This event has ended. Visit the official site or create your own event on Sched.
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Advanced [clear filter]
Monday, September 11

11:00am PDT

Signing Linux Executables for Fun and Security - Matthew Garrett, Google
Linux is not free from malware or the threat of targeted attacks, and so there are many circumstances where being able to control which executables may be run on a system is a benefit. But simply restricting a system to run only whitelisted binaries isn't practical - there are multiple legitimate reasons to run custom binaries locally, and the existence of interpreted languages makes things even more complicated.

This presentation will describe the use of Linux's Integrity Measurement Architecture and its support for providing and enforcing binary signatures. It will then describe how this may be integrated with existing security modules to provide a cryptographically enforced policy that allows for fine-grained executable permission levels allowing the creation of a secure Linux environment that still allows local customisation.


Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.

Monday September 11, 2017 11:00am - 11:40am PDT
Gold 1
  LinuxCon Tracks

4:00pm PDT

Building Application Pipelines Using Kubernetes and a Serverless Approach - Sebastien Goasguen, Bitnami
Kubernetes and containers have changed the way we look at infrastructure. No more pets, no more servers, just an API that lets us focus on the distributed applications. With this renewed focus on applications and the availability of pre-packaged services, we can now think about the logic of complex application pipeline. How do I build an automated optical recognition system ? How do I build a scalable stream processing system ? Recently these types of applications have been enabled on AWS using Lambdas. In this talk we will show how they can also be enabled on Kubernetes, by injecting functions in Pods and using all the Kubernetes core primitives. This talk will position Kubernetes as a great platform to support serverless computing and to demonstrate this we will demo our own solution: kubeless.

avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →

Monday September 11, 2017 4:00pm - 4:40pm PDT
Diamond Ballroom 8
  ContainerCon Tracks

4:50pm PDT

Containerd Internals: Building a Core Container Runtime - Stephen Day, Docker & Phil Estes, IBM
Containerd is the core container runtime used in Docker to execute containers and distribute images. It was designed from the ground up to support the OCI image and runtime specifications. The design of containerd is carefully crafted to fit the use cases of modern container orchestrators like Kubernetes and Swarm. In this talk, we dive into design decisions that help containerd meet a diverse set of requirements for a growing container world. Developing an understanding of the decoupled components will provide attendees a grasp where they can leverage functionality in their platforms. By slicing the components of a container runtime into the right pieces, integrators can choose only what they need.

avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container & Linux Strategy, IBM
Phil is a Distinguished Engineer in the office of the CTO for IBM Cloud, guiding IBM's strategy around containers and Linux. Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as a member of the Technical Oversight... Read More →

Monday September 11, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 7
  ContainerCon Tracks

5:40pm PDT

BoF: Open API Initiative - Healthcare - Mohamed Alkady, Hart
The development of modern web APIs has been a boon for the development community, as a singular simple language has the potential to cultivate a community of innovation and iteration within an industry. Healthcare — arguably one of society’s most important sectors — could advance huge benefits to the population as a result of technical innovation and iteration; however, for the last decade, institutional healthcare has lagged in promoting developer growth and openness. In response to this challenge, Hart is striving to create a unified health API. Developers can integrate this RESTful API into consumer applications to create more targeted, personalized patient experiences and effectively change the way people interact with their own health — from their front door to their doctor’s office, and at other significant touchpoints in between.


Mo Alkady

Founder, Hart
Mohamed Alkady founded medical software technology company Hart in Orange County, Calif., in 2012 to improve the ways in which people inside and outside of the industry access and engage with health data. A leader of the movement that views healthcare as a service, Hart has developed... Read More →

Monday September 11, 2017 5:40pm - 6:30pm PDT
Gold 1
  LinuxCon Tracks
Wednesday, September 13

11:00am PDT

Improved Buffer Sharing Synchronization for Graphics & Media - Gustavo Padovan, Collabora Ltd
Isn't it time we had all new and exciting devices running mailing kernel? Robust and efficient Graphics & Media stacks are a must for most of these devices, yet mainline always fell behind in these areas. However, with the inclusion of Explicit Synchronization of buffer sharing in DRM, this is all starting to change. Explicit Synchronization is a way to let the userspace control the synchronization of buffers between drivers, allowing for smarter, and thus, more efficient decisions. And now V4L2 is on its way to support it as well!

With Explicit Synchronization, Android is now capable of running on top of mainline Graphics, and soon we will achieve similar results on Media side. There are also some extensions that we've been working on DRM to improve the performance in complex usecases, like Android Apps running inside ChromeOS.

