Loading…
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Developer [clear filter]
Tuesday, October 4
 

11:15

Flotilla – Containerized Network Function Deployment at Enterprise Branch Offices - Sumanth Mysore Sathyanarayana, Deutsche Telekom
Traditionally network functions were getting deployed on specialized hardware appliances. But with the advent of Network Function Virtualization, these infrastructure services are now getting deployed as software inside VMs. This talk is about how Flotilla’s framework could be used to deploy these Network Functions inside containers and in doing so, understanding the benefits and challenges. Flotilla primarily provides three important features which are:
1. It acts as a self-service network function portal connecting multiple branch offices to the cloud.
2. It helps to establish dynamic vpn tunnels between the cloud and the branch offices.
3. It acts as a containerized network function deployer at the branch office, thereby bringing down the capital and operational expenses as well as decreasing the time for deployment and modifications required for the network functions.

Speakers
avatar for Sumanth M. Sathyanarayana

Sumanth M. Sathyanarayana

Sr Software Engineer, Twitch


Tuesday October 4, 2016 11:15 - 12:05
Tegel

11:15

Putting the Parts Together: Building a Secure Container Platform - Matthew Garrett, CoreOS
General purpose operating systems have to solve many problems, and that means they make compromises. You need to be able to install, upgrade and configure individual components, which means having a large surface area vulnerable to attack. More specialised products (such as phones and Chromebooks) benefit from being able to reduce that surface area. Can we do the same with containers?

Security technologies can be overly restrictive in general purpose operating systems. This presentation covers a range of technologies that can be used unobtrusively and effectively in container-focused designs. It will describe how features like dm-verity can provide filesystem-level assurance that binaries are unmodified, how the kernel keyring can be used to provide immutable trusted key stores, how secure boot can root all of this trust in firmware and how container introspection can stop attacks.

Speakers
MG

Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.


Tuesday October 4, 2016 11:15 - 12:05
Schinkel II/III

11:15

Firefighting Linux Kernel Regressions - Thorsten Leemhuis, Heise Medien GmbH
Learn how to improve Linux by testing new kernels and fighting regressions. Both is easy and in your own interest, as the kernel (which is at the heart of any Linux system) constantly changes. Those changes sometimes break things that used to work; in other cases the performance suffers. These regressions are annoying, but can be fixed easily – however only when noticed and investigated early enough, as it gets way harder to revert a change once it makes it into a new kernel release.

This talk and its live demo will show you how to quickly test upcoming kernel releases without messing up your system. It will also explain how to report problems in case you find any. While covering those areas Thorsten will share some insights he learned while tracking regressions for the Linux kernel versions 4.7 and 4.8.

Speakers
avatar for Thorsten Leemhuis

Thorsten Leemhuis

Editor, c't/Heise Medien
Thorsten works as an editor for Heise Medien, which publishes the German c't magazine and runs the tech news site heise.de. For both he writes a column called "Kernel Log", which regularly discusses developments in the Linux kernel and areas close to it. Thorsten also was a major... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Charlottenburg III

11:15

Geo-Replication and Disaster Recovery for Cloud Object Storage with Ceph Rados Gateway - Orit Wasserman, Red Hat
Ceph is a highly available distributed software defined storage, providing object, key/value and file-system interfaces. Ceph RGW (Rados Gateway) provides HTTP REST API that is S3 and openstack swift compatible.
Many users need storage systems that can span multiple data centers and geographies for disaster recovery and for better time response in remote locations.
This talk will give a brief Ceph architecture overview and then focus on the design and the new implementation of asynchronous Geo-Replication and disaster recovery features in Ceph Rados Gateway. We will also describe its configuration and usage.

Speakers
avatar for Orit Wasserman

Orit Wasserman

Senior Principal Software Engineer, Red Hat
Orit is a senior principal software engineer at Red Hat, focusing on Container and multi cloud storage. She was a principal architect at Lightbits labs working on NVMe/TCP software-defined storage. At Red Hat, she worked on Ceph object storage (Ceph Rados Gateway), a highly available... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Köpenick

11:15

OpenSSL After Heartbleed - Rich Salz & Tim Hudson, OpenSSL
OpenSSL is the most widely-deployed TLS library in the world. A simple programming mistake—failing to check an output length—shook up the project and generated a “re-key the Internet” event. This session will discuss what has happened within the project since then: an expanded team, increased transparency, more rigorous development processes, and greatly increased vitality.

Speakers
avatar for Tim Hudson

Tim Hudson

Dev Team, OpenSSL
Tim Hudson has been involved in system security for more than 20 years. Tim's day job is as the CTO at Cryptsoft where he provides advice and guidance on security technology design and architecture. Tim is involved in KMIP, PKCS#11, FIPS140, OASIS and SNIA and is a long time OpenSSL... Read More →
RS

Rich Salz

Dev Team, OpenSSL
Rich has spoken at RSA, Java-One, and LF Collab Summit, among others. He works at Akamai, helping to make the configuration simpler and more secure by default. He is a member of the OpenSSL development team. He co-chairs the IETF ACME (LetsEncrypt protocol) and Curdle (new ECC curve... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Potsdam I/II

11:15

Why You Hate Security, and What You Can do About It - Casey Schaufler, The Smack Project
Why you hate security, and what you can do about it (Casey Schaufler, Intel) - Regardless of the level at which you're doing your programming, security is going to get in the way. No amount of application abstraction or modern development process seems capable of shielding you from the barriers raised by security.
Let a deep security insider guide you through the reasons we have the security that drives you nuts. Then, with the aid of real world examples, you'll learn how to identify situations where security mechanisms are unnecessary, and the jargon needed to explain this to the people who insist on using them. There are lots of ways to make your life easier beyond turning off SELinux. The things that a developer can do up front to reduce exposure to security mechanisms will be explored. Finally, the issues around security and development process will be exposed.

Speakers
avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Potsdam III

12:15

An Exploration of Linux Container Network Monitoring and Visualization - Alban Crequy, Kinvolk
The Linux kernel provides a multitude of ways to show what your application containers are doing with the network: /proc, Netlink sockets, eBPF programs, traffic control, Netfilter conntrack, cgroups... the list goes on. In this talk we’ll explore how to utilize these tools to monitor container network activity. We’ll also looks at how we can interface these with Kubernetes, testing frameworks, and Weave Scope, a visualization and monitoring tool.

Speakers
AC

Alban Crequy

Co-founder & Software Engineer, Kinvolk
Originally from France, Alban currently lives in Berlin where he is a co-founder and software engineer at Kinvolk GmbH. He is the technical project lead for rkt, a container runtime for Linux. Before falling into containers, Alban worked on various projects core to modern Linux; kernel... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Tegel

12:15

Secure Application Development in the Age of Continuous Delivery - Tim Mackey, Black Duck Software
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Schinkel II/III

12:15

Test-driven Infrastructure with Puppet, Docker, Test Kitchen and Serverspec - Yury Tsarev, GoodData
In this talk Yury Tsarev will go through practical example of building infrastructure-as-code with a strong test-driven approach. While having opinionated tools selection the audience will be provided with generic framework to build on where the components are fully replaceable. Yury strongly believes that infrastructure code should be treated like any other code. This means apply a test driven development model, storing it in a source control system and building a regression test suite. He suggests doing this with Test Kitchen, a pluggable and extensible test orchestrator that originated in the Chef community. Using Test Kitchen’s docker driver, a docker container can be used to simulate a machine under test. Then Serverspec can verify that the configuration code properly setup the machine. Shell mocking is used to bypass external dependencies and docker limitations.

Speakers
avatar for Yury Tsarev

Yury Tsarev

Technology Architect - Site Reliability Engineering, McKinsey&Company
Yury is an experienced software engineer with strong focus on Linux and software quality. He is passionate about open source and contribute to several upstream projects on a regular basis. The most recent focus of his job is quality, test automation and continuous delivery practices... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Schöneberg

12:15

Ceph and Flash - Allen Samuels, Western Digital
Ceph is the leading open-source storage management platform for private cloud and large-scale clustered systems. As flash-based storage has come into the mainstream many of the industry best-practices must be re-examined to properly realize the full value of flash while simultaneously being cost-effective.

Ceph has been rapidly evolving to support large-scale deployment of flash. This presentation will examine the history and current best-practices for deploying flash with Ceph. Future developments in the Ceph platform will also be described and their impact on flash deployments.

Speakers
avatar for Allen Samuels

Allen Samuels

Engineering Fellow, Western Digital
Allen joined SanDisk in 2013 as an Engineering Fellow, he is responsible for directing software development for SanDisk’s system level products. He has previously served as Chief Architect at Weitek Corp. and Citrix, and founded several companies including AMKAR Consulting, Orbital... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Potsdam I/II

12:15

Deploying pNFS over Distributed File Storage - Jiffin Tony Thottan & Niels de Vos, Red Hat
pNFS is the clustered solution provided by standard NFS protocol which allow NFS clients to access directly and parallelly the Storage device. This is achieved by the separation of metadata from the datapath. Therefore pNFS solution provides better bandwidth utilization, loading balancing across storage devices and significant performance improvement for I/O's. Now consider applying the pNFS over a Distributed Storage instead of native NFS. Here instead of talking to single server, pNFS client can interact directly with all the Storage Servers , i.e I/O distribution become much more effective and also avoids performance bottleneck with in a single server. In this session, Jiffin Tony Thottan is planning to give an overview about pNFS, deploying simple pNFS solution on a Distribute File Storage by taking example of glusterfs + NFS-ganesha and challenges involved in while doing so.

Speakers
JT

Jiffin Tony Thottan

Senior Software Engineer, Red Hat
Jiffin Tony Thottan completed the graduation in 2014 and started the career as an intern in Red Hat. Currently working as Senior Software Engineer in Red Hat Storage Team and actively contributing to communities such as Gluster, NFS-Ganesha and Rook. His expertise includes Storage... Read More →
avatar for Niels de Vos

Niels de Vos

Senior Software Engineer, Red Hat
Niels is a core-developer and maintainer for Gluster. He is employed by Red Hat and works together with other teams who provide professional support for Red Hat Gluster Storage. The main areas where Niels is active include network protocols, low-level/Operating Systems improvements... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Köpenick
  • Experience Level Any

12:15

Kernel Documentation: What We Have and How We'll Make it Better - Jonathan Corbet, LWN.net
It is often said that kernel developers don't care about documentation, but the truth can be seen in the kernel repository: thousands of documentation files and tens of thousands of kernel-doc comments. The problem is that it's all a bit ... messy. Your speaker, in the role of the kernel's documentation maintainer, is trying to clean things up a bit. The talk will cover the current state of kernel documentation, what's being done to make it better, and, along the way, some of the interesting challenges that come with being a kernel subsystem maintainer in general.

