- Видео 246
- Просмотров 285 260
All Systems Go!
Германия
Добавлен 20 окт 2017
All Systems Go! is an open source community conference focused on the projects and technologies at the foundation of all modern Linux systems, specifically, low-level user-space technologies. Its goal is to provide a friendly and collaborative gathering place for individuals and communities working to push these technologies forward.
Closing session of All Systems Go! 2024
media.ccc.de/v/all-systems-go-2024-319-closing-session-of-all-systems-go-2024
Closing session of All Systems Go! 2024
Luca Boccassi
cfp.all-systems-go.io/all-systems-go-2024/talk/DLUVHF/
#asg2024
Licensed to the public under creativecommons.org/licenses/by/4.0/de/
Closing session of All Systems Go! 2024
Luca Boccassi
cfp.all-systems-go.io/all-systems-go-2024/talk/DLUVHF/
#asg2024
Licensed to the public under creativecommons.org/licenses/by/4.0/de/
Просмотров: 46
Видео
Closing session of All Systems Go! 2024
Просмотров 22Месяц назад
media.ccc.de/v/all-systems-go-2024-319-closing-session-of-all-systems-go-2024 Closing session of All Systems Go! 2024 Luca Boccassi cfp.all-systems-go.io/all-systems-go-2024/talk/DLUVHF/ #asg2024 Licensed to the public under creativecommons.org/licenses/by/4.0/de/
initrd performance improvements
Просмотров 245Месяц назад
media.ccc.de/v/all-systems-go-2024-291-initrd-performance-improvements Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The ...
Can systemd-resolved replace Avahi?
Просмотров 388Месяц назад
media.ccc.de/v/all-systems-go-2024-297-can-systemd-resolved-replace-avahi- Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network. There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distri...
mkosi-initrd: initrds built from system packages
Просмотров 138Месяц назад
media.ccc.de/v/all-systems-go-2024-302-mkosi-initrd-initrds-built-from-system-packages mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi - just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testin...
Home Directory Encryption in GNOME
Просмотров 288Месяц назад
media.ccc.de/v/all-systems-go-2024-282-home-directory-encryption-in-gnome Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be done Adrian Vovk cfp.all-systems-go.io/all-systems-go-2024/talk/FFY3BB/ #asg2024 Licensed to the public un...
Successes and struggles using the systemd user instance in developer environments
Просмотров 109Месяц назад
media.ccc.de/v/all-systems-go-2024-281-successes-and-struggles-using-the-systemd-user-instance-in-developer-environments This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges. Colin Chan cfp.all-systems-go.io/all-systems-go-2024/talk/H7CVUQ/ #asg202...
GNOME OS + systemd-sysupdate
Просмотров 239Месяц назад
media.ccc.de/v/all-systems-go-2024-285-gnome-os-systemd-sysupdate As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfe...
Improving systemd’s integration testing infrastructure
Просмотров 97Месяц назад
media.ccc.de/v/all-systems-go-2024-273-improving-systemd-s-integration-testing-infrastructure The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now. Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability. T...
Installing your OS with systemd-repart
Просмотров 193Месяц назад
media.ccc.de/v/all-systems-go-2024-283-installing-your-os-with-systemd-repart There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did it Adrian Vovk cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/ #asg2024 Licensed to the public under creativecommons.org/licenses/by/4.0/de/
SSH authentication using user and machine identities
Просмотров 271Месяц назад
media.ccc.de/v/all-systems-go-2024-320-ssh-authentication-using-user-and-machine-identities Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen. In this presentation we will take a look at how the TPM provides device attestation ...
Integration testing environment for mixed HPC and cloud workloads
Просмотров 19Месяц назад
media.ccc.de/v/all-systems-go-2024-321-integration-testing-environment-for-mixed-hpc-and-cloud-workloads Integration testing environment for mixed HPC and cloud workloads Ruggero Lot cfp.all-systems-go.io/all-systems-go-2024/talk/XNQLTE/ #asg2024 Licensed to the public under creativecommons.org/licenses/by/4.0/de/
Boring infrastructure: Building a secure signing environment
Просмотров 123Месяц назад
media.ccc.de/v/all-systems-go-2024-263-boring-infrastructure-building-a-secure-signing-environment Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments. This presentation will provide a general overview of the ...
busd: There is a new D-Bus broker in town
Просмотров 473Месяц назад
media.ccc.de/v/all-systems-go-2024-298-busd-there-is-a-new-d-bus-broker-in-town D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language kno...
