{"acronym":"asg2023","aspect_ratio":"16:9","updated_at":"2026-04-13T22:30:06.257+02:00","title":"All Systems Go! 2023","schedule_url":"","slug":"conferences/all_systems_go/asg2023","event_last_released_at":"2023-09-14T00:00:00.000+02:00","link":"","description":"","webgen_location":"conferences/all_systems_go/asg2023","logo_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/logo.png","images_url":"https://static.media.ccc.de/media/events/all_systems_go/2023","recordings_url":"https://cdn.media.ccc.de/events/all_systems_go/2023","url":"https://api.media.ccc.de/public/conferences/asg2023","events":[{"guid":"87dfe1c5-dca2-5733-9836-fe2e3c9d625c","title":"64-bit time_t on armhf: Running abi-compliance-checker on all of Ubuntu","subtitle":null,"slug":"all-systems-go-2023-199-64-bit-timet-on-armhf-running-abi-compliance-checker-on-all-of-ubuntu","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/R3SWBQ/","description":"Some quick numbers and maybe curiousities from our work on evaluating which libraries need to be rebuilt for 64-bit time_t on armhf in Ubuntu using abi-compliance-checker.","original_language":"eng","persons":["Julian Andres Klode"],"tags":["asg2023","199","2023"],"view_count":59,"promoted":false,"date":"2023-09-13T17:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-01-29T18:45:13.477+01:00","length":253,"duration":253,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/199-87dfe1c5-dca2-5733-9836-fe2e3c9d625c.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/199-87dfe1c5-dca2-5733-9836-fe2e3c9d625c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/199-87dfe1c5-dca2-5733-9836-fe2e3c9d625c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/199-87dfe1c5-dca2-5733-9836-fe2e3c9d625c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-199-64-bit-timet-on-armhf-running-abi-compliance-checker-on-all-of-ubuntu","url":"https://api.media.ccc.de/public/events/87dfe1c5-dca2-5733-9836-fe2e3c9d625c","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"f6836b6c-af3e-5696-a7b8-e7562129c180","title":"Principle of least configuration","subtitle":null,"slug":"all-systems-go-2023-194-principle-of-least-configuration","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/PVJQTH/","description":"The journey of developing a Linux platform to require very little in the way of configuration management, and how to virtually eliminate the need to modify code to change configuration. From configuration via scripts and evolving through a couple of configuration management products, we have used the idea of matching actions to timescales to transform how we do configuration management. We now do very little of it, and we have dramatically reduced its complexity.","original_language":"eng","persons":["James Morris"],"tags":["asg2023","194","2023"],"view_count":190,"promoted":false,"date":"2023-09-13T17:45:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-01-08T12:30:22.288+01:00","length":319,"duration":319,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/194-f6836b6c-af3e-5696-a7b8-e7562129c180.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/194-f6836b6c-af3e-5696-a7b8-e7562129c180_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/194-f6836b6c-af3e-5696-a7b8-e7562129c180.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/194-f6836b6c-af3e-5696-a7b8-e7562129c180.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-194-principle-of-least-configuration","url":"https://api.media.ccc.de/public/events/f6836b6c-af3e-5696-a7b8-e7562129c180","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"1fb562d0-6fe4-5015-9423-128b5711401f","title":"WIP: Sandboxing APT","subtitle":null,"slug":"all-systems-go-2023-198-wip-sandboxing-apt","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/8CGF9L/","description":"A short case study on where we are with sandboxing APT; what gaps there are and what technologies we looked at.\n\nDownloading packages, verifying packages, installing packages, protecting user data from snoopy or broken maintainer scripts. A package manager has a lot of places that can need some sort of sandboxing.\n\nAPT currently employs a minimal sandbox using a separate user for downloading, and optionally seccomp. This talk will explore that, the caveats and some more avenues like landlock, running apt in systemd isolation (useful for our apt-based .service units), file descriptor passing into sandbox.","original_language":"eng","persons":["Julian Andres Klode"],"tags":["asg2023","198","2023"],"view_count":81,"promoted":false,"date":"2023-09-13T16:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-28T00:00:05.247+01:00","length":1315,"duration":1315,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/198-1fb562d0-6fe4-5015-9423-128b5711401f.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/198-1fb562d0-6fe4-5015-9423-128b5711401f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/198-1fb562d0-6fe4-5015-9423-128b5711401f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/198-1fb562d0-6fe4-5015-9423-128b5711401f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-198-wip-sandboxing-apt","url":"https://api.media.ccc.de/public/events/1fb562d0-6fe4-5015-9423-128b5711401f","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"ce80491f-f570-5fc3-af6d-0a7004cc5797","title":"tvix-store","subtitle":null,"slug":"all-systems-go-2023-245-tvix-store","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/AKNDS3/","description":"All Systems Go! lightning talk","original_language":"eng","persons":["flokli"],"tags":["asg2023","245","2023"],"view_count":66,"promoted":false,"date":"2023-09-13T17:55:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2025-09-14T22:30:10.147+02:00","length":249,"duration":249,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/245-ce80491f-f570-5fc3-af6d-0a7004cc5797.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/245-ce80491f-f570-5fc3-af6d-0a7004cc5797_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/245-ce80491f-f570-5fc3-af6d-0a7004cc5797.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/245-ce80491f-f570-5fc3-af6d-0a7004cc5797.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-245-tvix-store","url":"https://api.media.ccc.de/public/events/ce80491f-f570-5fc3-af6d-0a7004cc5797","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"b635ab86-0c62-5ad3-a2dc-c09ac21b12d8","title":"Booting fast: Why does power-on to login still last longer than one second?","subtitle":null,"slug":"all-systems-go-2023-237-booting-fast-why-does-power-on-to-login-still-last-longer-than-one-second-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/HZY3K8/","description":"In light of the climate crises, and despite hardware getting faster and faster, fully powering down systems and back on on demand – the obvious choice – is still inconvenient, as boot times are still very long. Even ChromeOS still has not lowered its limit from ten seconds since years. Show the current status of the hobby project on x86 hardware, and give an overview of recent Linux kernel developments getting rid some of the delays.","original_language":"eng","persons":["Paul Menzel"],"tags":["asg2023","237","2023"],"view_count":629,"promoted":false,"date":"2023-09-13T16:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-13T13:45:10.312+01:00","length":1559,"duration":1559,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/237-b635ab86-0c62-5ad3-a2dc-c09ac21b12d8.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/237-b635ab86-0c62-5ad3-a2dc-c09ac21b12d8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/237-b635ab86-0c62-5ad3-a2dc-c09ac21b12d8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/237-b635ab86-0c62-5ad3-a2dc-c09ac21b12d8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-237-booting-fast-why-does-power-on-to-login-still-last-longer-than-one-second-","url":"https://api.media.ccc.de/public/events/b635ab86-0c62-5ad3-a2dc-c09ac21b12d8","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"f0a6d9c9-499d-55e9-a071-d714c0a652d9","title":"New Mount API","subtitle":null,"slug":"all-systems-go-2023-244-new-mount-api","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/NYLYDK/","description":"This talk will discuss new features provided by the new kernel mount API interface","original_language":"eng","persons":["Christian Brauner"],"tags":["asg2023","244","2023"],"view_count":143,"promoted":false,"date":"2023-09-13T14:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-01-28T01:30:07.884+01:00","length":2513,"duration":2513,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/244-f0a6d9c9-499d-55e9-a071-d714c0a652d9.