Loading…
This event has ended. Visit the official site or create your own event on Sched.
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Intermediate [clear filter]
Monday, September 11
 

11:00am PDT

Onto Petaflops with Kubernetes - Vishnu Kannan, Google
Kubernetes is becoming the sought after platform for managing Deep Learning Applications at scale. In this talk, the speaker will present the internals of how Kubernetes manages GPUs. The talk will then explore how Kubernetes helps power deep learning frameworks like Tensorflow and Caffe. Integration plans for other hardware accelerators will also be presented.

Speakers
avatar for Vishnu Kannan

Vishnu Kannan

Staff Engineer, Google
Vishnu Kannan is a Staff Software Engineer at Google. Vishnu received his Masters in ECE from Georgia Tech. He has been a systems engineer ever since he graduated. He hacked on the Linux Kernel for a couple of years at Cisco. He then worked on Borg at Google. He is currently an active... Read More →



Monday September 11, 2017 11:00am - 11:40am PDT
Diamond Ballroom 8

11:00am PDT

Panel Discussion: Are Containers the Future of IaaS? - Moderated by Bruno Cornec, Hewlett Packard Enterprise
The OpenStack project, one of the major Open Source IaaS solution is now 7 years old and see some major old-timers contributors changing strategies, as well as a new focus around containers, which are themselves pushed by newer companies such as Docker 4 years old. Come to this session to listen to our panelists debating around the future of Infrastr
ucture as a Service (IaaS):
- What is the role of bare-metal, virtualization, containers ?
- What are IaaS customers looking after in the coming years ?
- What is the best approach for Cloud Native Applications? Legacy ones ?

With representatives from the OpenStack project, the Docker project, distribution vendors and hardware vendors, this roundtable should give you the answers to these questions and more.

Moderators
avatar for Bruno Cornec

Bruno Cornec

Open Source & Technology Strategist, HPE
Bruno Cornec has been managing various Unix systems since 1987 and Linux since 1993 (0.99pl14).Bruno first worked 8 years around Software Engineering and Configuration Management Systems in Unix environments.Since 1995, he is Open Source and Linux (OSL) Technology Strategist, Linux... Read More →

Speakers
JP

Jerome Petazzoni

Tinkerer Extraordinaire, Docker Inc.
Jerome works at Docker, where he helps others to containerize all the things. In another life he built clouds when EC2 was just the name of a plane, developed a GIS to deploy dark fiber through the French subway, managed commando deployments of large-scale video streaming systems... Read More →


Monday September 11, 2017 11:00am - 11:40am PDT
Diamond Ballroom 6

11:00am PDT

A Practical Approach of Tailoring Linux Kernel - Junghwan Kang, National Security Research Institute
Today Linux Kernel is being used on various devices & platforms. So there are a lot of features in Linux kernel to support them, more than 30 architectures, 300 feature groups, 20,000 configuration options. The variety of features widens attack surface of Linux kernel, e.g. CVE-2016-3955: Buffer overflow in USB/IP, CVE-2017-6074: a double-free in DCCP.
As a result, Linux kernel is needed to tailor as its intended use. However, the configuration is hard due to the excessive number & choices. Although there are also preceding methods like undertaker-tailor, kernel make option (localmodconfig) that are unpractical & insufficient.
In this presentation, we introduce a improved approach that is a fully automatic system to tailor Linux kernel. First, we go through pros & cons of related works, and then we describe a design of our system, demonstrate how our system works and minimize Linux kernel.

Speakers
avatar for Junghwan Kang

Junghwan Kang

Cyber Security Researcher, The Affiliated Institute of ETRI
Junghwan Kang is a senior security researcher at The Affiliated Institute of Electronics and Telecommunications Research Institute (ETRI) of South Korea. He has been studying systematic methods and techniques to harden the security of a customized Linux distribution for a few years... Read More →



Monday September 11, 2017 11:00am - 11:40am PDT
Georgia I/II
  LinuxCon Tracks

11:50am PDT

By Every Need Necessary: A Cloud Foundry Roadmap Update - Chip Childers, Cloud Foundry Foundation
Open source projects are unique in that they are constantly mutating -- based on user need, core committers and councils dedicated to overseeing their evolution. While some open source projects can grow haphazardly, like a house with no blueprint, Cloud Foundry was designed and evolved in order to ensure balance between competing interests, ingrained processes (like “pairing”) that improve quality and developer satisfaction, and vital collaboration among organizations. The community and culture within Cloud Foundry is comprised of practical, well-documented processes and strong developers, moves at an ultra high velocity and holds an open mind for all new projects. In this talk, Cloud Foundry Foundation CTO Chip Childers will take you through the current and future efforts of the project teams, including Runtime PMC, CAPI, Diego, Garden, BOSH and the Open Service Broker API. He will map out the evolution of these projects, their councils and the implications of these updates for Cloud Foundry users.

Speakers
avatar for Chip Childers

Chip Childers

Executive Director, Cloud Foundry Foundation
Chip has spent more than 18 years in large-scale computing and open source software. In 2015, he became the co-founder of the Cloud Foundry Foundation as Technology Chief of Staff. He was the first VP of Apache Cloudstack, a platform he helped drive while leading Enterprise Cloud... Read More →


Monday September 11, 2017 11:50am - 12:30pm PDT
Diamond Ballroom 3

11:50am PDT

CRIU: CRazI StUff for the Mainframe? - Michael Holzheu, IBM
2012, January 12, 20:42: Linus Torvalds merges Andrew's "patch-bomb" with the first CRIU kernel patches including the comment "... a project by various mad Russians to perform c/r mainly from userspace".

Now, five years later, Docker decided to integrate this project for checkpointing their containers. A valid reason for us to check out if this can be also good stuff for the Mainframe. After looking at the code at least one thing is clear now - it is ... crazy.

In this presentation we explain the deep technical details of checkpointing Linux processes in userspace including the Mainframe specific parts. We also show how CRIU can be used for Docker container checkpoints and for other promising scenarios.

So, Mission critical workload with CRIU or Mission impossible?

Speakers
avatar for Michael Holzheu

Michael Holzheu

Mr., IBM
Michael Holzheu is a Linux kernel developer at the IBM lab in Boeblingen, Germany. He studied computer science at the University of Erlangen and has worked for IBM since 1998. After a start in the z/OS UNIX Systems Services environment, he joined the Linux on z Systems team in 2000... Read More →



Monday September 11, 2017 11:50am - 12:30pm PDT
Diamond Ballroom 7

11:50am PDT

The Anti-Pattern Wall of 2011 has Crumbled: Stateful Applications in Containers - Steve Wong, {code}
The “12 factor app” was written in 2011 and became a widely cited classic of useful patterns for application architecture. #6 on the list said: apps shall be stateless.

There is some question as to whether this made sense even at the time it was written – some suggest it was simply declaring state to be someone else’s problem.

Containers have been rapidly evolving since – Docker was released 2 years later. In a rapidly advancing field, design patterns should be periodically challenged.

Open source projects have been adding features specifically intended to allow the pets (stateful) to be hosted alongside the cattle (stateless). The Kubernetes StatefulSet is one example.

This talk will survey currently available support and best practices for running stateful services on popular open source platforms. Proposals and works-in-progress will also be covered.

Speakers
avatar for Steve Wong

Steve Wong

Strategic Open Source Partner Engineer, {code}
Steve Wong is an Open Source Engineer with the {code} team. Steve has been participating in the Apache Mesos, DC/OS, Kubernetes, and REX-Ray projects.



Monday September 11, 2017 11:50am - 12:30pm PDT
Diamond Ballroom 6

11:50am PDT

Advances in CPU Performance Scaling - Rafael Wysocki, Intel
Quite significant and radical changes were made in the kernel's CPU performance scaling subsystem (CPUFreq) in 2016. Most importantly, it was switched over from using deferrable timers to a new control flow based on governor callbacks invoked by the CPU scheduler. That change made it possible to clean up the CPUFreq core substantially and to add more functionality on top of it. Among other things, there is a new CPUFreq governor called schedutil that makes decisions based on the CPU utilization metric used internally by the CPU scheduler. Currently, work is in progress to implement energy-aware scheduling (EAS) on top of it. In addition to that, all of the CPUFreq governors receive hints from the scheduler which allows them to optimize decisions in some cases. That opened up another path for improvements, in particular in the intel_pstate driver that has undergone substantial modifications recently as well. All of that leads to an optimistic outlook on the future of CPU performance scaling in Linux.

Speakers
avatar for Rafael Wysocki

Rafael Wysocki

Software Engineer, Intel
Rafael maintains the Linux kernel’s power management infrastructure and the core ACPI support code. He works at Intel and focuses on the mainline Linux kernel development. Rafael has been actively contributing to Linux since 2005, in particular to the kernel’s suspend/hibernate... Read More →



Monday September 11, 2017 11:50am - 12:30pm PDT
Georgia I/II
  LinuxCon Tracks

2:00pm PDT

Automating Access Control Lists with OpenDaylight and OpenVSwitch - Gustavo Pantuza & Leopoldo Mauricio, Globo.com
Available Cloud solutions does not ever meet all requirements for company environments. With that in mind, Globo.com embraced an open cloud solutions, Apache Cloudstack, and began developing together with the community to fulfill all its high availability, high capacity and high throughput requirements. Integration between our cloud solution and infrastructure happens in all levels, with an special attention to network equipment management, DNS automation and load balancing.
In this presentation, we will focus the challenges in automating networking and security services in a layer 3 fabric Data Center for 100+ racks and how they were addressed within Globo.com Network API and integrated with other available open source tools. We will show how we reduce TCAM usage by using virtualized switches and SDN to persist Access control lists. We will present our use case using OpenDaylight and OpenVSwitch.

Speakers
avatar for Leopoldo Mauricio

Leopoldo Mauricio

Senior Security Analyst, MSc, Globo.com
Globo.com is the Internet segment of Globo Group (Grupo Globo), the largest media group in Brazil and one of the largests worldwide. It is the main Web portal for news, sports and entertainment in Brazil and besides its self-generated content, has exclusive rights to stream several... Read More →
avatar for Gustavo Pantuza

Gustavo Pantuza

Software Engineer, MSc., Globo.com
Globo.com is the Internet segment of Globo Group (Grupo Globo), the largest media group in Brazil and one of the largests worldwide. It is the main Web portal for news, sports and entertainment in Brazil and besides its self-generated content, has exclusive rights to stream several... Read More →



Monday September 11, 2017 2:00pm - 2:40pm PDT
Diamond Ballroom 3

2:00pm PDT

A Greybeard's Worst Nightmare - How Kubernetes and Containers are Re-defining the Linux OS - Daniel Riek, Red Hat
Containers and Kubernetes are having a deep impact on the Linux operating system (OS) that goes well beyond DevOps and cloud-native applications. The concepts of application-centric packaging, process isolation through Linux containers, and immutable infrastructure are shaking up the core traditions of today's GNU/Linux operating systems. These concepts are also challenging the assumptions and approaches derived from the past 40+ years of work that originated with UNIX. The Linux distribution as we know it is coming to an end, and is being replaced by a new concept of containerized, multi-instance, multi-user applications, which can be deployed in scale-out environments. In this session, we'll assess this new OS environment and take a deep look at the consequences this new OS model has for both developers and operators.

Speakers
avatar for Daniel Riek

Daniel Riek

Senior Director, Artificial Intelligence CoE, Red Hat, Inc



Monday September 11, 2017 2:00pm - 2:40pm PDT
Diamond Ballroom 8

2:00pm PDT

Boosting Linux Performance with GCC/GLIBC Latest Technologies - Victor Rodriguez, Intel
As the Linux community continues to redefine the boundaries of what is possible in a server-based Linux distribution running on new silicon, both power and performance play an increasingly important role in the industry. In the Clear Linux Project for Intel Architecture, we decided to use/improve the latest GCC/GLIBC compiler technology to boost the performance of a Linux-based system. The benefits apply to projects such as machine learning frameworks and statistical programing languages to the recent improvement of web back backend technology based on GCC. After a year of demonstrably improved results on Clear Linux, is a good time to share with the community and other Linux distributions how to implement these technologies as Clear Linux has done in order to realize similar performance improvements and therefore unleash the power of new cloud and datacenter servers architectures in Linux systems.

