Current location

narf Source control manager Git

diff options
authorOlivier Mehani <>2018-01-24 17:21:55 +1100
committerOlivier Mehani <>2018-01-24 17:21:55 +1100
commit1d5642b0f2be2062033fb4f1c967beff4354826c (patch)
parentf90ad2dde2e5ed9dcd351c714b4bea945b2f25bc (diff)
[2018lca] First conf day
Signed-off-by: Olivier Mehani <>
-rw-r--r--2018lca/IMG_20180124_144103.jpgbin0 -> 79201 bytes
2 files changed, 227 insertions, 3 deletions
diff --git a/2018lca/2018lca.tex b/2018lca/2018lca.tex
index 571dfcf..9c150ae 100644
--- a/2018lca/2018lca.tex
+++ b/2018lca/2018lca.tex
@@ -20,6 +20,7 @@
\usepackage{graphicx} \DeclareGraphicsRule{*}{pdf}{*}{}
%\usepackage[group-digits=true, group-separator={,}]{siunitx}
@@ -617,7 +618,7 @@ Why would one need access to a bio hacking lab?
\item Not great hardware nor network (even given NBN)
\item Limited to no permissions on devices (\eg, install to local user)
- \end{itemize}<++>
+ \end{itemize}
\item Tech indulgence
\item Tablets are consumer devices
@@ -807,7 +808,7 @@ Why would one need access to a bio hacking lab?
-\subsubsection{Is the 370 the worst bus route in Sydney? --- Katie Bell}
+\subsection{Is the 370 the worst bus route in Sydney? --- Katie Bell}
@@ -865,7 +866,7 @@ Why would one need access to a bio hacking lab?
\item Future work
- \item
+ \item \url{}
@@ -873,6 +874,229 @@ Why would one need access to a bio hacking lab?
+\subsection{XFS: Teaching an Old Dog New Trics --- Dave Chinner}
+ \item XFS architecture
+ \begin{itemize}
+ \item Original btree fs, with sibling pointers
+ \item \ldots
+ \item Write ahead, checkpoitn-based journalling
+ \end{itemize}
+ \item CoW FSs
+ \begin{itemize}
+ \item Can write anywhere (side effect of the way they update)
+ \item When updating (copy), need to update pointers, until there is a
+ unique FS index from the root
+ \item Consistent on-disk atomic transitions
+ \item Space allocation: don't know how much space a CoW update will need
+ \item Functionalities
+ \begin{itemize}
+ \item Sharing, snapshot, subvolumes
+ \end{itemize}
+ \end{itemize}
+ \item CoW in XFS
+ \begin{itemize}
+ \item Data only; limited to file cloning and data dedup
+ \item More difficult as sibling pointers need to be updated, too
+ \item Atomicity via deferred operation
+ \item How much of an FS do we need for a subvolume? What is a subvolume?
+ \begin{itemize}
+ \item Flexible capacity
+ \item Fully functionning filesystem
+ \item Can be snapshotted/cloned
+ \end{itemize}
+ \end{itemize}
+ \item Rethinking FSs
+ \begin{itemize}
+ \item Subvolumes as a namespace construct
+ \begin{itemize}
+ \item bind mount with directory quota
+ \item snapshot with \verb#cp -aR --refling=always#
+ \item replication with tar/rsync
+ \end{itemize}
+ \item Subvolumes as a device construct
+ \begin{itemize}
+ \item loopback using sparse image files
+ \item fast snapshot by cloning the image
+ \item replication with data copy
+ \item all the ENOSPC
+ \end{itemize}
+ \item Learning from others
+ \begin{itemize}
+ \item subvol specification via mount options is clunky
+ \item independent VFS entity
+ \item object-based replication is complex
+ \item ENOSPC
+ \end{itemize}
+ \item What's needed?
+ \begin{itemize}
+ \item Communication between layers for ENOSPC
+ \item New type of subvolume
+ \begin{itemize}
+ \item kernel directly mount image files
+ \item device space management API
+ \item FS implement both sides of the device space management API
+ \item subvolume does IO direct to host FS block device
+ \end{itemize}
+ \item Advantages
+ \begin{itemize}
+ \item underlying FS checks space for subvolume
+ \item cache-sharing (\verb#/bin/bash#)
+ \item overlays already do this right
+ \item per-file encryption (\eg, whole image, or each file in subvolume)
+ \end{itemize}
+ \end{itemize}
+ \end{itemize}
+ \item New tricks for an Old Dog
+\subsection{What happens when you quit your day job to work on OSS --- Andrew Cooks}
+ \item 2014: working as a software engineer for a VoIP company
+ \item Wanted to fix the root cause of stuttering in VoIP
+ \begin{itemize}
+ \item working on something that matterred
+ \item contriute to FLOSS
+ \item avoid conflict of interest and IP encumberances
+ \end{itemize}
+ \item How to earn an income?
+ \begin{itemize}
+ \item Free Software
+ \item hardware appliances: Jittertrap POC
+ \item consulting
+ \item custom solutions
+ \item Market size estimates
+ \end{itemize}
+ \item Business plan
+ \begin{enumerate}
+ \item Build stuff
+ \item ???