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/244-f0a6d9c9-499d-55e9-a071-d714c0a652d9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/244-f0a6d9c9-499d-55e9-a071-d714c0a652d9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/244-f0a6d9c9-499d-55e9-a071-d714c0a652d9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-244-new-mount-api","url":"https://api.media.ccc.de/public/events/f0a6d9c9-499d-55e9-a071-d714c0a652d9","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"f1e8fe2b-b5a1-5ff6-9586-0ed7ae2c9119","title":"systemd-repart: Building Discoverable Disk Images","subtitle":null,"slug":"all-systems-go-2023-191-systemd-repart-building-discoverable-disk-images","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/VPQADA/","description":"systemd-repart has recently learned many features to make it useful for building discoverable disk images. In this talk, we'll give a deep-dive on the new features and how they can be used to assemble discoverable disk images.","original_language":"eng","persons":["Daan De Meyer"],"tags":["asg2023","191","2023"],"view_count":1001,"promoted":false,"date":"2023-09-14T14:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-31T23:30:09.221+02:00","length":1980,"duration":1980,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/191-f1e8fe2b-b5a1-5ff6-9586-0ed7ae2c9119.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/191-f1e8fe2b-b5a1-5ff6-9586-0ed7ae2c9119_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/191-f1e8fe2b-b5a1-5ff6-9586-0ed7ae2c9119.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/191-f1e8fe2b-b5a1-5ff6-9586-0ed7ae2c9119.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-191-systemd-repart-building-discoverable-disk-images","url":"https://api.media.ccc.de/public/events/f1e8fe2b-b5a1-5ff6-9586-0ed7ae2c9119","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"e0c11caf-4937-53ec-acbc-2cafc74a6d65","title":"antlir2: Deterministic image builds with buck2","subtitle":null,"slug":"all-systems-go-2023-223-antlir2-deterministic-image-builds-with-buck2","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/9E9MLC/","description":"In this talk we’ll discuss antlir2, Meta’s solution to building container and bare metal operating system images. We’ll talk about how we have built performant, hermetic and deterministic image building infrastructure on top of buck2 (Meta’s new open source build system) and how we enable users to compose their own multi-language projects with full operating systems, write tests and deploy their images. Along the way, we’ll also cover how antlir2 wrangles dnf and other upstream tooling to behave more predictably for better, more reliable images.","original_language":"eng","persons":["Vinnie Magro"],"tags":["asg2023","223","2023"],"view_count":291,"promoted":false,"date":"2023-09-14T17:45:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-07T16:30:06.536+02:00","length":1400,"duration":1400,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/223-e0c11caf-4937-53ec-acbc-2cafc74a6d65.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/223-e0c11caf-4937-53ec-acbc-2cafc74a6d65_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/223-e0c11caf-4937-53ec-acbc-2cafc74a6d65.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/223-e0c11caf-4937-53ec-acbc-2cafc74a6d65.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-223-antlir2-deterministic-image-builds-with-buck2","url":"https://api.media.ccc.de/public/events/e0c11caf-4937-53ec-acbc-2cafc74a6d65","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"6052bed1-946c-5a62-ac89-10ce04c66347","title":"Encrypted Btrfs Subvolumes: Keeping Container Storage Safe","subtitle":null,"slug":"all-systems-go-2023-221-encrypted-btrfs-subvolumes-keeping-container-storage-safe","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/ZJDHRA/","description":"At Meta, we've been working to add encryption support to btrfs, with exciting implications for per-container security. Traditionally encryption has either dealt with whole disks, with LUKS, or with a few filesystems: ext4, f2fs, ubifs, and ceph, lacking in advanced volume management. Btrfs has several features these filesystems don't: deduplicating/reflinking identical data, subvolume/snapshot management, and integrated checksumming. These features allow giving containers their own encrypted subvolume with a key only loaded when the container is running, preventing container storage from being read while turned off, and making deletion of expired containers' storage secure.","original_language":"eng","persons":["Sweet Tea Dorminy"],"tags":["asg2023","221","2023"],"view_count":346,"promoted":false,"date":"2023-09-13T10:30:00.000+02:00","release_date":"2023-09-13T00:00:00.000+02:00","updated_at":"2026-04-11T11:45:03.507+02:00","length":1548,"duration":1548,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/221-6052bed1-946c-5a62-ac89-10ce04c66347.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/221-6052bed1-946c-5a62-ac89-10ce04c66347_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/221-6052bed1-946c-5a62-ac89-10ce04c66347.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/221-6052bed1-946c-5a62-ac89-10ce04c66347.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-221-encrypted-btrfs-subvolumes-keeping-container-storage-safe","url":"https://api.media.ccc.de/public/events/6052bed1-946c-5a62-ac89-10ce04c66347","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"34203612-1025-5359-85f9-d42f13739426","title":"Why would you still want to use strace in 2023?","subtitle":null,"slug":"all-systems-go-2023-228-why-would-you-still-want-to-use-strace-in-2023-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/GUVYJ7/","description":"strace is a traditional userspace tracer utility for Linux, implemented using ptrace API. Despite of the abundance of various kernel tracing interfaces nowadays, there are certain classes of tasks that are still better served by strace. In this talk the maintainer of strace will provide examples of such tasks.","original_language":"eng","persons":["Eugene Syromiatnikov","Dmitry Levin"],"tags":["asg2023","228","2023"],"view_count":8169,"promoted":false,"date":"2023-09-13T12:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-12T18:30:07.125+02:00","length":1588,"duration":1588,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/228-34203612-1025-5359-85f9-d42f13739426.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/228-34203612-1025-5359-85f9-d42f13739426_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/228-34203612-1025-5359-85f9-d42f13739426.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/228-34203612-1025-5359-85f9-d42f13739426.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-228-why-would-you-still-want-to-use-strace-in-2023-","url":"https://api.media.ccc.de/public/events/34203612-1025-5359-85f9-d42f13739426","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"4a61eec7-aa3a-582f-8919-ae117bd2afad","title":"Adventures of Linux Userspace at Meta","subtitle":null,"slug":"all-systems-go-2023-193-adventures-of-linux-userspace-at-meta","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/YAHVZG/","description":"The Linux Userspace team at Meta aims to make significant contributions to upstream userspace projects, while also ensuring that Meta is able to leverage those improvements. In this talk we'll give an overview of the team and brief history of how it was formalized. Then we'll dive deeper into some of the efforts we've worked on with the open source community and features we've adopted internally. Come if you enjoy hearing about systemd, BPF, distributions, and more!","original_language":"eng","persons":["Anita Zhang"],"tags":["asg2023","193","2023"],"view_count":7520,"promoted":false,"date":"2023-09-14T10:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-31T20:00:05.352+02:00","length":1430,"duration":1430,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/193-4a61eec7-aa3a-582f-8919-ae117bd2afad.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/193-4a61eec7-aa3a-582f-8919-ae117bd2afad_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/193-4a61eec7-aa3a-582f-8919-ae117bd2afad.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/193-4a61eec7-aa3a-582f-8919-ae117bd2afad.