Speakers
VR

Victor Rodriguez

Linux SW engineer, Intel
Victor is a Linux developer since 2011. He began his career in the Linux kernel community as maintainer of the board OMAP138 “Hawk board” platform. At Intel, he works as Linux SW developer, currently working in areas such as performance optimizations, security, debug, compilers/toolchains... Read More →



Monday September 11, 2017 2:00pm - 2:40pm PDT
Georgia I/II
  LinuxCon Tracks

2:50pm PDT

From Zero to Serverless in 60 Seconds, Anywhere - Alex Ellis, ADP
The “serverless” architectural pattern (which has recently been made popular by AWS Lambda or IBM OpenWhisk) lets us focus on building discrete, reusable chunks of code. This pattern is particularly suited to lightweight, event-driven interactions between third-party services.

Functions-as-a-Service (OpenFaaS) is an open-source framework that allows you to package any code as a serverless function, enabling you to consume a range of web events with minimal boilerplate coding. It leverages Prometheus metrics for auto-scaling; and since it relies on Docker’s API and native orchestration, it can be deployed on any platform (private or public cloud, or even on prem’) in minutes.

In this talk, we will give an overview of the serverless pattern including use-cases; then introduce the OpenFaaS framework and show it in action. There will be live demos featuring integrations with Amazon Alexa voice assistant, Twitter, and GitHub. 

Speakers
avatar for Alex Ellis

Alex Ellis

Founder, OpenFaaS Ltd
Alex is a respected expert on serverless and cloud native computing. He founded OpenFaaS, one of the most popular open-source serverless projects, where he has built the community via writing, speaking, and extensive personal engagement. As a consultant and CNCF Ambassador, he helps... Read More →


Monday September 11, 2017 2:50pm - 3:30pm PDT
Gold 4

2:50pm PDT

Building Robust Streaming Data Pipelines with Apache Spark - Zak Hassan, Red Hat
There are challenges to architecting a solution that will allow for developers to stream data into Kafka and be able to manage dirty data which is always an issue in ETL pipelines. I'd like to share lessons learned and demonstrate how we can put Apache Kafka, Apache Spark and Apache Camel together to provide developers with a continuous data pipeline for the Spark applications. Without data it is very difficult to take advantage of its full capabilities of Spark. Companies sometimes have their data stored in many different systems and Apache Camel allows developers to Extract, Transform and Load their data to many systems Apache Kafka is one example. Apache Kafka is great for aggregating data in a centralized location and Apache Spark already comes with a built in connector to connect to Kafka. I'll also be explaining lessons learned from running these technologies inside docker.

Speakers
avatar for Zak Hassan

Zak Hassan

Senior Software Engineer - AI/ML CoE, CTO Office, Red Hat Inc.
Currently focused on developing analytics platform on OpenShift and leveraging Open Source ML Frameworks: Apache Spark, Tensorflow and more. Designing high performance and scalable ML platform that exposes metrics through cloud-native technology: Prometheus and Kubernetes.



Monday September 11, 2017 2:50pm - 3:30pm PDT
Diamond Ballroom 6

2:50pm PDT

FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Image Layout - Akihiro Suda, NTT
The current Docker/OCI image format uses TAR archives, which are created for each of Dockerfile `RUN` changesets, for representing rootfs layers.
One of the problems with this format is that a container cannot be started until all the TAR archives are downloaded.
Also, the format has limitations in concurrency of downloading, and granularity of file deduplication among different versions of images.

FILEgrain solves these problems by using content-addressable store in the granularity of files, rather than of TAR archives, in the transport-agnostic way.
Since the files can be lazily downloaded, a container can be started without downloading whole the image.
The experimental result with 633MB of Java image shows that downloading 4MB of files is enough for running sh, 87MB for JRE, and 136MB for JDK.

Further information are available at https://github.com/AkihiroSuda/filegrain .

Speakers
avatar for Akihiro Suda

Akihiro Suda

Software Engineer, NTT
Akihiro Suda is a software engineer at NTT Corporation, a Japan-based telecommunication company. He has been a core maintainer of Moby (former Docker Engine) since November 2016. He has been also a maintainer of several opensource container software such as Moby, BuildKit, containerd... Read More →



Monday September 11, 2017 2:50pm - 3:30pm PDT
Diamond Ballroom 7

2:50pm PDT

Bringing xfstests to Android - Theodore Ts'o & Eric Biggers, Google
Xfstests is a file system regression testing system that was originally developed by SGI to provide quality assurance testing for XFS. It has since become the standard for doing file system testing and development for all of the major file systems for Linux. Unfortunately, xfstests assumes a Posix/GNU userspace environment, which is not available for Android systems. Building on the test appliance infrastructure for kvm-xfstests and gce-xfstests, android-xfstests allows Android kernels to receive the same level of file system quality assurance used in upstream kernel development. This talk will provide an introduction to xfstests for those not familiar with this test suite, and describe how android-xfstests was developed and how it can improve the quality of kernels used in the Android ecosystem.

Speakers
EB

Eric Biggers

Software Engineer, Google
Eric Biggers is a software engineer currently employed at Google on the Platform Encryption Team. He has been contributing to the Linux kernel for several years and currently is mainly contributing to the filesystem encryption infrastructure which is now shared by ext4, f2fs, and... Read More →
TT

Theodore Ts'o

Staff Engineer, Google
Theodore Ts'o is the first North American Linux Kernel Developer, and started working with Linux in September, 1991. He also served as the tech lead for the MIT Kerberos V5 development team, and served as a chair of IP Security working group at the IETF. He previously served as CTO... Read More →



Monday September 11, 2017 2:50pm - 3:30pm PDT
Georgia I/II
  LinuxCon Tracks

2:50pm PDT

Seven Lessons Learned from Growing a Project Too Fast - Matt Butcher, Microsoft
At a company team-building hackathon, our team of three built a cool project. We open sourced it. Within a few months, we had attracted far more attention than we anticipated. And now, 18 months in, we have hundreds of contributors and thousands of active users. Hear the war stories of a team that has been stretched to its limit as we learn how to grow. This presentation delves into seven things learned during the project's 18 month rise from a three-person side project to a community with hundreds of contributors and thousands of active users.

Speakers
avatar for Matt Butcher

Matt Butcher

Principal Software Engineer, Microsoft
Matt Butcher is a Principal Software Developer at Microsoft, where he leads the team of open source developers that manage Helm, CNAB, Brigade, Porter, and several other projects. Matt has a Ph.D. in philosophy, and is the author of eight technical books. He’s also the co-author... Read More →



Monday September 11, 2017 2:50pm - 3:30pm PDT
Diamond Ballroom 10

4:00pm PDT

Routing Performance Testing and Measurement - Swetha Repakula, IBM & Shash Reddy, Pivotal
HTTP router is at the core of network in Cloud Foundry. In this talk, Swetha and Shash will cover performance tests conducted at the routing tier and improvements made for network. Through this talk, they will present current performance monitoring setup as well as demonstrate the tools to monitor the Cloud Foundry routing tier better.

Speakers
SR

Shash Reddy

Software Engineer, Pivotal Software
Shash Reddy is a Software Engineer at Pivotal, and currently the engineering lead for the Cloud Foundry Routing team. She is a full time contributor for Cloud Foundry.
avatar for Swetha Repakula

Swetha Repakula

Software Engineer, IBM
Swetha Repakula gradated from UC Berkeley 2 years ago and started working at IBM in their open source team. Since then she has been a full time open source contributor for Cloud Foundry primarily using Go.



Monday September 11, 2017 4:00pm - 4:40pm PDT
Diamond Ballroom 3

4:00pm PDT

gRPC and Go: Developing Efficient and Type-Safe Services - Clinton Kitson, {code}
While REST, JSON over HTTP 1.1, is ubiquitous, it is a simple text-based protocol that was not designed to handle the demands of modern cloud-native service architectures. The gRPC project, originated from work at Google, is intended to continue where JSON stopped. It is a universal RPC protocol that uses binary payload over HTTP 2.0 for creating efficient, strongly typed, idiomatic and expressive service APIs using the language of your choice (ten so far).

In this session, speaker Vladimir Vivien explores the use of gRPC with the Go programming language. The session starts with the definition of a service using gRPC’s interface definition language (IDL). It continues on to create a working service while demonstrating the different gRPC API styles including uni-directional, bi-directional and streaming. Lastly, the session explores implications such client development, integration with existing JSON environments, and security.

Presentation topics:

- gRPC overview
- gRPC and the Go programming language
- Service definition and code generation
- Synchronous and asynchronous streaming APIs
- gRPC services with REST gateways
- Secure services

Speakers
avatar for Clint Kitson

Clint Kitson

Technical Director, {code}
Clint is the Technical Director for the {code} open source initiative. He focuses on contributing and building community around emerging trends in software-based infrastructure, containers, open source, and DevOps. He represents Dell Technologies as a CNCF governing board member... Read More →



Monday September 11, 2017 4:00pm - 4:40pm PDT
Diamond Ballroom 6

4:00pm PDT

Introduction to System Containers - Christian Brauner, Canonical Ltd.
The last couple of years have seen an increased interest in container-related technologies. When people speak of containers they usually mean process containers. They often view a container as being much more comparable to a single process than to a virtual machine. But this is not the only way that containers can be used. The features that the Linux kernel provides allow for much more, up to running a whole Linux system unmodified inside a single container. For the last couple of years the LXD team has worked on just that: making containers behave much more like a virtual machine. This talk is going to introduce the concept of a system container in depth and touch on some of the more challenging aspects one faces when containerizing a whole init system and not just a single process. We will also show how system containers allow you to do things like running other container runtimes like runC, Docker/Moby, and LXD inside them and allow for device passthrough for GPU and USB devices in a much easier way than actual virtual machines can.

Speakers
avatar for Christian Brauner

Christian Brauner

Senior Software Engineer, Canonical
Christian Brauner is a kernel developer and maintainer of the LXD and LXC projects currently working at Canonical. He works mostly upstream on the Linux Kernel maintaining various bits and pieces. He is strongly committed to working in the open, and an avid proponent of Free Software... Read More →



Monday September 11, 2017 4:00pm - 4:40pm PDT
Diamond Ballroom 7

4:00pm PDT

Running Android on the Mainline Graphics Stack - Robert Foss, Collabora
Finally, it is possible to run Android on top of mainline Graphics! The recent addition of DRM Atomic Modesetting and Explicit Synchronization to the kernel paved the way, albeit some changes to the Android userspace were necessary.

The Android graphics stack is built on a abstraction layer, thus drm_hwcomposer - a component to connect this abstraction layer to the mainline DRM API - was created. Moreover, changes to MESA and the abstraction layer itself were also needed for a full conversion to mainline.

This talk will cover recent developments in the area which enabled Qualcomm, i.MX and Intel based platforms to run Android using the mainline graphics stack.

Speakers
avatar for Robert Foss

Robert Foss

Senior Software Engineer, Collabora
Robert Foss holds a MSc in Computer Science and Engineering from the Technical University of Lund, Sweden. He is a Linux graphic stack contributor and Software Engineer at Collabora, and has worked in number of areas including Android, drm_hwcomposer, MESA, DRM and Intel GPU Tool... Read More →



Monday September 11, 2017 4:00pm - 4:40pm PDT
Georgia I/II
  LinuxCon Tracks

4:50pm PDT

GPU, USB, NICs and Other Physical Devices in Your Containers - Stéphane Graber, Canonical Ltd.
The very definition of a container is that it's a set of processes, or in this case full operating system which is sharing the kernel with the host machine.

