Chaos Computer Club - openSUSE Conference 2018 (mp3)

Over the last year I have completed a large amount of work on the tools integral to the openSUSE release process and as such have become familiar with the scope, workflow, and general problems involved. After mulling over these general shortcomings it becomes clear that taking a step back and rethinking some core concepts such as the build service and the way the release tools interact with it is necessary. I have since explored and prototyped a new approach that should drastically reduce the maintenance burden on the openSUSE project while solving major pitfalls, improving transparency, solving a large number of open feature requests, and providing entirely new options. At this point it seems appropriate to present the concept and prototype to a wider audience before investing too much further. Hopefully, the openSUSE community will be as excited about this direction as I am. To start, some background on the type of work being done over the last year will be provided. Metrics will be provided to demonstrate the effect and importance of the work. After which details of pitfalls that force a cumbersome workflow will be provided in addition to covering some feature requests and general improvements desired for release work. The new approach will then be explained and how it resolves a large number of these problems while drastically reducing the overall code-base. With the reduction in the code-base along with adapting modern practices it should be easier to involve new contributors. Preferably key stake holders from OBS and release teams will be present and participate in a healthy discussion. Over the last year I have completed a large amount of work on the tools integral to the openSUSE release process and as such have become familiar with the scope, workflow, and general problems involved. After mulling over these general shortcomings it becomes clear that taking a step back and rethinking some core concepts such as the build service and the way the release tools interact with it is necessary. I have since explored and prototyped a new approach that should drastically reduce the maintenance burden on the openSUSE project while solving major pitfalls, improving transparency, solving a large number of open feature requests, and providing entirely new options. At this point it seems appropriate to present the concept and prototype to a wider audience before investing too much further. Hopefully, the openSUSE community will be as excited about this direction as I am. To start, some background on the type of work being done over the last year will be provided. Metrics will be provided to demonstrate the effect and importance of the work. After which details of pitfalls that force a cumbersome workflow will be provided in addition to covering some feature requests and general improvements desired for release work. The new approach will then be explained and how it resolves a large number of these problems while drastically reducing the overall code-base. With the reduction in the code-base along with adapting modern practices it should be easier to involve new contributors. Preferably key stake holders from OBS and release teams will be present and participate in a healthy discussion. about this event: https://c3voc.de

If you ever wondered how the OBS gets developed, this talk will provide some insights into how the OBS development works including tools we use (e.g. depfu, hakiri, codecov) and workflows we follow (e.g. Scrum). OBS developers have also changed a lot in the last time. The OBS frontend team has doubled its size within the last 2 years. We will explain how we brought everyone up to speed with techniques and methodologies such as Scrum and mob / pair programming. The reference installation build.opensuse.org is now also OBS frontend team responsibility. We changed the deployment process by introducing a demolition squad role. Beside build.opensuse.org, we also release OBS regularly and are in charge of quality assurance using e.g. openQA and Kanku. Last but not least, we will cover how you can participate in OBS development, both as a developer and suggesting changes and features. If you ever wondered how the OBS gets developed, this talk will provide some insights into how the OBS development works including tools we use (e.g. depfu, hakiri, codecov) and workflows we follow (e.g. Scrum). OBS developers have also changed a lot in the last time. The OBS frontend team has doubled its size within the last 2 years. We will explain how we brought everyone up to speed with techniques and methodologies such as Scrum and mob / pair programming. The reference installation build.opensuse.org is now also OBS frontend team responsibility. We changed the deployment process by introducing a demolition squad role. Beside build.opensuse.org, we also release OBS regularly and are in charge of quality assurance using e.g. openQA and Kanku. Last but not least, we will cover how you can participate in OBS development, both as a developer and suggesting changes and features. about this event: https://c3voc.de