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-193-adventures-of-linux-userspace-at-meta","url":"https://api.media.ccc.de/public/events/4a61eec7-aa3a-582f-8919-ae117bd2afad","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"92ddb5a3-da61-5f0b-8cd4-fa2c71d1d4f6","title":"Confidential Compute: State-of-the-art and how to get started","subtitle":null,"slug":"all-systems-go-2023-217-confidential-compute-state-of-the-art-and-how-to-get-started","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/7LVG99/","description":"Confidential compute is a new compute and programming paradigm to run an application in enclave, a run-time encrypted and authenticated trusted execution environment. We give an overview of the current technologies provided by AMD, Intel and ARM. We also give an overview of open source tools to leverage compute along a tutorial to enclave any applications with few command lines.","original_language":"eng","persons":["Sebastian Gajek"],"tags":["asg2023","217","2023"],"view_count":147,"promoted":false,"date":"2023-09-14T09:45:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-16T20:00:08.722+01:00","length":2409,"duration":2409,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/217-92ddb5a3-da61-5f0b-8cd4-fa2c71d1d4f6.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/217-92ddb5a3-da61-5f0b-8cd4-fa2c71d1d4f6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/217-92ddb5a3-da61-5f0b-8cd4-fa2c71d1d4f6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/217-92ddb5a3-da61-5f0b-8cd4-fa2c71d1d4f6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-217-confidential-compute-state-of-the-art-and-how-to-get-started","url":"https://api.media.ccc.de/public/events/92ddb5a3-da61-5f0b-8cd4-fa2c71d1d4f6","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"19097443-0868-5d9f-a563-8a9cde5e5a07","title":"Making a magic deduplicating tar using the FICLONE ioctl","subtitle":null,"slug":"all-systems-go-2023-225-making-a-magic-deduplicating-tar-using-the-ficlone-ioctl","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/99PZDY/","description":"A walkthrough of an interesting use case for the `FICLONE` ioctl: cloning file data into a tar archive, and cloning files out of it again. \"Free\" archiving and unarchiving at zero-copy speeds!\nTopics:\n\n- Copy-on-write and the `FICLONE` ioctl\n- The ancient `tar` format\n- A trick for adding arbitrary padding to the `tar` format in order to force file system page alignment\n- How to avoid symlink attacks and other TOCTOU issues, using the fairly recently introduced (linux 5.6) `openat2` system call.\n- An interesting bug in GNU tar\n\nAt the end you'll receive a free autographed copy of [deduptar](https://git.sr.ht/~nullenenenen/deduptar/tree/master/item/README.md) to use for party tricks. 🥳","original_language":"eng","persons":["Wicher Minnaard"],"tags":["asg2023","225","2023"],"view_count":242,"promoted":false,"date":"2023-09-13T17:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-02-15T09:45:08.787+01:00","length":1459,"duration":1459,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/225-19097443-0868-5d9f-a563-8a9cde5e5a07.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/225-19097443-0868-5d9f-a563-8a9cde5e5a07_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/225-19097443-0868-5d9f-a563-8a9cde5e5a07.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/225-19097443-0868-5d9f-a563-8a9cde5e5a07.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-225-making-a-magic-deduplicating-tar-using-the-ficlone-ioctl","url":"https://api.media.ccc.de/public/events/19097443-0868-5d9f-a563-8a9cde5e5a07","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"6006a4d6-b952-564b-abc7-44d3d2e3994d","title":"Writing your own NixOS modules for fun and (hopefully) profit","subtitle":null,"slug":"all-systems-go-2023-214-writing-your-own-nixos-modules-for-fun-and-hopefully-profit","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/DP3JXQ/","description":"This talk will be a whirlwind overview of NixOS modules and the lessons I've learned with maintaining and writing new ones.\n\nNix modules are the core of how you organize configuration and service config, but there's a lot of \"draw the rest of the owl\" subtext as to how you actually go about writing them. This talk covers some best practices for how to write and organize your NixOS modules so that you can have fun and hopefully profit from it.","original_language":"eng","persons":["Xe Iaso"],"tags":["asg2023","214","2023"],"view_count":619,"promoted":false,"date":"2023-09-14T11:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-14T20:45:07.701+01:00","length":1404,"duration":1404,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/214-6006a4d6-b952-564b-abc7-44d3d2e3994d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/214-6006a4d6-b952-564b-abc7-44d3d2e3994d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/214-6006a4d6-b952-564b-abc7-44d3d2e3994d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/214-6006a4d6-b952-564b-abc7-44d3d2e3994d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-214-writing-your-own-nixos-modules-for-fun-and-hopefully-profit","url":"https://api.media.ccc.de/public/events/6006a4d6-b952-564b-abc7-44d3d2e3994d","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"4aa9f6e2-1541-5375-9f20-7602c2193009","title":"Building image-based OSes with BuildStream","subtitle":null,"slug":"all-systems-go-2023-206-building-image-based-oses-with-buildstream","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/G8UZGL/","description":"BuildStream is a tool for building / integrating software stacks. In a way, it has a similar goal to bitbake / yocto and Android repo, but takes a completely different approach. It can be used to take software from various sources, build it with various buildsystems in a reproducible sandbox, and cache results for speedy rebuilds.\n\nIn this talk I give a brief overview of Buildstream, how it is used to build GNOME OS, and the challenges we face in using it. I also go over freedesktop-sdk which is a base runtime that can be used as a base to build your own system.\n\nI also discuss the challenges we encountered with using buildstream with ostree and the steps we're taking to support updating with systemd-sysupdate.","original_language":"eng","persons":["Abderrahim Kitouni","Valentin David"],"tags":["asg2023","206","2023"],"view_count":148,"promoted":false,"date":"2023-09-14T17:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-30T14:45:06.987+02:00","length":891,"duration":891,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/206-4aa9f6e2-1541-5375-9f20-7602c2193009.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/206-4aa9f6e2-1541-5375-9f20-7602c2193009_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/206-4aa9f6e2-1541-5375-9f20-7602c2193009.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/206-4aa9f6e2-1541-5375-9f20-7602c2193009.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-206-building-image-based-oses-with-buildstream","url":"https://api.media.ccc.de/public/events/4aa9f6e2-1541-5375-9f20-7602c2193009","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"5236ae83-9980-5b09-a7b9-fa12ab46066f","title":"Oxidizing the Arch Linux packaging infrastructure","subtitle":null,"slug":"all-systems-go-2023-207-oxidizing-the-arch-linux-packaging-infrastructure","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/3LES8Z/","description":"Arch Linux has worked with its own packaging framework - Arch Linux Package Management (ALPM) - for about 20 years.\n\nThis talk is about an effort to rewrite low-level components and to create specifications for related metadata files using the Rust programming language.\nIt will cover new projects in the ALPM (https://gitlab.archlinux.org/archlinux/alpm/) group as well as several other related ones and give an outlook on future developments using the 🦀\n\nArch Linux (https://archlinux.org) has worked with its own packaging framework - Arch Linux Package Management (ALPM) - for about 20 years. The tooling consists mainly of scripts for package creation (e.g. `makepkg`, written in Bash) and a package manager (`pacman`, written in C).\n\nOver the last years several projects for the improvement of the packaging and package distribution ecosystem have been started. Some of which had to reinvent the wheel.\n\nThis talk is about an effort to rewrite low-level components and to create specifications for related metadata files using the Rust programming language.\nIt will cover new projects in the ALPM (https://gitlab.archlinux.org/archlinux/alpm/) group as well as several other related ones and give an outlook on future developments using the 🦀","original_language":"eng","persons":["David Runge"],"tags":["asg2023","207","2023"],"view_count":326,"promoted":false,"date":"2023-09-14T12:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-01-16T21:30:11.605+01:00","length":2126,"duration":2126,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/207-5236ae83-9980-5b09-a7b9-fa12ab46066f.