This opens a full array of possibilities as far as what can be shared between host and container. This talk will be covering some of the most common use cases, such as sharing one or multiple GPUs with a container for compute use, accessing USB devices or physical network interfaces. Then go into slightly weirder cases of kernel device passthrough and see what can be done in such containers.

Outside of the obvious GPU compute use case, device passthrough can also be used to consolidate a number of distinct, mostly idle or old machines into just a single one, including any custom hardware that they may have attached to them and with very little hassle.

Working on Android apps and need to build a CI platform driving a large number of phones, USB passthrough can make this very easy for you too.

LXD will be used as the container manager as it makes all of this rather easy as part of its goal to offer a VM-like environment but built on top of Linux containers.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Project leader for LXD, LXC and LXCFS, Canonical Ltd.
Stéphane Graber is the engineering manager for the LXD team at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at events related to containers and Linux. Stéphane is also a longtime contributor to the Ubuntu Linux distribution... Read More →



Monday September 11, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 6

4:50pm PDT

Mesos vs Kubernetes: What We Learned Working With Both From Customers - Khalid Ahmed, IBM
IBM has been working in Apache Mesos community for almost two year and also builds a product named as Conductor for Container (https://hub.docker.com/r/ibmcom/cfc-installer/) which is based on Kubernetes and Mesos.

In this talk, we want to talk something as following:
1. Engagement experience and feedback about customer’s attitude towards Mesos and open DC/OS ecosystem compared with Kubernetes
2. The advantages and disadvantages for Mesos and Kubernetes based container cloud solution
3. The adoption of those different solutions and why customer choose different solutions.
4. How to improve Mesos and Open DC/OS ecosystem to align more with customer requirement.
5. What IBM is doing to make Mesos and Mesos + Kubernetes awesome for customers.

Speakers
avatar for Khalid Ahmed

Khalid Ahmed

Distinguished Engineer, IBM
Khalid Ahmed is an STSM, Chief Architect of Infrastructure Software at IBM Platform. He works on the design and architecture of large scale grid and cloud computing systems with focus on scheduling, resource, workload and data management. In over 20 years at industry experience he... Read More →



Monday September 11, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 8

4:50pm PDT

Deterministic Memory Allocation for Mission-Critical Linux - Jim Huang, South Star Xelerator & Keng-Fu Hsu, National Cheng Kung University
Dynamic memory allocation tends to be non-deterministic; the time taken to allocate memory may not be predictable and the memory pool may become fragmented, resulting in unexpected allocation failures. RT-alloc is a new experimental open source implementation, aiming for he behavior in multi-threading cache-friendly code, bookkeeping memory overhead, and real-time guarantees. This user-space approach does not require modifying all applications to make them RT-aware, although additional benefits accrue when at least some process within the system actively cooperate with the allocator. In addition, Linux-specific system calls such as madvise are used to perform fine-grained tweaks for PREEMPT_RT environments.

Speakers
avatar for Keng-Fu Hsu

Keng-Fu Hsu

college student, National Cheng Kung University
Student, National Cheng Kung University Keng-Fu Hsu studies engineering science at National Cheng Kung University, hacking Linux memory allocators recently.
avatar for Jim Huang

Jim Huang

CTO, BiiLabs Co., Ltd.
Jim leads the engineering team of BiiLabs, building open source based commercial solutions for blockchain-based energy ecosystems. After involved in Android Open Source Project, Jim specialises in real-time and virtualization to bring Linux based robots to fit for the industrial requirements... Read More →



Monday September 11, 2017 4:50pm - 5:30pm PDT
Georgia I/II
  LinuxCon Tracks
 
Tuesday, September 12
 

11:05am PDT

OpenStack vs. Ganeti - Lance Albertson, OSU Open Source Lab
OpenStack has gained a lot of prominence in the cloud ecosystem, but it can be a difficult platform to setup and maintain. Ganeti is a lesser known FOSS virtualization platform created by Google that primarily provides a simple to use compute service. Both of these platforms have their strengths and weaknesses.

At the OSU Open Source Lab, we have been long time users and promoters of Ganeti since 2009. It’s enabled the lab to better serve its FOSS hosting activities in a stable yet easy to use manner. Over the past year we have been also building and using OpenStack clusters to fill other computing needs that Ganeti doesn’t fill very well.

Ganeti is software developed at Google which can be used to manage physical hardware in order to host virtualization workloads. Used worldwide and highly customizable, Ganeti architecture makes it easy to install, maintain, extend and use. Compared to other platforms, Ganeti is a great fit for medium to small organizations that need a simple virtualization cluster will few to no cloud features.

This session will cover the Ganeti platform, how it’s being used, how the project and community is evolving and how to deploy it into your infrastructure.

Speakers
avatar for Lance Albertson

Lance Albertson

Director, OSU Open Source Lab
Lance Albertson is the Director for the Oregon State University Open Source Lab (OSUOSL) and has been involved with the Gentoo Linux project as a developer and package maintainer since 2003. The OSUOSL provides hosting for more than 160 projects, including those of worldwide leaders... Read More →



Tuesday September 12, 2017 11:05am - 11:45am PDT
Diamond Ballroom 3

11:05am PDT

Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS - Elizabeth Joseph, Mesosphere
Using a container orchestration platform like the Datacenter Operating System (DC/OS) makes it trivial to setup an automated continuous deployment pipeline that pushes code to production on every commit (perhaps with some tests thrown in the middle). This is a win for customers (they see new features sooner), developers (much less bureaucracy with each release) and operators (fewer changes with each release means less risk).

In this presentation, Elizabeth will introduce DC/OS, an open source distributed operating system and container orchestrator based on the production proven Apache Mesos. She will then describe and demonstrate advanced deployment strategies including canary deployments and blue/green deployments, showing you how you can integrate these with continuous deployment pipelines on DC/OS to perform advanced automated deployments with low risk over thousands of machines.

Speakers
avatar for Elizabeth Joseph

Elizabeth Joseph

Developer Advocate, IBM
Elizabeth K. Joseph is a Linux systems administrator turned developer advocate for IBM Z where she works with the community to explore Linux workloads on mainframes. She has previously worked on distributed systems, including OpenStack and Apache Mesos, and has written books on Ubuntu... Read More →



Tuesday September 12, 2017 11:05am - 11:45am PDT
Diamond Ballroom 7

11:05am PDT

Condensing Your Infrastructure Using System Containers - Stéphane Graber, Canonical Ltd.
As much as stateless micro-services running in containers are a great way of running your infrastructure and having it scale, very many of us have to deal with existing software that wasn't designed with any of that in mind.

One option is to just keep that software running where it is, possibly on some old physical server in a rack somewhere. Another is to move the whole thing to a virtual machine and save some power and space in the process.

But what about system containers? Can't you use those to run all your existing or legacy software with the kind of flexibility and density that containers provide?

This presentation will look into what kind of workload make the most sense to move to containers, what limitations there may be with running old software on very recent systems and will also touch on how such a system container environment can be managed at scale.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Project leader for LXD, LXC and LXCFS, Canonical Ltd.
Stéphane Graber is the engineering manager for the LXD team at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at events related to containers and Linux. Stéphane is also a longtime contributor to the Ubuntu Linux distribution... Read More →



Tuesday September 12, 2017 11:05am - 11:45am PDT
Diamond Ballroom 8

11:05am PDT

Unikernels and Explorations - Tiejun Chen, VMware

Unikernel is really beginning to attract people’s attention. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects but why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing same major challenges. In this presentation, we will review our exploration of if-how we can construct the best platform of running unikernels cases like converting Linux as Unikernel. It's necessary to optimize that to gain some good performance and convenience to run any customized images based on different Linux profiles like Real-Time/Secure/.


Speakers
avatar for Tiejun Chen

Tiejun Chen

Staff engineer II and technical leader, VMware
Tiejun Chen is a staff engineer II and one technical leader from ATC, Advanced Technology Center, VMware OCTO. In recent years he is working on some projects or explorations involved Linux, Unikernel, libOS, IoT, Edge Computing, secure container, k8s, serverless, etc. Before joined... Read More →



Tuesday September 12, 2017 11:05am - 11:45am PDT
Diamond Ballroom 6

11:55am PDT

Databases in the Hosted Cloud - Colin Charles, Percona
Today you can use hosted MySQL/MariaDB/Percona Server/PostgreSQL in several "cloud providers" in what is considered using it as a service, a database as a service (DBaaS). Learn the differences, the access methods, and the level of control you have for the various public cloud offerings:
- Amazon RDS including Aurora
- Google Cloud SQL
- Rackspace OpenStack DBaaS
- Oracle Cloud's MySQL Service

The administration tools and ideologies behind it are completely different, and you are in a "locked-down" environment. Some considerations include:
* Different backup strategies
* Planning for multiple data centres for availability
* Where do you host your application?
* How do you get the most performance out of the solution?
* What does this all cost?
* Monitoring

Growth topics include:
* How do you move from one DBaaS to another?
* How do you move all this from DBaaS to your own hosted platform?

Speakers
avatar for Colin Charles

Colin Charles

Consultant, GrokOpen
Colin Charles is the Managing Consultant at GrokOpen. Previously, Colin was on the founding team of MariaDB Server, worked at MySQL and Percona, and worked actively on the Fedora and OpenOffice.org projects. Colin has been a MySQL user since 2000. He’s well known within open source communities, enjoys building business and market entry in APAC and has spoken at many conferences... Read More →


Tuesday September 12, 2017 11:55am - 12:35pm PDT
Diamond Ballroom 3

11:55am PDT

Container Orchestration from Theory to Practice - Stephen Day, Docker & Laura Frank, Codeship
Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using Docker’s SwarmKit as a real-world example. Gain a deeper understanding of how orchestration systems like SwarmKit work in practice, and walk away with more insights into your production applications.

Speakers
avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Laura Frank

Laura Frank

Director of Engineering, Codeship
As the Director of Engineering at Codeship and a Docker Captain, Laura's primary focus is making tools for other developers. At Codeship, she works on improving the Docker infrastructure and overall experience for all users of the CI/CD platform. Previously, she worked on several... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm PDT
Diamond Ballroom 8

11:55am PDT

Testing Software Performance and Scalability Using Containers - Saurabh Badhwar, Red Hat
Software performance and scalability is critical to the success of an enterprise software and a great amount of effort and resources are spent in testing the performance and scalability for various use cases of a software, before it is released. But replicating the environment for testing this performance and scalability of a software can be too costly or sometimes not feasible due to lack of proper equipment at disposal.
The talk focuses on how to utilize container and automation technologies to replicate large scale environments to automate the testing for performance and scalability of the software according to the user requirements. The key points of focus are:
- Utilizing containers to replicate large scale environments
- Automating deployment and performance, scalability tests on these containerized environments

Speakers
avatar for Saurabh Badhwar

Saurabh Badhwar

Software Engineer, LinkedIn
Saurabh Badhwar works as a Software Engineer at LinkedIn working on building tools to help the developers understand and improve the performance of their applications and has also authored a book on How to build enterprise applications using Python while following the best practices... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm PDT
Diamond Ballroom 7

11:55am PDT

What You Should Know about Etcd v3 - Paul Burt & Elsie Phillips, CoreOS
Description
With Kubernetes 1.6, etcd v3 becomes the preferred storage backbone of every Kubernetes cluster. Do you know what’s changed? How to recover from failures? This talk is a look at what’s new to etcd v3. It will act as a refresher on what failure scenarios admins need to be mindful of, in order to keep their cluster safe.