Speakers
avatar for Jonathan Corbet

Jonathan Corbet

Executive Editor, LWN.net


Tuesday October 4, 2016 12:15 - 13:05
Charlottenburg III

14:30

21st Century DNSBLs - Amanda Folson, GitLab
Spammers have been using computers to send unsolicited messages since 1978. However, the first DNS-based blacklist (DNSBL) wasn't created until 1997 -- almost 20 years later. Since then, the practice of spamming has grown at an alarming rate. The mechanics of creating and
managing a DNSBL haven't changed all that much, but the tooling around them has changed drastically. In this talk, we'll discuss how to create a DNSBL, what tools are available to do so, and how to manage the DNSBL once it's set up. Additionally, we'll discuss how to easily migrate and scale a legacy DNSBL system using Docker.

Speakers
AF

Amanda Folson

From humble beginnings as a PHP4 web developer in grade school, Amanda now works as a Developer Advocate at GitLab where she gets to share her passion for technology with others. When she's not speaking, writing, or shooing cats off her keyboard, you'll find her consuming APIs and... Read More →


Tuesday October 4, 2016 14:30 - 15:20
Potsdam III

14:30

Panel Discussion: Outreachy Kernel Internship Report - Moderated by Julia Lawall, Inria
Come learn about the great work our kernel interns have accomplished! Outreachy provides a 3-month paid internship for women, trans men, genderqueer people, and US members of other underrepresented groups to work on an open source project. The panel will present the program and this year's Linux kernel projects. Shraddha Barke will present her work on cleaning up staging driver code. Ioana Ciornei will present her work on improving the efficiency of the Ceph distributed filesystem. Cristina Moraru will present her work on getting the HMC5843 3-axis Digital Compass driver out of staging, and on developing the TH06 and MAX5487 IIO drivers. Ksenija Stanojević will present her work on reorganizing the mxs-lradc staging driver. Janani Ravichandran will present her work on memory allocation latency tracing. Finally, Daniel Baluta will be available to present a mentor's perspective.

Moderators
avatar for Julia Lawall

Julia Lawall

Senior Researcher, Inria
Julia Lawall is a Senior Research Scientist at Inria. Her research is at the intersection of programming languages and operating systems. She develops the tool Coccinelle and has over 2000 patches in the Linux kernel based on this work.

Speakers
avatar for Daniel Baluta

Daniel Baluta

Linux Kernel Engineer at NXP, NXP
Daniel works at NXP in Romania hacking on Linux kernel audio drivers for i.MX boards. He is a teaching assistant for Operating System Internals class at University POLITEHNICA in Bucharest and very passionate about helping newcomers to the Linux kernel world while being a mentor for... Read More →
SB

Shraddha Barke

Student, BITS Pilani
JR

Janani Ravichandran

Student, University at Buffalo


Tuesday October 4, 2016 14:30 - 15:20
Tiergarten
  • Experience Level Any

14:30

PM Infrastructure in the Linux Kernel - Current Status and Future - Rafael J. Wysocki, Intel OTC
Multiple subsystems in the Linux kernel are concerned with various aspects of energy efficiency. Some of them act on the system as a whole while the others focus on individual CPUs or IO devices. The majority of them have been developed in isolation and they work reasonably well individually, but that is often insufficient to address problems related to contemporary trends in hardware design and growing user expectations. Thus they have to be made work more closely with one another and with core kernel code like the CPU scheduler. Efforts to make that happen are under way and I will describe them. However, in the meantime the existing Linux PM infrastructure has to respond to the users' needs, so I will discuss its current status, the most important problems it is facing and some possible ways to address them.

Speakers
avatar for Rafael J. Wysocki

Rafael J. Wysocki

Software Engineer, Intel OTC
Rafael maintains the Linux kernel's core ACPI and power management code, including the core infrastructure for IO device PM, CPU PM and system suspend/hibernation. He works at Intel Open Source Technology Center as a Software Engineer focusing on the mainline Linux kernel. Rafael... Read More →


Tuesday October 4, 2016 14:30 - 15:20
Charlottenburg III

15:30

SwarmKit: Docker's Simplified Model for Complex Orchestration - Stephen Day, Docker
SwarmKit is a new framework by Docker for building orchestration systems that powers Docker Engine's orchestration capabilities. In this talk, we'll dive into the model driven design and how the components fit together to build a user friendly orchestration system. Solving problems such as reconciliation, convergence and consistency at the model level ensure the system can evolve to meet modern use cases needed in orchestration applications. This approach leads to a simplified model that can reliably orchestrate complex deployments. Show me your data structures and I'll show you your orchestration system.

Speakers
avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Bellevue

15:30

User Namespace and Seccomp Support in Docker Engine - Paul Novarese, Docker
Isolation in Docker is mainly accomplished via cgroups and namespaces. User namespaces are the newest namespace to be supported by the Docker engine, and allow users to run containers as without elevated privileges, which has been a longstanding shortcoming and frequent target of both user frustration and feature requests. In addition, Seccomp support adds a new method of containment for running containers by providing both whitelist and blacklist based controls of system calls that are permitted and/or forbidden for containerized processes. In this session, we’ll look at these new features, examine basics of configuration, and do some live demos to see them in action.

Speakers
avatar for Paul Novarese

Paul Novarese

Technical Account Manager, Docker, Inc.
Paul has been working in the ops side of open source for over 20 years, providing technical support, training, and general consulting in both the largest and smallest data centers.


Tuesday October 4, 2016 15:30 - 16:20
Schinkel II/III

15:30

Efficient Kernel Backporting - Alex Shi, Linaro
In computer/mobile product world, due to the stability, project timeline, etc considerations, latest upstream kernel isn't their preference. The long term stable kernel is. But if you want to some latest features which only is in upstream kernel. You have to backport them to old stable kernel.

This presentation will share the kernel feature backport experience with audience, help them understand how to do backports quickly and effectively without detailed knowledge of the target feature, thus giving more flexibility and Improving productivity when making products.

It will talk by some examples, to discuss how to get info from backport request, how to find necessary commits, how to get dependency, how to resolve conflicts, and finally how to test it.

Speakers
AS

Alex Shi

Linaro
Alex graduated from Central China Normal University. He works for Linaro as Linaro stable kernel maintainer now. Before working for Linaro he worked in Intel Opensource Technical Center in Shanghai, mainly focus on Linux kernel performance tuning.


Tuesday October 4, 2016 15:30 - 16:20
Charlottenburg III
  • Experience Level Any

15:30

Running Linux on Tiny Peripherals - Marcel Holtmann, Intel
This presentation presents running Linux on tiny peripherals with minimal memory requirements.

Speakers
MH

Marcel Holtmann

Prinicpal Engineer, Intel Corporation
Marcel Holtmann is part of Intel's Open Source Technology Center. He is the maintainer of the BlueZ open source Bluetooth stack and has been working on Bluetooth technology since 2001. Marcel chairs the Bluetooth Internet Working Group and is a member of the Bluetooth Architectural... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Potsdam I/II

16:50

OpenSSL Dev Session
Members of the openssl development team will be available to help with porting applications to 1.1.0, help guide how people can contribute to the project, and be available to discuss other technical issues. Downstream distributions and embedded applications developers should also stop by to introduce themselves

Tuesday October 4, 2016 16:50 - 17:40
Knight

16:50

A New Approach to Tracing Through BPF - Elena Zannoni, Oracle
Fundamental changes are happening within the key areas of tracing.  While existing tools are being refined and more complex features are added to them, a totally new approach to tracing has emerged within the last year.  The Berkeley Packet Filtering (BPF) mechanism has been extended and it now integrates with the kernel perf events and the tracing subsystems to provide a flexible and feature rich tool increasing dynamic tracing's capabilities.  This talk will cover the inner workings of BPF with the new dynamic tracing features and examples of how to make use of them.

Speakers
avatar for Elena Zannoni

Elena Zannoni

Director of the Linux Tools and Languages Team, Oracle Corporation
Elena Zannoni is the manager for the Linux Toolchain and Tracing team at Oracle. The team covers the GNU toolchain and DTrace for Linux, among other things. Elena was one of the original GDB global maintainers and has spoken worldwide on topics related to tracing at many conferences... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Schöneberg

16:50

Are Containers Enterprise Ready? - Michal Svec, SUSE
Containers has been around for quite some time and are a hot topic these days. In this session we will look at how containers and Docker can be used, what are the pros and cons of using containers and will show tools which help in enterprise deployments of containers, explaining aspects of container security and lifecycle.

Speakers
avatar for Michal Svec

Michal Svec

Senior Product Manager, SUSE
Michal Svec is a Senior Product Manager at SUSE, responsible for virtualization and containers in SUSE Linux Enterprise product family. Prior to this he served as a Director of Engineering focused on the installation and systems management and was involved in developing various parts... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Charlottenburg I/II

16:50

Dev and Ops: Collaborating on an Up-to-Date Build Tool Chain - Christoph Goern, Red Hat & Robin Meissner, T-Systems/AppAgile
We all want stable and secure foundations for building applications, but getting there isn't easy. Developers want and need tools that move quickly, operations folks need and want trusted platforms that are up-to-date and known to be stable. You can have it all, if you do it
right.

This talk will explain how operations and developers can collaborate on a tool chain that is a win for all. It gives ops everything they need in terms of stability and security, and allows developers to build on that with the most recent tools. Best of all, this toolchain can be full automated and integrated in such a way that an update to the base OS can trigger an update for the entire stack.

Speakers
avatar for Christoph Görn

Christoph Görn

Principal Software Engineer, Red Hat



Tuesday October 4, 2016 16:50 - 17:40
Bellevue

16:50

Networking Approaches in a Container World - Flavio Castelli, SUSE
Networking has always been a complicated and delicate topic. Things get even more complicated in the world of containers, where lots of containers are continuously being created and moved over entire data centers.