A few years ago we started adding cross-compiler packages to Tumbleweed, based on our maintained GCC packages. There have been two recent toolchain additions, more are still in the works, and several challenges remain - such as on our end Leap and PackageHub. A few years ago we started adding cross-compiler packages to Tumbleweed, based on our maintained GCC packages. There have been two recent toolchain additions, more are still in the works, and several challenges remain - such as on our end Leap and PackageHub. about this event: https://c3voc.de

kanku is designed to give you a better integration of your kiwi images built in Open Build Service (OBS) into your development and testing workflow. It provides a framework for simple automation of complex setups, e.g. to prepare your development environment or run simple tests. This talk will give an overview of the motivation/goals and basic concepts/architecture of kanku. Links: * Presentation - https://m0ses.github.io/kanku-presentation/overview.html#/cover-page * Github Pages - https://m0ses.github.io/kanku/ * Github Code - https://github.com/M0ses/kanku/ kanku is designed to give you a better integration of your kiwi images built in Open Build Service (OBS) into your development and testing workflow. It provides a framework for simple automation of complex setups, e.g. to prepare your development environment or run simple tests. This talk will give an overview of the motivation/goals and basic concepts/architecture of kanku. Links: * Presentation - https://m0ses.github.io/kanku-presentation/overview.html#/cover-page * Github Pages - https://m0ses.github.io/kanku/ * Github Code - https://github.com/M0ses/kanku/ about this event: https://c3voc.de

The openSUSE Board (Richard Brown, Gertjan Lettink, Christian Boltz, Sarah Julia Kriesch, Ana María Martínez Gómez and Simon Lees) will present the outcome of their last F2F meeting, where they started driving its collective agenda for the next year. After that, everybody is welcome to ask questions, give feedback, make suggestions and present ideas. The openSUSE Board (Richard Brown, Gertjan Lettink, Christian Boltz, Sarah Julia Kriesch, Ana María Martínez Gómez and Simon Lees) will present the outcome of their last F2F meeting, where they started driving its collective agenda for the next year. After that, everybody is welcome to ask questions, give feedback, make suggestions and present ideas. about this event: https://c3voc.de

Following up on last year's talk (https://events.opensuse.org/conference/oSC17/program/proposal/1246) I intend to give an update on hardware support in openSUSE and software support for new boards. This will include an update on Meltdown/Spectre mitigations and what users need to take care of. Following up on last year's talk (https://events.opensuse.org/conference/oSC17/program/proposal/1246) I intend to give an update on hardware support in openSUSE and software support for new boards. This will include an update on Meltdown/Spectre mitigations and what users need to take care of. about this event: https://c3voc.de

Starting with openSUSE Leap 42.2, a lot of cooperation has been done to bridge gaps between openSUSE and SUSE Linux Enterprise distributions. Things have been improving nicely with openSUSE Leap 42.3. We'll go into details on what this cooperation means for both openSUSE contributors and for SUSE and how we ensure it takes place. We will also discuss how we adjusted SLE15 development and how was done in harmony with openSUSE Tumbleweed (rolling release). Starting with openSUSE Leap 42.2, a lot of cooperation has been done to bridge gaps between openSUSE and SUSE Linux Enterprise distributions. Things have been improving nicely with openSUSE Leap 42.3. We'll go into details on what this cooperation means for both openSUSE contributors and for SUSE and how we ensure it takes place. We will also discuss how we adjusted SLE15 development and how was done in harmony with openSUSE Tumbleweed (rolling release). about this event: https://c3voc.de

Open Build Service (OBS) development has increased in an exponential way. David will briefly explain the evolution of the OBS frontend in the last year, and also some of the awesome features that have been included recently. Kiwi Editor, Cloud Uploader features that are already available will not be the only ones we will talk about. Adrian will talk about the new OBS backend features as Docker build support, AppImage, Docker registry, etc. And last but not least, Marco will introduce us to OSC new features. We will also give some hints about the upcoming features we have in mind for the future of OBS. Sounds interesting, right? Don't miss this talk and take advantage of knowing all the improvements that can make your work easier using OBS. Open Build Service (OBS) development has increased in an exponential way. David will briefly explain the evolution of the OBS frontend in the last year, and also some of the awesome features that have been included recently. Kiwi Editor, Cloud Uploader features that are already available will not be the only ones we will talk about. Adrian will talk about the new OBS backend features as Docker build support, AppImage, Docker registry, etc. And last but not least, Marco will introduce us to OSC new features. We will also give some hints about the upcoming features we have in mind for the future of OBS. Sounds interesting, right? Don't miss this talk and take advantage of knowing all the improvements that can make your work easier using OBS. about this event: https://c3voc.de