Avocado Linux: Highly Secure Accelerated Embedded Development Platform for (A)IoT
Просмотров 109Месяц назад
media.ccc.de/v/all-systems-go-2024-301-avocado-linux-highly-secure-accelerated-embedded-development-platform-for-a-iot Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility an...
Removing Cloud Providers From the Zero Trust Equation
Просмотров 46Месяц назад
Removing Cloud Providers From the Zero Trust Equation
Integrating systemd soft-reboot into a distribution and surviving it
Просмотров 110Месяц назад
Integrating systemd soft-reboot into a distribution and surviving it
Building Secure Container Images for the Cloud with Yocto
Просмотров 282Месяц назад
Building Secure Container Images for the Cloud with Yocto
systemd-ifying postmarketOS, our immutable future, and why Alpine is cooler than you thought
Просмотров 358Месяц назад
systemd-ifying postmarketOS, our immutable future, and why Alpine is cooler than you thought
libpathrs: securing path operations for system tools
Просмотров 54Месяц назад
libpathrs: securing path operations for system tools
Reproducible Builds at Sidero Labs: Tools and Techniques
Просмотров 223Месяц назад
Reproducible Builds at Sidero Labs: Tools and Techniques
Debian, empty /var/, empty /etc/ and factory reset
Просмотров 163Месяц назад
Debian, empty /var/, empty /etc/ and factory reset
A new way to develop on immutable Linux
Просмотров 345Месяц назад
A new way to develop on immutable Linux
I think making it single user makes a lot of sense. I don't have any data on this but I assume most linux users don't let anyone else use their laptop or desktop, and for those who do there's plenty of multi user distros.
Yes, i user for open suse aeon and its amazing
This video contains blasphemy.
yard is going to rebuild CSS using tailwind - sure, sure, very explanatory. Especially rebuilding CSS, sure....
This is like random facts with random timing. Why not just explain the concept behind and solution step by step. This video is not informative.
I love Sam, they're awesome always a pleasure to chat with
This is going to be very useful for the 'Immutable' distros, and probably beyond.
You promised me a blog post about Varlink and what you're gonna do about all the DBus issues in systemd... Now you delivered a talk - I'm happy! Thank you! 😁
I miss scuba 😭
Great talk and very cool functionality! I've been looking at enterprise PKI products for a customer that do this, notably Smallstep and Okta, both starting to leverage Device Attestation features for binding certificates to hardware for this very purpose. We began looking for internal enterprise PKI certificates for remote authentication (vpn) and networking (wired/wireless lan, 802.1x), but really want to leverage this for server access (ssh, tls applications) consistently using the same x.509 certificates in orchestration with the IDP since Okta now supports DA features. I'm glad to see more on this topic from folks looking for and/or creating solutions too.
Great work Philipp, looking forward to collaborating on making Passkeys happen!
Thanks to the All Systems Go! organizers for hosting a great event, and thanks to everyone who participated in the discussions. We're glad Marius had the opportunity to share his insights!
It's really past time to retire the initrd.
I understood "Hello, my name is Cooper."
Yeah, that's all I got too..
Wow that's awesome! With each passing day, systemd advances further
non english here, what is a sea high ?
Is he Brad pitt
I love this distro! I did a hardening test with lynis and got a hardening score of 87 out of the box. I took a little time to get used to the new commands. I now am enjoyingthe heck out of this distro,, Thanks for the hard work
Does it work ok on raspberry pi?
Houston Hills
You lost me at "Supports GNOME only". Sorry.
That was very enjoyable to watch.
Fails install in a virtual environment ? Why ....... How to fix this ?????
15:29 okay, watch later
Ahh, so sad that it is only Gnome, maybe MATE or KDE, xfce ... but Gnome? ahh
Is there option to install another desktop? Ah, must look at it.
very logical and reasonable and pivotal moment for linux desktop. Linux desktop should be like Aeon , and get rid of competing with useless MacOS and Windows catchup .. there is nothing to be caught up in others . this is the stratagy sooner or later that will work.