Several choices are available, each one having a slightly different implementation and its own peculiarities.
This leads to a lot of confusion when a networking solution has to be chosen.

This talk illustrates how the major networking solutions for Linux application containers work: their implementation details, their positive and negative aspects and how they influence the deployment of distributed applications.

Speakers
avatar for Flavio Castelli

Flavio Castelli

Engineering Manager, SUSE
Flavio Castelli is the engineering manager for the containers team at SUSE. Flavio has been following Docker since its early days and focused on its integration within the openSUSE and SUSE ecosystems. Flavio developed experience in creating and managing systems while working on products... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Schinkel II/III

16:50

How To Write A Linux Security Module That Makes Sense For You - Casey Schaufler, The Smack Project
The traditional Linux security model traces it's fundamentals to the mini-computers of the 1970's. It makes a lot of sense for a machine without a network connection, shared by a handful of friendly collaborators. Linux security modules (LSM) were introduced to address the needs of high security environments. This talk will teach you what you can do with a Linux security module, and what you can't, the difference between a major module and a minor one. Techniques for implementing access controls on files, IPC and sockets will be covered, as will the underlying mechanisms required to maintain the data needed. The difference between inode based schemes and path name based ones will be made clear. In the end you'll have the tools you need to create a module that protects what you care about instead of what seemed like a good idea to a government researcher during the Cold War.

Speakers
avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Hugos South

16:50

openQA - Avoiding Disasters of Biblical Proportions - Marita Werner, SUSE
openQA is an automated testing tool, capable of full system, console, and graphical application testing. This session will give an introduction to openQA's capabilities, share how it is used by SUSE for the testing of SUSE Linux Enterprise, Fedora for the testing of their distribution, and openSUSE for the testing of both Leap regular release and their Tumbleweed rolling release. The talk will go into some detail as to how openQA tests a very wide range of scenarios, including multiple architectures, extensions and modules, as well as virtual and 'real hardware' platforms. The session will suggest ideas to attendees as how it could be used for testing their software, operating systems, or virtual machine images.

Speakers
avatar for Marita Werner

Marita Werner

QA Project Manager, SUSE Linux GmbH
I joined SUSE's ISV Team in 2010 as Manager of the SUSE Partner Catalog. In 2014 I moved to the SUSE R&D Quality Assurance department as QA Project Manager for the SLE family. I am responsible for the Quality of quite a wide range of products, including SUSE Linux Enterprise Server... Read More →



Tuesday October 4, 2016 16:50 - 17:40
Potsdam III
 
Wednesday, October 5
 

11:00

Cloud Services Catalog: One Year of OSCM - Uwe Specht & Michael Falkenhahn, Fujitsu
Almost exactly a year ago, Fujitsu launched its market-proven Cloud Management solution, Service Catalog Manager (CT-MG), as its first Open Source product, now under the new name Open Service Catalog Manager (OSCM). In this session Fujitsu will hold a resumé and present its activities, experiences and further plans to establish the project within the open source community. Fujitsu will share the experience of developing a first contribution based on a customer project. This session will also show how the open source project created engagement in the CNCF.

Speakers
avatar for Michael Falkenhahn

Michael Falkenhahn

Solution Architect, FUJITSU Enabling Software Technology GmbH
Michael Falkenhahn is Solution Architect for Cloud Management Products in Hybrid Cloud Environments at Fujitsu. He has over 15 years' experience in the software industry from development, through customer training and support. As OSCM community manager, he is taking care of all community... Read More →
avatar for Uwe Specht

Uwe Specht

Senior Manager, Fujitsu
Uwe Specht is Senior Manager for Partner Projects at Fujitsu. He is responsible for customer’s integration projects with Cloud Management Products in Hybrid Cloud Environments. He gathered deep technical knowledge in multiple cloud environments like AWS and Azure or VMware. He is... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Schöneberg

11:00

Container Defense in Depth - Scott McCarty, Red Hat
Defense in depth is an information assurance technique to protect a system from any particular attack by having multiple independent countermeasures in place. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, svirt, and SECCOMP, to measuring attack surface, use of root and patch remediation, to platform level authentication and authorization, these are the droids you are looking for.

This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Tegel

11:00

Clang: Much More than Just a C/C++ Compiler - Tilmann Scheller, Samsung Electronics
With the Clang C/C++ frontend built on top of LLVM, Linux developers get a powerful optimizing compiler.
While compiling source code is the core task of Clang, it can also be used for much more than just compiling code: the built-in static analyzer detects bugs at compile time, clang-format allows for automatic source code formatting, clang-tidy enables heavier checks which go beyond traditional compiler warnings, the AddressSanitizer/MemorySanitizer tools help to detect memory corruption bugs early and with LibFuzzer there is an integrated solution for fuzz testing as well.
Various Clang-based source code navigators allow for accurate browsing through even the most complex C++ codebases, where traditional tools like Ctags are struggling heavily.
This talk will introduce the various different tools available as part of Clang and highlight the benefits they provide to Linux developers.

Speakers
TS

Tilmann Scheller

LLVM Compiler Engineer, Samsung Electronics
Tilmann Scheller is a Principal Compiler Engineer working in the Samsung Open Source Group, his primary focus is on the ARM/AArch64 backends of LLVM. He has been working on LLVM since 2007 and has held previous positions involving LLVM at NVIDIA and Apple.


Wednesday October 5, 2016 11:00 - 11:50
Tiergarten

11:00

Linux-Kernel Memory Ordering: Help Arrives At Last! - Paul E. McKenney, IBM
It has been said that Documentation/memory-barriers.txt can be used to frighten small children, and perhaps this is true. But even if it is true, it is woefully inefficient. After all, there is a huge number of children in this world, so a correspondingly huge amount of time and effort would be required in order to read it to them all.

This situation clearly calls for an automated tool, which is the topic of this talk, and which is now available in prototype form. This tool takes short fragments of concurrent C code as input, and exhaustively analyzes the possible results. In other words, instead of perusing memory-barriers.txt to find the answer to a memory-ordering question, you can get your answer by writing a small test case and feeding it to the tool. This talk will give an introduction to this tool, describing how to use it and how it works, including a short demo.

Speakers
avatar for Paul McKenney

Paul McKenney

Distinguished Engineer, IBM Linux Technology Center, Beaverton
Paul E. McKenney is a Distinguished Engineer with the IBM Linux Technology Center, where he maintains the RCU implementation within the Linux kernel. He has been coding for four decades, more than half of that on parallel hardware. His prior lives include the DYNIX/ptx kernel at Sequent... Read More →


Wednesday October 5, 2016 11:00 - 11:50
Charlottenburg III

11:00

OpenStack Swift - Christian Schwede, Red Hat
OpenStack Swift - 101: Swift is an open source object storage system that is highly available, distributed, eventually consistent object/blob store. Organizations can use Swift to store lots of data efficiently, safely, and cheaply. In this session, Mahati will cover an overview of Swift's architecture, its use cases, some of it's interesting features and sample code snippets/commands on how to inspect a stored object.

Speakers
avatar for Christian Schwede

Christian Schwede

Principal Software Engineer, Red Hat
Christian started working on Swift about two years ago and works as a Principal Software Engineer at Red Hat. Most of his Swift related work is related to supporting customers running Swift and working on automation, testing and development tools.


Wednesday October 5, 2016 11:00 - 11:50
Potsdam I/II

11:00

Container Orchestration Lab: Swarm, Mesos, Kubernetes - Haïkel Guémar, Fedora Project
There are many container orchestration choices available to the developer today.

In this lab we will look at several orchestrators gaining hands-on experience with them to understand the challenges, and how to do effective orchestration with one or more of the available solutions.

Docker Swarm
Google Kubernetes
Apache Mesos
Combining them

Please follow setup instructions here
http://bit.ly/2674h5J

Speakers
avatar for Haikel Guemar

Haikel Guemar

RDO release wrangler, Fedora Project
CentOS Cloud SIG developerRDO Engineering at Red HatStacker


Wednesday October 5, 2016 11:00 - 12:50
Charlottenburg I/II

12:00

Tilling the Brownfield: A Container Story - Richard Marshall, IAC Publishing Labs
It seems everyone wants to be living the container native dream, but how does an established organization overcome inertia and shift towards that end? This presentation will tell the story of how IACPL (formerly Ask.com), a company with 2 decades of legacy, has navigated that journey thus far. There were wrong turns, speed bumps, roadblocks, and just about any road travel metaphor you can think of along the way. This talk will focus on those challenges we faced while adapting or replacing our existing processes, training staff, and all sorts of technical issues in an endeavor that has touched every part of our technology organization.

Speakers
avatar for Richard Marshall

Richard Marshall

Lead Platform Architect, IAC Publishing Labs
Richard Marshall is the Lead Platform Architect at IAC Publishing Labs where he works on private cloud infrastructure. He joined Ask.com (now IAC Publishing Labs) in 2011 and has led initiatives related to virtualization and containers; current efforts focus on building a production... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Schinkel II/III
  • Experience Level Any

12:00

entry_*.S: A Carefree Stroll through Kernel Entry Code - Borislav Petkov, SUSE
I have always wondered what happens when we enter the kernel from
userspace: what preparations does the hardware meet when the userspace
to kernel space switch instructions are executed and back, and what does
the kernel do when it executes a system call. There are also a bunch of
things it does before it executes the actual syscall so I try to look at
those too.

This talk is an attempt to demystify some of the aspects of the cryptic
x86 entry code in arch/x86/entry/ written in assembly and how does
that all fit with software-visible architecture of x86, what hardware
features are being used and how.

With the hope to get more people excited about this funky piece of the
kernel and maybe have the same fun we're having.

Speakers
BP

Borislav Petkov

SUSE
RAS/AMD kernel maintainer working currenly at SUSE Labs. Prior to that at AMDs Operating Systems Research Center doing Linux enablement and hardware debugging work.


Wednesday October 5, 2016 12:00 - 12:50
Charlottenburg III

12:00

SFQM & Doctor: Keeping My (Telco) Cloud Afloat - Emma Foley, Intel
Collectd exposes statistics that facilitate more resilient and performant telco/NFV clouds.

