --> 99:59:59,999 you take an apache container image and then you extend this image and 275 99:59:59,999 --> 99:59:59,999 put your app onto this image, so you don't need an apache Debian image anymore 276 99:59:59,999 --> 99:59:59,999 in such a world. 277 99:59:59,999 --> 99:59:59,999 Will we still need this in Debian? 278 99:59:59,999 --> 99:59:59,999 However, nothing is perfect. 279 99:59:59,999 --> 99:59:59,999 On KubeCon, I also saw companies offering 280 99:59:59,999 --> 99:59:59,999 "Oh, we scan you container images for outdated libraries" and 281 99:59:59,999 --> 99:59:59,999 you have long times to update your cluster because all the containers need to be stopped 282 99:59:59,999 --> 99:59:59,999 you download new images, you start whole new environments 283 99:59:59,999 --> 99:59:59,999 so there are optimizations possible there 284 99:59:59,999 --> 99:59:59,999 and people are wondering 285 99:59:59,999 --> 99:59:59,999 "Ok, where does my stuff come from? Is it from a trusted source?" 286 99:59:59,999 --> 99:59:59,999 And my crazy thoughts, maybe it's an opportunity here 287 99:59:59,999 --> 99:59:59,999 if Debian would become a source of trusted binaries or even container images. 288 99:59:59,999 --> 99:59:59,999 Thank you. 289 99:59:59,999 --> 99:59:59,999 [Applause] 290 99:59:59,999 --> 99:59:59,999 Next up, Pierre Pronchery, talking about Manticore, DeepState and DeforaOS 291 99:59:59,999 --> 99:59:59,999 Are you pretty much ready? 292 99:59:59,999 --> 99:59:59,999 I think so. 293 99:59:59,999 --> 99:59:59,999 Meanwhile, does anybody know any dance routines, you know, 294 99:59:59,999 --> 99:59:59,999 just to bridge over the time, because I'm not going to. 295 99:59:59,999 --> 99:59:59,999 I don't think I know any Jerks. 296 99:59:59,999 --> 99:59:59,999 Hopefully nearly there. 297 99:59:59,999 --> 99:59:59,999 You fling my phone from me. 298 99:59:59,999 --> 99:59:59,999 It's ok, nobody calls me anyway. 299 99:59:59,999 --> 99:59:59,999 I'm afraid I haven't got any more announcements. 300 99:59:59,999 --> 99:59:59,999 We are pleased to announce that there are no current announcements available. 301 99:59:59,999 --> 99:59:59,999 The news has been called off. 302 99:59:59,999 --> 99:59:59,999 Do you actually have slides? 303 99:59:59,999 --> 99:59:59,999 I'm wondering if we should your round. 304 99:59:59,999 --> 99:59:59,999 Ok, right, we have the interval act, an interpretive dance by Andrew Shadura 305 99:59:59,999 --> 99:59:59,999 on the nature of git crecord being for the win. 306 99:59:59,999 --> 99:59:59,999 Well, you know, anything to bridge the time, right? 307 99:59:59,999 --> 99:59:59,999 If in doubt, make the font bigger. 308 99:59:59,999 --> 99:59:59,999 Maybe I should give a lightning talk about that. 309 99:59:59,999 --> 99:59:59,999 I think I might, just at the very end, I'll just disguise it as an announcement. 310 99:59:59,999 --> 99:59:59,999 Ready? 311 99:59:59,999 --> 99:59:59,999 There, no. 312 99:59:59,999 --> 99:59:59,999 I prefer that. 313 99:59:59,999 --> 99:59:59,999 Yes, but we don't. 314 99:59:59,999 --> 99:59:59,999 Why? 315 99:59:59,999 --> 99:59:59,999 Did you see what happened earlier? 316 99:59:59,999 --> 99:59:59,999 What happened earlier? 317 99:59:59,999 --> 99:59:59,999 Please use the hand microphone. 318 99:59:59,999 --> 99:59:59,999 Ok. 319 99:59:59,999 --> 99:59:59,999 Alright, listen to a man but not me. 320 99:59:59,999 --> 99:59:59,999 [laughter] 321 99:59:59,999 --> 99:59:59,999 Can you hear me? 322 99:59:59,999 --> 99:59:59,999 So, I'm just going to show you a small utility I wrote. 323 99:59:59,999 --> 99:59:59,999 Actually, I didn't write it from scratch, I just ported it from… Anyway. 324 99:59:59,999 --> 99:59:59,999 Let's see, we've got a git diff of 325 99:59:59,999 --> 99:59:59,999 things with a Debian package. 326 99:59:59,999 --> 99:59:59,999 Lot's of changes, and I forgot to commit them individually. 