Abstract
The most notable change to etcd v3 is the introduction of gRPC. We’ll talk about why the change was made and how it affects the old REST API. Did you know that HTTP and gRPC are namespaced differently? You will after this talk, and you’ll also discover what implications it has for running your cluster.

After covering changes, we’ll take a look at common failure scenarios for etcd. We’ll discuss common misconceptions about leader election. We’ll explore the risks associated with 3 node cluster vs a 9 node, and a regional cluster vs a global. Finally, we’ll end with a live demo of how to backup your cluster, and restore from said backup.

This talk is applicable to any developer that relies on an etcd backed platform. That includes Kubernetes, and many other cloud native projects. Only a glancing familiarity with etcd and distributed consensus are required.

Speakers
avatar for Paul Burt

Paul Burt

Community + Product Marketing, CoreOS
Paul Burt is a Community Manager at CoreOS. He’s upvoting your /r/kubernetes threads and answering your #coreos questions on freeNode. Paul has a knack for and demystifying infrastructure, and making gnarly, complex topics approachable. He enjoys home brewing beer, reading independent... Read More →
EP

Elsie Phillips

Community Manager, CoreOS
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean vegan... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm PDT
Diamond Ballroom 6

11:55am PDT

Code Detective: How to Investigate Linux Performance Issues - Gabriel Krisman Bertazi, Collabora
What influences a program's performance? Some reasons are quite obvious, like the algorithm implemented and the number of execution cycles, but what about the order in which libraries were linked? Or the shell environment size? Or even the sequence and which compiler optimizations were applied? In fact, modern computer systems include such a multitude of features and options, whose interaction with each other can affect the workload's performance, that it is surprisingly hard to write code that fully benefits from the potential of the CPU. In this talk, we will discuss how small changes in the code and in the execution environment can impact the execution time and how you can use Linux performance assessment tools, like perf and valgrind, to detect and mitigate such pitfalls.

Speakers
GK

Gabriel Krisman Bertazi

Software Engineer, Collabora
Gabriel Krisman Bertazi is a Software Engineer and Kernel developer with Collabora's kernel team, specializing in the Graphics stack and profiling technologies. Previously a member of the IBM Linux Technology Center Storage team, he also conducted scientific research on adaptive compilation... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm PDT
Plaza I/II
  LinuxCon Tracks

11:55am PDT

Making the Kernel's Networking Data Path Programmable with BPF and XDP - Daniel Borkmann, Covalent
BPF in Linux is gaining widespread attention as a framework for making the Linux kernel programmable, most notably in tracing, networking and security subsystems. This talk highlights the networking side by providing an overview of what BPF is and how it integrates into tc (traffic control) and the recently introduced XDP (eXpress Data Path). With the latter, the kernel gains a high-performance programmable networking data path that operates directly at the driver layer, suitable for use-cases such as DDoS prevention or load balancing in data centers. The talk will also briefly cover projects such as Cilium which orchestrates BPF for tc and XDP in order to provide security and load balancing for containers. Last but not least, recent advances and improvements in the Linux kernel on BPF and XDP are discussed.

Speakers
DB

Daniel Borkmann

Software Engineer, Covalent
Daniel Borkmann has been hacking on the Linux kernel for more than 7 years, mostly involved in the area of networking. Currently, Daniel is focusing on making the kernel more programmable through BPF and the cilium project.



Tuesday September 12, 2017 11:55am - 12:35pm PDT
Georgia I/II
  LinuxCon Tracks

11:55am PDT

The Many Approaches to Real-Time and Safety Critical Linux Systems - Wolfgang Mauerer, Siemens AG/OTH Regensburg
Linux and Real-Time have become a widespread combination that is deployed in many industrial solutions. Real-Time requirements are often combined with safety requirements, and satisfying both is only possible when the whole system architecture is designed with both goals in mind, which goes well beyond just applying the preempt_rt or Xenomai patch sets. Particular attention in this talk is given to partitioning systems into critical and uncritical components, which has gained substantial attraction with the advent of multi-core CPUs in the embedded segment.
In the talk, we discuss possible architectural approaches to safety-critical real-time Linux systems, and highlight their advantages and disadvantages. We also provide guidelines on which architectural option is suited best for which appliances and use-cases.

Speakers
WM

Wolfgang Mauerer

Senior Research Scientist/Professor, Technical University Regensburg
Wolfgang Mauerer is a professor of theoretical computer science at the Technical University Regensburg, and a senior key expert at Siemens Corporate Research, Competence Centre Embedded Linux. He serves on the technical steering committee of the Linux Foundation's Civil Infrastructure... Read More →


talk pdf

Tuesday September 12, 2017 11:55am - 12:35pm PDT
Gold 1
  LinuxCon Tracks

11:55am PDT

Just Good Practice: Developing Business with Open Source Technology - Christopher Price, Ericsson
Developing profitable business with open source software is an essential component of a healthy commercial eco-system. Open source software is quickly providing a benchmark for products, services and interfaces across all aspects of software related business. Open source is no longer a component developed by a university one might fit into a product, it has become a methodology for industrial alignment and architectural co-development. Open source has not reached the point where it can be widely consumed “from the repo” in commercial environments, however the line between open code and shipped products continues to thin.
How does an industry continue to motivate and promote the development and adoption of new technologies through open source co-development, while maintaining a highly motivated, skilled and compensated workforce driving innovation through the ecosystem. This talk will discuss methods for efficiently bridging the gap between open source and product, the emerging roles of the consumer and seller in a co-producer ecosystem and describe models for promoting community engagement and innovation.

Speakers
avatar for Chris Price

Chris Price

President, Ericsson software technology
Christopher Price heads the network architecture and standardization team for Ericsson's IP and Broadband division where he focuses on the development of technology and innovation. Across his career he has worked as an integrator, verification engineer, developer and technical leader... Read More →


Tuesday September 12, 2017 11:55am - 12:35pm PDT
Diamond Ballroom 10

1:55pm PDT

Containerization in Mesos, Embracing the Standards - Jie Yu, Mesosphere
Containers are now everywhere. Apache Mesos, as one of the most powerful container orchestrators, greatly simplifies the deploy, provision and execution of containerized workloads. In this talk, I will talk about the evolution of container technology in Mesos. In particular, how Mesos embraces the industry standard for container networking, storage and image specification, and how Mesos achieves that by using a pluggable and extensible architecture. The first part of this talk will give you an overview about the container technology in Mesos and how it has evolved over the years. Then, I will dive into three specific areas in the container technology: networking, storage and image provisioning, and the three industry standards that Mesos is adopting: CNI (Container Network Interface), CSI (Container Storage Interface) and OCI (Open Container Initiative) image spec.

Speakers
avatar for Jie Yu

Jie Yu

Tech Lead, Mesosphere
Jie Yu is a Tech Lead at Mesosphere, Inc, focused on containerization, storage and networking. Before joining Mesosphere, he was a software engineer at Twitter. Jie obtained his PhD in Computer Science and Engineering from the University of Michigan where he conducted research for... Read More →



Tuesday September 12, 2017 1:55pm - 2:35pm PDT
Diamond Ballroom 8

1:55pm PDT

OpenSDS: Storage Challenges in a Cloud Native Era - Allen Samuels, Western Digital
Cloud-native adoption is disrupting the traditional enterprise data center landscape forcing traditional hardware vendors to rethink their strategies in a software-defined era to better address the storage challenges faced by their customers. In this session, we will share how leading vendors are coming together in the OpenSDS community to solve these challenges, and building open solutions that support Kubernetes, Mesos, Docker, CloudFoundry, OpenStack and other open source cloud ecosystems.

Speakers
avatar for Allen Samuels

Allen Samuels

Engineering Fellow, Western Digital
Allen joined SanDisk in 2013 as an Engineering Fellow, he is responsible for directing software development for SanDisk’s system level products. He has previously served as Chief Architect at Weitek Corp. and Citrix, and founded several companies including AMKAR Consulting, Orbital... Read More →



Tuesday September 12, 2017 1:55pm - 2:35pm PDT
Diamond Ballroom 6

1:55pm PDT

Decoding Those Inscrutable RCU CPU Stall Warnings - Paul McKenney, IBM
You are minding your own business when suddenly one of your system splats out something like "INFO: rcu_bh_state detected stalls on CPUs/tasks: { 3 5 } (detected by 2, 2502 jiffies)". Whatever does this RCU CPU stall warning mean and what can you do about it? That is, other than simply beating your head against Documentation/RCU/stallwarn.txt?

This talk will look at a few representative RCU CPU stall warning messages and show how they can be decoded into real information that can help you find otherwise silent hangs the easy way. Or at least an easier way!

Speakers
avatar for Paul McKenney

Paul McKenney

Distinguished Engineer, IBM Linux Technology Center, Beaverton
Paul E. McKenney is a Distinguished Engineer with the IBM Linux Technology Center, where he maintains the RCU implementation within the Linux kernel. He has been coding for four decades, more than half of that on parallel hardware. His prior lives include the DYNIX/ptx kernel at Sequent... Read More →



Tuesday September 12, 2017 1:55pm - 2:35pm PDT
Plaza I/II
  LinuxCon Tracks

1:55pm PDT

MD Software RAID on NVDIMM (Non Volatile DIMM) - Lijun Pan, Dell
MD software RAID has been widely deployed on traditional block devices over years. NVDIMM is a new type of memory, which can be configured to be a block device, /dev/pmem0../dev/pmemN. This presentation will talk about how md software RAID (mdadm) work with pmem0..pmemN, difference from traditional block devices, current unsolved problems, and solutions, etc.

Speakers
LP

Lijun Pan

Software Engineer, Dell
Lijun Pan is a principal software engineer at DellEMC.


Tuesday September 12, 2017 1:55pm - 2:35pm PDT
Georgia I/II
  LinuxCon Tracks

2:45pm PDT

Providing Services to Cloud Native Platforms with the Open Service Broker API - Alex Ley, Pivotal
In a digital world, widely adopted and easy to use APIs are the cornerstone of collaboration and interoperability. As Cloud technologies mature and become commonplace, the absence of standards surfaces challenges in the implementation of solutions by Cloud vendors, service providers and end users. Building on top of the experience of Cloud Foundry's Service Broker API, the Open Service Broker API working group brings together experts from Google, RedHat, Pivotal, SAP and IBM. The Open Service Broker API is an industry-driven, collaborative effort to demolish barriers in the adoption of Cloud Native services, with a user-centric approach focused on delivering features based exclusively in real world use cases.

In this talk, you’ll learn exactly what the Open Service Broker API specification is, explore its history and learn how the cross-ecosystem collaboration works.

Speakers
avatar for Alex Ley

Alex Ley

Staff Product Manager, Pivotal
Alex is a Product Manager for the Pivotal Cloud Foundry platform and is focused on enabling multi-cloud services using Cloud Foundry and BOSH. Previously, Alex was a committer to the container engine Garden Linux, used by Cloud Foundry, and worked in London's FinTech startup scene... Read More →



Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Diamond Ballroom 3

2:45pm PDT

Building .NET Core Microservices with Steeltoe - Zach Brown & Matthew Horan, Pivotal
The software world is moving to microservices. For all their benefits, microservice architectures expose many distributed computing problems that developers need to solve--problems like service discovery, shared configuration, distributed tracing, etc. The good news is that Netflix, Spring Cloud, and others have developed industry standard patterns to simplify the task of building resilient scale-out microservice-based applications. Until very recently, however, this technology has really only been accessible to Java devs. Steeltoe is a new OSS project that makes these patterns available to .NET developers.