It is vital to monitor systems for malfunctions that could lead to users' application service disruption and promptly react to these fault events to facilitate improving overall system performance.

By providing OpenStack with system statistics from collectd, there is more data available, which can be used for monitoring, performance analysis, fault detection, etc. using OPNFV Doctor-prescribed enhancements to OpenStack, action can then be taken to negate the effects of any faults in the deployment.

Gaps have been identified and work to improve OpenStack to enable a more fault tolerant cloud environment is well underway. A key part of this work includes expanding the amount of data available about the system (e.g. DPDK statistics), and improving alarming functionality in OpenStack Aodh.

Moderators
EF

Emma Foley

Software Engineer, Intel
Emma is a Software Engineer in the Network Platforms Group in Intel. Emma has worked on Service Assurance, making more statistics available for the OpenStack cloud, by enabling collectd stats and events to be used in OpenStack. She is committer to the OPNFV Barometer project, and... Read More →

Speakers
avatar for Carlos Goncalves

Carlos Goncalves

Software Specialist, NEC Laboratories Europe
Carlos Goncalves is a Software Specialist on the 5G Networks team at NEC Laboratories Europe in Heidelberg, Germany. He works in the areas of Network Functions Virtualization and Carrier-Cloud Operation & Management, developing novel technologies and tools for the design, deployment... Read More →
avatar for Harry van Haaren

Harry van Haaren

Network Software Engineer, Intel
Harry van Haaren is a network software engineer optimizing DPDK and OVS. Interests range from high-performance API design to making every last instruction-per-cycle count towards your computing requirements. [NOTE: The "Measuring Software Performance" session will be 15 minutes... Read More →
avatar for Maryam Tahhan

Maryam Tahhan

Network Software Engineer, Intel Corporation
Maryam Tahhan is a Network Software Engineer at Intel Corporation. Her focus has been on virtual switching, virtual switch performance and enabling service assurance features in DPDK. She leads 2 open source projects in OPNFV: VSPERF (vSwitch Performance Characterization) and SFQM... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Köpenick
  • Experience Level Any

12:00

Tracking Huge Files with Git LFS - Steve Smith, Atlassian
Developers love Git for its raw speed, powerful history traversal, distributed nature, and (of course) the fact that it was originally built by Linus Torvalds. What we don't love is the fact that, out of the box, Git has poor support for tracking large binary files!

Fortunately, developers from Atlassian and GitHub have teamed up to work on an open source, MIT licensed project to solve this problem: Git LFS (Large File Support). This means researchers, web designers, game or desktop application developers, multimedia producers and any other Linux ecosystem participants who need to version large data, rich media, or binaries, can move off legacy centralized systems and start using modern version control.

In this session I'll cover the computer science behind Git LFS' internals & architecture, CLI usage and how to build an effective Git LFS workflow for an open source team.

Speakers
avatar for Steve Smith

Steve Smith

Devops Advocate, Atlassian
Steve Smith has worked at Atlassian for over 8 years, both as a sysadmin and a developer. Prior to that he worked on tanks and radars in the Outer Hebrides, telecoms systems in Hong Kong, and in startups in Australia. He now works out of Atlassian's Amsterdam offices, focusing on... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Tiergarten
  • Experience Level Any

14:30

Enforcing a Docker Container Security Policy - Thomas Sjögren, AB Svenska Spel
Even though the options to secure Docker containers are available, following a security baseline is often left to the user starting the container.

In this presentation Thomas Sjögren will show how to make a container, from image to runtime, a bit more secure and how to enforce a security policy by monitoring Docker events.

Speakers
avatar for Thomas Sjögren

Thomas Sjögren

System Technician, AB Svenska Spel
Thomas Sjögren is a system technician at AB Svenska Spel. He's one of the maintainers behind the docker/docker-bench-security project and contributor to the Center For Internet Security Docker Benchmark.


Wednesday October 5, 2016 14:30 - 15:20
Tegel

14:30

Packaging for Linux Distributions with Docker - Bruno Cornec, Hewlett Packard Enterprise
Docker has brought an ease of use without comparison with VMs typically to build native upstream distribution packages. Where before it was needed to launch a complete environment, copy the sources into it, invoke the build tools to create the packages and then copy them back to the host, Docker has made all these steps easier and straight forward, allowing for more rapid package production and automation.

This presentation will show and demo a detailed use case for building packages for both Mageia and Fedora with their respective bm or koji tools encapsulated in Docker containers. It should help any upstream packager adopt a similar approach to make his packaging task a breathe.

Also this presentation will explain how Docker support has been added to project-builder.org in order to ease the build of upstream project packages, which is a preparation step to distribution inclusion.

Speakers
avatar for Bruno Cornec

Bruno Cornec

Open Source & Technology Strategist, HPE
Bruno Cornec has been managing various Unix systems since 1987 and Linux since 1993 (0.99pl14).Bruno first worked 8 years around Software Engineering and Configuration Management Systems in Unix environments.Since 1995, he is Open Source and Linux (OSL) Technology Strategist, Linux... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Bellevue

14:30

Flowgrind: A TCP Traffic Generator for Developers - Arnd Hannemann, credativ GmbH
During the last decades TCP and the networks it is used in steadily evolved. To aid further development it is crucial to give researchers and developers measurement tools so they can evaluate and analyze their TCP modifications in real world network environments. In this presentation we show our tool flowgrind. Unlike existing measurement tools, flowgrind's distributed architecture allows for an easy setup of complex scenarios (Fairness measurements with different congestion control mechanisms, cross-traffic, separation of test and control traffic etc.). Besides the usual application perceived metrics it can also measure core variables from the operating system's TCP implementation (tcp_info struct) thus enabling the developers to analyze and understand the interactions between TCP and the underlying network.

Speakers
AH

Arnd Hannemann

Technical Lead, credativ GmbH
Arnd Hannemann has more than 15 years experience in developing and maintaining Linux systems. Since starting to work within the GNU/Linux open source ecosystem he has been involved in several Open Source projects including the Linux kernel. He studied Computer Science at the RWTH... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Charlottenburg I/II

14:30

IPv6 for Server Admins and Client Developers - Thiago Macieira, Intel
IPv6 is the evolution of the Internet Protocol and was created in the late 1990s when it was clear that the then-current version (IPv4) would run out of available addresses soon. Soon after, software was converted to handle IPv6 and the all service providers began offering IPv6 connectivity. Right? Not really. It's been a chicken-and-the-egg problem: no apps supports it, so services don't support it, so no apps supports it. This session will go over the basics of IPv6, how it differs from IPv4 and what client and server developers should be aware of. It will go over the basic socket API and provide instruction for developers on how to write software capable of both IPv4 and v6, seamlessly. It will then discuss how IPv6 and certain features not available in IPv4 can be used for interesting functionality, but also what admins would want to be aware of to protect their systems.

Speakers
avatar for Thiago Macieira

Thiago Macieira

Engineer, Open Source Technology Center, Intel
Thiago Macieira holds a double degree in Engineering and an MBA. He has been involved in several Open Source projects for over 15 years and is an experienced C++ developer, having spent the better part of the last 10 years developing Qt and Qt-based software. He has been involved... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Potsdam I/II

14:30

Reimagining OpenStack - Samuel Ortiz, Intel
OpenStack is an open source alternative to proprietary cloud solutions, but customers struggle with deployment, scalability, and performance problems. Design a Cloud today and you’d approach things in a radically different way. Nova, OpenStack’s core compute component, is described as a "bloated busy kitchen filled with technical debt" by an original author. The open source CIAO project (Cloud Integrated Advanced Orchestrator) reimagines Cloud from scratch in the Go programming language. CIAO seeks to demonstrate how to move the needle on performance and meet the demands of the modern cloud. CIAO is fully TLS based, minimal config, easily updatable and optimized-for-speed. Containers and VMs are equal citizen user workloads, providing a scalable elastic cloud. This presentation will highlight CIAO’s innovative architecture and compare implementation details relative to OpenStack.

Speakers
SO

Samuel Ortiz

Principal Software Engineer, Intel
I work at the Intel Open Source Technology Center where I spend my time playing with containers, virtual machines, hypervisors and orchestrators. Although I am currently contributing to Kata Containers, CRI-O, QEMU, NEMU and rust-vmm, I used to work on obscure networking protocols... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Köpenick

14:30

What's Up in the Land of the Linux Kernel - Thorsten Leemhuis, Heise Medien GmbH
This presentation provides an overview of recent and current developments in the Linux kernel, which is the heart of any Linux system. The talk will discuss what major changes recent kernel versions brought and thus now show up in the latest Linux distributions. It will also discuss improvement the next kernel version will contain or are currently being discussed for later releases. In that scope the presentation sometimes will discuss changes in software which interacts closely with the kernel or its drivers (Mesa, nft, …)

In addition to new features this talk will sometimes take a metalevel look on kernel development: what is working well, how fast is it, what is done to improve things and what are the biggest challenges the kernel developers face right now.

Speakers
avatar for Thorsten Leemhuis

Thorsten Leemhuis

Editor, c't/Heise Medien
Thorsten works as an editor for Heise Medien, which publishes the German c't magazine and runs the tech news site heise.de. For both he writes a column called "Kernel Log", which regularly discusses developments in the Linux kernel and areas close to it. Thorsten also was a major... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Tiergarten

15:40

Docker Adoption and Usage Patterns 2016 - Ilan Rabinovitch, Datadog
As a SaaS monitoring solution specializing in dynamic infrastructure, Datadog has a unique vantage point into the container usage patterns at a global scale. What patterns are organizations finding most successful in their adoption? Which technologies are being containerized? Join us as we open up the data and discuss real world container, orchestration and scheduler usage in organizations large and small, from startup to enterprise.

Speakers
avatar for Ilan Rabinovitch

Ilan Rabinovitch

Dir, Technical Community, Datadog
Ilan is Director of Technical Community at Datadog. Prior to joining Datadog, he spent a number of years leading infrastructure and reliability engineering teams at organizations such as Ooyala and Edmunds.com. In addition to his work at Datadog, he active in the open-source and DevOps... Read More →


Wednesday October 5, 2016 15:40 - 16:30
Schinkel II/III

15:40

Docker Orchestration: Beyond the Basics - Aaron Lehmann, Docker
Docker Engine supports built-in Swarm orchestration that can run containers across a cluster of machines. While it's very easy to get started with orchestration in Docker, it's useful to understand some details in order to get the best results from a clustered deployment.