327 99:59:59,999 --> 99:59:59,999 There's lots of patches and things, 328 99:59:59,999 --> 99:59:59,999 I just want to, somehow, sort this out. 329 99:59:59,999 --> 99:59:59,999 So I just run "git crecord" and suddenly I can see all the things here. 330 99:59:59,999 --> 99:59:59,999 I can unwrap the diffs… 331 99:59:59,999 --> 99:59:59,999 What's happening with the ??? 332 99:59:59,999 --> 99:59:59,999 I can basically select individual bits of the diff and… 333 99:59:59,999 --> 99:59:59,999 Let's just deselect all things, commit those, just a few. 334 99:59:59,999 --> 99:59:59,999 There were just a few patches ??? 335 99:59:59,999 --> 99:59:59,999 so I'm going to commit them now, yes, like refresh patches. 336 99:59:59,999 --> 99:59:59,999 Let's say just "Refresh", just enough. 337 99:59:59,999 --> 99:59:59,999 Oh, mmh. 338 99:59:59,999 --> 99:59:59,999 It's not going to work, because I haven't got a card 339 99:59:59,999 --> 99:59:59,999 and I forgot to disable the… 340 99:59:59,999 --> 99:59:59,999 I don't think I can, I don't remember, I probably can't disable PGP signing unfortunately 341 99:59:59,999 --> 99:59:59,999 it's not implemented yet. 342 99:59:59,999 --> 99:59:59,999 Anyway. 343 99:59:59,999 --> 99:59:59,999 Using this thing you can, it's better than… 344 99:59:59,999 --> 99:59:59,999 How is it properly called. 345 99:59:59,999 --> 99:59:59,999 It's better than the builtin ??? 346 99:59:59,999 --> 99:59:59,999 I can't even remember it's name. 347 99:59:59,999 --> 99:59:59,999 That one. 348 99:59:59,999 --> 99:59:59,999 I didn't exactly hear exactly what he said, like "git patch something" 349 99:59:59,999 --> 99:59:59,999 "git add --patch" 350 99:59:59,999 --> 99:59:59,999 And there's an other one which is… 351 99:59:59,999 --> 99:59:59,999 There's one a bit more interactive and one which is a bit less interactive. 352 99:59:59,999 --> 99:59:59,999 This is ??? interactive and there will be more features. 353 99:59:59,999 --> 99:59:59,999 It is actually, it was originally written for mercurial 354 99:59:59,999 --> 99:59:59,999 and this was a thing I really missed when I had to use git 355 99:59:59,999 --> 99:59:59,999 and now I don't have to anymore. 356 99:59:59,999 --> 99:59:59,999 This is it. 357 99:59:59,999 --> 99:59:59,999 It's in Debian, you can apt install it if you prefer. 358 99:59:59,999 --> 99:59:59,999 It's in Debian, you can apt install it if you prefer, 359 99:59:59,999 --> 99:59:59,999 or you can install it from source and there would be more features later. 360 99:59:59,999 --> 99:59:59,999 That's it. 361 99:59:59,999 --> 99:59:59,999 Thank you 362 99:59:59,999 --> 99:59:59,999 [Applause] 363 99:59:59,999 --> 99:59:59,999 Now, Pierre Pronchery talking about all the things that I said 364 99:59:59,999 --> 99:59:59,999 he was going to talk about earlier. 365 99:59:59,999 --> 99:59:59,999 One moment please. 366 99:59:59,999 --> 99:59:59,999 [Applause] 367 99:59:59,999 --> 99:59:59,999 Sorry about that, I didn't really plan for this, 368 99:59:59,999 --> 99:59:59,999 so I made the slides 5 minutes ago. 369 99:59:59,999 --> 99:59:59,999 So, I'm Pierre Pronchery, thank you for having me, 370 99:59:59,999 --> 99:59:59,999 even if I'm actually an officiel NetBSD developer, 371 99:59:59,999 --> 99:59:59,999 but I'm been using Debian since 1999, so maybe I'm alowed, 372 99:59:59,999 --> 99:59:59,999 I'm also a security consultant, interested in Kernel development, 373 99:59:59,999 --> 99:59:59,999 security integration, and so on. 374 99:59:59,999 --> 99:59:59,999 What you cannot see on the slides right now is that 375 99:59:59,999 --> 99:59:59,999 I'm also on the board of directors of NetBSD. 376 99:59:59,999 --> 99:59:59,999 So actually I'm in a good position to talk about the project if you'd like to. 377 99:59:59,999 --> 99:59:59,999 I would like to talk to you about Manticore today. 