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/207-5236ae83-9980-5b09-a7b9-fa12ab46066f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/207-5236ae83-9980-5b09-a7b9-fa12ab46066f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/207-5236ae83-9980-5b09-a7b9-fa12ab46066f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-207-oxidizing-the-arch-linux-packaging-infrastructure","url":"https://api.media.ccc.de/public/events/5236ae83-9980-5b09-a7b9-fa12ab46066f","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"1ea7efbc-402f-5c4e-b237-dcdfdc81a5dd","title":"Gaining Linux insights with Inspektor Gadget, an eBPF tool and systems inspection framework","subtitle":null,"slug":"all-systems-go-2023-230-gaining-linux-insights-with-inspektor-gadget-an-ebpf-tool-and-systems-inspection-framework","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/ZSTFTF/","description":"In this presentation, we introduce Inspektor Gadget, a tool designed for the creation, deployment, and execution of eBPF programs (gadgets) across Kubernetes and Linux environments. Inspektor Gadget encapsulates eBPF programs into OCI containers, providing well-understood and easily distributable units.\n\nWe'll delve into Inspektor Gadget's automatic data enrichment process, transforming complex kernel information into high-level, understandable concepts tied to Kubernetes, container runtimes, systemd, etc. This feature bridges the knowledge gap between raw, low-level data and more interpretable information, improving the understanding of system behavior.\n\nWe will illustrate how to use a simple configuration file to set up a data collection pipeline with Inspektor Gadget, resulting in a Prometheus endpoint or an exposed API.\n\nThroughout the talk, we'll demonstrate Inspektor Gadget's features, support across various environments, discuss its operational mechanics, and share insights into the future direction of the project.\n\nBy presenting at ASG!, our aim is not just to inform the audience of Inspektor Gadget, but also to encourage feedback and stimulate discussions within the eBPF and Linux community.","original_language":"eng","persons":["Alban Crequy","Chris Kuehl"],"tags":["asg2023","230","2023"],"view_count":137,"promoted":false,"date":"2023-09-13T10:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2025-10-01T02:15:02.934+02:00","length":2151,"duration":2151,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/230-1ea7efbc-402f-5c4e-b237-dcdfdc81a5dd.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/230-1ea7efbc-402f-5c4e-b237-dcdfdc81a5dd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/230-1ea7efbc-402f-5c4e-b237-dcdfdc81a5dd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/230-1ea7efbc-402f-5c4e-b237-dcdfdc81a5dd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-230-gaining-linux-insights-with-inspektor-gadget-an-ebpf-tool-and-systems-inspection-framework","url":"https://api.media.ccc.de/public/events/1ea7efbc-402f-5c4e-b237-dcdfdc81a5dd","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"2a04329f-e886-55dc-b6f2-490004642686","title":"Retake of service restarts","subtitle":null,"slug":"all-systems-go-2023-220-retake-of-service-restarts","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/FYHCNJ/","description":"Stopping the old and starting a new service afresh -- that is what service restart is roughly about. We will look what it comprises in more detail from service manager perspective and also from the service's client end. Thus we will look at how FDSTORE API can be used to smooth service restart. Furthermore, we will review how unit instances may provide further distinction between the stopped and the restarted service. Finally, we go through options that the existing service have to adopt these methods.","original_language":"eng","persons":["Michal Koutný"],"tags":["asg2023","220","2023"],"view_count":71,"promoted":false,"date":"2023-09-13T12:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2025-03-27T22:45:04.069+01:00","length":1499,"duration":1499,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/220-2a04329f-e886-55dc-b6f2-490004642686.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/220-2a04329f-e886-55dc-b6f2-490004642686_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/220-2a04329f-e886-55dc-b6f2-490004642686.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/220-2a04329f-e886-55dc-b6f2-490004642686.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-220-retake-of-service-restarts","url":"https://api.media.ccc.de/public/events/2a04329f-e886-55dc-b6f2-490004642686","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"0806cc18-d412-574f-bba5-d34a0e8ae61d","title":"Trusted, Confidential and Cloud Native Workloads. An intro to the Confidential Containers project","subtitle":null,"slug":"all-systems-go-2023-242-trusted-confidential-and-cloud-native-workloads-an-intro-to-the-confidential-containers-project","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/GFDUHW/","description":"The talk wants to provide a brief introduction into Confidential Containers Project. We'll discuss the rationale behind Confidential Computing and how concepts like Trusted Computing or Remote Attestation can be leveraged by end-users to guard their workloads not only from malicious actors but also their cloud service provider. Confidential Containers, an open-source CNCF project, aims to extend the experience of deploying cloud-native software on Kubernetes with the option to move sensitive workloads into confidential enclaves with minimal friction to the user experience. We'll introduce the components and container technologies we are using to achieve that, hint at some conceptual problems we are facing and provide a simple example of how confidential containers work in practice today.","original_language":"eng","persons":["Magnus Kulke"],"tags":["asg2023","242","2023"],"view_count":73,"promoted":false,"date":"2023-09-14T10:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2025-10-22T13:15:05.955+02:00","length":1478,"duration":1478,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/242-0806cc18-d412-574f-bba5-d34a0e8ae61d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/242-0806cc18-d412-574f-bba5-d34a0e8ae61d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/242-0806cc18-d412-574f-bba5-d34a0e8ae61d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/242-0806cc18-d412-574f-bba5-d34a0e8ae61d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-242-trusted-confidential-and-cloud-native-workloads-an-intro-to-the-confidential-containers-project","url":"https://api.media.ccc.de/public/events/0806cc18-d412-574f-bba5-d34a0e8ae61d","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"fc8d72ed-2ace-584a-913e-f5c1aba730e6","title":"Disaggregated networks: Is network hardware special?","subtitle":null,"slug":"all-systems-go-2023-236-disaggregated-networks-is-network-hardware-special-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/JVGVHG/","description":"Despite being ordinary computers with an ASIC for switching, in reality network hardware must still be treated differently from normal servers. In recent years a lot has improved, and vendors offer white box switches, allowing users to install a (network) operating system of their choice. Of course, the NOS needs to support the firmware interface for the particular ASIC, and this is not standardized: swtitchdev, DSA, SAI – none of them supporting all devices. Due to SONiC dominance, a lot of vendors seem to support SAI (Switch Abstraction Interface). But SAI requires a proprietary external Linux kernel module. On the NOS side, Open Network Linux was abandoned, and Azure’s SONiC is the new popular kid on the block, running a Docker daemon. There are other differences in the network hardware ecosystem: For example ONIE as the bootloader environment. Also working with upstream and using established software developing practices are lacking, resulting in a maintenance burden. Projects like DENT or OpenWrt go one step further by only supporting upstream Linux kernel interfaces, but now dentOS is also going to support SAI.\n\nThis talk gives a short introduction into the network operating systems, and then focuses on DENT with the ONL fork dentOS, and shares experiences. Curiously, problems how to treat firmware blobs and discussions about what distribution to use as a base, are not unknown to these projects either.","original_language":"eng","persons":["Paul Menzel"],"tags":["asg2023","236","2023"],"view_count":109,"promoted":false,"date":"2023-09-13T15:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-13T17:45:06.322+02:00","length":2305,"duration":2305,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/236-fc8d72ed-2ace-584a-913e-f5c1aba730e6.