In this presentation, Aaron Lehmann will discuss best practices for running a cluster using Docker Engine's orchestration features. The presentation will go over how to get started with orchestration in Docker, and explain how to keep a cluster perfomant, secure, and reliable. No previous experience with Docker orchestration is necessary.

Attendees will learn how to properly deploy Docker orchestration for high availability with no single point of failure. They will also understand the security model and various security options.

Speakers
avatar for Aaron Lehmann

Aaron Lehmann

Software engineer, Docker
Aaron Lehmann is one of the authors and maintainers of the Docker SwarmKit open source project, which powers Docker's orchestration capabilities. In his work at Docker, he continues to enhance SwarmKit, and also contributes to Docker Engine and Docker Registry.


Wednesday October 5, 2016 15:40 - 16:30
Bellevue

15:40

VM-based Secure Container - Zhang Wei & Claudio Fontana, Huawei

Due to sharing the same kernel, native containers may never provide alone enough isolation and security without being run inside virtual infrastructure. Wei & Claudio have been workiing on a new VM-based Secure Container based on “RunV” which is an open source and an OCI-compatible runtime similar to “RunC”.

In the RunV community Wei has been working with developers from hyper.sh to make RunV compatible to the Docker API, so that it can integrate with higher level frameworks like Kubernetes and OpenStack and be deployable as easily as native containers.

Claudio has been optimizing virtualization components for this use case, removing legacy features and employing existing methods (Clear Containers) and new ways to boot quickly, decrease overheads, and improve performance. Novel work in the virtualizer and virtual firmware enables further improvements at the expense of fidelity to PC compatibility.


Speakers
WZ

Wei Zhang

Huawei
Zhang Wei & Claudio Fontana are both working for Huawei, in Beijing, China and Munich, Germany respectively. Zhang Wei is an active Docker contributor since 2015, with some speaking experience in the local circles.


Wednesday October 5, 2016 15:40 - 16:30
Tegel

15:40

Linux Kernel Security Update - James Morris, Oracle
In this presentation, I'll provide an update on the current state of the Linux kernel security subsystem. We'll start with a brief overview of Linux kernel security, then discuss 
changes which have occurred during the v4.0 kernel series. We'll also discuss the current threat landscape, and ongoing development in areas such as static checking, fuzzing, and kernel self-protection.

Speakers
avatar for James Morris

James Morris

Kernel Developer, Microsoft
James is the maintainer of the Linux security subsystem, and kernel engineer at Microsoft.


Wednesday October 5, 2016 15:40 - 16:30
Tiergarten

15:40

OpenDaylight Performance Report - Daniel Farrell, Red Hat
Get the latest on OpenDaylight’s performance, including the just-released OpenDaylight Boron Performance Whitepaper and OPNFV CPerf’s Colorado Results.

OpenDaylight’s performance testing community produces a user-focused performance whitepaper for each OpenDaylight release. The OpenDaylight Boron release and the OpenDaylight Summit are just before LinuxCon EU 2016, and will mark the culmination of many performance testing efforts. An overview and analysis of these hot-of-the-presses results will be presented.

OPNFV’s CPerf project tests SDN controller performance in the large, realistic deployments required for NFV. While the exact date isn’t set, OPNFV’s Colorado release will likely be very close to LinuxCon EU 2016. CPerf’s Colorado results will be presented.

Speakers
avatar for Daniel Farrell

Daniel Farrell

Software Engineer, Red Hat
Daniel Farrell is a Software Engineer on Red Hat’s SDN Team, where he contributes to upstream ODL and OPNFV. He has been involved in SDN since it emerged from Stanford, including early OpenFlow and OpenStack work. He’s now an active committer on ODL’s Integration Team. During... Read More →


Wednesday October 5, 2016 15:40 - 16:30
Schöneberg

16:40

A Summary and Assessment of Docker Hosting and Management Options - Claus Matzinger, Crate.IO
As part of my journey with Docker, I have discovered and assessed many options for hosting, management and scaling Docker containers. I have dug beneath their collective surfaces, taken them for a test drive, pushed them to the edge, broken them, asked their staff a lot of questions and built up a good idea of which ones are worth spending your time (and maybe money) on.

In this presentation I will take a sample Docker application stack and demonstrate how Docker hosting solutions help (or hinder) the process. This will include Docker Cloud, AWS, Azure, Code Ship, Container Ship and several others.

I will cover:

- Using images from the Docker Hub and custom images
- Hosting options and portability of containers
- How Docker configuration options such as ports, entry points and commands are exposed
- Scaling containers
- Integration with Docker Toolset
- GUI and CLI options

Speakers
avatar for Claus Matzinger

Claus Matzinger

Developer Relations/Support, Crate.IO
Former CTO and consultant but Software Engineer by trade, I am now a developer relations engineer at Crate.IO. My language journey has brought me from C#, Java, C, Scala, Python to Rust, in my opinion the most interesting language to date. Aside from that, I am an experienced presenter... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Bellevue

16:40

Containers for Grownups: Migrating Traditional & Existing Applications - Scott McCarty, Red Hat
Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Schinkel II/III

16:40

Orchestrating the Blockchain Using Containers - Andrew Kennedy, Cloudsoft
Blockchain technology is a new and exciting field, and being able to quickly test applications is essential for agile startups wanting to bring products to market quickly. We show how Clocker, a key open-source component of Cloudsoft AMP, can be used to orchestrate the deployment and scaling of a Hyperledger blockchain application. An OASIS CAMP blueprint is created to describe the application topology, which is then installed onto a managed cluster of Virtual Machines running Docker Engine and the Calico SDN.

- Open Source goodness - What are Cloudsoft AMP and Clocker
- The Hyperledger Blockchain Application Platform
- Describing Components and Topology
- Demo: Deploying and Managing a Hyperledger Blockchain Application

Speakers
avatar for Andrew Kennedy

Andrew Kennedy

Distributed Systems Hacker, Cloudsoft
Andrew is a Senior Software Engineer at Cloudsoft and the founder of the Clocker project. He is a contributor to several Open Source projects including jclouds and Qpid and is on the Apache Brooklyn PMC. Areas of interest include Distributed Systems, Virtualisation, Messaging, Information... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Charlottenburg I/II

16:40

Software Update Security: When the Going Gets Tough, Get TUF Going!- Riyaz Faizullabhoy & Lily Guo, Docker
Installing and updating software presents an interesting slate of security challenges.  The Update Framework (TUF) helps developers secure new or existing software update systems. TUF provides protection against data tampering, rollbacks, and many cases of key compromise. This presentation will discuss both the attacks that TUF protects against and how it actually does so under the hood. Additionally, this presentation will demonstrate the usability aspects of TUF as it is currently implemented in Docker Notary and Docker Content Trust, in particular how simple it is to recover from key compromise and delegate trust to collaborators. 

Speakers
avatar for Riyaz Faizullabhoy

Riyaz Faizullabhoy

Security Engineer, Docker, Inc
Riyaz is a security engineer at Docker, and previously researched systems security and malware detection at UC Berkeley. At Docker, he is currently focused on Notary: a content signing platform based on The Update Framework. Riyaz has previously spoken at LinuxCon North America, Docker... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Tegel

16:40

Using Seccomp to Limit the Kernel Attack Surface - Michael Kerrisk, man7.org
Seccomp (secure computing) is a means to limit the system calls a program may make: it can be used to select exactly which system calls are permitted (or denied) and to restrict the arguments that may be passed to those system calls. System call filtering is achieved by writing BPF programs--programs written for a small in-kernel virtual machine that is able to examine system call numbers and arguments. Among other uses, seccomp is by now a key component of various container systems such as Docker and LXC. In this session, I'll provide a bottom-up view of seccomp before going on to examine the BPF virtual machine and some practical examples of filtering programs that restrict the set of permitted system calls. The goal is to give developers and administrators using container frameworks a solid understanding of a tool that has become a fundamental component of container frameworks.

Speakers
avatar for Michael Kerrisk

Michael Kerrisk

Trainer/consultant, man7.org Training and Consulting
Michael Kerrisk is the author of the acclaimed book, "The Linux Programming Interface" (http://man7.org/tlpi/), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Köpenick

16:40

lguest: A Journey of Learning the Linux Kernel Internals - Daniel Baluta, Intel
Lguest is a small hypervisor for running Linux under Linux on x86 architecture and the best source to learn about virtualization and Linux kernel internals. The story was written by Rusty Russel around 2007, with several brave people trying to port it on x86_64 and ARM.

The lguest adventure will walk you into boot code, paravirtulization, x86 assembly arid lands, virtio, segmentation, virtual/physical memory, hypercalls, interrupts. Understanding lguest is an arduous journey but we have an amazing help in the comments and source code narrated with a great sense of humour by lguest master: Rusty.

At the end of the presentation you will be exposed to some of the challenges of porting lguest to other architectures, mainly x86_64 and ARM as the speaker heroically tried for the past few years.

Speakers
avatar for Daniel Baluta

Daniel Baluta

Linux Kernel Engineer at NXP, NXP
Daniel works at NXP in Romania hacking on Linux kernel audio drivers for i.MX boards. He is a teaching assistant for Operating System Internals class at University POLITEHNICA in Bucharest and very passionate about helping newcomers to the Linux kernel world while being a mentor for... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Charlottenburg III

16:40

Linux DRM: New Picture Processing API - Marek Szyprowski, Samsung Electronics Polska Sp. z o.o.
Direct Rendering Manager (DRM) framework with Kernel Mode Setting (KMS) became generic API for the graphics display stack for Linux. Recently introduced extensions like atomic mode setting and universal planes allows to expose most of the features of the graphics display subsystem to generic applications, which don't need to use any hardware specific API. The next common part of graphics hardware (especially in the embedded systems) are various picture processing modules (i.e. copying, colour space conversion, scaling, rotation, etc). Such blocks can be used by vendor specific extensions. However this is not the best approach, especially if one want to design some hardware-independent application. This talk will focus on presenting the new proposal for the extension to the DRM subsystem, which provides access to the picture processing hardware blocks in the unified and generic way.

