1 00:00:05,904 --> 00:00:07,504 Right, good afternoon 2 00:00:07,817 --> 00:00:12,360 It is the lightning talks sessions at DebConf Hamburg 2018 3 00:00:13,019 --> 00:00:17,895 We've got seven speakers, and I guess we'll just get going 4 00:00:18,352 --> 00:00:22,107 Starting with Tobias Platn???, talking about Debian on Power9. 5 00:00:27,528 --> 00:00:36,302 Yesterday I, hm no, on friday, I received my new Power9 machine. 6 00:00:36,519 --> 00:00:37,710 A Talos 9 7 00:00:40,456 --> 00:00:44,680 And it has an IBM Power9 processor 8 00:00:45,658 --> 00:00:52,946 So, the only distro that I know that will work is Debian. 9 00:00:55,748 --> 00:01:01,820 Then, this is a new PowerPC 64 bits architecture, 10 00:01:02,330 --> 00:01:06,553 that can run in little-endian mode. 11 00:01:07,255 --> 00:01:10,823 I downloaded a Debian installer. 12 00:01:11,834 --> 00:01:16,531 First, I chosed the stable version, but 13 00:01:17,492 --> 00:01:21,211 that crashed during install. 14 00:01:21,733 --> 00:01:28,208 And, then I retried a different version, a daily version. 15 00:01:29,265 --> 00:01:37,455 And this one, which is based on Buster, correctly installed. 16 00:01:38,264 --> 00:01:44,682 I can even have a graphical environment, working out of the box. 17 00:01:45,696 --> 00:01:52,899 And, the installer then complained that there is no boot partition 18 00:01:53,862 --> 00:02:04,744 for older PowerPCs, and this boot partition is not needed, since the TalosII 19 00:02:05,162 --> 00:02:13,166 has other newer systems starting with power7 used petitboot. 20 00:02:16,038 --> 00:02:22,581 So, that needs to be fixed in the Debian installer, 21 00:02:23,259 --> 00:02:29,066 that it doesn't produce the warning on Power machines. 22 00:02:32,143 --> 00:02:37,359 And now I have a working Debian installation, 23 00:02:38,079 --> 00:02:40,300 which I can use. 24 00:02:49,707 --> 00:02:52,912 (thanks) [applause] 25 00:02:54,093 --> 00:02:55,411 Thank you very much, that was very quick. 26 00:02:55,639 --> 00:02:57,328 Next up is Thimothée Jaussoin, 27 00:02:57,890 --> 00:03:01,721 talking about Movim, the XMPP social platform. 28 00:03:05,572 --> 00:03:07,427 Give him a moment to get set up. 29 00:04:32,681 --> 00:04:34,262 I think it's a bit better this way. 30 00:04:34,755 --> 00:04:36,976 Who already heard about the platform Movim? 31 00:04:38,679 --> 00:04:44,207 OK, so we have a couple of people that know about the project here. 32 00:04:45,054 --> 00:04:48,307 Just to present you what it could be a parallel universe 33 00:04:48,481 --> 00:04:50,653 but is actually the current universe we're living with. 34 00:04:52,233 --> 00:04:54,307 Lots of different chat platforms. 35 00:04:54,594 --> 00:04:56,036 The same thing on social networks. 36 00:04:56,779 --> 00:05:00,051 We keep reinventing the wheel all the time. 37 00:05:02,563 --> 00:05:03,455 We don't have this problem with e-mails 38 00:05:03,742 --> 00:05:07,157 hopefully actually the e-mail standards came way before before all of those 39 00:05:08,182 --> 00:05:09,515 proprietary solutions 40 00:05:10,092 --> 00:05:15,089 So we have ??? and Google and Microsoft are still using SMTP, IMAP, for now. 41 00:05:15,567 --> 00:05:19,559 So everything is compatible, and we have a lot of clients on top of that. 42 00:05:19,773 --> 00:05:21,747 But for chat, and social networks, it's not the case. 43 00:05:22,750 --> 00:05:26,054 So the idea of Movim is to build a social platform. 44 00:05:28,958 --> 00:05:32,801 In there, we can put a little couple of ingredients. 45 00:05:33,414 --> 00:05:37,407 First, it needs to be Open-Source, for the transparency, for the fact that you can 46 00:05:37,584 --> 00:05:41,829 have feedback and improvements, for the security part. Bring some trust 47 00:05:42,035 --> 00:05:47,128 I think that you guys here know about the advantages of Free Software, and 48 00:05:47,578 --> 00:05:52,731 specially on the communication part, on social networks, but it's not enough. 49 00:05:53,745 --> 00:05:56,915 We also need to bring control, actually in this social network. 50 00:05:57,382 --> 00:05:59,249 So it need to be simple and transparent 51 00:05:59,532 --> 00:06:02,121 on the UI but also on the protocol level. 52 00:06:02,345 --> 00:06:07,222 On the really deep below stacks. 