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/236-fc8d72ed-2ace-584a-913e-f5c1aba730e6_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/236-fc8d72ed-2ace-584a-913e-f5c1aba730e6.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/236-fc8d72ed-2ace-584a-913e-f5c1aba730e6.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-236-disaggregated-networks-is-network-hardware-special-","url":"https://api.media.ccc.de/public/events/fc8d72ed-2ace-584a-913e-f5c1aba730e6","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"739e6145-c6e0-5dc3-a8ed-7d059223ad53","title":"mkosi: Building Bespoke Operating System Images","subtitle":null,"slug":"all-systems-go-2023-190-mkosi-building-bespoke-operating-system-images","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/ASV8ZM/","description":"mkosi is a tool for building operating system images. In this talk we'll give an introduction to mkosi, how we use it to develop systemd and discuss how we want to support running and updating systems with mkosi and other systemd tooling.\n\nGithub repository: https://github.com/systemd/mkosi/\nInitial blog post on mkosi: https://0pointer.net/blog/mkosi-a-tool-for-generating-os-images.html","original_language":"eng","persons":["Daan De Meyer"],"tags":["asg2023","190","2023"],"view_count":993,"promoted":false,"date":"2023-09-14T16:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-13T17:30:04.541+02:00","length":2174,"duration":2174,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/190-739e6145-c6e0-5dc3-a8ed-7d059223ad53.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/190-739e6145-c6e0-5dc3-a8ed-7d059223ad53_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/190-739e6145-c6e0-5dc3-a8ed-7d059223ad53.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/190-739e6145-c6e0-5dc3-a8ed-7d059223ad53.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-190-mkosi-building-bespoke-operating-system-images","url":"https://api.media.ccc.de/public/events/739e6145-c6e0-5dc3-a8ed-7d059223ad53","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"096a6e21-8f61-59d1-918f-b3c7babc49b8","title":"asynchronous dbus with C++ co-routines","subtitle":null,"slug":"all-systems-go-2023-215-asynchronous-dbus-with-c-co-routines","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/QUMHR3/","description":"sdbusplus generates ergonomic and compile-time type-checked dbus bindings built atop sd-bus.  This library is heavily used within the OpenBMC project to provide all IPC between its many userspace processes.  This talk will give an overview of how OpenBMC leverages dbus, how sdbusplus facilitates its usage, as well as an introduction on our approach for asynchronous programming with C++ co-routines.","original_language":"eng","persons":["Patrick Williams"],"tags":["asg2023","215","2023"],"view_count":216,"promoted":false,"date":"2023-09-14T17:45:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-21T00:30:05.077+01:00","length":1540,"duration":1540,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/215-096a6e21-8f61-59d1-918f-b3c7babc49b8.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/215-096a6e21-8f61-59d1-918f-b3c7babc49b8_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/215-096a6e21-8f61-59d1-918f-b3c7babc49b8.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/215-096a6e21-8f61-59d1-918f-b3c7babc49b8.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-215-asynchronous-dbus-with-c-co-routines","url":"https://api.media.ccc.de/public/events/096a6e21-8f61-59d1-918f-b3c7babc49b8","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"3da0ea83-2503-5f6b-aae6-81156c22f5a9","title":"Opening session of All Systems Go! 2023","subtitle":null,"slug":"all-systems-go-2023-239-opening-session-of-all-systems-go-2023","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/X89KG9/","description":"A welcome session for All Systems Go!","original_language":"eng","persons":[],"tags":["asg2023","239","2023"],"view_count":79,"promoted":false,"date":"2023-09-13T09:30:00.000+02:00","release_date":"2023-09-13T00:00:00.000+02:00","updated_at":"2024-07-21T02:00:03.386+02:00","length":299,"duration":299,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/239-3da0ea83-2503-5f6b-aae6-81156c22f5a9.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/239-3da0ea83-2503-5f6b-aae6-81156c22f5a9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/239-3da0ea83-2503-5f6b-aae6-81156c22f5a9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/239-3da0ea83-2503-5f6b-aae6-81156c22f5a9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-239-opening-session-of-all-systems-go-2023","url":"https://api.media.ccc.de/public/events/3da0ea83-2503-5f6b-aae6-81156c22f5a9","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"cbb0a279-92a8-5cd0-8a38-70598b454214","title":"Attaching CPUs via USB","subtitle":null,"slug":"all-systems-go-2023-246-attaching-cpus-via-usb","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/VAY88J/","description":"All Systems Go! lightning talk","original_language":"eng","persons":["Daniel Maslowski"],"tags":["asg2023","246","2023"],"view_count":351,"promoted":false,"date":"2023-09-13T17:50:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-11T19:15:06.548+01:00","length":186,"duration":186,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/246-cbb0a279-92a8-5cd0-8a38-70598b454214.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/246-cbb0a279-92a8-5cd0-8a38-70598b454214_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/246-cbb0a279-92a8-5cd0-8a38-70598b454214.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/246-cbb0a279-92a8-5cd0-8a38-70598b454214.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-246-attaching-cpus-via-usb","url":"https://api.media.ccc.de/public/events/cbb0a279-92a8-5cd0-8a38-70598b454214","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"4efe611a-d60a-5f5d-b5fe-73c319e0c563","title":"systemd-boot integration in openSUSE","subtitle":null,"slug":"all-systems-go-2023-189-systemd-boot-integration-in-opensuse","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/E9NVZE/","description":"openSUSE is a general purpose, rpm based distribution. One of it's unique features is the use of btrfs snapshots to offer rollback of the root file system of both traditional as well as transactional systems. This talk explains the challenges faced to integrate systemd-boot into openSUSE.","original_language":"eng","persons":["Ludwig Nussel"],"tags":["asg2023","189","2023"],"view_count":1086,"promoted":false,"date":"2023-09-14T11:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-13T14:45:09.557+02:00","length":1555,"duration":1555,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/189-4efe611a-d60a-5f5d-b5fe-73c319e0c563.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/189-4efe611a-d60a-5f5d-b5fe-73c319e0c563_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/189-4efe611a-d60a-5f5d-b5fe-73c319e0c563.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/189-4efe611a-d60a-5f5d-b5fe-73c319e0c563.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-189-systemd-boot-integration-in-opensuse","url":"https://api.media.ccc.de/public/events/4efe611a-d60a-5f5d-b5fe-73c319e0c563","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"96f873c3-8d89-5023-b199-428ff9c27f26","title":"Carbon OS + homed","subtitle":null,"slug":"all-systems-go-2023-247-carbon-os-homed","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/8P7XKH/","description":"All Systems Go! lightning talk","original_language":"eng","persons":["Adrian Vovk"],"tags":["asg2023","247","2023"],"view_count":170,"promoted":false,"date":"2023-09-13T18:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-01-22T21:00:17.101+01:00","length":157,"duration":157,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/247-96f873c3-8d89-5023-b199-428ff9c27f26.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/247-96f873c3-8d89-5023-b199-428ff9c27f26_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/247-96f873c3-8d89-5023-b199-428ff9c27f26.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/247-96f873c3-8d89-5023-b199-428ff9c27f26.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-247-carbon-os-homed","url":"https://api.media.ccc.de/public/events/96f873c3-8d89-5023-b199-428ff9c27f26","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"6fd882e8-4a24-5805-879e-6e98fa13408c","title":"Microsoft Azure Boost: Image-based Linux powering the Azure fleet. Wait, what? Really?! Yes!","subtitle":null,"slug":"all-systems-go-2023-187-microsoft-azure-boost-image-based-linux-powering-the-azure-fleet-wait-what-really-yes-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/7URRNC/","description":"A quick journey through the Azure infrastructure, specifically looking at how image-based Linux is used for Azure Boost, what it enables, what interesting security and performance features were added and where to find them upstream.