In the end, these exciting developments will hopefully help broaden mainline usage in the industry!

avatar for Gustavo Padovan

Gustavo Padovan

Software Engineer, Collabora
Gustavo Padovan holds a BSc. Computer Science from the University of Campinas, Brazil. He is Linux Kernel Developer and works at the open-source consultancy Collabora Ltd. In the Kernel he has worked in a number of areas, notably as Maintainer of the Bluetooth Subsystem and has been... Read More →

Wednesday September 13, 2017 11:00am - 11:40am PDT
Plaza I/II
  LinuxCon Tracks

2:00pm PDT

Control-flow Enforcement Technology - Yu-cheng Yu, Intel
Hackers often look for buffer overflow opportunities in an application and feed it illegal input data to overwrite function return addresses, combining with “gadgets”, manipulate normal program execution path to achieve malicious behavior in a system. These techniques do not need any code injection, cannot be detected by binary signatures, and the resulting activities easily skip detection. CET blocks these exploits with the “shadow stack” that stores a secure copy of every function return address and the “end-branch” opcode that prevents arbitrary decoding of multi-byte instructions. This presentation gives an overview of CET and highlights software implementation for Linux.


Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Plaza I/II
  LinuxCon Tracks

4:00pm PDT

SCHED_DEADLINE: Open Issues - Daniel Bristot de Oliveira, Red Hat

The deadline scheduler adds the ability of scheduling tasks, not according to a fixed priority, but according to a dynamic priority, based on the task’s deadline. To be able to use this scheduler, a task needs to inform three parameters: the period, the runtime, and the relative deadline.

Using these parameters, the scheduler tries to provide the runtime CPU time, at each period for each deadline task. Under the perfect conditions, the sched deadline is able to schedule all tasks within their deadline, providing the timing guarantee real-time tasks need. Did you notice the under the perfect conditions part? The conditions are:

- Implicit deadline tasks – or constrained being quite a pessimist.
- Tasks should not self-suspend;
- All the system’s delay must be taken into account.
- The runtime must represent the worst-case execution time;
- The system should not be overload – which requires some very restrictive setup.

All these restrictions open the opportunity for improvements in the deadline scheduler. This presentation aims to list these points of improvement, point directions and challenges. Such as:

- Constrained deadline tasks guarantees
- Arbitrary affinity tasks
- Hierarchical scheduling – RT Throttling
- Tracepoints
- Precise way to define task’s runtime
- Other possibilities for admission tests

There are many points of improvement in the deadline scheduler, and discussing them is fundamental for a wider and safer adoption of this powerful scheduler.

avatar for Daniel Oliveira

Daniel Oliveira

Principal Software Engineer, Red Hat
Daniel is a Principal Software Engineer at Red Hat, working in the real-time kernel team, and has a Ph.D. in Automation Engineering (UFSC)/Computer Engineering (Scuola Superiore Sant'Anna). He works in the research and development of real-time features and runtime formal verification... Read More →

Wednesday September 13, 2017 4:00pm - 4:40pm PDT
Diamond Ballroom 3
  LinuxCon Tracks

4:50pm PDT

How Will Linux Handle Quantum Computing? - Paul McKenney, IBM

First, a few words about what this talk is not. It is not a tutorial on how to program quantum computers. For that, you should find a D-Wave machine or go to http://research.ibm.com/ibm-q/, either of which should provide an excellent hands-on introduction to the current practice of quantum computing. Either way, highly recommended!

This talk instead gives an overview of the current state and trends of quantum-computing technology. It then uses these trends to make some educated guesses about the challenges facing the use of quantum computing in production. Of course, the bigger the killer app, the more effort will be invested in overcoming these challenges. This talk therefore also gives an overview of quantum computing’s most likely killer apps. This will lead into some possibilities of how quantum computing might affect the Linux plumbing, and vice versa. The talk will conclude with the usual free advice, which will be worth every penny that you pay for it.

avatar for Paul McKenney

Paul McKenney

Distinguished Engineer, IBM Linux Technology Center, Beaverton
Paul E. McKenney is a Distinguished Engineer with the IBM Linux Technology Center, where he maintains the RCU implementation within the Linux kernel. He has been coding for four decades, more than half of that on parallel hardware. His prior lives include the DYNIX/ptx kernel at Sequent... Read More →

Wednesday September 13, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 3
  LinuxCon Tracks