+ \item Profit
+ \end{enumerate}
+ \item Risk vs. Reward
+ \begin{itemize}
+ \item firewall business from personal finances
+ \item calculate opportunity costs
+ \begin{itemize}
+ \item Competitor sizes
+ \item Market segmentation (how much to hire)
+ \item Differentiate users from customers (users who don't have the
+ time, but have the budget)
+ \item FLOSS vs. profit seeking fallacies
+ \item testable hypotheses (who are the clients, how much would they
+ pay?, \ldots)
+ \end{itemize}
+ \item negotiate terms with patrons
+ \end{itemize}
+ \item Atypical day of a startup founder
+ \begin{itemize}
+ \item variety of tasks keep it interesting and engaging
+ \item always understand why the task is important
+ \item timebox to prevent burn-out and keep he tough bit ticking
+ \item keep regular routing
+ \end{itemize}
+ \item challenges and obstacles
+ \begin{itemize}
+ \item varied skills
+ \item context switches
+ \item isolation
+ \item facing vulnerability and rejection
+ \item culture clash between FLOSS and startups: quality software in time
+ vs. MVP and wasted effort elimination
+ \end{itemize}
+ \item Where to find help
+ \begin{itemize}
+ \item NOT: friends and family, startup networking meetups
+ \item weekly startup workshops, study groups, “The startup owners manual”
+ \end{itemize}
+ \item Questions
+ \begin{itemize}
+ \item How can we reduce the costs of marketing sales and support, and get
+ back to solving technical problems?
+ \item Wrong question: those are not cost centres, engineering is
+ $\rightarrow$ having solutions without problems is a trap
+ \end{itemize}
+ \item Career impact (after failing)
+ \begin{itemize}
+ \item better opportunities
+ \item lost salary recovered in 5 years
+ \item nobody cares about failed startups
+ \end{itemize}
+\subsection{Securing the Linux boot process --- Matthew Garrett}
+ \item There is no other security if there is not boot security
+ \item How to fix boot security?
+ \item UEFI Secure Boot, needed to be certified for Windows 8, required to
+ support signed objects
+ \item Multiple incompatible but spec-compliant implementation of the signature
+ code
+ \item Will only boot from an object with a valid signature from a trusted cert
+ \item Problem: initrds are not signed, they are an implementation detail of
+ the bootloader
+ \item Can't sign the initrd because the user wants to set config within it,
+ and can't have a trusted key
+ \item Could we use TPM?
+ \begin{itemize}
+ \item Not under control of the system processor
+ \item Independent devices with very well defined communication protocol
+ \item Has registers (PCRs) that can keep hashes of each next component that gets run
+ \item Can be used to measure that everything is as expected
+ \item Can decide to release secret only for valid measurements
+ \item Bootloader measures initrd, check PCR, TPM gives out FDE decryption
+ key
+ \end{itemize}
+ \item Everyone is a winner
+ \item \ldots until one of the values changes, and you lose access to all your
+ data if you forget to update your PCR
+ \item Microsoft to the rescure: turn secure boot into measured boot
+ \begin{itemize}
+ \item rather than measuring the files, measure the signing keys
+ \item happy to boot anything that has been signed by a key of the user
+ \end{itemize}
+ \item but initrds aren't signed
+ \item systemd includes a boot stub: very small EFI executable into which a
+ kernel and initrd can be embedded
+ \item but initrds contain local information
+ \item need to separate config from code that applies it; the ``code initrd''
+ will overwrite the code from the ``config initrd''
+ \item kernel command line is also security sensitive (as it can disable
+ security) $\rightarrow$ append security stuff to user stuff, but need to
+ sanitise \verb# --# out
+ \item things that can be protected
+ \begin{itemize}
+ \item FDE keys
+ \item proof of device state: inverted TOTP to check that it's safe to type
+ one's password; could use the TOMU for this
+ \item remote attestation
+ \item secure provisionning of secrets: only the device with the right TPM
+ in the right state can decrypt secrets you send it
+ \end{itemize}
+ \item QA: hard to use TPMs against users, as they have physical access, can
+ run any code that could, \eg, redirect requests to another, good-looking TPM
+\subsection{Open data for political and financial transparency --- Rosie Williams}
+ \item \url{}
+ \item Manually copied 20 PDFs into the first line item CSV of the federal
+ budget in 2013
+ \item In 2014, agencies used that schema to release their data directly
+ \item Budget data: current spending for last, current, and three future years
+ \item Mid-year fiscal update
+ \item 2016 Census data collation not sanctioned by existing legal framework
+ \item Advocate not only for accountability and transparency, but also on
+ privacy; member of EFA
diff --git a/2018lca/IMG_20180124_144103.jpg b/2018lca/IMG_20180124_144103.jpg
new file mode 100644
index 0000000..3cc88a4
--- /dev/null
+++ b/2018lca/IMG_20180124_144103.jpg
Binary files differ