53 00:06:08,183 --> 00:06:10,276 So we'll need to have a strong and reliable encryption, 54 00:06:10,493 --> 00:06:14,743 so don't reinvent also an encryption - talking about Telegram, here - 55 00:06:15,987 --> 00:06:19,209 And, yeah, need some trusts in sights here. 56 00:06:19,439 --> 00:06:22,300 I mean a community, and not a company that you will blindly trust 57 00:06:22,844 --> 00:06:25,718 to take care of all of your communications. 58 00:06:25,937 --> 00:06:26,953 But it's not enough. 59 00:06:27,661 --> 00:06:32,071 It needs to be decentralized. Because centralized social networks, 60 00:06:32,274 --> 00:06:33,482 even if it's opensource, 61 00:06:33,687 --> 00:06:36,727 if it's only one instance, you have to still trust the instance. So would like to 62 00:06:36,917 --> 00:06:39,509 deploy your instance, you would like to trust someone else, 63 00:06:39,674 --> 00:06:42,656 you can only, sometimes, trust only yourself in seldom cases 64 00:06:44,050 --> 00:06:46,627 Decentralization also brings robustness 65 00:06:50,497 --> 00:06:54,605 So that's too many times that actually one server is failing, think Signal 66 00:06:55,078 --> 00:06:59,115 had an issue recently, about this kind of thing there. 67 00:06:59,272 --> 00:07:02,567 The issue was with the Amazon servers, the whole thing didn't worked 68 00:07:02,731 --> 00:07:04,077 for a couple of hours. 69 00:07:04,429 --> 00:07:06,660 And then, resist against censorship and control. 70 00:07:06,865 --> 00:07:09,145 Same thing with Telegram, I think in Russia. 71 00:07:09,307 --> 00:07:13,995 I'm talking more about the IM part, but it's also applicable to social networks. 72 00:07:14,179 --> 00:07:18,439 It's exactly the same thing, just that the exchanges of information are a bit different. 73 00:07:18,976 --> 00:07:20,749 So, you need these steps but 74 00:07:21,552 --> 00:07:23,845 all those platforms here 75 00:07:24,962 --> 00:07:33,484 (I just made this conference 3 years ago, just added Mastodon recently) 76 00:07:37,125 --> 00:07:43,934 Ya! different sorts of platforms 77 00:07:44,452 --> 00:07:46,932 There is communication between those platforms, kind of standards that are 78 00:07:47,108 --> 00:07:50,036 starting to come in, especially between Diaspora and Mastodon, 79 00:07:50,257 --> 00:07:51,944 but there is still a lot of work to do there. 80 00:07:52,828 --> 00:07:56,406 So, the secret ingredient is about compatibility, about extensibility. 81 00:07:56,885 --> 00:07:58,634 Don't try to reinvent the wheel again, 82 00:07:58,843 --> 00:08:00,232 don't try to create another social network, 83 00:08:00,612 --> 00:08:03,790 or another IM platform that will have all those communication troubles. 84 00:08:04,145 --> 00:08:05,253 So, I mean a long-term vision. 85 00:08:07,652 --> 00:08:10,517 And, actually, the secret ingredient is standardization, in these things. 86 00:08:11,240 --> 00:08:18,348 So, this secret ingredients should add a couple of features, 87 00:08:19,535 --> 00:08:23,706 support news feeds, communities, IM, chatroom presences, know who's online, profiles, 88 00:08:24,084 --> 00:08:26,961 video conferencing security, bridges to the Web. 89 00:08:28,240 --> 00:08:29,524 And then it will be real-time. 90 00:08:31,799 --> 00:08:32,973 And, 1 minute? 91 00:08:33,451 --> 00:08:35,350 This protocol actually exists, it's called XMPP. 92 00:08:36,176 --> 00:08:40,060 So the goal of the project is: - take XMPP implemented 93 00:08:40,710 --> 00:08:43,859 - and doing a lot of innovation on top of the project 94 00:08:44,493 --> 00:08:48,857 So, server-side it's a simple XMPP client, webserver, simple to install 95 00:08:49,342 --> 00:08:51,121 (PHP, MySQL PostgreSQL) 96 00:08:51,684 --> 00:08:55,472 And user-side, it's also super simple to use, you need simply a browser, 97 00:08:57,505 --> 00:09:02,207 it's responsive, it's light, it's fast and is built actually for small communities. 98 00:09:03,426 --> 00:09:05,195 There are pods all around the world. 99 00:09:05,471 --> 00:09:07,347 You're really invited to deploy your own pods. 100 00:09:07,834 --> 00:09:11,255 There is already ten thousands accounts on the official pod 101 00:09:11,470 --> 00:09:12,417 30 languages 102 00:09:12,651 --> 00:09:13,889 Debian packages coming soon 103 00:09:14,137 --> 00:09:16,619 Thanks to the help of some people in this room. 104 00:09:17,506 --> 00:09:19,666 And, that's it ! 