378 99:59:59,999 --> 99:59:59,999 It's a symbolic execution tool, 379 99:59:59,999 --> 99:59:59,999 basically, it uses a CPU emulator, which can be hardware assisted of course, 380 99:59:59,999 --> 99:59:59,999 to run and analyze programs or algorithms, so parts of programs on a simulated system 381 99:59:59,999 --> 99:59:59,999 and one of the aims is actually to make them crash 382 99:59:59,999 --> 99:59:59,999 so to make extensive fuzzing and be very efficient at fuzzing by possibly tracing 383 99:59:59,999 --> 99:59:59,999 instructions and so on, whatever is going on inside the program. 384 99:59:59,999 --> 99:59:59,999 It supports static Linux binaries in 32-bits and 64-bits modes, 385 99:59:59,999 --> 99:59:59,999 also it supports ARM 32-bits, support is ongoing for ARM 64-bits, 386 99:59:59,999 --> 99:59:59,999 it also works with Ethereum bytecode. 387 99:59:59,999 --> 99:59:59,999 There are official releases on GitHub, it's already packaged in PkgSrc by myself 388 99:59:59,999 --> 99:59:59,999 and I'm actually looking for volunteers to package it for Debian 389 99:59:59,999 --> 99:59:59,999 or possibly help me to do so. 390 99:59:59,999 --> 99:59:59,999 I'm actually sponsored by Trail of Bits, the developer of Manticore, 391 99:59:59,999 --> 99:59:59,999 to work on this, which is also why I'm here. 392 99:59:59,999 --> 99:59:59,999 The companion to Manticore is called DeepState, 393 99:59:59,999 --> 99:59:59,999 it's specifically meant for Unit Testing with symbolic execution. 394 99:59:59,999 --> 99:59:59,999 It supports not just Manticore but also an other backend for analyzing 395 99:59:59,999 --> 99:59:59,999 running binaries, 396 99:59:59,999 --> 99:59:59,999 It's called angr, this other backend, which was developed as a side node 397 99:59:59,999 --> 99:59:59,999 for the Cyber Grand challenge of DARPA last year. 398 99:59:59,999 --> 99:59:59,999 DeepState is currently packaged in 2 separate packages in PkgSrc 399 99:59:59,999 --> 99:59:59,999 by myself again, 400 99:59:59,999 --> 99:59:59,999 unfortunately not yet fully upstream in PkgSrc, 401 99:59:59,999 --> 99:59:59,999 but basically I made one package with ??? binaries and then the Python bindings. 402 99:59:59,999 --> 99:59:59,999 This is also on GitHub but with no official release yet, 403 99:59:59,999 --> 99:59:59,999 because this is a very young project still 404 99:59:59,999 --> 99:59:59,999 so I'm also for a volunteer in Debian to help me package that. 405 99:59:59,999 --> 99:59:59,999 And then, a shameless addition, I'm also a developer of, the main developer of 406 99:59:59,999 --> 99:59:59,999 DeforaOS, an open source desktop environment, and with some more parts 407 99:59:59,999 --> 99:59:59,999 in the project, 408 99:59:59,999 --> 99:59:59,999 I have about 50 repositories now in this. 409 99:59:59,999 --> 99:59:59,999 I'm therefore also looking for volunteers to package that into Debian, 410 99:59:59,999 --> 99:59:59,999 there are still projects we haven't packaged yet, as far as I know. 411 99:59:59,999 --> 99:59:59,999 So, since I'm here, I figured I could as well get my PGP key signed, 412 99:59:59,999 --> 99:59:59,999 I suppose it's one of the steps to become a developer 413 99:59:59,999 --> 99:59:59,999 and if there are more, I've heard there are plenty, 414 99:59:59,999 --> 99:59:59,999 then please help me out with this, I'll welcome any assistance doing that. 415 99:59:59,999 --> 99:59:59,999 Alright. Thank you. 416 99:59:59,999 --> 99:59:59,999 [Applause] 417 99:59:59,999 --> 99:59:59,999 Thank you very much. 418 99:59:59,999 --> 99:59:59,999 I guess that's it. 419 99:59:59,999 --> 99:59:59,999 The next lightning talk session that I'm aware of is at DebConf18 in Taiwan. 420 99:59:59,999 --> 99:59:59,999 I hope to see as many of you as possible there. 421 99:59:59,999 --> 99:59:59,999 Off you go, lunch time. 422 99:59:59,999 --> 99:59:59,999 [Applause]