At CZ.NIC, we are making open source routers. Those come with automatic updates, plenty of software available in repositories, root ssh account and other nice features. What challenges does it bring? How do we cope with them? Why would you want open source router anyway? What open source project are we building on top? And what actually spinned off out of our router? At CZ.NIC, we are making open source routers. Those come with automatic updates, plenty of software available in repositories, root ssh account and other nice features. What challenges does it bring? How do we cope with them? Why would you want open source router anyway? What open source project are we building on top? And what actually spinned off out of our router? about this event: https://c3voc.de

Creating development setups can be tedious, error-prone and quite horrifying to novice contributors of Open Source projects. You would set up a virtual machine, install the required software and spend quite some time configuring it. On top of this, your setup would require maintenance and updates. A more modern approach is featured in this talk: Create a reproducible environment, have automatic updates to new package versions just by using OBS to build your Docker container image from RPMs and a kiwi XML file. No more fiddling with VMs, no more manual install and configuration marathons - just download and run your ready-to-use Docker image from OBS. Creating development setups can be tedious, error-prone and quite horrifying to novice contributors of Open Source projects. You would set up a virtual machine, install the required software and spend quite some time configuring it. On top of this, your setup would require maintenance and updates. A more modern approach is featured in this talk: Create a reproducible environment, have automatic updates to new package versions just by using OBS to build your Docker container image from RPMs and a kiwi XML file. No more fiddling with VMs, no more manual install and configuration marathons - just download and run your ready-to-use Docker image from OBS. about this event: https://c3voc.de

Curious about openSUSE Kubic and using it for running your containers workloads ? I will introduce the various way to deploy openSUSE Kubic and explain how to get started with systems operations and containers management. From scratch to fully running containers in 45 minutes :) Curious about openSUSE Kubic and using it for running your containers workloads ? I will introduce the various way to deploy openSUSE Kubic and explain how to get started with systems operations and containers management. From scratch to fully running containers in 45 minutes :) about this event: https://c3voc.de

As probably you might know, GNOME hasn't been the most updated in technologies & processes used for the design, development, testing, QA, delivery loop. To be honest, we have been quite behind! Build fails, not passing tests, contributors stuck with trivial details, each product with different released days, designers and QA in need to build the whole stack to try out a minimal UI change... well, we could continue indefinitely. Needless to say this was a huge impact in our performance and contributor friendliness, even more in a time where web applications are as common. Fortunately, things has changed dramatically over the last two years, specially with Flatpak for a containerized-alike build and distribution of apps and our move to GitLab and its integrated CI, we are able to fully dive into integrating a more DevOps oriented workflow. This effort has become a dream come true for GNOME, that we would have never imagined a few years back. In this talk I will present and explain in details how to use and integrate Flatpak and GitLab together to create the future of the DevOps experience for Linux applications development and how we use it at GNOME and what impact is making to our organization. As probably you might know, GNOME hasn't been the most updated in technologies & processes used for the design, development, testing, QA, delivery loop. To be honest, we have been quite behind! Build fails, not passing tests, contributors stuck with trivial details, each product with different released days, designers and QA in need to build the whole stack to try out a minimal UI change... well, we could continue indefinitely. Needless to say this was a huge impact in our performance and contributor friendliness, even more in a time where web applications are as common. Fortunately, things has changed dramatically over the last two years, specially with Flatpak for a containerized-alike build and distribution of apps and our move to GitLab and its integrated CI, we are able to fully dive into integrating a more DevOps oriented workflow. This effort has become a dream come true for GNOME, that we would have never imagined a few years back. In this talk I will present and explain in details how to use and integrate Flatpak and GitLab together to create the future of the DevOps experience for Linux applications development and how we use it at GNOME and what impact is making to our organization. about this event: https://c3voc.de