105 00:09:20,578 --> 00:09:22,690 So if you want more information, everything is on the website, 106 00:09:22,913 --> 00:09:25,174 you can join the chat room. 107 00:09:25,385 --> 00:09:26,527 Or, the twitter. 108 00:09:27,210 --> 00:09:30,576 [applause] 109 00:09:31,005 --> 00:09:32,163 Thank you very much. 110 00:09:32,620 --> 00:09:35,902 Next up is Thomas Lange, Mrfai, talking about dracut. 111 00:09:58,997 --> 00:10:02,293 Today, I'm not talking about FAI but about dracut. 112 00:10:02,895 --> 00:10:10,278 dracut is a replacement for initramfs which is used by most other distributions. 113 00:10:11,204 --> 00:10:18,435 If I'm correct, only Ubuntu and Debian and derivatives are using initramfs-tools 114 00:10:18,765 --> 00:10:22,640 All other distributions already moved to dracut. 115 00:10:24,015 --> 00:10:28,810 Today I want to show how you can get an experience with dracut 116 00:10:29,261 --> 00:10:31,800 without deinstalling initramfs-tools. 117 00:10:32,749 --> 00:10:37,485 Ben Hutchings did some patches, I think two years ago, so it's possible. 118 00:10:38,598 --> 00:10:41,847 What you have to do, there's a package called "dracut-core", 119 00:10:42,197 --> 00:10:44,074 which does not conflict with initramfs-tools. 120 00:10:46,684 --> 00:10:49,213 I have a virtual machine. 121 00:10:51,931 --> 00:10:55,228 So, debian/fai… 122 00:10:55,926 --> 00:11:03,568 On this machine, I will now install the dracut-core package 123 00:11:05,357 --> 00:11:07,007 and that's it. 124 00:11:08,395 --> 00:11:10,536 We still have one initrd. 125 00:11:14,012 --> 00:11:15,192 And now I can say… 126 00:11:15,448 --> 00:11:33,986 Oh no, first I have to copy the dracut version and then I can generate 127 00:11:34,317 --> 00:11:36,178 a new initrd with dracut. 128 00:11:38,818 --> 00:11:44,576 dracut uses the usual hooks or module system, 129 00:11:45,187 --> 00:11:50,659 it does not use the hooks from the initramfs things but it already includes 130 00:11:50,881 --> 00:11:54,554 a lot of hooks, so for example if you have a cryptsetup, 131 00:11:54,799 --> 00:12:02,635 you do not need the hooks for initramfs-tools from the cryptsetup package 132 00:12:03,233 --> 00:12:07,911 because dracut already includes this and a lot of other things. 133 00:12:08,515 --> 00:12:13,878 After generating a new initrd, you update your grub and you see 134 00:12:14,291 --> 00:12:16,388 we have now two entries in the grub. 135 00:12:17,587 --> 00:12:21,194 One with the old initrd which was created by… 136 00:12:22,362 --> 00:12:26,695 the default one is the initrd which is created by initramfs-tools 137 00:12:27,371 --> 00:12:32,660 and here you have the boot entry for the new dracut initrd 138 00:12:33,389 --> 00:12:35,476 and it boots up and works. 139 00:12:41,613 --> 00:12:47,606 What we need is that more people are using it and giving it a try. 140 00:12:48,404 --> 00:12:51,625 In your environment, on your hardware, does dracut work? 141 00:12:53,096 --> 00:12:57,393 We had a discussion, like 5 years ago, if Debian… 142 00:12:57,787 --> 00:13:01,490 When will Debian switch from initramfs-tools to dracut? 143 00:13:02,462 --> 00:13:06,332 And still there's no real need because initramfs-tools works for everybody 144 00:13:06,901 --> 00:13:09,392 but I think in the long term, we will switch it, 145 00:13:09,844 --> 00:13:13,895 so please help us, write bug reports 146 00:13:14,224 --> 00:13:16,318 or just give it a try, if it works for you or not. 147 00:13:17,030 --> 00:13:18,113 That's it. 148 00:13:18,816 --> 00:13:23,597 [Applause] 149 00:13:24,111 --> 00:13:27,810 Next up is TecKids talking about their organization. 150 00:14:18,637 --> 00:14:24,767 Ok, those of you who attended the Skolelinux talk already heard about TecKids. 151 00:14:24,987 --> 00:14:27,369 I want to give a few details about what else we do. 152 00:14:28,932 --> 00:14:33,079 TecKids is a non-profit organization based in Germany, but 153 00:14:33,373 --> 00:14:37,919 we're working internationally and 154 00:14:42,814 --> 00:14:48,200 we are completely centered around free software and we do basically everything 155 00:14:49,607 --> 00:14:54,605 concerning free software in education in the context of children and adolescents, 156 00:14:54,605 --> 00:14:55,348 young people. 157 00:14:55,859 --> 00:14:58,733 More than 50% of our active members are minors. 