All Systems Go!
All Systems Go!
  • Видео 246
  • Просмотров 288 514
Closing session of All Systems Go! 2024
media.ccc.de/v/all-systems-go-2024-319-closing-session-of-all-systems-go-2024
Closing session of All Systems Go! 2024
Luca Boccassi
cfp.all-systems-go.io/all-systems-go-2024/talk/DLUVHF/
#asg2024
Licensed to the public under creativecommons.org/licenses/by/4.0/de/
Просмотров: 50

Видео

Closing session of All Systems Go! 2024
Просмотров 23Месяц назад
media.ccc.de/v/all-systems-go-2024-319-closing-session-of-all-systems-go-2024 Closing session of All Systems Go! 2024 Luca Boccassi cfp.all-systems-go.io/all-systems-go-2024/talk/DLUVHF/ #asg2024 Licensed to the public under creativecommons.org/licenses/by/4.0/de/
initrd performance improvements
Просмотров 266Месяц назад
media.ccc.de/v/all-systems-go-2024-291-initrd-performance-improvements Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The ...
Can systemd-resolved replace Avahi?
Просмотров 439Месяц назад
media.ccc.de/v/all-systems-go-2024-297-can-systemd-resolved-replace-avahi- Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network. There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distri...
mkosi-initrd: initrds built from system packages
Просмотров 150Месяц назад
media.ccc.de/v/all-systems-go-2024-302-mkosi-initrd-initrds-built-from-system-packages mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi - just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testin...
Home Directory Encryption in GNOME
Просмотров 367Месяц назад
media.ccc.de/v/all-systems-go-2024-282-home-directory-encryption-in-gnome Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be done Adrian Vovk cfp.all-systems-go.io/all-systems-go-2024/talk/FFY3BB/ #asg2024 Licensed to the public un...
Successes and struggles using the systemd user instance in developer environments
Просмотров 117Месяц назад
media.ccc.de/v/all-systems-go-2024-281-successes-and-struggles-using-the-systemd-user-instance-in-developer-environments This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges. Colin Chan cfp.all-systems-go.io/all-systems-go-2024/talk/H7CVUQ/ #asg202...
GNOME OS + systemd-sysupdate
Просмотров 283Месяц назад
media.ccc.de/v/all-systems-go-2024-285-gnome-os-systemd-sysupdate As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfe...
Improving systemd’s integration testing infrastructure
Просмотров 101Месяц назад
media.ccc.de/v/all-systems-go-2024-273-improving-systemd-s-integration-testing-infrastructure The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now. Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability. T...
Installing your OS with systemd-repart
Просмотров 211Месяц назад
media.ccc.de/v/all-systems-go-2024-283-installing-your-os-with-systemd-repart There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did it Adrian Vovk cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/ #asg2024 Licensed to the public under creativecommons.org/licenses/by/4.0/de/
SSH authentication using user and machine identities
Просмотров 294Месяц назад
media.ccc.de/v/all-systems-go-2024-320-ssh-authentication-using-user-and-machine-identities Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen. In this presentation we will take a look at how the TPM provides device attestation ...
Integration testing environment for mixed HPC and cloud workloads
Просмотров 21Месяц назад
media.ccc.de/v/all-systems-go-2024-321-integration-testing-environment-for-mixed-hpc-and-cloud-workloads Integration testing environment for mixed HPC and cloud workloads Ruggero Lot cfp.all-systems-go.io/all-systems-go-2024/talk/XNQLTE/ #asg2024 Licensed to the public under creativecommons.org/licenses/by/4.0/de/
Boring infrastructure: Building a secure signing environment
Просмотров 134Месяц назад
media.ccc.de/v/all-systems-go-2024-263-boring-infrastructure-building-a-secure-signing-environment Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments. This presentation will provide a general overview of the ...
busd: There is a new D-Bus broker in town
Просмотров 508Месяц назад
media.ccc.de/v/all-systems-go-2024-298-busd-there-is-a-new-d-bus-broker-in-town D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language kno...
Avocado Linux: Highly Secure Accelerated Embedded Development Platform for (A)IoT
Просмотров 120Месяц назад
media.ccc.de/v/all-systems-go-2024-301-avocado-linux-highly-secure-accelerated-embedded-development-platform-for-a-iot Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility an...
What's your PID 1 up to?
Просмотров 1,1 тыс.Месяц назад
What's your PID 1 up to?
Removing Cloud Providers From the Zero Trust Equation
Просмотров 50Месяц назад
Removing Cloud Providers From the Zero Trust Equation
Integrating systemd soft-reboot into a distribution and surviving it
Просмотров 117Месяц назад
Integrating systemd soft-reboot into a distribution and surviving it
Building Secure Container Images for the Cloud with Yocto
Просмотров 294Месяц назад
Building Secure Container Images for the Cloud with Yocto
systemd-ifying postmarketOS, our immutable future, and why Alpine is cooler than you thought
Просмотров 406Месяц назад
systemd-ifying postmarketOS, our immutable future, and why Alpine is cooler than you thought
Booting an embedded system like a PC
Просмотров 155Месяц назад
Booting an embedded system like a PC
Varlink Now!
Просмотров 670Месяц назад
Varlink Now!
Ideas for improving systemd-boot
Просмотров 141Месяц назад
Ideas for improving systemd-boot
libpathrs: securing path operations for system tools
Просмотров 60Месяц назад
libpathrs: securing path operations for system tools
using io_uring for storage
Просмотров 402Месяц назад
using io_uring for storage
systemd: round table
Просмотров 175Месяц назад
systemd: round table
systemd: state of the project
Просмотров 353Месяц назад
systemd: state of the project
Reproducible Builds at Sidero Labs: Tools and Techniques
Просмотров 237Месяц назад
Reproducible Builds at Sidero Labs: Tools and Techniques
Debian, empty /var/, empty /etc/ and factory reset
Просмотров 180Месяц назад
Debian, empty /var/, empty /etc/ and factory reset
A new way to develop on immutable Linux
Просмотров 363Месяц назад
A new way to develop on immutable Linux