In this presentation, we will provide an overview of Steeltoe and why we created it. We will cover current capabilities, future roadmap, and of course, demos that show how it works.

http://steeltoe.io
https://github.com/steeltoeoss
twitter: @steeltoeoss

Speakers
avatar for Zach Brown

Zach Brown

Product Owner, Pivotal
Zach Brown starting building web sites in the 90s using Netscape-optimized HTML, cgi, and lots of Photoshop lens flares. He spent many years as a developer on the Microsoft stack, then as an architect and manager of dev teams. Currently he's responsible for product strategy and marketing... Read More →
avatar for Matthew Horan

Matthew Horan

Software Engineer, Pivotal
Matthew Horan has spent over a decade developing Web applications. Before becoming a developer, he worked as a systems administrator at various startups and hosting providers. Having worked with just about every configuration management tool, and being a developer by trade, he was... Read More →



Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Diamond Ballroom 6

2:45pm PDT

Building Specialized Container-Based Systems with Moby: A Few Use Cases - Patrick Chanezon, Docker, Inc.
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.

This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker
As the Chief Developer Advocate for Docker, Patrick Chanezon helps drive the direction of the company’s open source projects, acting as an advocate for the developer community to assure that their requirements and issues are addressed in the Docker platform. From 2013 to 2015, he... Read More →


Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Diamond Ballroom 8

2:45pm PDT

Optimizing Application Locking Performance on Large Multi-core Systems - Waiman Long, Red Hat
Developing large multi-threaded applications that scale well with increasing system size is challenging. Besides NUMA awareness, inter-process and inter-thread synchronization is a major reason for the less than ideal linear scaling of performance.

This presentation focuses mainly on the locking aspect of application development. Available locking options will be discussed with best practices on optimizing locking performance. It will also discuss existing and upcoming technologies that can help locking performance.

Speakers
avatar for Waiman Long

Waiman Long

Principal Software Engineer, Red Hat
Principal Software EngineerWaiman Long is an experienced kernel software engineer at Red Hat, Inc. His major focus areas are kernel synchronization primitives, performance and scalability, and cgroup in the upstream Linux kernel as well as the Red Hat Enterprise Linux kernel.



Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Georgia I/II
  LinuxCon Tracks

2:45pm PDT

Trace Everything: When APM Meets SysAdmins - Mark Stemm, Sysdig
Transaction tracing is typically thought of something that only developers do when they need to troubleshoot a piece of their software. And lately, it’s also been used for tracing microservice-based transactions too.

These are really useful capabilities, but what if you could profile everything? Yes everything - software functions, microservice calls, file access, network requests, even bash scripts. How would this change your view on your systems? How would this enable you to better understand what your software is actually doing?

In this talk I’ll show you how to trace everything using open source sysdig. We’ll cover:
*How to trace everything from a method in your software, a service call, a network request, a shell command execution, a script, and more
*How to report on your traces to make the most sense of the data
*Use real-world examples of tracing that show its benefits

Speakers
avatar for Mark Stemm

Mark Stemm

Senior Software Engineer, Sysdig
Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. He's worked at Fast Forward Networks on the first generation of internet-based live video broadcasting... Read More →



Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Plaza I/II
  LinuxCon Tracks

2:45pm PDT

Transparent Huge Pages on Steroids - Nitin Gupta, Oracle
In big memory machines, hugepages can play a large role in increasing system performance. However, using hugepages manually for different segments of memory adds to application complexity. Linux has a mechanism for automatically backing some memory areas with hugepages, called Transparent Huge Pages (THP). In the current state, THP is quite limited and can only collapse normal pages with a hugepage of one particular size, which is the "default" hugepage size for the system. Such a design is quite limiting for architectures which supported a wide variety of page sizes, ranging from 64KB, all the way to 1TB. In this presentation, Nitin Gupta will discuss ideas for extending THP to support many different page sizes for architectures that support them, along with some performance numbers from initial prototype work.

Speakers
avatar for Nitin Gupta

Nitin Gupta

Principal Software Engineer, Oracle
Mainline Linux Kernel contributor with a focus on the SPARC architecture.



Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Gold 1
  LinuxCon Tracks

2:45pm PDT

Panel Discussion: Building and Maintaining Open Source Communities - Moderated by Jonas Rosland, {code}
Being successful in creating an open source community requires planning, measurements and clear goals. Why are we doing this, who are we targeting and how can we achieve our goals? In this panel you will hear from Mary Thengvall, Ashley McNamara, Jenny Burcio, Jason Hibbets and Jonas Rosland as they share experiences and best practices when building and maintaining open source communities.

Moderators
avatar for Jonas Rosland

Jonas Rosland

Open Source Community Manager, VMware
Jonas Rosland is a community builder, open source advocate, blogger, author and speaker at many open source focused events, as well as an Open Organization Ambassador. As Open Source Community Manager at VMware, he is responsible for the growth and prosperity of the communities surrounding... Read More →

Speakers
JB

Jenny Burcio

Sr. Manager, Marketing, Docker
Jenny Burcio manages the Docker Community, including managing content for DockerCon and the Captains program, where she helps awesome Docker community members inspire and educate others. Prior to Docker, Jenny worked at Apigee helping to build their community programs and partner... Read More →
avatar for Jason Hibbets

Jason Hibbets

Senior Community Architect, Red Hat
Jason Hibbets is a senior community architect at Red Hat which means he is a mash-up of a community manager and project manager designing programs for people to participate in communities. His current role involves building community interest for #EnableSysadmin--a knowledge sharing... Read More →
avatar for Ashley McNamara

Ashley McNamara

Cloud Developer Advocate, Microsoft
Ashley is a 20-year tech industry veteran, starting from homebrew hardware all the way through cloud evangelism, community management, and mentorship. She is currently a Developer Advocate for Microsoft, with a focus on Cloud Native tools and the Go community. She is also an active... Read More →
avatar for Mary Thengvall

Mary Thengvall

Director, Developer Relations, Camunda
Mary Thengvall is a connector of people at heart, both personally and professionally. She loves digging into the strategy of how to build and foster developer communities and has been doing so for over 10 years. In addition to her work, she's known for being "the one with the dog... Read More →


Tuesday September 12, 2017 2:45pm - 3:25pm PDT
Diamond Ballroom 10
 
Wednesday, September 13
 

11:00am PDT

Nightmares of a Container Orchestration System - Jörg Schad, Mesosphere
A lot of talks will tell you how to setup a systems correctly. This talk is about what not to do with your Apache Mesos and DC/OS cluster.

We will share some of our favorite/scariest support stories covering typical system-setup, configuration, and application pitfalls for new (and not-so-new) Mesos and DC/OS operators. And, we will give some hints about how to debug those pitfalls if you do encounter them, resulting in fewer nightmares.

Speakers
avatar for Jörg Schad

Jörg Schad

Head of Machine Learning, ArangoDB
Jörg Schad is Head of Machine Learning at ArangoDB. In a previous life, he worked on built machine learning pipelines in healthcare, distributed systems at Mesosphere, and in-memory databases, conducted research in the Hadoop and Cloud area. He’s a frequent speaker at meetups... Read More →



Wednesday September 13, 2017 11:00am - 11:40am PDT
Diamond Ballroom 7

11:00am PDT

Replacing the Radix Tree - Matthew Wilcox, Microsoft
Last year I gave a talk extolling the benefits of the Linux radix tree. This year I am talking about its shortcomings, what I did to improve things, and how I came to the conclusion that it had to be replaced.

The new XArray is easier to use than the radix tree. Conceptually, it is an array of 16 quintillion pointers, all of which are initially NULL. Just like an array, its basic operations are 'load' and 'store', unlike a tree's 'lookup', 'insert' and 'delete'. It provides some more advanced operations, and enables users to build their own operations.

This talk covers general aspects of API design for C programmers, as well as particular considerations for kernel API design due to the constrained environment.

Speakers
MW

Matthew Wilcox

Mr, Microsoft
Matthew has been a Linux kernel hacker since 1998 when he made a minor modification to the isofs filesystem. Since then, he's worked on many parts of the kernel including the ARM, PA-RISC, Itanium, x86 and powerpc architectures, file locking, the PCI and SCSI subsystems, semaphores... Read More →


Wednesday September 13, 2017 11:00am - 11:40am PDT
Georgia I/II
  LinuxCon Tracks

11:00am PDT

Building Trust: Testing SPDX Generation Tools - Kate Stewart, The Linux Foundation & Philippe Ombredanne, nexB
Having open source tooling that can generate SPDX documents is an important first step in automating detection and summarizing of the license compliance information found in source or binary code. However, how can you tell which tools are able to accurately detect what is actually in the source code? Due to the imprecise nature of the way developers express licenses, there can be a lot of variance. To build up trust in the heuristics used by tools, a curated set of common packages and associated reference set of SPDX documents have been created to provide a starting point for tools to self certify against. This talk will go through the criteria use to select the packages, and provide some preliminary results.

Speakers
avatar for Philippe Ombredanne

Philippe Ombredanne

AboutCode.org and ScanCode maintainer, AboutCode.org and nexB Inc.
Philippe Ombredanne is a passionate FOSS hacker, lead maintainer of the ScanCode toolkit and on a mission to enable easier and safer to reuse FOSS code with best in class open source tools for open source discovery, software composition analysis and license & security compliance at... Read More →
avatar for Kate Stewart

Kate Stewart

Senior Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.



Wednesday September 13, 2017 11:00am - 11:40am PDT
Atrium III

11:50am PDT

Hybrid Multi-Cloud Strategies with Azure OSS - Arun Chandrasekhar, Microsoft
This talk will go through options to define a truly hybrid multi-cloud strategy using a unified OSS platform that works across clouds and on-premise. We will touch upon various Azure OSS integrations that help build out these strategies such as Docker, Kubernetes, Jenkins, Hashicorp OSS, Netflix OSS, etc.

Speakers
avatar for Arun Chandrasekhar

Arun Chandrasekhar

Principal Program Manager, Microsoft
Arun Chandrasekhar has been a developer, dev lead and PM working on various technologies for over 20 years. He has worked for various employers ranging from startups to Fortune 500 companies in various countries across the globe including Singapore, Australia, India, China, and the... Read More →


Wednesday September 13, 2017 11:50am - 12:30pm PDT
Gold 1

11:50am PDT

What's in Your Containers? Tracing the Origin of Binaries - Philippe Ombredanne, AboutCode.org and nexB Inc.
We are all building containers from base images with possibly questionable pre-built binaries every day. Why? We do not know what is in our own containers.
Modern software is routinely assembled from a combo of 1000's open source and vendor-provided packages that we reuse as pre-built binaries (and sometimes build from sources). A unknown, buggy or vulnerable package will sneak in easily in such a large quantity of third-party code packages where most of them are FOSS/open source.

Join me to dive in advanced techniques to identify which known packages are built into Elfs binaries either libraries or static exes.

We will first review some basic approaches to identify distro and application packages using static analyzers (without running a container!) and existing techniques for binary analysis using symbols and content-defined fingerprints with locality sensitive hashing. We will then review a new approach to determine the origin the code in binaries based on shared or unique binary information sets to build efficient indexes of the minimal signatures needed to identify packages and versions of packages (such as OpenSSL) that may be statically linked in arbitrary binaries.

Finally we will show how this approach can be used for automated detection by subverting anti-virus scanners for known binary identification. And relate the collected origin information to actual known vulnerabilities.

Speakers
avatar for Philippe Ombredanne

Philippe Ombredanne

AboutCode.org and ScanCode maintainer, AboutCode.org and nexB Inc.
Philippe Ombredanne is a passionate FOSS hacker, lead maintainer of the ScanCode toolkit and on a mission to enable easier and safer to reuse FOSS code with best in class open source tools for open source discovery, software composition analysis and license & security compliance at... Read More →



Wednesday September 13, 2017 11:50am - 12:30pm PDT
Diamond Ballroom 7

11:50am PDT

email2git: A Cregit Plugin to Link Reviews to Git Commits - Alexandre Courouble, Polytechnique Montreal
The Linux project's email-based reviewing process is highly effective in filtering open source contributions on their way from mailing list discussions towards Linus' Git repository. However, once integrated, it is difficult to link Git commits back to their review comments in mailing list discussions, especially when considering commits that underwent multiple versions (and hence review rounds), that belonged to multi-patch series or that were cherry-picked. email2git is a plugin on top of the cregit platform (https://cregit.linuxsources.org/) that uses different algorithms to match review emails to Git commits, then enables clicking on a particular token in a source code file to obtain links to relevant email discussions about the commit that introduced this token. Understanding the context of commits is helpful for new contributors to understand existing code, new maintainers in a subsystem to understand the rationale of older commits, and security experts in to understand the context around code where a vulnerability has been detected.