SUSE Package Hub [1] provides open source packages to Enterprise Users by the Community. This talk shows the current status of this project, explains how to contribute and what might be next. [1] https://packagehub.suse.com SUSE Package Hub [1] provides open source packages to Enterprise Users by the Community. This talk shows the current status of this project, explains how to contribute and what might be next. [1] https://packagehub.suse.com about this event: https://c3voc.de

I love btrfs, I think btrfs is the best filesystem ever. But like all software, it's not absolutely 100% perfect all of the time. This lightning talk will help tell you what to do when it all goes wrong :) I love btrfs, I think btrfs is the best filesystem ever. But like all software, it's not absolutely 100% perfect all of the time. This lightning talk will help tell you what to do when it all goes wrong :) about this event: https://c3voc.de

Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases. Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix. Not only might this notion be somewhat disruptive for your early morning zen-moment, you might also be held legally accountable for these actions as it is actually your home network participating in an international attack wreaking havoc on, let’s say, the healthcare information system of a close NATO ally. Nowadays there is zero quality control being enforced over internet connected devices in general. But the EU (and US) have decided this somewhat naive approach should come to an end. A new directive (NIS, Directive on the Security of Network and Information Systems) comes into effect. Especially for branches active in the development of internet connected devices with a direct application in the “quality of life improvement” domain, this will be something to look out for: Medical devices Automotive Domotica This new directive includes the ambition of implementing a certification scheme for IT systems and devices, this scheme will be based on the existing ISO 15408 standard: “ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.” What does this standard encompass? What does open-source and free software have to do with this? Let’s have a closer look in this talk! Fibre to the home opens numerous interesting possibilities for both bona-fide and not so bona-fide use cases. Having your espresso machine or refrigerator being part of a multi-million device botnet which is attacking critical infrastructure might not necessarily be your first association when zipping your early morning caffeine fix. Not only might this notion be somewhat disruptive for your early morning zen-moment, you might also be held legally accountable for these actions as it is actually your home network participating in an international attack wreaking havoc on, let’s say, the healthcare information system of a close NATO ally. Nowadays there is zero quality control being enforced over internet connected devices in general. But the EU (and US) have decided this somewhat naive approach should come to an end. A new directive (NIS, Directive on the Security of Network and Information Systems) comes into effect. Especially for branches active in the development of internet connected devices with a direct application in the “quality of life improvement” domain, this will be something to look out for: Medical devices Automotive Domotica This new directive includes the ambition of implementing a certification scheme for IT systems and devices, this scheme will be based on the existing ISO 15408 standard: “ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.” What does this standard encompass? What does open-source and free software have to do with this? Let’s have a closer look in this talk! about this event: https://c3voc.de

With the release of Leap 15 the new system role called "Transactional Server" will be available during the installation, so this is the perfect opportunity to have a look at the concept behind it and how to work with such a system in practice. In this talk we will have a look at transactional-updates from different angles: * The basic concepts behind transactional-update * How to use the Transactional Server or Kubic (Users & Administrators) * Packaging for transactional systems (Packagers) * How transactional-update compares to other solutions from various distributions (Developers) * Recent developments in the transactional-update world With the release of Leap 15 the new system role called "Transactional Server" will be available during the installation, so this is the perfect opportunity to have a look at the concept behind it and how to work with such a system in practice. In this talk we will have a look at transactional-updates from different angles: * The basic concepts behind transactional-update * How to use the Transactional Server or Kubic (Users & Administrators) * Packaging for transactional systems (Packagers) * How transactional-update compares to other solutions from various distributions (Developers) * Recent developments in the transactional-update world about this event: https://c3voc.de