Комментарии

  • @ikemkrueger
    @ikemkrueger 8 дней назад

    This looks very promising. Especially for full disk encryption.

  • @p1mml
    @p1mml 14 дней назад

    I like the model from ublue bluefin: homebrew for cli applications and flatpak for gui.

  • @natalie4698
    @natalie4698 25 дней назад

    I think making it single user makes a lot of sense. I don't have any data on this but I assume most linux users don't let anyone else use their laptop or desktop, and for those who do there's plenty of multi user distros.

  • @JaminFernandez
    @JaminFernandez 26 дней назад

    Yes, i user for open suse aeon and its amazing

  • @jacksonfive5180
    @jacksonfive5180 27 дней назад

    This video contains blasphemy.

  • @jacksonfive5180
    @jacksonfive5180 27 дней назад

    yard is going to rebuild CSS using tailwind - sure, sure, very explanatory. Especially rebuilding CSS, sure....

  • @jacksonfive5180
    @jacksonfive5180 27 дней назад

    This is like random facts with random timing. Why not just explain the concept behind and solution step by step. This video is not informative.

  • @kouda_ha
    @kouda_ha Месяц назад

    I love Sam, they're awesome always a pleasure to chat with

  • @Sim-rh4tj
    @Sim-rh4tj Месяц назад

    This is going to be very useful for the 'Immutable' distros, and probably beyond.

  • @EliasProbst
    @EliasProbst Месяц назад

    You promised me a blog post about Varlink and what you're gonna do about all the DBus issues in systemd... Now you delivered a talk - I'm happy! Thank you! 😁

  • @HeyItsGilbertS
    @HeyItsGilbertS Месяц назад

    I miss scuba 😭

  • @MikeButash
    @MikeButash Месяц назад

    Great talk and very cool functionality! I've been looking at enterprise PKI products for a customer that do this, notably Smallstep and Okta, both starting to leverage Device Attestation features for binding certificates to hardware for this very purpose. We began looking for internal enterprise PKI certificates for remote authentication (vpn) and networking (wired/wireless lan, 802.1x), but really want to leverage this for server access (ssh, tls applications) consistently using the same x.509 certificates in orchestration with the IDP since Okta now supports DA features. I'm glad to see more on this topic from folks looking for and/or creating solutions too.

