Right, good afternoon It is the lightning talks sessions at DebConf Hamburg 2018 We've got seven speakers, and I guess we'll just get going Starting with Tobias Platn???, talking about Debian on Power9. Yesterday I, hm no, on friday, I received my new Power9 machine. A Talos 9 And it has an IBM Power9 processor So, the only distro that I know that will work is Debian. Then, this is a new PowerPC 64 bits architecture, that can run in little-endian mode. I downloaded a Debian installer. First, I chosed the stable version, but that crashed during install. And, then I retried a different version, a daily version. And this one, which is based on Buster, correctly installed. I can even have a graphical environment, working out of the box. And, the installer then complained that there is no boot partition for older PowerPCs, and this boot partition is not needed, since the TalosII has other newer systems starting with power7 used petitboot. So, that needs to be fixed in the Debian installer, that it doesn't produce the warning on Power machines. And now I have a working Debian installation, which I can use. (thanks) [applause] Thank you very much, that was very quick. Next up is Thimothée Jaussoin, talking about Movim, the XMPP social platform. Give him a moment to get set up. I think it's a bit better this way. Who already heard about the platform Movim? OK, so we have a couple of people that know about the project here. Just to present you what it could be a parallel universe but is actually the current universe we're living with. Lots of different chat platforms. The same thing on social networks. We keep reinventing the wheel all the time. We don't have this problem with e-mails hopefully actually the e-mail standards came way before before all of those proprietary solutions So we have ??? and Google and Microsoft are still using SMTP, IMAP, for now. So everything is compatible, and we have a lot of clients on top of that. But for chat, and social networks, it's not the case. So the idea of Movim is to build a social platform. In there, we can put a little couple of ingredients. First, it needs to be Open-Source, for the transparency, for the fact that you can have feedback and improvements, for the security part. Bring some trust I think that you guys here know about the advantages of Free Software, and specially on the communication part, on social networks, but it's not enough. We also need to bring control, actually in this social network. So it need to be simple and transparent on the UI but also on the protocol level. On the really deep below stacks. So we'll need to have a strong and reliable encryption, so don't reinvent also an encryption - talking about Telegram, here - And, yeah, need some trusts in sights here. I mean a community, and not a company that you will blindly trust to take care of all of your communications. But it's not enough. It needs to be decentralized. Because centralized social networks, even if it's opensource, if it's only one instance, you have to still trust the instance. So would like to deploy your instance, you would like to trust someone else, you can only, sometimes, trust only yourself in seldom cases Decentralization also brings robustness So that's too many times that actually one server is failing, think Signal had an issue recently, about this kind of thing there. The issue was with the Amazon servers, the whole thing didn't worked for a couple of hours. And then, resist against censorship and control. Same thing with Telegram, I think in Russia. I'm talking more about the IM part, but it's also applicable to social networks. It's exactly the same thing, just that the exchanges of information are a bit different. So, you need these steps but all those platforms here (I just made this conference 3 years ago, just added Mastodon recently) Ya! different sorts of platforms There is communication between those platforms, kind of standards that are starting to come in, especially between Diaspora and Mastodon, but there is still a lot of work to do there. So, the secret ingredient is about compatibility, about extensibility. Don't try to reinvent the wheel again, don't try to create another social network, or another IM platform that will have all those communication troubles. So, I mean a long-term vision. And, actually, the secret ingredient is standardization, in these things. So, this secret ingredients should add a couple of features, support news feeds, communities, IM, chatroom presences, know who's online, profiles, video conferencing security, bridges to the Web. And then it will be real-time. And, 1 minute? This protocol actually exists, it's called XMPP. So the goal of the project is: - take XMPP implemented - and doing a lot of innovation on top of the project So, server-side it's a simple XMPP client, webserver, simple to install (PHP, MySQL PostgreSQL) And user-side, it's also super simple to use, you need simply a browser, it's responsive, it's light, it's fast and is built actually for small communities. There are pods all around the world. You're really invited to deploy your own pods. There is already ten thousands accounts on the official pod 30 languages Debian