158 00:14:59,882 --> 00:15:01,244 There's an "s" missing, sorry. 159 00:15:01,858 --> 00:15:03,858 They are of course not minor but they are minors. 160 00:15:06,570 --> 00:15:08,807 Sorry, kids, if you are watching this. 161 00:15:10,388 --> 00:15:13,283 They're minors and we are a fully democratic organization 162 00:15:13,656 --> 00:15:15,186 like in the FOSS spirit 163 00:15:16,214 --> 00:15:20,979 and the most important thing is that we get children involved with all the parts 164 00:15:21,191 --> 00:15:25,143 of the organization, both operational and tutoring and workshops 165 00:15:25,604 --> 00:15:28,882 and working with free software projects, giving presentations. 166 00:15:29,888 --> 00:15:34,253 Normally some children would be here but as this conference was right in the middle of 167 00:15:34,767 --> 00:15:37,058 schooltime, this was not so easy. 168 00:15:38,226 --> 00:15:39,264 So what do we do. 169 00:15:39,549 --> 00:15:43,420 First of all, we want to get children interested in programming, in coding, 170 00:15:43,911 --> 00:15:46,092 in technical stuff and also in free software. 171 00:15:46,752 --> 00:15:50,299 This we do by running youth programs at free software conferences 172 00:15:50,551 --> 00:15:55,835 like the FrOSCon where normally around 100 to 120 children attend and 173 00:15:56,613 --> 00:16:00,710 use Debian and all that cool stuff and learn what they can do with it. 174 00:16:04,489 --> 00:16:09,320 We do peer learning, so those children who already know many things and 175 00:16:09,757 --> 00:16:12,775 are very interested, they start tutoring other children. 176 00:16:14,380 --> 00:16:18,854 Of course we have non-tech fun together, we are outside, 177 00:16:19,397 --> 00:16:23,999 there is a social program with staying over night, having a barbecue and 178 00:16:24,758 --> 00:16:27,808 all that stuff that helps building a community. 179 00:16:29,316 --> 00:16:33,515 Those who are even more interested can get actively involved in preparing workshops, 180 00:16:33,768 --> 00:16:38,764 organizing events, preparing talks, looking at open source projects, 181 00:16:39,223 --> 00:16:44,998 helping others get a free messenger instead of WhatsApp, 182 00:16:45,373 --> 00:16:50,310 working on HowTo, how to spread the word among youths and all of that. 183 00:16:51,243 --> 00:16:54,366 And then visit conferences and raise awareness, 184 00:16:54,555 --> 00:16:56,107 this is our presentation team from the Chemnitz Linux Days 185 00:16:57,346 --> 00:17:00,468 and they are presenting the whole "can" of free software in education 186 00:17:00,918 --> 00:17:05,282 at our SchulFrei booth which is "School free" in German. 187 00:17:08,777 --> 00:17:15,129 They are presenting all projects that are involved in this common booth and 188 00:17:17,934 --> 00:17:19,521 care for free software education. 189 00:17:21,212 --> 00:17:25,395 If you are interested in that, maybe because you have children or 190 00:17:25,608 --> 00:17:29,158 want to have children or are involved in education in some way, 191 00:17:30,942 --> 00:17:33,780 there are quite a few things that you can do. 192 00:17:34,447 --> 00:17:40,196 You can help working on projects, you can work with mentoring the children 193 00:17:41,019 --> 00:17:43,900 in coding or organisational activities. 194 00:17:45,621 --> 00:17:48,478 You can help spreading the word, also raising awareness that 195 00:17:49,592 --> 00:17:55,599 many many software projects do have some involvement with children, 196 00:17:55,911 --> 00:17:59,507 even indirectly, like a web browser like Firefox, 197 00:18:00,018 --> 00:18:03,696 such applications are used by children and they may have other needs, 198 00:18:03,994 --> 00:18:05,484 and they may have other views on that, 199 00:18:05,884 --> 00:18:10,307 so it's very important to at least think about what children or schools or 200 00:18:11,705 --> 00:18:14,077 teachers as well do with this software. 201 00:18:14,746 --> 00:18:16,213 Pardon? One minute, thank you. 202 00:18:18,071 --> 00:18:20,443 We need help with presentations at conferences, 203 00:18:21,071 --> 00:18:28,509 so not every time the same people have to get a day off at work and travel to conferences 204 00:18:29,072 --> 00:18:30,883 there's much more manpower needed. 