Speakers
MS

Marek Szyprowski

Samsung Electronics Polska Sp. z o.o.
Marek is a Linux kernel developer at Samsung R&D Institute, Warsaw, Poland. He specializes in embedded systems. His ongoing effort is to provide better support for Samsung SoC in the Linux kernel. This includes core platform support as well as various updates to the device drivers... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Tiergarten

16:40

NorNet -- Building an Inter-Continental Internet Testbed Based on Open Source Software - Thomas Dreibholz, Simula Research Laboratory
NorNet is an open, international Internet testbed platform for research on multi-homed systems. Multi-homed systems have the property of being connected to multiple Internet Service Providers (ISP) simultaneously, in order to still provide connectivity in case of ISP/network failures. Basis of NorNet is Linux, together with other Open Source software. At the moment, the testbed infrastructure spreads over 21 sites on 4 continents.

NorNet makes extensive use of advanced Linux features like virtualisation, file system features, routing rules, SCTP, MPTCP, and more. The global distribution creates further challenges. Goal of this talk is therefore to provide an overview of the problems that occurred when building the testbed, as well as solutions and lessons learned from solving these challenges. The idea is to present guidelines for utilising the advanced Linux features in own projects.

Speakers
avatar for Thomas Dreibholz

Thomas Dreibholz

Senior Research Engineer, Simula Research Laboratory
Thomas Dreibholz works as Senior Research Engineer at the Centre for Resilient Networks and Applications (CRNA) of the Simula Research Laboratory in Fornebu, Norway. He has published and presented more than 65 research contributions at international conferences and in journals. Furthermore... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Potsdam I/II

16:40

Using the Linux Tracing Infrastructure - Jan Altenberg, linutronix GmbH
The Linux kernel offers a lot of great debugging tools. The most powerful one is the tracing infrastructure. It's not just one single debugging method, it offers a lot of different methods for collecting and analyzing data within the Operating System. This presentation will give an introduction to the usage of the tracing infrastructure and the different methods for collecting data. This includes: Event tracing, using the tracers, collecting events during the boot process, dynamically adding events using kprobes and injecting events into your application with uprobes. It will also cover the tools which can be used for tracing, like trace-cmd and kernelshark. Furthermore the usage of the perf CTF converting function (which can be used to analyze traces with Tracecompass and Eclipse) will be explained.

Speakers
avatar for Jan Altenberg

Jan Altenberg

open source trainer / project manager, linutronix GmbH
Jan Altenberg has more than 10 years experience in developing and maintaining Embedded Linux systems. He studied information technologies at the University of Cooperative Education in Stuttgart (Germany). From 2002 - 2006 he was involved in the OCEAN project, a european research project... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Potsdam III
 
Thursday, October 6
 

10:50

Cgroups and Namespaces, The Building Blocks of Linux Containers - Rami Rosen, Intel
Rami will discuss in this talk two Linux subsystems, which are the
building blocks of Linux containers: cgroups and namespaces, and which
are used also in embedded devices.
Rami will review implementation highlights of kernel namespaces
and cgroups, showing how lightweight the implementation is,
and give detailed examples which will demonstrate
the ease of the usage of these two subsystems. Rami will also describe the new cgroup v2
infrastructure and the unified hierarchy, which was started to be implemented recently,comparing them to the current implementation.Rami will discuss
the new features which were recently merged,the PIDs controller
and the cgroup namespace,giving examples demonstrating their usage. The talk
will be concluded by a very brief overview of Linux Containers projects
and how they use Namespaces and cgroups,drawing a brief comparison against
VMs.

Speakers
RR

Rami Rosen

NFV Team Leader, Intel, Intel
Author of the book "Linux Kernel Networking" (2015) : http://ramirose.wix.com/ramirosen; NFV team leader at Intel. I gave many talks in various forums, including recently in netdev 1.1 (Seville, 2016).Also my article about cgroup V2 was recently published in lwn.net,"Understanding... Read More →


Thursday October 6, 2016 10:50 - 11:40
Tegel
  • Experience Level Any

10:50

Converging QEMU and TCMU for Container Storage - Huamin Chen, Red Hat
Containers storage technologies are changing rapidly. Volume Plugins in Docker and Kubernetes open doors to 3rd party storage provisioning for containers. However, these technologies are all based on bind-mount, volume drivers have to implement storage functionalities on their own.

On the other hand, QEMU has a different approach to provide storage for virtual machines. QEMU's block drivers abstracts different backend storage types and thus supports features like multi-tenancy, snapshot, and QoS, which are currently missing in Container storage drivers.

This talk presents a new technology that converges QEMU and TCMU. This allows Containers to use rich storage features that are already available to Virtual Machines. This technology integrates QEMU's block layer with tcmu-runner, and enables Containers to access various storage backends and rich storage features.

Speakers
HC

Huamin Chen

Principal Software Engineer, Red Hat
Dr. Huamin Chen is a passionate developer at Red Hat' CTO office. He is one of the founding member of Kubernetes SIG Storage, member of Ceph, Knative, and Rook. He previously spoke at KubeCon, OpenStack Summits, and other technical conferences.


Thursday October 6, 2016 10:50 - 11:40
Schöneberg

10:50

Fully Fault Tolerant Realtime Data Pipeline with Docker and Mesos - Rahul Kumar, Sigmoid
Developing an end-to-end big data application right from data ingestion, data enrichment and visualisation is a very cumbersome task. In this talk, I will demonstrate how to use Apache Mesos, Marathon, Apache Spark and Docker to build a scalable, fault tolerant, responsive data platform. The result will be a real-time big data application with self-healing features — a dream for every software developer. This talk is a collection of different recipe’s that will help the developer to understand Mesos ecosystem projects and Docker.Choosing the right technologies and tools during the development phase has a major impact on the success of the whole project. Apache Mesos provides the best cluster management system, Marathon gives the feature for long-running applications,Docker allows us to package an application with all of its dependencies into a standardized unit for software development.

Speakers
avatar for Rahul Kumar

Rahul Kumar

Technical Lead, Sigmoid
Rahul Kumar working as a Technical lead with Sigmoid, He has more than 4 years of experience in Data-driven distributed application development with Java , Scala , and Akka toolkit. He developed various real-time data analytics applications using Apache Hadoop, Mesos ecosystem projects... Read More →



Thursday October 6, 2016 10:50 - 11:40
Schinkel II/III

10:50

Monitoring Microservices: Docker, Mesos and Kubernetes Visibility at Scale - Alessandro Gallotta, Sysdig
Microservices and containers are revolutionizing the way we deploy applications and maintain infrastructure. But as many have found containers still have a key problem: monitoring and troubleshooting them can be impractical, painful, and sometimes impossible. With the rise of microservice based architectures and orchestration tools such as Kubernetes and Mesos, managing this has become even harder.

Using real tools, in live environments, Alessandro Gallotta will walk through various hands-on scenarios including how to:
-visualize physical vs logical architectures of Kubernetes/Mesos deployments
-understand performance at the microservice/app level for orchestrated systems
-identify & surface system activity of individual Docker containers
-extract process & app-level metrics inside containers with non-intrusive methods
-troubleshoot detailed network activity in distributed containers

Speakers
avatar for Alessandro Gallotta

Alessandro Gallotta

Software Engineer, Sysdig
Alessandro Gallotta is a software engineer at Sysdig. He is a core developer where he focuses on backend services dealing with big data and high availability issues.  He holds a M.Sc. in Computer Engineering from University of Catania, Italy.  Prior to Sysdig he worked as web developer... Read More →


Thursday October 6, 2016 10:50 - 11:40
Charlottenburg I/II
  • Experience Level Any

10:50

Orchestrating Linux Containers While Tolerating Failures - Drew Erny, Docker
Although containers are bringing a refreshing flexibility when deploying services in production, the management of those containers in such an environment still requires special care in order to keep the application up and running. In this regard, orchestration platforms like Docker, Kubernetes and Nomad have been trying to alleviate this responsibility, facilitating the task of deploying and maintaining the entire application stack in its desired state. This ensures that a service will be always running, tolerating machine failures, network erratic behavior or software updates and downtime.

The purpose of this talk is to explain the mechanisms used in the core Docker Engine orchestration platform (using a framework called swarmkit) to tolerate failures of services and machines, from cluster state replication and leader-election to container re-scheduling logic when a host goes down.

Speakers
DE

Drew Erny

Software Engineer, Docker
Drew Erny is a software engineer at Docker working on Swarmkit, the framework that power's Docker's new Swarm Mode.


Thursday October 6, 2016 10:50 - 11:40
Bellevue

10:50

Chrome OS Running Android in a Container - Dylan Reid, Google
Chromebooks recently added Google Play, the most popular app store in the world. In this presentation, Dylan will discuss the details of how the android system is run on Chromebooks, how kernel container and graphics driver features made this possible, how audio/video are played from the Android container, and how the famous Chromebook security level was maintained.

Speakers
DR

Dylan Reid

Software Engineer, Google
Dylan Reid (Google) - Dylan works on the Chromium OS project for Google. He has been focused on Chromium OS audio for the past few years, working on drivers, middle ware, audio processing and the Chrome browser. Recently he started the effort to run Android in a container on Chrome... Read More →


Thursday October 6, 2016 10:50 - 11:40
Hugos South

10:50

Efficient Unit Test and Fuzz Tools for Kernel/Libc Porting - Bamvor Jian Zhang, Huawei/Linaro
Bamvor has encountered lots of syscall issues such as wrong number of arguments, different data type in binary interface when working on the ILP32 ABI for ARMv8 in the last two years. He realized that the correctness of argument passing between the C library and core kernel code is a common problem when bringing up new architecture or ABI to kernel and libc. Existing fuzz testing tools such as trinity and skzkaller only generate random or boundary values for syscall parameters and then inject them into kernel, but those tools won't validate if the results of those syscalls are correct or not. Thus they can not act as a unit test for ILP32. Bamvor Jian Zhang would like to share how to improve trinity to serve this purpose.