Speakers
AC

Alexandre Courouble

MSc. student, Polytechnique Montreal
Alexandre is a Master’s student working under the supervision of Dr. Bram Adams at Polytechnique Montreal. As a part of his degree, he is working on email2git and on a research project aiming at measuring linux developers’ expertise using dedicated metrics. Alex gave a related... Read More →



Wednesday September 13, 2017 11:50am - 12:30pm PDT
Diamond Ballroom 3

11:50am PDT

Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google
With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.

Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.

Speakers
avatar for Ron Minnich

Ron Minnich

Software Engineer, Google
linuxboot, u-root, coreboot, linuxbios, ... all open source firmwarelinux kernel, servers,



Wednesday September 13, 2017 11:50am - 12:30pm PDT
Georgia I/II
  LinuxCon Tracks

2:00pm PDT

Open Source and Cross-Platform Tools for Azure Developers - Aaron Roney, Microsoft
Azure is built around the open source developer. From our emphasis on .NET Core, PowerShell Core, and the Windows Subsystem for Linux to services like linux VMs, linux web apps, and support for containers, Microsoft is dedicated to empowering open source developers to build the software they love with the tools they love on the platforms they love.

The Azure Developer Experience team develops open source tools which equip developers to leverage Azure to its full potential. They have recently released the Azure CLI 2.0, and Azure PowerShell is coming to all platforms with PowerShell Core support. Aaron will talk about the power that these tools provide, and he will discuss how these tools can empower developers to use Azure at all points of the development life cycle.

Speakers
avatar for Aaron Roney

Aaron Roney

Sr. Program Manager, Microsoft
Aaron is a Senior Program Manager on Azure Developer Experience for Microsoft. He currently works on Azure PowerShell and the Azure SDK For .NET; however, he has also worked with the Azure CLI 2.0 and other Microsoft tools for Azure developers. He speaks frequently on the merits of... Read More →



Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Gold 1

2:00pm PDT

Rethinking IAM for Heterogeniety: Next Generation Security Model to Create an Interoperable Cloud - Jeyappragash JJ

Current application deployments range from fine-grained services to monolithic architecture. They are often required to coexists in environments ranging from in-house IT/Datacenters to public clouds. How to tie these heterogeneous systems to seamlessly? Let us talk about a set of emerging standards like SPIFFE to specify a service identity and what is needed for access management. 


Speakers
avatar for JJ Jeyappragash

JJ Jeyappragash

tetrate.io
Jeyappragash previously built the team and lead the technical roadmap for Twitter's Cloud Infrastructure Management Platform. This platform helps developers manage their services and provides detailed visibility to the infrastructure and the services that use the infrastructures... Read More →


Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Gold 4

2:00pm PDT

A Question of Trust – When Good Containers Go Bad - Tim Mackey, Black Duck Software
Containerization has increased the pace of application deployment, but has trust kept pace? Once an image is compromised, which applications are at risk and how far has trust been broken?
To answer this, we assert the container image came from a trusted source, and that our application was subject to static code analysis and the container to pen-testing. We further assert appropriate perimeter defenses and deployment controls are in place. While we have defined a trust model, we didn’t include the impact of information flow.
Vulnerability remediation is a function of awareness. To devise an action plan, defenders must assess the impact of a security issue. Malicious actors with early access to information can craft and refine attacks while defenders are reacting. Having a full inventory of container dependencies is key to increasing awareness and reducing reaction time from days to hours.

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →


Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Diamond Ballroom 7

2:00pm PDT

WTF My Container Just Spawned a Shell! - Mark Stemm, Sysdig
While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. Enter Sysdig Falco, the open source behavioral activity monitor for containerized environments.

Sysdig Falco can detect and alert on anomalous behavior at the application, file, system, and network level. In this session get a deep dive into Falco:
- How does behavioral security differ from existing security solutions like image scanning?
- How does Falco work?
- What can it detect?
- How can you customize it?
- What actions can you take?

Speakers
avatar for Mark Stemm

Mark Stemm

Senior Software Engineer, Sysdig
Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. He's worked at Fast Forward Networks on the first generation of internet-based live video broadcasting... Read More →



Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Diamond Ballroom 8

2:00pm PDT

Understanding the Impact of the Scheduler on Your Application - Dhaval Giani & Atish Patra, Oracle
For today's applications, one of the challenging aspects is to optimally utilize the linux task scheduler. This is because the scheduler is expected to provide optimal performance across a wide range of architectures, ranging
from embedded devices to massive multi core NUMA systems. This also means a complex load balancing algorithm with a lot of heuristics. We talk about how an application developer can utilize these heurisitcs and improve performance of their application. At the conclusion of this talk, you should be in a position to identify if the scheduler is buggy and a fix is needed in the kernel or whether something else needs to be tweaked.

Speakers
DG

Dhaval Giani

Kernel Developer, Oracle
Dhaval is a kernel developer at Oracle, part of the Unbreakable Enterprise Kernel team. In the past he has worked on libcgroup, cgroups and the scheduler.
AP

Atish Patra

Kernel Developer, Oracle
Atish has been on working Linux kernel development from past 3 years. He was with Qualcomm for 2 years developing IPC drivers for Snapdragon processors. Currently, he is working at Oracle Linux kernel team on various projects optimizing CFS scheduler and cpu hotplug feature for Sparc... Read More →



Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Georgia I/II
  LinuxCon Tracks

2:00pm PDT

Selling Open Source, Keeping Your Soul - Jessica Rose, Crate.io
Stuck in a battle between your open source true believers and your bottom line? The two perspectives of business and open source ideals don’t need to be continually opposed, though conflicts will arise between them. By designating individuals within your projects as advocates for these essential viewpoints are balanced you have the opportunity to channel this conflict into your product and community. Through creating low risk, democratic environments where we’re asked to advocate in turn for our business needs and open source goals we can create a setting where this conflict becomes a productive, driving force, demanding excellence from us across both fronts. For this form of collaborative conflict to be successful it demands a diverse range of perspectives, an equal voice in exchanges and a shared commitment to mutual respect.

Speakers
JR

Jessica Rose

Head of Developer Relations, FutureLearn
Jessica Rose is a self taught technologist obsessed with helping to foster more equal access to technical education, meaningful work with technology and digital spaces. She's helping Crate.io reach more developer communities with their open source SQL database as their head of developer... Read More →


Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Diamond Ballroom 10

2:00pm PDT

Panel Discussion: Open Container Initiative: What’s Next for Standards and Container Portability? - Moderated by Chris Aniszczyk, OCI
With recent rapid growth of container-based solutions — including those from almost all major IT vendors, cloud providers and emerging start-ups—the industry needed a standard to support container formats & runtime. Enter the Open Container Initiative (OCI), established to help promote a set of common, minimal open standards & specs around container formats and runtime. Having recently issued its v1.0 release of container runtime and image format specs, OCI has seen early adoption from the AWS, Cloud Foundry, Kubernetes, Mesos communities and more. With this early adoption trend and the impending release of a formal certification program, OCI is bridging the industry closer to standardized container distribution. Hear from OCI experts on how these specs impact the ecosystem; use cases for how they’re implemented across scenarios/ environments, and what’s next for the project.

Moderators
avatar for Chris Aniszczyk

Chris Aniszczyk

CTO, The Linux Foundation
Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →

Speakers
avatar for Vincent Batts

Vincent Batts

programmer, Kinvolk
Vincent Batts has spent half his life in Linux and open source communities. Works with emerging technology such as knative and tekton. An Open Containers Initiative maintainer and technical board member. An ongoing member on Slackware Linux's Core Team, past maintainer on the docker... Read More →
avatar for Jeffrey Borek

Jeffrey Borek

WW Program Director, IBM
Jeffrey Borek is a senior technology and communications professional with over twenty years of leadership and technical experience in the Software, Telecommunications, and Information Technology industries. He is currently the leader of the OSPO at IBM, and works in the Open Technologies... Read More →
avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Sarah Novotny

Sarah Novotny

Head of Open Source Strategy for GCP, Google
Sarah Novotny leads an Open Source Strategy group for Google Cloud Platform. She has long been an Open Source community champion in communities such as Kubernetes, NGINX and MySQL and ran large scale technology infrastructures before web-scale had a name. Novotny currently sits on... Read More →
KO

Ken Owens

Vice President, Digital Native Architecture, MasterCard
Ken Owens is Vice President, Digital Native Architecture at MasterCard. Previous to that, Ken was Chief Technology Officer, Cisco DevNet at Cisco Systems. Ken was responsible for creating and communicating technical/scientific vision and strategy for Cloud Platforms & Services business... Read More →
avatar for Josh Wood

Josh Wood

DocOps, CoreOS
Josh Wood’s passion for the rkt container runtime led him to CoreOS, where he is responsible for documentation. He enjoys photographing polydactyl cats and writing short autobiographies.


Wednesday September 13, 2017 2:00pm - 2:40pm PDT
Plaza III

2:50pm PDT

Moving Applications from Cloud-to-Cloud - Susan Wu, Midokura
Cloud computing provides an array of hosting and service options to fit your overall company strategy. Sometimes a public cloud is your best option and other times your data requirements demand a private cloud. As needs converge, a hybrid solution continues to gain popularity. Developers must consider if their applications might be run on either or both.

In this session, drawing from her operational experience with Rackspace Cloud, on-premise OpenStack and AWS, Susan will discuss the considerations for moving applications from legacy environments to cloud. She will also the discuss the best practices for moving applications from cloud to cloud, how to decouple applications from managed services and map them to the equivalent services in the new cloud. Susan will also provide a checklist on the tasks that operators and developers should consider once they’ve decided to move their applications from one cloud environment to another.

Speakers
SW

Susan Wu

Director of Technical Marketing, Midokura
Susan is the Director of Technical Marketing at Midokura. Susan previously led product positions for Oracle/Sun, Citrix, AMD and Docker. She is a frequent speaker for industry conferences like OSCON, OpenStack Summit, Interop ITX, Container World, All Things Open, Linuxcon/CloudOpen/Containercon... Read More →


Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Gold 1

2:50pm PDT

Cilium - Container Security and Networking Using BPF and XDP - Thomas Graf, Covalent
This talk introduces Cilium, a fast emerging open source project leveraging BPF to provide networking and security for containers. We will do a quick deep dive into BPF, possibly the most promising low level technology to address challenges in application and network security, networking, tracing, and visibility. We will discuss how BPF became capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss how Cilium can be combined with orchestration systems such as Kubernetes to provide security and networking for cloud native applications.

Speakers
avatar for Thomas Graf

Thomas Graf

Co-Founder & CTO, Isovalent
Thomas Graf is Co-Founder & CTO at Isovalent and creator of the Cilium project. Before this, Thomas has been a Linux kernel developer at Red Hat for many years.


Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Diamond Ballroom 6

2:50pm PDT

Isolated Container Runtime for Docker Images - Harshal Patil, IBM
Isolated Container Runtime (Harshal Patil, IBM) - Docker by default uses a container runtime called ‘runc’ to run containers using cgroups and namespaces. But Docker by design can run one or many runtimes, simultaneously. In this presentation, Harshal Patil will showcase alternative runtime that is aimed at achieving higher isolation for the application running inside containers using Qemu. Higher isolation is useful for applications which require the agility of containers but strong isolation provided by virtual machines, such as smart contract execution by blockchain (such as Hyperledger).