\n\nBelieve it or not, today Linux is right at the core of Microsoft Azure's infrastructure, on the very nodes that run all those fancy virtual machines. Getting there was not easy, and a lot of work was needed to meet the very stringent security and performance goals that were set. We built a custom distribution, added several security features such as signed dm-verity and kernel-enforced code integrity, came up with a way to keep state alive across kexec with PMEM, and implemented the stackable Portable Services image model that ultimately became sysexts and confexts. And much more! This talk will walk through this effort, starting with a peek under the cover at the hardware that powers it and what it enables, passing through the custom OS and ending up at all the features we added to systemd and elsewhere that you all can enjoy as well.","original_language":"eng","persons":["Luca Boccassi"],"tags":["asg2023","187","2023"],"view_count":499,"promoted":false,"date":"2023-09-14T17:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-03T18:30:05.083+02:00","length":1544,"duration":1544,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/187-6fd882e8-4a24-5805-879e-6e98fa13408c.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/187-6fd882e8-4a24-5805-879e-6e98fa13408c_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/187-6fd882e8-4a24-5805-879e-6e98fa13408c.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/187-6fd882e8-4a24-5805-879e-6e98fa13408c.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-187-microsoft-azure-boost-image-based-linux-powering-the-azure-fleet-wait-what-really-yes-","url":"https://api.media.ccc.de/public/events/6fd882e8-4a24-5805-879e-6e98fa13408c","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"0280099e-afbd-558a-9b42-445f9681ed14","title":"Exploring RAUC: A Flexible Building Block for Image-Based Updates","subtitle":null,"slug":"all-systems-go-2023-213-exploring-rauc-a-flexible-building-block-for-image-based-updates","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/NEQ9TX/","description":"Recently, atomic updates via image based systems have become more relevant for\nservers and desktops, as they allow predictable management of large fleets. In the\nembedded Linux space, this approach has been the default for many years and\nproven updaters exist already.\n\nIn this talk, we will delve into RAUC and look at how its design and features\nhave been driven by the requirements for robust, atomic updates.\nThe presentation will introduce the fundamental concepts surrounding A/B fallback\nand update signing in the context of embedded Linux updates.\nWe will then explore the commonalities and differences between RAUC and systemd's\nsysupdate.\n\nThe discussion will progress to cover RAUC's bundle-based update system, which\nallows for comprehensive system updates without the need for local storage,\nthanks to HTTP streaming. Additionally, we will demonstrate how adaptive updates\nminimize download sizes without necessitating version-specific patch management.","original_language":"eng","persons":["Rouven Czerwinski"],"tags":["asg2023","213","2023"],"view_count":240,"promoted":false,"date":"2023-09-14T15:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-31T17:15:04.412+02:00","length":2151,"duration":2151,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/213-0280099e-afbd-558a-9b42-445f9681ed14.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/213-0280099e-afbd-558a-9b42-445f9681ed14_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/213-0280099e-afbd-558a-9b42-445f9681ed14.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/213-0280099e-afbd-558a-9b42-445f9681ed14.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-213-exploring-rauc-a-flexible-building-block-for-image-based-updates","url":"https://api.media.ccc.de/public/events/0280099e-afbd-558a-9b42-445f9681ed14","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"b84d0d61-aaea-559f-99f3-6cc774022ba9","title":"bpfilter: a BPF-based packet filtering framework","subtitle":null,"slug":"all-systems-go-2023-196-bpfilter-a-bpf-based-packet-filtering-framework","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/BKLNWP/","description":"Let's discuss about `bpfilter`, a userspace daemon that empowers services to create efficient packet-filtering BPF programs using a high-level representation of filtering rules.\n\nFor a significant period, `bpfilter` wasn't more than an empty [usermode helper](https://cateee.net/lkddb/web-lkddb/STATIC_USERMODEHELPER.html) and an [abandoned patch series](https://lore.kernel.org/bpf/20210829183608.2297877-1-me@ubique.spb.ru). However, it has recently undergone active development as a userspace daemon, which can be found on GitHub at [https://github.com/facebook/bpfilter](https://github.com/facebook/bpfilter). This daemon now offers userspace services a swift and user-friendly interface to generate packet-filtering BPF programs dynamically. This discussion aims to provide further insights into `bpfilter`, including its current capabilities, performance, and ongoing development efforts.","original_language":"eng","persons":["Quentin Deslandes"],"tags":["asg2023","196","2023"],"view_count":314,"promoted":false,"date":"2023-09-13T12:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-02-11T02:15:04.417+01:00","length":1243,"duration":1243,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/196-b84d0d61-aaea-559f-99f3-6cc774022ba9.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/196-b84d0d61-aaea-559f-99f3-6cc774022ba9_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/196-b84d0d61-aaea-559f-99f3-6cc774022ba9.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/196-b84d0d61-aaea-559f-99f3-6cc774022ba9.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-196-bpfilter-a-bpf-based-packet-filtering-framework","url":"https://api.media.ccc.de/public/events/b84d0d61-aaea-559f-99f3-6cc774022ba9","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"4c72dcd2-4b50-59c7-b6a9-0c2bf42bb97d","title":"An Unified TPM Event Log for Linux","subtitle":null,"slug":"all-systems-go-2023-204-an-unified-tpm-event-log-for-linux","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/HGMV9U/","description":"The TPM event log contains a history of all measurements made with the TPM.\nComplete with some context information for each measurement it is intended to\nhelp with recreating the current PCR contents. What was meant as a debugging\ntool turns out to be of vital importance when trying to remotely attest real\nlife systems. This is mostly because of the overuse of certain PCR and the\ngeneral mess that is x86\nfirmware. \n\nSadly, there are many event logs. UEFI keeps one for its measurements and those\ndone by EFI applications like GRUB and shim. If a system is booted in an MLE\nusing tboot the ACM firmware code also maintains an event log that can be\naccessed via a pointer in an ACPI table. Now, systemd also has an event log\nthat is mixed into the general journal log. Finally Linux IMA maintains it's\nown event log -- an append-only, in-kernel data structure.\n\nOn top of that every bootloader or userspace application that wants to measure\nsomething into the TPM will also need to maintain an event log. \n\nHow about we fix that? The talk will sketch out a solution that maintains a\nunified, global event log of the whole system on disk and exposes an interface for\nother applications that wish to measure things into the TPM. We'll also fix a\nrace conditions in IMA as well as correctly handle S3 resume w.r.t measured boot\nwhile we're at it.","original_language":"eng","persons":["Kai Michaelis"],"tags":["asg2023","204","2023"],"view_count":234,"promoted":false,"date":"2023-09-13T15:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-11T01:30:06.146+01:00","length":1577,"duration":1577,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/204-4c72dcd2-4b50-59c7-b6a9-0c2bf42bb97d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/204-4c72dcd2-4b50-59c7-b6a9-0c2bf42bb97d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/204-4c72dcd2-4b50-59c7-b6a9-0c2bf42bb97d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/204-4c72dcd2-4b50-59c7-b6a9-0c2bf42bb97d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-204-an-unified-tpm-event-log-for-linux","url":"https://api.media.ccc.de/public/events/4c72dcd2-4b50-59c7-b6a9-0c2bf42bb97d","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"98476160-5697-521e-9cc0-d1ce6128ffcf","title":"Forensic container checkpointing and analysis","subtitle":null,"slug":"all-systems-go-2023-177-forensic-container-checkpointing-and-analysis","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/FZNLRT/","description":"With the introduction of \"Forensic Container Checkpointing\" in Kubernetes 1.25 it is possible to checkpoint containers. The ability to checkpoint containers opens up many new use cases. Containers can be migrated without loosing the state of the container, fast startup from existing checkpoints, using spot instances more effective. The primary use case, based on the title of the Kubernetes enhancement proposal, is the forensic analysis of the checkpointed containers.