With openSUSE Leap, we've tried a new management model based on SLE. The same is true for the kernel, one of the most "core" packages in the whole distribution. However, in the case of kernels, a story is a bit different from others. In this talk, we'll take a look back at the history of openSUSE Leap kernel developments and maintenance from Leap 42.1 to 42.3, covering briefly about the concept of openSUSE Leap kernels, how they are packaged, and how they are maintained. This will show us a light and a shadow in the paths we've gone through, as well as the open question to a future development of Leap 15 series. With openSUSE Leap, we've tried a new management model based on SLE. The same is true for the kernel, one of the most "core" packages in the whole distribution. However, in the case of kernels, a story is a bit different from others. In this talk, we'll take a look back at the history of openSUSE Leap kernel developments and maintenance from Leap 42.1 to 42.3, covering briefly about the concept of openSUSE Leap kernels, how they are packaged, and how they are maintained. This will show us a light and a shadow in the paths we've gone through, as well as the open question to a future development of Leap 15 series. about this event: https://c3voc.de

Ever wanted to learn how to add this little piece of functionality that you're missing in MySQL but the codebase seems large and thus intimidating ? Then this talk is for you: we'll enumerate the ways to extend and alter MySQL functionality and will get you started on hacking on the codebase: what the layout is like and where to fund stuff and documentation to support you. We will also review the state of the doxygen project in MySQL 8.0. The talk assumes you'd have working knowledge with C/C++ and algorithms. Ever wanted to learn how to add this little piece of functionality that you're missing in MySQL but the codebase seems large and thus intimidating ? Then this talk is for you: we'll enumerate the ways to extend and alter MySQL functionality and will get you started on hacking on the codebase: what the layout is like and where to fund stuff and documentation to support you. We will also review the state of the doxygen project in MySQL 8.0. The talk assumes you'd have working knowledge with C/C++ and algorithms. about this event: https://c3voc.de

While the need for encrypted web sites has been sufficiently motivated by countless revelations on state sponsored surveillance or malevolent ISPs, acquiring a LetsEncrypt certificate used to be a tiresome business, and usually certificates broke anyway. openSUSE Leap 15 will be the first long term distribution to provide automated certificate requests and renewals thanks to dehydrated, which is also available for older distributions via OBS. This talk will show how to quickly acquire certificates for a single host and ensure that they will be automatically renewed and how to orchestrate certificate renewal for a whole fleet of servers and services via DNS. Finally, we will also look into further and future simplification for single services, such as Caddy or Apache's mod_md. While the need for encrypted web sites has been sufficiently motivated by countless revelations on state sponsored surveillance or malevolent ISPs, acquiring a LetsEncrypt certificate used to be a tiresome business, and usually certificates broke anyway. openSUSE Leap 15 will be the first long term distribution to provide automated certificate requests and renewals thanks to dehydrated, which is also available for older distributions via OBS. This talk will show how to quickly acquire certificates for a single host and ensure that they will be automatically renewed and how to orchestrate certificate renewal for a whole fleet of servers and services via DNS. Finally, we will also look into further and future simplification for single services, such as Caddy or Apache's mod_md. about this event: https://c3voc.de

There are several changes coming with the release of AppArmor 3. This talk will cover the changes that AppArmor 3 will bring and how the changes will affect policy and confinement. It will cover policy versioning, local vs pre-shipped read-only policy text, improvements in AppArmor policy namespaces, fine grained network and d-bus mediation as well as IMA integration. There are several changes coming with the release of AppArmor 3. This talk will cover the changes that AppArmor 3 will bring and how the changes will affect policy and confinement. It will cover policy versioning, local vs pre-shipped read-only policy text, improvements in AppArmor policy namespaces, fine grained network and d-bus mediation as well as IMA integration. about this event: https://c3voc.de