packages coming soon Thanks to the help of some people in this room. And, that's it ! So if you want more information, everything is on the website, you can join the chat room. Or, the twitter. [applause] Thank you very much. Next up is Thomas Lange, Mrfai, talking about dracut. Today, I'm not talking about FAI but about dracut. dracut is a replacement for initramfs which is used by most other distributions. If I'm correct, only Ubuntu and Debian and derivatives are using initramfs-tools All other distributions already moved to dracut. Today I want to show how you can get an experience with dracut without deinstalling initramfs-tools. Ben Hutchings did some patches, I think two years ago, so it's possible. What you have to do, there's a package called "dracut-core", which does not conflict with initramfs-tools. I have a virtual machine. So, debian/fai… On this machine, I will now install the dracut-core package and that's it. We still have one initrd. And now I can say… Oh no, first I have to copy the dracut version and then I can generate a new initrd with dracut. dracut uses the usual hooks or module system, it does not use the hooks from the initramfs things but it already includes a lot of hooks, so for example if you have a cryptsetup, you do not need the hooks for initramfs-tools from the cryptsetup package because dracut already includes this and a lot of other things. After generating a new initrd, you update your grub and you see we have now two entries in the grub. One with the old initrd which was created by… the default one is the initrd which is created by initramfs-tools and here you have the boot entry for the new dracut initrd and it boots up and works. What we need is that more people are using it and giving it a try. In your environment, on your hardware, does dracut work? We had a discussion, like 5 years ago, if Debian… When will Debian switch from initramfs-tools to dracut? And still there's no real need because initramfs-tools works for everybody but I think in the long term, we will switch it, so please help us, write bug reports or just give it a try, if it works for you or not. That's it. [Applause] Next up is TecKids talking about their organization. Ok, those of you who attended the Skolelinux talk already heard about TecKids. I want to give a few details about what else we do. TecKids is a non-profit organization based in Germany, but we're working internationally and we are completely centered around free software and we do basically everything concerning free software in education in the context of children and adolescents, young people. More than 50% of our active members are minors. There's an "s" missing, sorry. They are of course not minor but they are minors. Sorry, kids, if you are watching this. They're minors and we are a fully democratic organization like in the FOSS spirit and the most important thing is that we get children involved with all the parts of the organization, both operational and tutoring and workshops and working with free software projects, giving presentations. Normally some children would be here but as this conference was right in the middle of schooltime, this was not so easy. So what do we do. First of all, we want to get children interested in programming, in coding, in technical stuff and also in free software. This we do by running youth programs at free software conferences like the FrOSCon where normally around 100 to 120 children attend and use Debian and all that cool stuff and learn what they can do with it. We do peer learning, so those children who already know many things and are very interested, they start tutoring other children. Of course we have non-tech fun together, we are outside, there is a social program with staying over night, having a barbecue and all that stuff that helps building a community. Those who are even more interested can get actively involved in preparing workshops, organizing events, preparing talks, looking at open source projects, helping others get a free messenger instead of WhatsApp, working on HowTo, how to spread the word among youths and all of that. And then visit conferences and raise awareness, this is our presentation team from the Chemnitz Linux Days and they are presenting the whole "can" of free software in education at our SchulFrei booth which is "School free" in German. They are presenting all projects that are involved in this common booth and care for free software education. If you are interested in that, maybe because you have children or want to have children or are involved in education in some way, there are quite a few things that you can do. You can help working on projects, you can work with mentoring the children in coding or organisational activities. You can help spreading the word, also raising awareness that many many software projects do have some involvement with children, even indirectly, like a web browser like Firefox, such applications are used by children and they may have other needs, and they may have other views on that, so it's very important to at least think about what children or schools or teachers as well do with this software. Pardon? One minute, thank you. We need help with