\n\nIn this session I want to introduce the different possible use cases of \"Forensic Container Checkpointing\" with a focus on how to perform forensic analysis on the checkpointed containers. The presented use cases and especially the forensic analysis will be done as a live demo giving the audience a hands on experience.","original_language":"eng","persons":["Adrian Reber"],"tags":["asg2023","177","2023"],"view_count":88,"promoted":false,"date":"2023-09-13T11:15:00.000+02:00","release_date":"2023-09-13T00:00:00.000+02:00","updated_at":"2025-12-30T19:15:20.981+01:00","length":2614,"duration":2614,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/177-98476160-5697-521e-9cc0-d1ce6128ffcf.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/177-98476160-5697-521e-9cc0-d1ce6128ffcf_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/177-98476160-5697-521e-9cc0-d1ce6128ffcf.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/177-98476160-5697-521e-9cc0-d1ce6128ffcf.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-177-forensic-container-checkpointing-and-analysis","url":"https://api.media.ccc.de/public/events/98476160-5697-521e-9cc0-d1ce6128ffcf","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"463d3a88-9385-5d44-a4b2-1e6999c84d4a","title":"A/B partitioning - let's talk about the dirty RW files","subtitle":null,"slug":"all-systems-go-2023-211-a-b-partitioning-let-s-talk-about-the-dirty-rw-files","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/MPAEFK/","description":"A/B partitioning is great - you hermetically drop-in the whole new OS and boot\ninto it. Although, how can we manage and migrate the RW configuration and state\nfiles that lie within? Can we do that reliably on both OS upgrades and\ndowngrades?\n\nThis talk will explore the design used on the SteamDeck, the issues\nwe've seen while drawing analogies, and future inspiration with \"Fitting\nEverything Together\" by Lennart Poettering in mind.","original_language":"eng","persons":["Emil Velikov"],"tags":["asg2023","211","2023"],"view_count":158,"promoted":false,"date":"2023-09-14T12:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-01-08T12:45:09.857+01:00","length":1545,"duration":1545,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/211-463d3a88-9385-5d44-a4b2-1e6999c84d4a.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/211-463d3a88-9385-5d44-a4b2-1e6999c84d4a_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/211-463d3a88-9385-5d44-a4b2-1e6999c84d4a.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/211-463d3a88-9385-5d44-a4b2-1e6999c84d4a.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-211-a-b-partitioning-let-s-talk-about-the-dirty-rw-files","url":"https://api.media.ccc.de/public/events/463d3a88-9385-5d44-a4b2-1e6999c84d4a","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"951809c2-3c8f-547a-bc5d-9b0ecea47e00","title":"PID FD-ize all the things!","subtitle":null,"slug":"all-systems-go-2023-178-pid-fd-ize-all-the-things-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/T3LJAM/","description":"A quick overview of the work in progress to plumb PID FDs through Linux userspace, to achieve resilience and security improvements\n\nProcess ID File Descriptors were introduced in Linux v5.3. They allow tracking a process reliably, without risking races and reuse attacks, as they always refer to one single process regardless of the actual PID, so if the process goes away the file descriptor will become invalid, even if a new process with the same PID reappears at the same time.\n\nTracking processes in userspace is needed for various purposes, for example to authenticate actions via Polkit. This has been historically fragile, and various workarounds such as tracking a PID plus a UID plus a start time were put in place. D-Bus implementations also have methods to query a D-Bus' endpoint's PID, UID and GIDs.\n\nRecently work has been done to plumb PID FDs through all these components - systemd is able to receive queries asking for the session information or unit information via a PID FD, D-Bus implementations return the PID FD of a D-Bus endpoint via GetConnectionCredentials()/GetConnectionUnixProcessFD() (and they track processes via FD rather than PID), and Polkit allows writing rules authorizing by the systemd service name, which is possible to do safely thanks to using FDs all the way through.\n\nThis lightning talk will quickly go through these improvements, showing how PID FDs can be used to improve userspace and provide concrete benefits.","original_language":"eng","persons":["Luca Boccassi"],"tags":["asg2023","178","2023"],"view_count":118,"promoted":false,"date":"2023-09-13T17:40:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-02-26T03:45:03.602+01:00","length":282,"duration":282,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/178-951809c2-3c8f-547a-bc5d-9b0ecea47e00.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/178-951809c2-3c8f-547a-bc5d-9b0ecea47e00_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/178-951809c2-3c8f-547a-bc5d-9b0ecea47e00.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/178-951809c2-3c8f-547a-bc5d-9b0ecea47e00.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-178-pid-fd-ize-all-the-things-","url":"https://api.media.ccc.de/public/events/951809c2-3c8f-547a-bc5d-9b0ecea47e00","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"436d7e44-4792-5cc0-a4db-764ae5595467","title":"System and Configuration Extensions for Image-based Linux Distros and Beyond","subtitle":null,"slug":"all-systems-go-2023-195-system-and-configuration-extensions-for-image-based-linux-distros-and-beyond","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/XLQNDJ/","description":"Using an image-based OS brings advantages and challenges. One challenge is the customization of a read-only image with additional host-level software and configuration, and how to manage this customization through the lifetime of a machine.\n\nFor deeper changes in /usr, users might build their own images instead of following the official image updates. For common scenarios, the vendor may choose to offer multiple image flavors. Simpler user customization can live outside of the read-only /usr, scattered as config files and binaries in /etc and /opt. Configuration management tools struggle with reliable (re)configuration because tracking filesystem state is hard.\n\nThe systemd project now supports a mechanism for extension images. There are two types; system extensions create an overlay for /usr or /opt and configuration extensions create an overlay for /etc. Through the overlay, users can thus change the read-only /usr without building custom OS images. Vendors can also offer their supported flavors as extensions instead of different OS images, even as composable stack where the user can choose optional parts. Users can manage their configuration by replacing the extension images atomically. Since the images bundle all files, this prevents old files lingering around or a system in a half-finished state. The read-only extension images help with setting up attestation and integrity enforcement for their contents. For distributions providing prebuilt initrds (e.g., the Fedora mkosi-initrd proposal), extensions allow initrd customization provided by the distribution or user.\n\nThe presentation will give an overview, share use cases and examples, and discuss future improvements for extension images.\n\nA recent addition to the systemd toolbox was systemd-sysext for system extensions through overlay images mounted on /usr. Even newer is systemd-confext for configuration extensions through overlay images mounted on /etc.\n\nThe main use case for systemd-sysext is the customization or deployment of additional software on an image-based OS where /usr is read-only. The use of single images that contain all files allows to reliably manage the changes compared to unpacking files to the root filesystem. Optional dm-verity protection ensures the integrity of the extensions. A simple version matching scheme allows to either couple the extension to the OS version or not. The first case is useful for officially released OS extensions or dynamic linking, the second for static linking and only few assumptions about the host.