205 00:18:31,361 --> 00:18:37,428 And of course, every ngo, every non-profit organization is lacking money, 206 00:18:37,840 --> 00:18:41,667 so if you have already donated to Debian and still have money left, 207 00:18:42,131 --> 00:18:47,389 you might want to give your money to the future, which is children. 208 00:18:50,346 --> 00:18:52,192 Don't forget donating to Debian. 209 00:18:52,587 --> 00:18:54,959 I don't know if I am shot if I don't say that. 210 00:18:57,299 --> 00:19:02,778 And there's also liberapay, it's a free donation platform, 211 00:19:03,041 --> 00:19:06,531 just have a look at it and if you want to help us, actively just go to our web site, 212 00:19:06,785 --> 00:19:11,504 find some communication means or just talk to someone you find 213 00:19:11,748 --> 00:19:15,604 at any conference who is wearing this shirt with our logo. 214 00:19:16,069 --> 00:19:17,077 Thank you. 215 00:19:17,684 --> 00:19:22,524 [Applause] 216 00:19:38,988 --> 00:19:41,637 Next up is Thomas Koch, talking about containers. 217 00:19:48,654 --> 00:19:49,555 Almost ready. 218 00:19:49,875 --> 00:19:50,140 We do have one more space at the end if anybody feels, you know, 219 00:19:50,140 --> 00:19:58,512 inspired to tell us all the things. 220 00:19:58,829 --> 00:20:02,525 I mean, we did have one very last minute sign up. 221 00:20:24,490 --> 00:20:26,843 Meanwhile, I guess I can make announcements while I'm here. 222 00:20:27,185 --> 00:20:30,678 Front desk will be available again after lunch, as will t-shirts. 223 00:20:30,896 --> 00:20:32,562 Anybody who hasn't had a t-shirt yet, 224 00:20:33,887 --> 00:20:37,205 basically, if you signed up, you're allowed to get a t-shirt, come see me, 225 00:20:37,895 --> 00:20:39,618 yes, free of charge, 226 00:20:40,941 --> 00:20:43,656 come see me at front desk when it's open again after lunch. 227 00:20:45,298 --> 00:20:48,518 Because I do know some people been reticent to come up and, you know, 228 00:20:48,754 --> 00:20:49,577 ask one… 229 00:20:55,199 --> 00:20:59,037 I've probably given effectively a lightning talk on not giving… 230 00:21:09,754 --> 00:21:12,220 Hello, I'm Thomas Koch, I work for Google, 231 00:21:12,570 --> 00:21:17,694 I work in support for Google Container Engine, Google kubernetes engine. 232 00:21:20,232 --> 00:21:22,982 Who knows what Kubernetes is? 233 00:21:26,102 --> 00:21:27,158 Oh, so few, ok. 234 00:21:27,782 --> 00:21:33,565 It's a thing to orchestrate containers on many many nodes, 235 00:21:34,205 --> 00:21:35,666 up to thousands of nodes. 236 00:21:36,471 --> 00:21:42,960 It was started by Google, open sourced by Google in 2015 I believe. 237 00:21:44,408 --> 00:21:49,983 First contributor was Red Hat, it is 100% open source, it's written in Go 238 00:21:50,545 --> 00:21:58,400 and by now it has won the market of managing containers on large nodes. 239 00:21:59,088 --> 00:22:05,240 I just was at the KubeCon in Copenhagen with 4300 participants and 240 00:22:05,605 --> 00:22:09,472 every company you can imagine has an offering about Kubernetes. 241 00:22:11,668 --> 00:22:16,894 Just some logos of companies that use or contribute to Kubernetes 242 00:22:17,746 --> 00:22:22,350 and even more logos and these slides are outdated, so there are even more. 243 00:22:23,840 --> 00:22:30,571 Kubernetes, you have some masters that control kubelet on every node. 244 00:22:31,065 --> 00:22:36,105 A kubelet can start containers and can set up networking stuff 245 00:22:36,570 --> 00:22:43,506 and can set up volumes and the basic concept of computation, 246 00:22:43,960 --> 00:22:45,884 the basic primitive is a pod. 247 00:22:46,267 --> 00:22:51,531 A pod is one to many containers running together in one environment 248 00:22:51,971 --> 00:22:57,385 so that you have the possibility to have sidecars running beside your main containers 249 00:22:57,753 --> 00:22:59,092 that does additional stuff. 250 00:22:59,703 --> 00:23:05,648 It has proven useful in Google's internal ??? container management engine 251 00:23:06,060 --> 00:23:09,967 that you want to have certain containers always running containers 252 00:23:10,167 --> 00:23:11,497 and sharing resources. 253 00:23:12,356 --> 00:23:14,400 An other important primitive is volumes. 254 00:23:14,932 --> 00:23:20,593 Kubernetes can manage your storage and provision storage to be accessible 255 00:23:20,964 --> 00:23:22,135 to your containers. 