Speakers
HP

Harshal Patil

Advisory Systems Software Engineer, IBM
Harshal is an Open Source developer working on Kubernetes and Runtimes. At IBM Power Systems, he designs and implements container architectures focused on security that take advantage of Power's unique hardware features. In the container ecosystem, Harshal’s contributions span from... Read More →



Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Diamond Ballroom 7

2:50pm PDT

hugetlbfs, Still Alive and Kicking - Mike Kravetz, Oracle
Linux support for huge pages has been around since the early 2.6 time frame. When support was added, it followed the 'everything is a file' model and the result was hugetlbfs. hugetlbfs represents a pool of huge pages that are best pre-allocated at boot time. Because of this need for pre-allocation, special management and (minimal) application code modification, few applications actually use hugetlbfs. The early adopters and most prominent current users of hugetlbfs are large databases. Databases like to control as much of the system as possible and may even enjoy the extra control that hugetlbfs provides.

Recent efforts in the area of huge page support have been centered around Transparent Huge Pages(THP), where recent patches have added page cache support, and work is underway to even add support to the ext4 filesystem. With THP's ease of use, one would think that few people care about the older and more difficult to manage hugetlbfs. However, some new features have been added to hugetlbfs mostly at the request of database developers. Surprisingly, some of these new features have found successful use in other areas such as Qemu Post Copy Live Migration.

This talk will discuss the new hugetlbfs features. In addition, it will include a general hugetlbfs presentation. At this year's LSF/MM summit it was noted that hugetlbfs is "its own vm". In a sense, it is true. Within the mm subsystem, there are many places that have code such as:
if (hugetlbpage())
call special hugetlbfs code
else
process normally

Therefore, some assumptions one makes about general Linux mm do not apply to hugetlbfs. Some of the most prominent differences will be presented.

The goal for this presentation is to expose more people to this often forgotten functionality so that perhaps it can be employed in more creative ways.

Speakers
avatar for Mike Kravetz

Mike Kravetz

Software Engineer, Oracle
Mike Kravetz is a software engineer in Oracle's Linux kernel development team. He is currently focused on memory management.



Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Diamond Ballroom 3

2:50pm PDT

Kernel Developer Panel Discussion - Moderated by Jonathan Corbet, LWN.net
Moderators
avatar for Jonathan Corbet

Jonathan Corbet

Executive Editor, LWN.net

Speakers
avatar for Laura Abbott

Laura Abbott

Fedora Kernel Engineer, Red Hat
Laura is currently employed Red Hat as a Fedora Kernel Engineer. She thinks kernels are really cool, even when they crash. Her day-to-day work involves bug fixes, tending the Fedora kernel releases, and other development work for the benefit of Fedora.
avatar for Steven Rostedt

Steven Rostedt

Open Source Engineer, VMWare, Inc.
Steven has been working on the Linux kernel since 1998 (started while working on his masters). He has been working on the Linux kernel professionally since 2001. Steven is one of the original developers of the PREEMPT_RT patch which turns Linux into a true real-time operating system... Read More →


Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Plaza I/II
  LinuxCon Tracks

2:50pm PDT

Using Secure Keys for Disk Encryption - Reinhard Buendgen, IBM
Secure keys are a special kind of wrapped keys: keys wrapped by a wrapping key (KEK) that is securely located in an inaccessible environment (typically a hardware security module, aka HSM). Outside this inaccessible environment, the wrapped (effective) key is never exposed and thus, a secure key can be stored in memory without exposing a secret. The down side of this technology is that all secure key cryptographic operations must be performed inside the inaccessible environment.

Using secure keys instead of clear keys has obvious advantages: it introduces a new authentication factor (something you have), it prevents keys from being subject to theft, and an allows to open volumes autonomously because passphrases are no longer quintessential for the protection of the effective key required to decrypt data read from disk or encrypt data written to disk.

In this presentation, you will learn how secure keys can be used for disk encryption with dm-crypt and see a proposal on how to use secure keys with the LUKS format and LUKS management tools. We will point out challenges in using of secure keys and show solutions to some of the challenges based on the CryptoExpress HSM and the protected key technology of z Systems within the LUKS framework.

The presentation will close with the discussion some open problems and requirements for solutions that solve these problems which will hopefully lead to a vivid discussion with the audience.

Speakers
RB

Reinhard Buendgen

Crypto Architect for Linux on Z, IBM
Reinhard Buendgen studied computer science at the universities of Karlsruhe, Germany and Delaware in Newark, DE. In 1991 he earned a Ph.D in computer science at the University of Tuebingen. Until 1997 he worked at the University of Tuebingen as a researcher and lecturer. During is... Read More →



Wednesday September 13, 2017 2:50pm - 3:30pm PDT
Georgia I/II
  LinuxCon Tracks

4:00pm PDT

SMACK Stack and Beyond - Building Fast Data Pipelines - Jörg Schad & Matt Jarvis, Mesosphere
Our world seems to move faster and faster and so are our requirements for data analytics. For many use cases such as fraud detection or reacting on sensor data the response times of traditional batch processing are simply to slow. In order to be able to react to such events close to real-time, we need to beyond the classical batch processing and utilize stream processing systems such as Apache Spark Streaming, Apache Flink, or Apache Storm.
But these systems are not sufficient by itself. For an efficient and fault-tolerant setup we also need to a message queue and storage system. One common example for such fast data pipelines is the SMACK stack which stands for
- Spark (Streaming) - the stream processing system
- Mesos - the cluster orchestrator
- Akka - the system for providing custom actors for reacting upon the analyses
- Cassandra - storage system
- Kafka - message queue

Setting up such pipeline in a scalable, efficient and fault-tolerant manner is not trivial.
This talk will first discuss several alternatives for the various parts in the stack, e.g., what are the tradeoffs between Spark Streaming and Apache Flink; when should I use ArangoDB or Apache Cassandra.
We will then discuss the challenges and best practices for setting up such pipelines in order.
The talk will finish with a demo of a fast data pipelines with Apache Flink, ArangoDB, and Apache Kafka deployed on DC/OS.

Speakers
avatar for Jörg Schad

Jörg Schad

Head of Machine Learning, ArangoDB
Jörg Schad is Head of Machine Learning at ArangoDB. In a previous life, he worked on built machine learning pipelines in healthcare, distributed systems at Mesosphere, and in-memory databases, conducted research in the Hadoop and Cloud area. He’s a frequent speaker at meetups... Read More →



Wednesday September 13, 2017 4:00pm - 4:40pm PDT
Gold 1

4:00pm PDT

Linux Cryptographic Acceleration on an i.MX6 - Sean Hudson, Mentor Graphics, Inc
The recent hack of internet connected cameras highlights the need to secure IoT devices. This effort will require robust encryption. Luckily, some SoC devices provide cryptographic accelerators that can help. This talk examines the process of enabling the cryptographic accelerator on the i.MX6, called the CAAM. During the talk, I will discuss ways to connect userspace to the CAAM. Further, I will talk about the relative performance of the different approaches.

Speakers
avatar for Sean Hudson

Sean Hudson

Senior Firmware Engineer, OpenEmbedded
Sean has developed software for embedded devices since 1996. He started using Linux personally in 1999 and began developing embedded Linux devices professionally in 2006. He is an Emeritus member of the YP Advisory Board, a member of the OpenEmbedded Board, and part of the devic... Read More →



Wednesday September 13, 2017 4:00pm - 4:40pm PDT
Plaza I/II
  LinuxCon Tracks

4:00pm PDT

Unikernels: Where Are They Now? - Amir Chaudhry, Docker
Unikernels represent an extreme approach to application specialisation, and have typically been associated with virtual machines running on hypervisors. However, the technology is much more widely useful, can run on different targets, and has steadily made its way into other projects and products.

In this talk we'll review the progress in the unikernel ecosystem and highlight the advances of the most active open-source projects:
- MirageOS, which has improved the dev experience and supports new cloud targets.
- HaLVM, which created a product to help detect network intrusions.
- IncludeOS, which has made rapid progress and introduced POSIX compatibility.

We'll also discuss how the underlying ideas behind unikernels, of minimalism, composability, and security, have found their way into other projects and products, and the questions this poses for building maintainable systems.

Speakers
avatar for Amir Chaudhry

Amir Chaudhry

Member of Technical Staff, Docker
Amir Chaudhry is the Community Manager for MirageOS and works at Docker to make unikernels accessible to developers everywhere. Most of his time is spent on open source efforts and he's a big fan of automation to maximise developer impact. In previous lives he led operations at a... Read More →



Wednesday September 13, 2017 4:00pm - 4:40pm PDT
Georgia I/II
  LinuxCon Tracks

4:50pm PDT

Serverless Data Pipelines with OpenWhisk - Jowanza Joseph, One Click Retail
Functions as a service (FaaS) provide operational advantages over traditional architectures. Internet of Things, Chatbots and other programmatic platforms have benefitted from being implemented in this way. Implementing and deploying FaaS often comes with vendor lock in with platforms like Amazon Lambda and Azure Functions. OpenWhisk provides an open source alternative to implementing and deploying FaaS architectures. In this talk I cover the advantages of developing and deploying data pipelines in this fashion. While presenting these intricacies, I will walk the audience through creating a data pipeline with OpenWhisk.

Speakers
avatar for Jowanza Joseph

Jowanza Joseph

Data Architect, One Click Retail
Jowanza Joseph is a senior software engineer at One Click Retail, a Business Intelligence company in Salt Lake City. Jowanza's work is focused on distributed data and streaming architectures.



Wednesday September 13, 2017 4:50pm - 5:30pm PDT
Gold 1

4:50pm PDT

Building Container Base Application Delivery System for IoT Platform - Masataka Mizukoshi, NTT Lab
The Internet of Things (IoT) devices are generating a large amount of data, and many companies are utilizing them. The data, that generated by IoT devices such as sensor, often must be analyzed very rapid and confidentially.
In case of industrial factories, IoT require new kind of platform. To archive rapid analytics or fast response time, the application should be running nearby IoT devices, such as edge computing. And we must continuously manage and update the applications, that located all over the world.

We built the container base application delivery system for this industrial IoT platform using docker registry mainly.
However docker registry is insufficient for satisfy our demands as follows.
・Check authenticity of container images for security reason.
・Manage thousand of images with no delay and difficulty.
・Update images via narrow band such as Over the Air network.
In this presentation, attendees will learn the way to build the application delivery platform that satisfy the above demands. To achieve image authenticity, we combined some component, not only docker registry, such as docker notary and clair. In addition, we improved registry's content addressability to manage a large amount of container images, and incorporated binary delta updating technique into image delivery mechanism for narrow band networks.

Speakers
MM

Masataka Mizukoshi

Building container base application delivery system for IoT platform., NTT Lab
Masataka is is a researcher working for NTT Labs. His group has been developing open source software such as Ryu and GoBGP. In his previous life, he conducted research in distributed computing related with hadoop and spark. His speaking experience include international conference... Read More →



Wednesday September 13, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 8

4:50pm PDT

High Performance Deep Learning on Containers - Khalid Ahmed & Bruce D'amora, IBM
The field of deep learning has led to the emergence of new frameworks such as Caffee, Torch, and TensorFlow that tackle problems in image recognition, object classification, or machine translation. These systems must interact with containerized micro-services developed using DevOps tools running on popular container management tools such as Kubernetes. In this talk we examine the work in the Kubernetes ecosystem to enable some of the special requirements of deep learning such as GPU support, high speed networking, access to large data sets, ,better batch job scheduling and distributed computing support. We show how the Kubernetes platform can support both CI/CD pipelines and the high performance computing requirements using examples from research and industry.