presentations at conferences, so not every time the same people have to get a day off at work and travel to conferences there's much more manpower needed. And of course, every ngo, every non-profit organization is lacking money, so if you have already donated to Debian and still have money left, you might want to give your money to the future, which is children. Don't forget donating to Debian. I don't know if I am shot if I don't say that. And there's also liberapay, it's a free donation platform, just have a look at it and if you want to help us, actively just go to our web site, find some communication means or just talk to someone you find at any conference who is wearing this shirt with our logo. Thank you. [Applause] Next up is Thomas Koch, talking about containers. Almost ready. We do have one more space at the end if anybody feels, you know, inspired to tell us all the things. I mean, we did have one very last minute sign up. Meanwhile, I guess I can make announcements while I'm here. Front desk will be available again after lunch, as will t-shirts. Anybody who hasn't had a t-shirt yet, basically, if you signed up, you're allowed to get a t-shirt, come see me, yes, free of charge, come see me at front desk when it's open again after lunch. Because I do know some people been reticent to come up and, you know, ask one… I've probably given effectively a lightning talk on not giving… Hello, I'm Thomas Koch, I work for Google, I work in support for Google Container Engine, Google kubernetes engine. Who knows what Kubernetes is? Oh, so few, ok. It's a thing to orchestrate containers on many many nodes, up to thousands of nodes. It was started by Google, open sourced by Google in 2015 I believe. First contributor was Red Hat, it is 100% open source, it's written in Go and by now it has won the market of managing containers on large nodes. I just was at the KubeCon in Copenhagen with 4300 participants and every company you can imagine has an offering about Kubernetes. Just some logos of companies that use or contribute to Kubernetes and even more logos and these slides are outdated, so there are even more. Kubernetes, you have some masters that control kubelet on every node. A kubelet can start containers and can set up networking stuff and can set up volumes and the basic concept of computation, the basic primitive is a pod. A pod is one to many containers running together in one environment so that you have the possibility to have sidecars running beside your main containers that does additional stuff. It has proven useful in Google's internal ??? container management engine that you want to have certain containers always running containers and sharing resources. An other important primitive is volumes. Kubernetes can manage your storage and provision storage to be accessible to your containers. You can combine many parts that provide the same service to be accessible under the same IP address and so have failover enable like this and of course then you have controlers that scale your services, scale down your services, restart failed pods or drain nodes that you want to take away And my question now is what is the role of Debian in a world where Kubernetes becomes more and more popular even if not that many of you have heard about it I believe that Kubernetes will become even more popular and even as a Debian Maintainer, I'm enthusiastic about how easy it becomes now to run your stuff in Kubernetes. But you only need a very minimal host operating system to install Kubernetes on your servers, afterwards you need a bare image, a base image for your container which is normally also a very minimal image and you don't do "apt-get install apache2" anymore to have a web server, you take an apache container image and then you extend this image and put your app onto this image, so you don't need an apache Debian image anymore in such a world. Will we still need this in Debian? However, nothing is perfect. On KubeCon, I also saw companies offering "Oh, we scan you container images for outdated libraries" and you have long times to update your cluster because all the containers need to be stopped you download new images, you start whole new environments so there are optimizations possible there and people are wondering "Ok, where does my stuff come from? Is it from a trusted source?" And my crazy thoughts, maybe it's an opportunity here if Debian would become a source of trusted binaries or even container images. Thank you. [Applause] Next up, Pierre Pronchery, talking about Manticore, DeepState and DeforaOS Are you pretty much ready? I think so. Meanwhile, does anybody know any dance routines, you know, just to bridge over the time, because I'm not going to. I don't think I know any Jerks. Hopefully nearly there. You fling my phone from me. It's ok, nobody calls me anyway. I'm afraid I haven't got any more announcements. We are pleased to announce that there are no current announcements available. The news has been called off. Do you actually have slides? I'm wondering if we should swap you around Ok, right, we have the interval act, an interpretive dance by Andrew Shadura on the nature of git crecord being for the win. Well, you