Speakers
avatar for Bamvor Jian Zhang

Bamvor Jian Zhang

Senior Architecture, Eking Technology
Bamvor Jian Zhang is a software engineer in Huawei who focuses on linux kernel and relative areas. Currently he's working on ILP32 for ARM64, which supports running legacy 32bit code on ARM64. He gave a presentation in Opensuse Asia Summit, and also some presentations in local open... Read More →


Thursday October 6, 2016 10:50 - 11:40
Charlottenburg III
  • Experience Level Any

10:50

Persistent Memory Usage within Linux Environment - Maciej Maciejewski & Krzysztof Czurylo, Intel
Byte-addressable Persistent Memory is an emerging technology expected to soon have a dramatic and disruptive impact on software. Usage of persistent memory requires a different approach to data handling within applications.
In this talk we will examine the primary differences between persistent memory, storage devices, and regular DRAM. We shall present how Persistent Memory is exposed to the OS with ACPI extensions, and describe the resulting changes made upstream to the Linux kernel to provide direct access (known as "DAX" in Linux). We shall present how versatility of Persistent Memory can be utilized by the applications, and what impact does it have on the overall system. Finally, an open source library, known as the NVML (http://pmem.io), providing persistent memory allocation, transactions, and other features useful to applications will be shortly described.

Speakers
KC

Krzysztof Czuryło

Senior Software Engineer, Intel
Krzysztof Czuryło is a Software Architect at Intel, having over 15 years of experience in databases, networking/telecommunication and 3D graphics. For the last three years he is mostly focused on persistent memory programming and algorithms providing effective and fail-safe usage... Read More →
avatar for Maciej Maciejewski

Maciej Maciejewski

Senior Software Engineer, Intel
Maciej Maciejewski is a software professional working in a high-tech industry since 10 years. For eight years he has worked at ADVA Optical Networking as a Senior Software Manager, and an architect on distributed and stateless applications within network management systems area. Currently... Read More →


Thursday October 6, 2016 10:50 - 11:40
Potsdam I/II

11:50

Ansible + Containers: Orchestrating Happiness - Robyn Bergeron, Red Hat

According to a recent survey by The New Stack, 36% of container users expect to use Ansible for their container orchestration needs in the next year. Why? Because Ansible, as a next generation orchestration engine, is uniquely suited to solve the wide variety of problems encountered in the container’s journey from development to production. Ansible Container is a new project that seeks to bring together the best practices of the Ansible community into a tool that can manage the whole container lifecycle, from initial creation all the way
through deployment at scale on a variety of platforms. Come see Ansible Container in action and explore how it might fit into your own container workflow.

Speakers

Thursday October 6, 2016 11:50 - 12:40
Bellevue

11:50

Unikernels: When You Should and When You Shouldn't - Amir Chaudhry, Docker
Unikernels, built with library operating systems, reinvent earlier ideas for the modern era, improving the specialisation of apps. In fact, there is a continuum of specialisation, with general purpose OSs at one end, unikernels at the other extreme, & containerised apps in between.

All these options give developers more freedom & choice over how they write & distribute their apps. However, it also presents challenges in terms of understanding which approach is appropriate for a given use-case.

As with all technology, there are trade-offs with unikernels. This talk considers the benefits & drawbacks. By stepping away from hype & clarifying misunderstandings, attendees will appreciate why unikernels exist & where they're going. Attendees will also have a better idea of when they should consider a library OS for their next project, as well as the trade-offs they'll need to consider.

Speakers
avatar for Amir Chaudhry

Amir Chaudhry

Member of Technical Staff, Docker
Amir Chaudhry is the Community Manager for MirageOS and works at Docker to make unikernels accessible to developers everywhere. Most of his time is spent on open source efforts and he's a big fan of automation to maximise developer impact. In previous lives he led operations at a... Read More →


Thursday October 6, 2016 11:50 - 12:40
Tegel
  • Experience Level Any

11:50

Build Your Own ChromeOS distro and Image Server - Ronald G. Minnich, Google
ChromeOS is a very popular software stack, and Chromebooks have recently passed Macs in market share. But the ChromeOS stack is for more than just end users: ChromeOS is an open source system which lets any user build their own version of the stack and, further, make their Chrome devices use that stack, from their server. In other words, you can buy a Chromebook, flip it to developer mode, and have it run *your* ChromeOS stack, not the one it comes with. Further, you can run your own server so that over the air (OTA) updates come from you, not anyone else, using the same technology that Google uses. If you are good with a screwdriver, you can even rewrite the keys so that you can run your Chromebook in its secure mode, but still use your distro and no other. In this talk, I'll describe how you build/run a ChromeOS OTA server and run your personal ChromeOS on any network-attached device.

Speakers
avatar for Ron Minnich

Ron Minnich

Software Engineer, Google
linuxboot, u-root, coreboot, linuxbios, ... all open source firmwarelinux kernel, servers,


Thursday October 6, 2016 11:50 - 12:40
Hugos South

11:50

Documenting Your Software Supply Chain with Linked Data - Yev Bronshteyn, Black Duck Software
What’s in your software other than your code? Most likely, other people’s software. And what’s inside that software? More other people’s software. And each layer of that vast layer cake comes with its own licensing license agreements, copyrights, origin information, and, alas, vulnerabilities. To document all that, you’d need far more than an ingredient label and, preferably, something other than a COPYING file the size of "War and Peace".

In this presentation, we’ll examine the possibilities offered by Linked Data. We’ll talk about the fundamentals of Linked Data and RDF, its incarnations and formats (Turtle, RDF/XML, Thrift, JSON-LD), query language (SPARQL), tooling, and more. We’ll then look at SPDX, Linux Foundation's standard for using Linked Data to document component relationships, licenses, copyrights, and even vulnerabilities.

Speakers
avatar for Yev Bronshteyn

Yev Bronshteyn

Senior Software Engineer - Alliances, Black Duck Software/Synopsys
Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. He is a contributor to the SPDX technical team, which defines the Linux Foundation standard for documenting deep software package information with linked... Read More →



Thursday October 6, 2016 11:50 - 12:40
Tiergarten

11:50

Extending Programming Languages with Persistent Memory Semantics - Piotr Balcer, Intel
The bulk of the Unix toolchain and related programming languages were created in the seventies and to this day programmers around the world use the same old POSIX standard, the C programming language and Unix-compatible operating systems (like Linux or OS X). The emerging non-volatile memory is a paradigm shifting technology that is poised to disrupt the current status quo. In this talk Piotr Balcer will present the state of the art research related to persistent memory language extensions and discuss the NVML (Non-Volatile Memory Library) team open source work around enabling existing languages to understand persistence.

Speakers
avatar for Piotr Balcer

Piotr Balcer

Software Engineer, Intel
Piotr Balcer is a software engineer with 4 years’ of experience working on storage related technologies at Intel Corporation. He received B.Eng. from the Gdansk University of Technology in 2014 where he studied system software engineering. For two years now he has been working on... Read More →


Thursday October 6, 2016 11:50 - 12:40
Potsdam III

11:50

What Kind of Crazy Person Uses a Full Linux Distro for IOT? - Jim Perrin, CentOS
IoT is quickly becoming omnipresent in our day to day lives, but many times we
find that platforms are obsolete as soon as they hit the market, or at the very
least get little to no security or feature updates. By adapting existing Linux
distribution development practices, IoT can both improve its security, and
expand its lifecycle with minimal overhead while adding features and extending
devices lifecycles. In this talk Peter Robinson of Fedora and Jim Perrin of
CentOS will outline a 'gold standard' workflow for IoT and maker hardware,
from getting hardware support into the distro, to the lifecycle of the
applications living on the appliance without endusers ending up with an
expensive doorstop.

Speakers
avatar for Jim Perrin

Jim Perrin

Program Manager, Microsoft
Jim has been a member of the CentOS project for over a decade, and is the maintainer of the AArch64 port of the CentOS Linux distribution.


Thursday October 6, 2016 11:50 - 12:40
Köpenick
  • Experience Level Any

13:00

SPDX Bakeoff
In this working session we will do a deeper dive on the various tools (both open source and commercial) for producing and consuming SPDX 2.1.  Bring your tools, bring your ideas for tools, and be prepared to roll up your sleeves and get your hands dirty with SPDX fields.

In order to facilitate discussion and collaboration we encourage SPDX producers to generate SPDX 2.1 data files (tag:value format) for a selection of open source projects prior to the meeting.  There will be a standard set of packages to be analyzed, which will be documented in the SPDX 2.1 bakeoff folder on Google Docs.   Before the session you may upload your data files to the  folder on Google Docs.  Just create a folder with the name of your organization and deposit whatever files you have.  We will have several projectors in order to facilitate side-by-side comparisons of SPDX data during the meeting.

We hope to accomplish the following in this session:
  • Discuss and resolve different interpretations of the SPDX specification and data fields.
  • Identify and discuss bugs or gaps in the specification and ideas on how to address those in future versions of the specification.
  • Demo or discuss additional tools, resources, or best practices beyond the specification that will be required in order to promote adoption of SPDX.
This session will be of primary interest to SPDX tool developers, users of those tools (corporations and open source developers/projects), SPDX specification developers and other members of the SPDX working groups.

Thursday October 6, 2016 13:00 - 18:00
Bishop

16:00

Building Cloud Native Application Infrastructure from Laptop to Cloud - and Back Again - Tony Kay, Oracle
MicroServices and Containerization create the new platform for developing Cloud Native Applications but are they the lowest layer of abstraction we should care about? Consistent industrial strength OS and virtualization layers matter or we are all in the “distro business”. This session shows how to build highly automated DevOps environments for Docker based development from laptop to cloud and back again enhancing consistency, reliability, repeatability and security.

Speakers
TK

Tony Kay

Director for Virtualization, Oracle
Tony Kay is Director for Virtualization at Oracle and has been using Unix and Linux since the early 90s when he wore both Dev and Ops hats. He joined Oracle via Sun Microsystems where he held, amongst other roles, Security Architect and later Chief Architect For HPC before moving... Read More →


Thursday October 6, 2016 16:00 - 16:50
Bellevue

16:00

How to Monitor Docker Containers with the Open Source ELK Stack - Asaf Yigal, Logz.io
As Docker becomes more and more popular, the number of deployed containers is increasing rapidly. As a result, the ability to monitor the logs of each container is becoming more and more difficult -- especially when organizations have many containers distributed across many servers. Centralized logging with the open source ELK Stack (Elasticsearch, Logstash, and Kibana) is the solution to this problem.