Says word [wheezes] says a second word.
It's very interesting but they should support Cinnamon instead of Gnome because is lighter and better.
x11 is insecure
...he's Dave the Diver! :)
So you drop into a rescue shell and ask the tpm for the secrets as its the authoritied image the tpm gets chatty
IIRC then the hash of the cmdline is also measured into one of the PCRs meaning that the state of the cmdline can also be tied to the secrets.
I really liked this talk as well. It was very focused, nice slides and good motivation why I should care (lol). Thank you!
You lost me when I saw flatpak on your stack. What’s the freaking point? Everything is available as rpm
was that the same person that said they didn't see any need for flakes a year or so ago? if so, what changed their mind?
Respect for the work done, however I continue to prefer Tumbleweed which I have been using for over 6 years now and it has never caused me any problems. By the way I don't really like GNOME, not because I have anything against it, but I simply can't work with it, I find it much more convenient to use KDE-Plasma. If the Plasma version of MicroOS gets a stable release one day, then I might consider it, but for me, using GNOME is truly awful.
As far as servers go why not make pxe bootable distro that doesn't install itself to disk? It boots over network and it ready to rock. Updates are reboot away same with rollbacks. Operating system becomes like kubernetes pod: immutable and stateless. As a bonus disks can be used for actually useful stuff.
Aeon is a master piece, using the development version and its pretty stable, just works. Auto updates, rollback, flathub, distrobox and Gnome, all i need 💚.
You forgot a big pile of dungus to go along with gnome.
I'm keeping Tumbleweed, but thank you for all this work, it's great.
promising! i am looking forward for this.
I truly can't wait to see this get available. For desktop/home server use cases, fscrypt method allows encryption on only some (sensitive) files and allow non-sensitive files to be stored unencrypted such that they might be accessed without the need to unlock.
OpenSuse+Meta= OpenSuseberg. Be prepared 😈.
It's the CONFERENCE that's sponsored by Meta, NOT the distro.
@@ilvbunnies But yet they were ok with allowing Meta too. There's always have a choice. But much like we find out with other things deals are going on that we don't know yet. No need to defend anyone ;)
I wanted to switch rom Manjaro to opensuse but if you guys are proud being supported by meta who are infamously known for taking our information to sell and do things with..Yeah I'm avoiding this like the grim death. And if you want to work on something how about hardware/software conpatitibilty? Having 2 threads one named "The hard way" to install nvidia drivers, why not just make it easier? No Linux distribution made me jump through so many hoops as well as the X11 issues you guys still have? Or maybe work on software compatitibilty like Surfshark and other apps? You guys have many good thing but fail hard at others it is confusing
Thank you! This talk helped me immensely. Any talk of a location for ASG24?
Always Berlin. We're working on the date.
Awesome project!
how can it be right when it's using gnome abomination? why don't you just focus on kalpa which is the right version. geez,
Sadly the Subtitles are misleading useless. Worse than automatic.
Interesting
The initial build was garbage when it first came out…no Internet connection and it was a mess as a desktop. A few years later, Kalpa is much improved and everything now works, including the Internet! 😊
I kinda still find it hard to grasp the soup of TPM, SED, FDE & Bitlocker for Windows, i.e how do I do SED (Samsung 990 Pro) with hardware encryption (no loss of speed) and that of Bitlocker (enable/disable); my dream is to have hardware FDE (using SED feature&) on Linux; currently I have Elitebook with TPM 2.0 and OPAL option (which I didn't enable) in BIOS and I have just simply enabled DriveLock feature. Man its a mess/complicated!!!
Have been SuSE/Opensuse user since version 7.x, as my primary OS, Tumbleweed being my choice since nearly its early days.; as of today I am running it on my latest bought Elitebook 835 G10 7840U/32GB/Samsung 990 Pro 2TB and all is working out of box, including ambient light sensor, wifi, bluetooth, fingerprint scanner, etc ... 100%. Will definitely give a try to MicroOS/Aeon, but then I a KDE guy! Thanks to the Team for this awesome OS/platform/distro ... Thumbs Up!
"Big YAML" received a chuckle. Very much enjoyed the talk, thank you Xe!