know, anything to bridge the time, right? If in doubt, make the font bigger. Maybe I should give a lightning talk about that. I think I might, just at the very end, I'll just disguise it as an announcement. Ready? There, no. I prefer that. Yes, but we don't. Why? Did you see what happened earlier? What happened earlier? Please use the hand microphone. Ok. Alright, listen to a man but not me. [laughter] Can you hear me? So, I'm just going to show you a small utility I wrote. Actually, I didn't write it from scratch, I just ported it from… Anyway. Let's see, we've got a git diff of things with a Debian package. Lot's of changes, and I forgot to commit them individually. There's lots of patches and things, I just want to, somehow, sort this out. So I just run "git crecord" and suddenly I can see all the things here. I can unwrap the diffs… What's happening with the ??? I can basically select individual bits of the diff and… Let's just deselect all things, commit those, just a few. There were just a few patches refreshed so I'm going to commit them now, yes, like refresh patches. Let's say just "Refresh", just enough. Oh, mmh. It's not going to work, because I haven't got a card and I forgot to disable the… I don't think I can, I don't remember, I probably can't disable PGP signing unfortunately it's not implemented yet. Anyway. Using this thing you can, it's better than… How is it properly called. It's better than the builtin git thing ... I can't even remember it's name. That one I didn't exactly hear exactly what he said, like "git patch something" "git add --patch" And there's an other one which is… There's one a bit more interactive and one which is a bit less interactive. This is mega interactive and there will be more features. It is actually, it was originally written for mercurial and this was a thing I really missed when I had to use git and now I don't have to anymore. This is it. It's in Debian, you can apt install it if you prefer. It's in Debian, you can apt install it if you prefer, or you can install it from source and there would be more features later. That's it. Thank you [Applause] Now, Pierre Pronchery talking about all the things that I said he was going to talk about earlier. One moment please. [Applause] Sorry about that, I didn't really plan for this, so I made the slides 5 minutes ago. So, I'm Pierre Pronchery, thank you for having me, even if I'm actually an officiel NetBSD developer, but I'm been using Debian since 1999, so maybe I'm alowed, I'm also a security consultant, interested in Kernel development, security integration, and so on. What you cannot see on the slides right now is that I'm also on the board of directors of NetBSD. So actually I'm in a good position to talk about the project if you'd like to. I would like to talk to you about Manticore today. It's a symbolic execution tool, basically, it uses a CPU emulator, which can be hardware assisted of course, to run and analyze programs or algorithms, so parts of programs on a simulated system and one of the aims is actually to make them crash so to make extensive fuzzing and be very efficient at fuzzing by possibly tracing instructions and so on, whatever is going on inside the program. It supports static Linux binaries in 32-bits and 64-bits modes, also it supports ARM 32-bits, support is ongoing for ARM 64-bits, it also works with Ethereum bytecode. There are official releases on GitHub, it's already packaged in PkgSrc by myself and I'm actually looking for volunteers to package it for Debian or possibly help me to do so. I'm actually sponsored by Trail of Bits, the developer of Manticore, to work on this, which is also why I'm here. The companion to Manticore is called DeepState, it's specifically meant for Unit Testing with symbolic execution. It supports not just Manticore but also an other backend for analyzing running binaries, It's called angr, this other backend, which was developed as a side node for the Cyber Grand challenge of DARPA last year. DeepState is currently packaged in 2 separate packages in PkgSrc by myself again, unfortunately not yet fully upstream in PkgSrc, but basically I made one package with ??? binaries and then the Python bindings. This is also on GitHub but with no official release yet, because this is a very young project still so I'm also for a volunteer in Debian to help me package that. And then, a shameless addition, I'm also a developer of, the main developer of DeforaOS, an open source desktop environment, and with some more parts in the project, I have about 50 repositories now in this. I'm therefore also looking for volunteers to package that into Debian, there are still projects we haven't packaged yet, as far as I know. So, since I'm here, I figured I could as well get my PGP key signed, I suppose it's one of the steps to become a developer and if there are more, I've heard there are plenty, then please help me out with this, I'll welcome any assistance doing that. Alright. Thank you. [Applause] Thank you very much. I guess that's it. The next lightning talk session that I'm aware of is at DebConf18 in Taiwan. I hope to see as many of you as possible there. Off you go, lunch time. [Applause]