Setting up the ELK Stack to monitor Docker logs might seem like an easy task, but Asaf Yigal of Logz.io went through several iterations in his company's architecture and made mistakes in their deployments that are common in the industry. In this tutorial, he will go through what they did and explain what worked and what failed -- and why. This presentation is for people who use are interested in using open source ELK to perform Docker log analysis in their own environments.

Speakers
AY

Asaf Yigal

Logz.io
Asaf Yigal is co-founder and the VP of Product at Logz.io. Prior to Logz.io, Asaf co-founded Currensee, a social trading platform, which was later acquired by OANDA in 2013. Prior to Currensee, Asaf played executive roles at Akorri in developing an end-to-end performance monitoring... Read More →


Thursday October 6, 2016 16:00 - 16:50
Charlottenburg I/II

16:00

Adding CPU Frequency Scaling for Your ARM Platform to Linux Kernel - Bartlomiej Zolnierkiewicz, Samsung Electronics Polska Sp. z o.o.
CPU frequency scaling is one of standard features implemented when adding new ARM platform support to Linux kernel. Most (if not all) recent ARM platforms are making use of the generic Device Tree based CPUfreq driver (cpufreq-dt). During This tutorial Bartlomiej will present the inner workings of the cpufreq-dt driver and will show all the steps (including mandatory Device Tree changes and optional clocks subsystem adjustments) needed to make the driver work on new ARM platform. Off-the-shelf Hardkernel's ODROID-XU3 board (which is Samsung Exynos5422 SoC based) will be used as the example hardware for showing the step-by-step implementation of CPU frequency scaling. The tutorial will end with discussion of advanced topics like how to enable software boost functionality, when to use generic ARM big.LITTLE CPUfreq driver and when there is a need to develop a new CPUfreq driver.

Speakers
avatar for Bartlomiej Zolnierkiewicz

Bartlomiej Zolnierkiewicz

Senior Software Engineer, Samsung Electronics Polska Sp. z o.o.
Bartlomiej is a Senior Software Engineer at Samsung R&D Institute Poland. Currently, he is improving Linux Kernel support for Samsung ARM Exynos SoCs series. Zolnierkiewicz has been contributing into the Linux Kernel since 2002, working mostly on various device drivers. He was the... Read More →


Thursday October 6, 2016 16:00 - 16:50
Köpenick

16:00

Bringing Android Explicit Fencing to Mainline: A New Era for Graphics - Gustavo Padovan, Collabora Ltd.
The talk will cover the current state of Explicit Fencing on Graphics. It first appeared on Linux as the Android Sync Framework to improve buffer handling between Kernel Drivers and the HWComposer. With explicit fencing userspace is responsible for synchronize between drivers sharing the same DMA buffer. It gets the buffers' fence from the Producer driver(GPU or Camera) and send it to the Consumer one (DRM) and vice-versa. The Consumer then wait the fence to signal before using the buffer. The fence signal when the buffer is ready for use, eg: When the GPU finishes processing it., the fence signal and the DRM driver can show it on screen.

Before only Implicit Fencing existed, where the kernel handles fencing between drivers internally with no userspace interference. There was no generic code, as each driver hacked its own implicit fencing mechanism, leading to hard to debug bugs.

Speakers
avatar for Gustavo Padovan

Gustavo Padovan

Software Engineer, Collabora
Gustavo Padovan holds a BSc. Computer Science from the University of Campinas, Brazil. He is Linux Kernel Developer and works at the open-source consultancy Collabora Ltd. In the Kernel he has worked in a number of areas, notably as Maintainer of the Bluetooth Subsystem and has been... Read More →


Thursday October 6, 2016 16:00 - 16:50
Charlottenburg III

16:00

Persistent Memory Extensions to libstdc++/libc++ - Tomasz Kapela, Intel
In the advent of a new, persistent memory enabled world, the current software
industry must prepare for the upcoming changes. Looking forward to meet those
new requirements set by the new type of hardware, a new standard API should be
introduced to ease the adoption of this new technology. During the development
of the Linux NVM (Non Volatile Memory) Library, it became apparent, that the C
API is complex and hard to use. To remove some of the pain points, a proposal
of a new C++ API was made. This presentation/talk will explain the design
process and decisions made during the implementation phase, as well as the
interaction with the existing implementations of the C++ standard library.

Speakers
avatar for Tomasz Kapela

Tomasz Kapela

Software Engineer, Intel
Tomasz Kapela is a software engineer with 6 years of experience in the industry. He majored in radio communication systems from the Gdansk University of Technology in 2010. Since then he worked as a software developer and systems designer in Radmor, where he designed and implemented... Read More →


Thursday October 6, 2016 16:00 - 16:50
Potsdam I/II

17:00

From Zero to Your First Container Images in Just the Time for a Coffee - Alessandro Puccetti & Iago López Galeiras, Kinvolk GmbH
Containers are an hot topic, but still many people are not familiar with them and their ecosystem, this talk will break the ice with the containers world by showing how to build your first container image in a really simply and fast way. We will get an application running on the host, pack it in a container images, and deploy it. In less of the time for a coffee you will have your first container images deployed on the cloud. We will cover the basics to bring your application from bare metal or VM to a container and then you will be able to get an application and run it inside a container in less than 10 minutes.

Speakers
avatar for Iago López Galeiras

Iago López Galeiras

Software Engineer, Kinvolk
Iago brought his relaxed Spanish demeanor to Berlin a few years back. Sincenthen, he’s been diving and swimming around the internals of various Linuxnflavors; Android, embedded and Cloud. Container technologies are his currentnfocus; specifically on the rkt project where he’s... Read More →
avatar for Alessandro Puccetti

Alessandro Puccetti

Software Engineer, Kinvolk
Alessandro is Italian by birth, but citizen of the world by choice. After a couple of years spent in exotic locations around the world doing research on network measurement and security, he decided to apply his experience to build new and better linux technologies at Kinvolk GmbH... Read More →


Thursday October 6, 2016 17:00 - 17:50
Bellevue

17:00

Game Changer: Software Defined Storage and Container Schedulers - David vonThenen, EMC {code}
One problem of running Enterprise Applications in container schedulers, like Apache Mesos and Kubernetes, has been making applications and their data highly available. To date, utilizing local disks on compute nodes has given us data persistence, but unfortunately does solve the data mobility problem required to make applications tolerate Agent node failures.

We will discuss what Software Defined Storage (SDS) is, how Software Defined Storage can transform local storage into an external globally accessible pool, how Mesos clusters can overcome this data mobility problem, and more importantly do so in such a way that is simple and easy to consume using an Apache Mesos Framework as a reference model. Will have a demonstration of Mesos Framework that will deploy a scale out software defined storage platform and deploy applications leveraging this new type of storage.

Speakers
avatar for David vonThenen

David vonThenen

Cloud Native Engineer, VMware
David vonThenen is a Cloud Native Engineer at VMware working in the container orchestrator space specifically around the Kubernetes and CNCF ecosystems. Some of his contributions have been in the Jaeger, Helm, Open Tracing, Prometheus, and cloud providers just to name a few. Prior... Read More →


Thursday October 6, 2016 17:00 - 17:50
Schöneberg

17:00

Using Static Checkers to Find C Language Security Vulnerabilities in the Linux Kernel - Vaishali Thakkar, Linux Foundation
Static code analysis is commonly understood to be an automatic check of source code by a tool. Hundreds of possible fault types have been identified in C code, such as uninitialized variables, buffer overflows, race conditions etc over the years. Since a major part of the Linux kernel is written in C, there is clearly a need for automatic checking for compliance with proper security-related idioms.

The talk will depict the most common security-related coding errors that can arise in the Linux kernel and how current static checkers are helping in finding/fixing them. The talk will give an overview of the available and most commonly used tools, including sparse, coccinelle, smatch, checkpatch, clang, coverity etc. It will also highlight the kind of security vulnerabilities each of these tools is best adapted to handle.

Speakers
avatar for Vaishali Thakkar

Vaishali Thakkar

Linux kernel engineer, Freelancer
Vaishali Thakkar is a freelance kernel engineer and co-organizer of RGSoC. She has diverse interest in different areas/subsystems of Linux Kernel, including but not limited to I2C, Security, memory management. power management etc. She also volunteers as a coordinator for Linux Kernel... Read More →


Thursday October 6, 2016 17:00 - 17:50
Charlottenburg III
  • Experience Level Any

17:00

Using the Valgrind Framework to Build a Persistent Memory Error Detector - Krzysztof Czurylo & Tomasz Kapela, Intel
Valgrind is a popular, multi-platform instrumentation framework for building dynamic binary analysis tools. In the Linux community, it is mostly known and valued for a few popular tools: Memcheck - a memory-management error detector, and Helgrind/DRD - two threading bugs detectors.
In this talk, we will present a new tool built on Valgrind - Pmemcheck - yet another memory error detector designed specifically to detect problems with Persistent Memory programming.
First, we will talk about the motivation for creating new error detector and the reasons for which we have chosen Valgrind framework to create Pmemecheck. We will also shed some light on typical issues related to the use of byte-addressable persistent memory. Finally, we will present an in-depth view on the Pmemcheck design and the changes we have made to the core part of Valgrind to support persistent memory.

Speakers
KC

Krzysztof Czuryło

Senior Software Engineer, Intel
Krzysztof Czuryło is a Software Architect at Intel, having over 15 years of experience in databases, networking/telecommunication and 3D graphics. For the last three years he is mostly focused on persistent memory programming and algorithms providing effective and fail-safe usage... Read More →
avatar for Tomasz Kapela

Tomasz Kapela

Software Engineer, Intel
Tomasz Kapela is a software engineer with 6 years of experience in the industry. He majored in radio communication systems from the Gdansk University of Technology in 2010. Since then he worked as a software developer and systems designer in Radmor, where he designed and implemented... Read More →


Thursday October 6, 2016 17:00 - 17:50
Potsdam I/II