  • @alfioemanuelef
    @alfioemanuelef Месяц назад

    Great work Philipp, looking forward to collaborating on making Passkeys happen!

  • @emteria
    @emteria Месяц назад

    Thanks to the All Systems Go! organizers for hosting a great event, and thanks to everyone who participated in the discussions. We're glad Marius had the opportunity to share his insights!

  • @gabrielelyas1868
    @gabrielelyas1868 Месяц назад

    It's really past time to retire the initrd.

  • @2rismo
    @2rismo Месяц назад

    I understood "Hello, my name is Cooper."

  • @gabrielelyas1868
    @gabrielelyas1868 Месяц назад

    Wow that's awesome! With each passing day, systemd advances further

  • @cepamoa1749
    @cepamoa1749 Месяц назад

    non english here, what is a sea high ?

  • @susiebaka3388
    @susiebaka3388 Месяц назад

    Is he Brad pitt

  • @BR7Fan71
    @BR7Fan71 2 месяца назад

    I love this distro! I did a hardening test with lynis and got a hardening score of 87 out of the box. I took a little time to get used to the new commands. I now am enjoyingthe heck out of this distro,, Thanks for the hard work

  • @Luix
    @Luix 2 месяца назад

    Does it work ok on raspberry pi?

  • @LajuanaPudenz-w7f
    @LajuanaPudenz-w7f 2 месяца назад

    Houston Hills

  • @MarzioBonfantiStanziola
    @MarzioBonfantiStanziola 2 месяца назад

    You lost me at "Supports GNOME only". Sorry.

  • @jonnyspeed8974
    @jonnyspeed8974 2 месяца назад

    That was very enjoyable to watch.

  • @unclefester9113
    @unclefester9113 2 месяца назад

    Fails install in a virtual environment ? Why ....... How to fix this ?????

  • @yash1152
    @yash1152 3 месяца назад

    15:29 okay, watch later

  • @mariuszdziem8203
    @mariuszdziem8203 4 месяца назад

    Ahh, so sad that it is only Gnome, maybe MATE or KDE, xfce ... but Gnome? ahh

    • @mariuszdziem8203
      @mariuszdziem8203 4 месяца назад

      Is there option to install another desktop? Ah, must look at it.

  • @mehmeticin
    @mehmeticin 4 месяца назад

    very logical and reasonable and pivotal moment for linux desktop. Linux desktop should be like Aeon , and get rid of competing with useless MacOS and Windows catchup .. there is nothing to be caught up in others . this is the stratagy sooner or later that will work.

  • @NeatMemesDotCom
    @NeatMemesDotCom 4 месяца назад

    Says word [wheezes] says a second word.

  • @sitaroartworks
    @sitaroartworks 5 месяцев назад

    It's very interesting but they should support Cinnamon instead of Gnome because is lighter and better.

    • @eps-nx8zg
      @eps-nx8zg 2 месяца назад

      x11 is insecure

  • @sitaroartworks
    @sitaroartworks 5 месяцев назад

    ...he's Dave the Diver! :)

  • @elalemanpaisa
    @elalemanpaisa 6 месяцев назад

    So you drop into a rescue shell and ask the tpm for the secrets as its the authoritied image the tpm gets chatty

    • @SmackMyKeyboard
      @SmackMyKeyboard 2 месяца назад

      IIRC then the hash of the cmdline is also measured into one of the PCRs meaning that the state of the cmdline can also be tied to the secrets.

  • @tetraphobie
    @tetraphobie 7 месяцев назад

    I really liked this talk as well. It was very focused, nice slides and good motivation why I should care (lol). Thank you!

  • @Marcus-w7n
    @Marcus-w7n 7 месяцев назад

    You lost me when I saw flatpak on your stack. What’s the freaking point? Everything is available as rpm

  • @CaseyHancocki3luefire
    @CaseyHancocki3luefire 7 месяцев назад

    was that the same person that said they didn't see any need for flakes a year or so ago? if so, what changed their mind?