Speakers
avatar for Khalid Ahmed

Khalid Ahmed

Distinguished Engineer, IBM
Khalid Ahmed is an STSM, Chief Architect of Infrastructure Software at IBM Platform. He works on the design and architecture of large scale grid and cloud computing systems with focus on scheduling, resource, workload and data management. In over 20 years at industry experience he... Read More →
avatar for Bruce D'amora

Bruce D'amora

Senior Technical Staff Member, IBM
Bruce D’Amora is a Senior Technical Staff Member in the Data Centric Solutions department at IBM T.J. Watson Research Center in Yorktown Heights, NY. He is currently managing the Cognitive and Cloud solutions department focusing on enablement of HPC and Cognitive workflows using... Read More →



Wednesday September 13, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 7

4:50pm PDT

Linux Kernel ABI Specification - Sasha Levin, Verizon Labs
The ABI, the layer that joins the kernel and userspace is quite a mess. Various different interfaces, lacking documentation, and constant changes make it hard for anyone who uses the kernel to know what they can expect from the kernel when their userspace application makes a request. The purpose of the ABI specification project is to fully document the ABI interface in both a human readable and a machine readable form; this will allow verification that both the userspace application and the kernel behave as agreed in the "contract". This would also allow for more research into subsets of the kernel's ABI, and how to limit certain functions of the kernel by either allowing or blocking parts of the ABI

Speakers
SL

Sasha Levin

Kernel Hacker, Verizon Labs
Sasha is the maintainer of the 4.1 stable tree. He is also the maintainer of the linux-stable-security project which provides critical security updates to projects that use stable-like trees. Sasha is currently employed in Verizon Labs, where he works on cutting edge technologies... Read More →


Wednesday September 13, 2017 4:50pm - 5:30pm PDT
Plaza I/II
  LinuxCon Tracks

4:50pm PDT

Community Building in Anytown - Josh Simmons, Google + Open Source Initiative
User groups are fabulous resources for introducing people to your project and providing support for existing users and contributors. While they’re relatively easy to spin up in big cities like San Francisco and Sydney, the vast majority of the world’s population lives outside of tech hubs.

How do you support the growth of communities for the rest of us? If you value inclusion and are keen to scale your outreach efforts, increasing geographic diversity is a no-brainer.

In this talk we’ll discuss the unique challenges of building meetups where the tech industry isn’t an 800 pound gorilla -- and ways to tackle those challenges. The goal is for attendees to leave ready to double down on outreach by empowering community builders in rural and suburban regions, or even build their own community.

Speakers
avatar for Josh Simmons

Josh Simmons

Open Source Strategist, Salesforce
Josh Simmons is a community strategist, open source advocate, and dusty foot philosopher. He is a Senior Open Source Strategist at Salesforce and serves as Vice President of the Open Source Initiative (OSI). Previously an Open Source Program Manager at Google and Community Manager... Read More →



Wednesday September 13, 2017 4:50pm - 5:30pm PDT
Diamond Ballroom 10
 
Thursday, September 14
 

9:00am PDT

Tutorial: Linux Cryptographic API for Fun and Profit - Gilad Ben-Yossef, ARM Holdings plc
The Linux kernel has a rich cryptographic API which provides access to a modular implementation of symmetric and asymmetric block ciphers, hashes and digests which are either software implemented, use cryptographic acceleration in the core itself or in an external hardware accelerator from both kernel and user space and is used extensively by familiar user facing software such as Android.

The same API is also cryptic, somewhat ill-documented, subject to change and can easily bite you in unexpected and painful ways.

This tutorial will provide a short introduction to cryptography terms, describe the Linux crypto API and what can it be used for, provide usage example and, time permitting, discuss some of the more interesting in-kernel users, such as DM-Crypt, DM-Verity and the new fie system encryption code.

Speakers
avatar for Gilad Ben Yossef

Gilad Ben Yossef

Principal Software Engineer, Arm
Gilad Ben-Yossef is a principal software engineer working at Arm on upstream kernel security at large and Arm TrustZone CryptoCell support in particular. Gilad is the co-author of O’Reilly’s “Building Embedded Linux Systems” 2nd edition, co-founder of the Israeli FOSS NGO... Read More →



Thursday September 14, 2017 9:00am - 10:30am PDT
Diamond Ballroom 10
  Tutorials

9:00am PDT

Tutorial: Docker Container Orchestration: Building Clusters in Production - Bret Fisher, DevOps Sysadmin and Docker Captain & Laura Frank, Codeship
So many of us want to take containers into production, but are unsure of the tools and best practices for doing so. This lab will have you deploying into a cluster and operate them in real-word scenarios. This skips the Docker basic's of local development. Rather, it focuses on the tools and techniques of daily building and operating container clusters using Docker.

Attendees will be provided their own 5-node cloud setup for the day. Slides/repos will be open source. All tools showcased are open source.

First we'll focus on the features of Docker Swarm, which is built into Docker and provides clustering out of the box. We'll build a cluster, deploy sample distributed applications, and perform blue/green updates to containers in-flight, including rollback.

Next, we'll focus on security and 3rd party tools for logging and monitoring including User Namespaces, ELK and Prometheus.

Speakers
avatar for Bret Fisher

Bret Fisher

DevOps Sysadmin and Docker Captain, Independent
Bret's a freelance DevOps and container consultant, trainer, speaker, and open source volunteer working from Virginia Beach, USA. He's a Docker Captain and the author of the popular Docker Mastery and Kubernetes Mastery series on Udemy with over 200,000 students. Bret hosts a weekly... Read More →
avatar for Laura Frank

Laura Frank

Director of Engineering, Codeship
As the Director of Engineering at Codeship and a Docker Captain, Laura's primary focus is making tools for other developers. At Codeship, she works on improving the Docker infrastructure and overall experience for all users of the CI/CD platform. Previously, she worked on several... Read More →



Thursday September 14, 2017 9:00am - 12:10pm PDT
Georgia I/II
  Tutorials

10:20am PDT

Linux in a 5G World - Gunnar Nilsson, Ericsson
5G is billed to be the next big thing to hit our mobility airwaves… But when will it be here, why is it interesting, what makes it important and how does Linux play a role in it?
Linux plays a central role in technology evolution across almost all aspects of software and technology development today. This talk will outline the role Linux plays in 5G access technology, lifting the lid on how a 5G network is built and demonstrating the importance of the Linux ecosystem to the development of our next generation mobile internet. From hosting workloads distributed and managed from central cloud entities to the features and capabilities in the kernel, Linux provides the best in class platform for developing radio technologies and solutions.

Speakers
avatar for Gunnar Nilsson

Gunnar Nilsson

Open Source Strategies, Ericsson
Gunnar is Ericson’s most senior open source expert within Ericsson’s Chief Technology Office, leading Ericsson’s use of open source as well as playing an instrumental role in defining global corporate strategies for community engagement and technology positioning. Gunnar is... Read More →


Thursday September 14, 2017 10:20am - 11:00am PDT
Gold 3

10:40am PDT

Tutorial: Hacking Device Drivers - How to Get into Kernel Development - Tobin Harding
Device drivers are an important entry point into Linux kernel development. The device drivers staging branch is an environment where newbies are welcome and their efforts are fostered.

In this tutorial you will learn some ways to find useful and interesting problems to work on, you will learn how to find tasks that enable you to learn and how to go about contributing your work back to the kernel.

In this tutorial you will learn how to use kernel development tools to find tractable problems to contribute to. These include checkpatch.pl, Sparse, Smatch, and Coccinelle. You will also learn about LKML etiquette (or how not to get flamed), how to write a git changelog message (or how not to get flamed), how to use git to ease your work flow, and how to craft a patch series that is acceptable to the kernel community.

Speakers
TC

Tobin C. Harding

Software Developer, Self employed
For the last six years Tobin has been chasing the dream of becoming a kernel hacker. He started his kernel hacking 'career' by doing driver patches in staging/. In 2017 he enjoyed a small amount of success when hashing of printk specifier %p landed in v3.15. He spent 2018 predominantly... Read More →


slides pdf

Thursday September 14, 2017 10:40am - 12:10pm PDT
Diamond Ballroom 10
  Tutorials

11:05am PDT

5G Mobile Core and Network Slicing - Om Prakash Suthar, Cisco
5G mobile technology will transform business models for service providers and contents providers. 5G core is built using open-source tools and end-to-end virtualization. One of unique feature is “networking slicing” which manages life cycle of 5G services ensuring end-to-end QoS and SLA. This session discusses about overall architecture for 5G architecture, open sources tools network slicing. The presentation will also cover use cases being deployed by service providers.

Speakers
OP

Om Prakash Suthar

Cisco Systems
Prakash Suthar is Principal Architect with Cisco Systems In. Core expertise in virtualization, NFVI and NANO for mobile service providers. Cisco certified expertise level knowledge in switching and routing protocols (OSPF, BGP), IPv6, software defined datacenter (SDDC), Hypervisor... Read More →



Thursday September 14, 2017 11:05am - 11:45am PDT
Gold 3

2:45pm PDT

OpenDaylight as a Platform for Network Programmability - Charles Eckel, Cisco DevNet
Software Defined Networking (SDN) may have started as the separation of the control plane and the data plane, but the true power lies in the ability to communicate with the network through well defined and interfaces using standard protocols. This session provides a brief intro to SDN in general, and more specifically to OpenDaylight, an open source platform for programmable SDN. Next we dive into network programmability, including why we need it and the role of NETCONF, YANG, and RESTCONF. Then we put the theory into practice as we install OpenDaylight as use it a platform for programming a sample network.

Speakers
avatar for Charles Eckel

Charles Eckel

Principal Engineer, Global Technology Standards, Cisco Systems
Charles is a recognized champion of open source, standards, and interoperability. At Cisco, Charles is responsible for identifying and guiding open source efforts related to key standards initiatives. In addition to work in MEF, Charles is active in IETF, where he started and runs... Read More →



Thursday September 14, 2017 2:45pm - 3:25pm PDT
Gold 3

3:30pm PDT

Improve the performance of GTP-U and Kube-Proxy Using VPP - Hongjun Ni, Intel
Come to this combined session where you will hear about:

Improve the Performance of Kubernetes Cluster with VPP Based Router and Load Balancer
In current kubernetes environment, the container network’s data paths are all in kernel space:
Container connects to the host with Linux virtual Ethernet device (VETH), kernel routing rules
And iptables rules enables the connection of the container from/to other containers or external Hosts; the default (which gains best performance) load balancer for the kube-proxy are also Implemented with iptables. This presentation will give another approach to enable the container Network with an userspace application named VPP to archive much better performance, two key technologies are used:
1> Virtio_user based data path to archive best performance for virtual NICs.
2> VPP load balancer to enable load balancer in userspace to archive better performance for kube-proxy

Six Ways to Improve Data Plane Performance in VPP and Container
VPP is a high performance, packet-processing stack that can run on commodity CPUs. But for some developers, if they did not know some tricks, they could not develop high performance data plane using VPP. The presentation will show six ways to optimize the data plane performance in VPP and container.It includes below key elements:

1) One-loop, Dual-loop and Quad-loop and performance evaluation.
2) Packet prefetching and performance evaluation.
3) Bypass first routing lookup and performance evaluation.
4) Bypass second routing lookup and performance evaluation.
5) Handle packet header in advance and performance evaluation.
6) Tweak startup configuration in container and performance evaluation.

Speakers
avatar for Hongjun Ni

Hongjun Ni

Senior Software Engineer, Intel
Hongjun Ni is focusing on high performance data plane and Cloud Native Networking. _x000D_ He is FD.io VPP Maintainer, Sweetcomb Project Lead, NSH_SFC Project Lead and Hc2vpp Committer. _x000D_ He has fourteen years' rich experience on Cloud Native, SmartNIC, Wireless, Wireline and... Read More →



Thursday September 14, 2017 3:30pm - 4:10pm PDT
Gold 3