256 00:23:23,683 --> 00:23:31,443 You can combine many parts that provide the same service to be accessible 257 00:23:31,767 --> 00:23:37,545 under the same IP address and so have failover enable like this 258 00:23:37,896 --> 00:23:42,648 and of course then you have controlers that scale your services, 259 00:23:43,080 --> 00:23:46,081 scale down your services, restart failed pods 260 00:23:48,807 --> 00:23:51,719 or drain nodes that you want to take away 261 00:23:54,724 --> 00:23:59,654 And my question now is what is the role of Debian in a world where 262 00:23:59,949 --> 00:24:05,934 Kubernetes becomes more and more popular even if not that many of you have heard about it 263 00:24:08,024 --> 00:24:13,391 I believe that Kubernetes will become even more popular 264 00:24:14,581 --> 00:24:20,325 and even as a Debian Maintainer, I'm enthusiastic about how easy it becomes now 265 00:24:20,625 --> 00:24:23,024 to run your stuff in Kubernetes. 266 00:24:24,522 --> 00:24:30,670 But you only need a very minimal host operating system to install Kubernetes 267 00:24:31,084 --> 00:24:37,966 on your servers, afterwards you need a bare image, a base image for your container 268 00:24:38,401 --> 00:24:40,666 which is normally also a very minimal image 269 00:24:41,250 --> 00:24:45,640 and you don't do "apt-get install apache2" anymore to have a web server, 270 00:24:46,058 --> 00:24:52,008 you take an apache container image and then you extend this image and 271 00:24:52,483 --> 00:24:59,501 put your app onto this image, so you don't need an apache Debian image anymore 272 00:24:59,790 --> 00:25:01,332 in such a world. 273 00:25:02,589 --> 00:25:05,108 Will we still need this in Debian? 274 00:25:06,625 --> 00:25:09,106 However, nothing is perfect. 275 00:25:09,485 --> 00:25:13,108 On KubeCon, I also saw companies offering 276 00:25:13,695 --> 00:25:17,865 "Oh, we scan you container images for outdated libraries" and 277 00:25:19,579 --> 00:25:27,290 you have long times to update your cluster because all the containers need to be stopped 278 00:25:28,247 --> 00:25:31,736 you download new images, you start whole new environments 279 00:25:33,542 --> 00:25:36,251 so there are optimizations possible there 280 00:25:37,320 --> 00:25:38,560 and people are wondering 281 00:25:38,799 --> 00:25:41,359 "Ok, where does my stuff come from? Is it from a trusted source?" 282 00:25:43,125 --> 00:25:46,330 And my crazy thoughts, maybe it's an opportunity here 283 00:25:46,753 --> 00:25:52,337 if Debian would become a source of trusted binaries or even container images. 284 00:25:53,622 --> 00:25:54,568 Thank you. 285 00:25:55,191 --> 00:26:00,211 [Applause] 286 00:26:01,248 --> 00:26:09,735 Next up, Pierre Pronchery, talking about Manticore, DeepState and DeforaOS 287 00:26:11,854 --> 00:26:13,887 Are you pretty much ready? 288 00:26:14,748 --> 00:26:15,636 I think so. 289 00:26:32,528 --> 00:26:36,072 Meanwhile, does anybody know any dance routines, you know, 290 00:26:37,193 --> 00:26:40,230 just to bridge over the time, because I'm not going to. 291 00:26:46,011 --> 00:26:47,700 I don't think I know any Jerks. 292 00:26:50,969 --> 00:26:52,485 Hopefully nearly there. 293 00:26:53,303 --> 00:26:56,427 You fling my phone from me. 294 00:26:57,424 --> 00:26:59,260 It's ok, nobody calls me anyway. 295 00:27:24,172 --> 00:27:27,253 I'm afraid I haven't got any more announcements. 296 00:27:32,435 --> 00:27:35,911 We are pleased to announce that there are no current announcements available. 297 00:27:43,322 --> 00:27:44,767 The news has been called off. 298 00:27:50,848 --> 00:27:52,601 Do you actually have slides? 299 00:28:00,817 --> 00:28:02,660 I'm wondering if we should swap you around 300 00:28:05,024 --> 00:28:10,001 Ok, right, we have the interval act, an interpretive dance by Andrew Shadura 301 00:28:10,224 --> 00:28:12,888 on the nature of git crecord being for the win. 302 00:28:17,951 --> 00:28:20,203 Well, you know, anything to bridge the time, right? 303 00:28:51,746 --> 00:28:53,401 If in doubt, make the font bigger. 304 00:28:56,452 --> 00:28:58,462 Maybe I should give a lightning talk about that. 305 00:29:01,773 --> 00:29:06,242 I think I might, just at the very end, I'll just disguise it as an announcement. 306 00:29:07,700 --> 00:29:08,683 Ready? 