  • @carlocoppa5246
    @carlocoppa5246 7 месяцев назад

    Respect for the work done, however I continue to prefer Tumbleweed which I have been using for over 6 years now and it has never caused me any problems. By the way I don't really like GNOME, not because I have anything against it, but I simply can't work with it, I find it much more convenient to use KDE-Plasma. If the Plasma version of MicroOS gets a stable release one day, then I might consider it, but for me, using GNOME is truly awful.

  • @tehehe5929
    @tehehe5929 7 месяцев назад

    As far as servers go why not make pxe bootable distro that doesn't install itself to disk? It boots over network and it ready to rock. Updates are reboot away same with rollbacks. Operating system becomes like kubernetes pod: immutable and stateless. As a bonus disks can be used for actually useful stuff.

  • @lzcoder
    @lzcoder 8 месяцев назад

    Aeon is a master piece, using the development version and its pretty stable, just works. Auto updates, rollback, flathub, distrobox and Gnome, all i need 💚.

    • @miloradowicz
      @miloradowicz 2 месяца назад

      You forgot a big pile of dungus to go along with gnome.

  • @sergiovelasquezzeballos3855
    @sergiovelasquezzeballos3855 8 месяцев назад

    I'm keeping Tumbleweed, but thank you for all this work, it's great.

  • @AramsYoutube
    @AramsYoutube 8 месяцев назад

    promising! i am looking forward for this.

  • @RiantoFatma
    @RiantoFatma 9 месяцев назад

    I truly can't wait to see this get available. For desktop/home server use cases, fscrypt method allows encryption on only some (sensitive) files and allow non-sensitive files to be stored unencrypted such that they might be accessed without the need to unlock.

  • @rarrie9123
    @rarrie9123 9 месяцев назад

    OpenSuse+Meta= OpenSuseberg. Be prepared 😈.

    • @ilvbunnies
      @ilvbunnies 8 месяцев назад

      It's the CONFERENCE that's sponsored by Meta, NOT the distro.

    • @rarrie9123
      @rarrie9123 8 месяцев назад

      @@ilvbunnies But yet they were ok with allowing Meta too. There's always have a choice. But much like we find out with other things deals are going on that we don't know yet. No need to defend anyone ;)

  • @rarrie9123
    @rarrie9123 9 месяцев назад

    I wanted to switch rom Manjaro to opensuse but if you guys are proud being supported by meta who are infamously known for taking our information to sell and do things with..Yeah I'm avoiding this like the grim death. And if you want to work on something how about hardware/software conpatitibilty? Having 2 threads one named "The hard way" to install nvidia drivers, why not just make it easier? No Linux distribution made me jump through so many hoops as well as the X11 issues you guys still have? Or maybe work on software compatitibilty like Surfshark and other apps? You guys have many good thing but fail hard at others it is confusing

  • @levijordan907
    @levijordan907 9 месяцев назад

    Thank you! This talk helped me immensely. Any talk of a location for ASG24?

    •  9 месяцев назад

      Always Berlin. We're working on the date.

  • @danielb.4205
    @danielb.4205 9 месяцев назад

    Awesome project!

  • @adonisayoub8160
    @adonisayoub8160 10 месяцев назад

    how can it be right when it's using gnome abomination? why don't you just focus on kalpa which is the right version. geez,

  • @yuytbe
    @yuytbe 10 месяцев назад

    Sadly the Subtitles are misleading useless. Worse than automatic.

  • @muellerhans
    @muellerhans 10 месяцев назад

    Interesting

  • @NormanF62
    @NormanF62 10 месяцев назад

    The initial build was garbage when it first came out…no Internet connection and it was a mess as a desktop. A few years later, Kalpa is much improved and everything now works, including the Internet! 😊

  • @VicharB
    @VicharB 10 месяцев назад

    I kinda still find it hard to grasp the soup of TPM, SED, FDE & Bitlocker for Windows, i.e how do I do SED (Samsung 990 Pro) with hardware encryption (no loss of speed) and that of Bitlocker (enable/disable); my dream is to have hardware FDE (using SED feature&) on Linux; currently I have Elitebook with TPM 2.0 and OPAL option (which I didn't enable) in BIOS and I have just simply enabled DriveLock feature. Man its a mess/complicated!!!