After I cleaned up and ate a light breakfast at the hotel, I strolled back to the university building for the second day of the 2013 DevConf.cz event. In case you didn’t see them, here are my reports on part 1 and part 2 of the first day.
One thing I didn’t point out yesterday: I only saw most of one track. There were actually three complete tracks going on, several workshop rooms, and a couple of hacking labs. This is a really big conference: I hear there are almost 550 people here from around the world! Here’s what I saw and did today:
- Thomas Woerner presented his work on firewalld, the new dynamic firewall system. He talked not just about the problems firewalld solves but also some of the future capabilities. These include a rich language to adjust many pieces of the firewall in harmony when configuring. A lockdown mode is also planned that allows administrators to enforce policy and whitelist specific applications.
- Thomas Graf presented on Open vSwitch, a multilayer, distributed switching system that supports full automation and extensibility for routing network traffic. Open vSwitch is a smart approach to a hard problem: getting packets somewhere when you have multiple routes available and may not know enough to decide which to take. I’m not a routing expert so I will probably need to go back and revisit the slides to
- Lennart Poettering, Kay Sievers, and Harald Hoyer presented to an incredibly packed room (of course!) on “What Are We Breaking Today?”. Predictable network interface names were first on the roadmap. It sounds like this will succeed biosdevname (although it will not override it, i.e. people running biosdevname will not be affected). They also talked about gummiboot and the boot loader spec, which allows system owners to bypass the complex use of grub2 and instead drop simple configuration files into place to generate boot loader configuration. Another problem they try to solve: Newer systems when POSTing (UEFI, presumably) don’t initialize USB to save time, so systems with USB keyboards can’t choose from multiboot options. So they are trying to make it possible, even down to a user space component, to choose persistent or one-time multiboot options before rebooting. Next up was kernel D-Bus, which was a very fascinating and energetic discussion. It sounds like Kay and Lennart are working in the kernel community on both the coding side and the politics side to succeed. This is potentially a very powerful development. Finally, they talked about systemd in the user session, to give some of the same benefits to the session as have been given to the system boot. Think about it: we take about a second to boot the kernel, about a second to start the initrd, and then maybe 8-10 seconds or more to start a GNOME session! All this is leading toward an even bigger and vital topic: applications, app images, and app sandboxes. However, this is subject to design and not something Lennart & co. are looking at deeply on their own. As they said, Linux can be the world’s best and most-used general purpose OS, and the way to do this isn’t to slow down, because the other OS makers won’t.
- During the short break, I made a mad dash around the reception hall looking for anyone with hand lotion. Despite the wet weather, the heat in all the indoor locations has dried my hands to the point they’re starting to crack and bleed in places. (Yuck!) And of course I left my lotion at home, so it was comical trying to find someone with lotion. Thankfully the nice ladies at the reception desk, who barely spoke any English, eventually understood and helped me out!
- Fittingly, after the break Bryn Reeves did a retroactive look back at “What Were We Breaking Then?”. The talk was a light and humorous reminder that change is difficult, and the fundamental conflict between needing to evolve and increase competition, and people’s natural resistance to change isn’t likely to disappear. for instance, remember going from libc-5.3 (“Blecch, Red Hat ships an ancient libc”) to glibc-2.0 (“Blecch, Red Hat ships a bleeding edge libc”)?
- Dan Walsh then gave a talk on security for Linux containers. There are currently three different methods for this. The first is namespaces; Dan apparently created the first container method on RHEL back in RHEL 5, using pam_namespace. The second is the SELinux sandbox, which is available in RHEL 6. There is a third, new capability called systemd-nspawn that also allows you to containerize up to and including running a whole OS inside your host’s OS.
- Lennart Poettering returned to explain the systemd journal and its capabilities. The journal provides features for structure, indexing, security, reliability, standards compliance, localization, and many others. Lennart spent time explaining use cases motivating each capability of the journal, and it was quite compelling. It was not without controversy, but it seemed like the entire audience was quite impressed with the demonstrations that Lennart gave for the journalctl utility.
- I made a patch for an easily fixed problem Lennart encountered in his demo and attached it to this bug.
- There was a talk on rsyslog message normalization and parsing. I admit I zoned out for part of this talk, but mainly because I was hot to work out the above patch! Also I realized I totally missed lunch, so I went to find sustenance, even in the form of a hot dog from the vendor downstairs.
- I found out within 10 minutes after sending in my patch on the concerned bug, I had become a systemd contributor! 🙂
- I hung around with NetworkManager guru Dan Williams for a bit and we talked about fun overseas with phones.
- Open source super-guru Dan Allen did an amazing talk on Awestruct, a framework for HTML that lets you trivially create beautiful web sites out of content you can manage and deploy directly in git. This concept is very similar to what the Fedora Project is doing with templates for their site. Awestruct reduces the complexity by an order of magnitude, though, and eliminates the compile/build process.
- I sat in another session of short talks. Marek Grác talked to us about his work in working with virtual guests, specifically shutting them down. The talk title, “How to Turn Off Your Computer,” was immediately attention grabbing!
The conference was really fantastic, with great content and a lot of good hallway conversations. Combining the conference with an office visit made it even higher value, so I hope I can attend next year.
After the conference day ends, I’m meeting up with a group of buddies to find Koishi, a sushi restaurant Will Foster told me about. It’s supposed to be very good, with a real Japanese chef who gets fish flown in from Slovenia. I think tonight will be low key, since we are back at the Red Hat Czech office in the morning!
(UPDATE: Said chef was apparently not working tonight at the restaurant, so we opted for the quite satisfactory Sushi Ya, and had a wonderful time. Vaclav Tunka was a marvelous guide to some great Czech wines and the suhi was quite good. The butter fish was exceptional and they had a markedly excellent spider roll.)