307 00:29:10,262 --> 00:29:11,313 There, no. 308 00:29:11,798 --> 00:29:12,936 I prefer that. 309 00:29:13,674 --> 00:29:14,801 Yes, but we don't. 310 00:29:15,569 --> 00:29:16,303 Why? 311 00:29:17,023 --> 00:29:18,340 Did you see what happened earlier? 312 00:29:18,936 --> 00:29:20,285 What happened earlier? 313 00:29:26,600 --> 00:29:27,895 Please use the hand microphone. 314 00:29:28,361 --> 00:29:28,839 Ok. 315 00:29:30,388 --> 00:29:32,603 Alright, listen to a man but not me. 316 00:29:33,624 --> 00:29:34,403 [laughter] 317 00:29:48,357 --> 00:29:48,914 Can you hear me? 318 00:29:49,493 --> 00:29:54,927 So, I'm just going to show you a small utility I wrote. 319 00:29:55,241 --> 00:29:59,386 Actually, I didn't write it from scratch, I just ported it from… Anyway. 320 00:30:00,056 --> 00:30:02,696 Let's see, we've got a git diff of 321 00:30:04,068 --> 00:30:06,932 things with a Debian package. 322 00:30:07,458 --> 00:30:09,978 Lot's of changes, and I forgot to commit them individually. 323 00:30:10,550 --> 00:30:13,882 There's lots of patches and things, 324 00:30:14,547 --> 00:30:16,723 I just want to, somehow, sort this out. 325 00:30:17,355 --> 00:30:23,875 So I just run "git crecord" and suddenly I can see all the things here. 326 00:30:24,255 --> 00:30:26,396 I can unwrap the diffs… 327 00:30:28,140 --> 00:30:30,085 What's happening with the ??? 328 00:30:31,213 --> 00:30:36,839 I can basically select individual bits of the diff and… 329 00:30:39,179 --> 00:30:44,535 Let's just deselect all things, commit those, just a few. 330 00:30:45,063 --> 00:30:47,027 There were just a few patches refreshed 331 00:30:47,949 --> 00:30:53,731 so I'm going to commit them now, yes, like refresh patches. 332 00:30:57,408 --> 00:30:59,635 Let's say just "Refresh", just enough. 333 00:31:01,594 --> 00:31:02,526 Oh, mmh. 334 00:31:05,276 --> 00:31:08,774 It's not going to work, because I haven't got a card 335 00:31:09,270 --> 00:31:10,606 and I forgot to disable the… 336 00:31:12,061 --> 00:31:17,784 I don't think I can, I don't remember, I probably can't disable PGP signing unfortunately 337 00:31:18,049 --> 00:31:19,386 it's not implemented yet. 338 00:31:20,120 --> 00:31:20,583 Anyway. 339 00:31:22,245 --> 00:31:24,611 Using this thing you can, it's better than… 340 00:31:27,406 --> 00:31:29,343 How is it properly called. 341 00:31:30,484 --> 00:31:32,971 It's better than the builtin git thing ... 342 00:31:33,222 --> 00:31:34,412 I can't even remember it's name. 343 00:31:40,455 --> 00:31:40,969 That one 344 00:31:47,384 --> 00:31:52,192 I didn't exactly hear exactly what he said, like "git patch something" 345 00:31:54,953 --> 00:31:57,800 "git add --patch" 346 00:31:58,369 --> 00:31:59,653 And there's an other one which is… 347 00:32:00,096 --> 00:32:03,234 There's one a bit more interactive and one which is a bit less interactive. 348 00:32:04,570 --> 00:32:06,672 This is mega interactive and there will be more features. 349 00:32:07,172 --> 00:32:09,385 It is actually, it was originally written for mercurial 350 00:32:10,150 --> 00:32:13,497 and this was a thing I really missed when I had to use git 351 00:32:14,072 --> 00:32:15,768 and now I don't have to anymore. 352 00:32:16,670 --> 00:32:17,670 This is it. 353 00:32:18,434 --> 00:32:21,675 It's in Debian, you can apt install it if you prefer. 354 00:32:23,073 --> 00:32:26,647 It's in Debian, you can apt install it if you prefer, 355 00:32:27,338 --> 00:32:29,940 or you can install it from source and there would be more features later. 356 00:32:30,809 --> 00:32:32,215 That's it. 357 00:32:33,074 --> 00:32:34,449 Thank you 358 00:32:35,015 --> 00:32:37,464 [Applause] 359 00:32:38,585 --> 00:32:42,116 Now, Pierre Pronchery talking about all the things that I said 360 00:32:42,553 --> 00:32:43,803 he was going to talk about earlier. 361 00:32:52,500 --> 00:32:53,424 One moment please. 362 00:33:29,801 --> 00:33:31,837 [Applause] 363 00:34:35,400 --> 00:34:37,480 Sorry about that, I didn't really plan for this, 364 00:34:37,846 --> 00:34:39,524 so I made the slides 5 minutes ago. 365 00:34:40,098 --> 00:34:42,057 So, I'm Pierre Pronchery, thank you for having me, 366 00:34:42,615 --> 00:34:45,002 even if I'm actually an officiel NetBSD developer, 367 00:34:45,844 --> 00:34:48,540 but I'm been using Debian since 1999, so maybe I'm alowed, 368 00:34:49,547 --> 00:34:53,456 I'm also a security consultant, interested in Kernel development, 369 00:34:53,807 --> 00:34:55,254 security integration, and so on. 370 00:34:56,121 --> 00:34:57,822 What you cannot see on the slides right now is that 371 00:34:58,151 --> 00:35:00,114 I'm also on the board of directors of NetBSD. 