Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

Fun fact: de broer van Jimmy van Get Ready was ook een muzikaal talent. Andy Samyn zong onder de artiestennaam Andy - oh nineties, wat houden we van je - de monsterhit ‘Boem’. ‘Als ik je zie dan slaat mijn hartje tilt Boem, boem, boem, boem’, klonk het. Anyway: ontploffingen zie je tegenwoordig overal. Zelfs in kinderfilms, want in Pixarhits zoals …

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD), collectively know as zeroconf, are technologies used for devices to find each other and advertise services on the local network.There are two widely used FOSS implementations: mDNSResponder is used by Apple and Android, while Avahi is used by most GNU/Linux distributions. However, there is a …

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

Every second spent on waiting for a system to boot is wasted time. In this talk I present the steps we took in Ubuntu to speed up the boot and the initrd generation time. The presented improvements are not specific to Ubuntu and can be ported to other implementations (like dracut) to benefit other distributions as well. The talk will present furthe…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

mkosi-initrd is a project to build initrds from normal system packages (rpms, debs). Initially separate, it now is part of mkosi — just another build stage. systemd uses mkosi for automated tests, and this now includes building an initrd and booting a VM with it, so such initrds are getting fairly wide testing, albeit in fairly narrow circumstances…

Thanks to work made possible by the STF grant, all the pieces are there for GNOME to integrate with systemd-homed. This talk describes what it took to get here, what new features it gives us, what still remains to be doneLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-s…

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

This talk will explore several of the ways we've leveraged the systemd user instance in our developer environments at Meta, challenges we faced while doing so, and how we worked around those challenges.Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk…

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

As a reference for developers and testers, GNOME OS is an experimental Linux distribution that ships the latest in-development GNOME desktop, core applications, and stack. GNOME OS is currently using OSTree, this talk covers the ongoing work to add features to systemd-sysupdate and transition to it. Features like optional transfers, delta updates, …

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/توسط Adrian Vovk

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/توسط Adrian Vovk

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

The Sovereign Tech Fund paid Codethink to help improve the integration testing infrastructure of systemd. This talk covers how the integration test suite used to work and what it does now.Systemd's integration test suite used to have a number of shortcomings in terms of features and maintainability.The Sovereign Tech Fund provided an opportunity to…

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/توسط Adrian Vovk

There's a new installer for GNOME OS, and it's built on top of systemd-repart. Here's how and why we did itLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/CMQTNL/توسط Adrian Vovk

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments.This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/sig…

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this wi…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

D-Bus is an IPC mechanism that is very ubiquitous on Linux systems everywhere (desktop, cloud and embedded). It is the mechanism you'd use to communicate with many of the core Linux userspace subsystems, such as systemd, NetworkManager etc. Traditionally, most of these services have been written in C, a language known for its lack of safety and exp…

Developing embedded products often involves a trade-off between robust security and accelerated development. Production environments, while offering high security and immutability, can inhibit rapid development cycles. Conversely, sandbox environments provide the flexibility and integration needed for fast development but are not suitable for produ…

How do you continually test and release new versions of systemd with confidence? Also, once released, how do you monitor PID 1 itself and your PID 1 usage across your server fleet? This talk dives into Meta’s way of answering these questions so we can minimize the risk of breaking changes and fun each systemd release brings us. Some of the technolo…