372 00:35:00,955 --> 00:35:04,285 So actually I'm in a good position to talk about the project if you'd like to. 373 00:35:05,784 --> 00:35:07,701 I would like to talk to you about Manticore today. 374 00:35:08,832 --> 00:35:10,363 It's a symbolic execution tool, 375 00:35:10,749 --> 00:35:14,472 basically, it uses a CPU emulator, which can be hardware assisted of course, 376 00:35:15,122 --> 00:35:20,555 to run and analyze programs or algorithms, so parts of programs on a simulated system 377 00:35:21,617 --> 00:35:23,464 and one of the aims is actually to make them crash 378 00:35:23,778 --> 00:35:29,413 so to make extensive fuzzing and be very efficient at fuzzing by possibly tracing 379 00:35:30,578 --> 00:35:34,336 instructions and so on, whatever is going on inside the program. 380 00:35:35,575 --> 00:35:39,901 It supports static Linux binaries in 32-bits and 64-bits modes, 381 00:35:40,261 --> 00:35:45,858 also it supports ARM 32-bits, support is ongoing for ARM 64-bits, 382 00:35:46,300 --> 00:35:48,743 it also works with Ethereum bytecode. 383 00:35:49,634 --> 00:35:54,293 There are official releases on GitHub, it's already packaged in PkgSrc by myself 384 00:35:55,222 --> 00:35:57,941 and I'm actually looking for volunteers to package it for Debian 385 00:35:58,459 --> 00:36:00,249 or possibly help me to do so. 386 00:36:01,834 --> 00:36:05,226 I'm actually sponsored by Trail of Bits, the developer of Manticore, 387 00:36:05,616 --> 00:36:08,123 to work on this, which is also why I'm here. 388 00:36:09,880 --> 00:36:12,704 The companion to Manticore is called DeepState, 389 00:36:13,437 --> 00:36:17,340 it's specifically meant for Unit Testing with symbolic execution. 390 00:36:18,090 --> 00:36:22,083 It supports not just Manticore but also an other backend for analyzing 391 00:36:22,717 --> 00:36:25,491 running binaries, 392 00:36:25,812 --> 00:36:30,765 It's called angr, this other backend, which was developed as a side node 393 00:36:31,072 --> 00:36:33,392 for the Cyber Grand challenge of DARPA last year. 394 00:36:34,849 --> 00:36:38,285 DeepState is currently packaged in 2 separate packages in PkgSrc 395 00:36:38,609 --> 00:36:39,559 by myself again, 396 00:36:39,977 --> 00:36:42,358 unfortunately not yet fully upstream in PkgSrc, 397 00:36:42,765 --> 00:36:47,384 but basically I made one package with ??? binaries and then the Python bindings. 398 00:36:48,221 --> 00:36:50,747 This is also on GitHub but with no official release yet, 399 00:36:51,070 --> 00:36:52,822 because this is a very young project still 400 00:36:53,528 --> 00:36:56,054 so I'm also for a volunteer in Debian to help me package that. 401 00:36:57,415 --> 00:37:01,975 And then, a shameless addition, I'm also a developer of, the main developer of 402 00:37:02,208 --> 00:37:07,135 DeforaOS, an open source desktop environment, and with some more parts 403 00:37:07,554 --> 00:37:08,361 in the project, 404 00:37:08,720 --> 00:37:11,045 I have about 50 repositories now in this. 405 00:37:12,210 --> 00:37:16,718 I'm therefore also looking for volunteers to package that into Debian, 406 00:37:16,959 --> 00:37:19,662 there are still projects we haven't packaged yet, as far as I know. 407 00:37:21,113 --> 00:37:25,432 So, since I'm here, I figured I could as well get my PGP key signed, 408 00:37:26,382 --> 00:37:28,467 I suppose it's one of the steps to become a developer 409 00:37:28,797 --> 00:37:31,651 and if there are more, I've heard there are plenty, 410 00:37:33,129 --> 00:37:37,956 then please help me out with this, I'll welcome any assistance doing that. 411 00:37:38,812 --> 00:37:41,575 Alright. Thank you. 412 00:37:42,084 --> 00:37:45,350 [Applause] 413 00:37:45,782 --> 00:37:46,719 Thank you very much. 414 00:37:47,091 --> 00:37:48,296 I guess that's it. 415 00:37:48,613 --> 00:37:52,756 The next lightning talk session that I'm aware of is at DebConf18 in Taiwan. 416 00:37:53,158 --> 00:37:54,843 I hope to see as many of you as possible there. 417 00:37:55,488 --> 00:37:57,452 Off you go, lunch time. 418 00:37:58,286 --> 00:38:01,835 [Applause]