\n\nFor systemd-confext the use case is similar as with systemd-sysext but it focuses on configuration in /etc. Here again, the use of single image files makes configuration changes more reliable. Ideally the use of configuration images should allow to have /etc read-only at runtime, following the idea of immutable infra. However, not all software and workflows are prepared for that, and the goal is to introduce different modes for the overlay to, e.g., support ephemeral or persistent changes.\nOther plans are to set up the overlay mount from the initrd already to have all configuration in place as early as possible, and to improve the live reload behavior through atomic mount operations and system reload actions.\n\nThe presentation will show how to use systemd-sysext/confext and share some examples from Flatcar Container Linux and an embedded Linux platform for both coupled and decoupled extensions.","original_language":"eng","persons":["Luca Boccassi","Kai Lüke","Maanya Goenka"],"tags":["asg2023","195","2023"],"view_count":179,"promoted":false,"date":"2023-09-13T11:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-13T09:15:04.723+02:00","length":2385,"duration":2385,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/195-436d7e44-4792-5cc0-a4db-764ae5595467.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/195-436d7e44-4792-5cc0-a4db-764ae5595467_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/195-436d7e44-4792-5cc0-a4db-764ae5595467.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/195-436d7e44-4792-5cc0-a4db-764ae5595467.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-195-system-and-configuration-extensions-for-image-based-linux-distros-and-beyond","url":"https://api.media.ccc.de/public/events/436d7e44-4792-5cc0-a4db-764ae5595467","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"d8645c76-aeb9-5828-8ac8-e1d522b40a4f","title":"Soft Reboot: atomically replace rootfs and reboot userspace without kernel restart","subtitle":null,"slug":"all-systems-go-2023-184-soft-reboot-atomically-replace-rootfs-and-reboot-userspace-without-kernel-restart","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/XVV9QY/","description":"systemd v254 introduced a new reboot type: soft-reboot. It shortcuts the reboot process by not restarting the kernel, and instead shutting down userspace, followed by re-exec'ing systemd from the new rootfs, starting everything up again. Not only this allows to save time by virtue of doing less work, but it also allow select resources (File Descriptor Store) and select services that do not use the rootfs (Portable Services) to survive the reboot and continue uninterrupted. This talk will explore the details of this new feature, how it works, why it's useful, what are the shortcomings and how to make full use of it.\n\nIn many environments where image-based Linux is used, service interruption intervals are key metrics that need to be minimized as much as possible. On a traditional package-based distributions, the rootfs can be updated piecemeal and userspace services can be restarted one by one - assuming a perfect running dependency tracking system and perfect reliability (need to restart D-Bus? Good luck!).\nOn an image-based system this is obviously not possible, so a typical approach is relying on 'kexec', which loads a new kernel + initrd + rootfs, saving some time from a full reboot by avoiding giving back control to the firmware. But it turns out, it's not fast enough.\n\nsystemd v254 introduced a new reboot type: soft-reboot. This follows in the kexec footsteps by shortcutting the reboot process, and brings it ever further: the kernel is not restarted at all, and instead userspace is shut down and then systemd is re-exec'ed from the new rootfs, starting up again. Not only this allows to save time by virtue of doing less work, but it also allow resources (File Descriptor Store) and select services that do not use the rootfs (Portable Services) to survive the reboot and continue uninterrupted.\n\nThis talk will explore the details of this new feature, how it works, why it's useful, what are the shortcomings and how to make full use of it.","original_language":"eng","persons":["Luca Boccassi"],"tags":["asg2023","184","2023"],"view_count":244,"promoted":false,"date":"2023-09-13T12:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-13T22:30:06.254+02:00","length":1475,"duration":1475,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/184-d8645c76-aeb9-5828-8ac8-e1d522b40a4f.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/184-d8645c76-aeb9-5828-8ac8-e1d522b40a4f_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/184-d8645c76-aeb9-5828-8ac8-e1d522b40a4f.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/184-d8645c76-aeb9-5828-8ac8-e1d522b40a4f.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-184-soft-reboot-atomically-replace-rootfs-and-reboot-userspace-without-kernel-restart","url":"https://api.media.ccc.de/public/events/d8645c76-aeb9-5828-8ac8-e1d522b40a4f","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"9534a381-f859-5abf-94e0-673d1e399f5e","title":"Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative","subtitle":null,"slug":"all-systems-go-2023-231-kernel-command-line-and-uki-systemd-stub-and-the-stubby-alternative","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/T3QFGS/","description":"Modification of the kernel command line has historically been one of the easiest ways to customize system behavior.  Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.\n\nSystem behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications from installers to init systems and beyond also take input from /proc/cmdline.\n\nIt is clear that some kernel command line options are desirable (console=ttyS0 verbose) and possibly even necessary. Others, such as the cromulent 'init=/bin/sh', can allow circumvention of benefits that Secureboot and TPM provide.\nHow to control access to kernel command line modification is a non-trivial subject.  A recent pull request to systemd that added \"command-line addons\" garnered hundreds of comments.\n\nThis talk will cover:\n * The stub loader 'stubby' and its allowed-list approach to kernel command line options.\n * Systemd-stub’s solution for command line customization\n * System changes that can be made through kernel command line.\n * Alternative channels such as smbios oem strings, or qemu 'fw_cfg'","original_language":"eng","persons":["Scott Moser"],"tags":["asg2023","231","2023"],"view_count":124,"promoted":false,"date":"2023-09-14T11:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-09T08:30:06.078+01:00","length":1512,"duration":1512,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/231-9534a381-f859-5abf-94e0-673d1e399f5e.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/231-9534a381-f859-5abf-94e0-673d1e399f5e_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/231-9534a381-f859-5abf-94e0-673d1e399f5e.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/231-9534a381-f859-5abf-94e0-673d1e399f5e.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-231-kernel-command-line-and-uki-systemd-stub-and-the-stubby-alternative","url":"https://api.media.ccc.de/public/events/9534a381-f859-5abf-94e0-673d1e399f5e","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"5fd12d3a-3144-5f9c-9a72-7515a863b559","title":"openSUSE Aeon - Desktop Linux finally done right?","subtitle":null,"slug":"all-systems-go-2023-208-opensuse-aeon-desktop-linux-finally-done-right-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/RV3UZD/","description":"openSUSE Aeon (formerly MicroOS Desktop) aims to be a fully fledged modern Linux Desktop leveraging as many of the latest user space innovations available including:\n\n- Immutable OS with Transactional Updates\n- Secure Boot\n- TPM Encryption\n- Flatpaks \u0026 OCI containers as primary application delivery\n\nThis talk will introduce the distribution, highlight the adoption of some of the latest foundational user space technologies as well as share some of the pain points being faced and invite the audience to contribute to this exciting platform.","original_language":"eng","persons":["Richard Brown"],"tags":["asg2023","208","2023"],"view_count":1362,"promoted":false,"date":"2023-09-14T15:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-08T12:45:05.959+02:00","length":2452,"duration":2452,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/208-5fd12d3a-3144-5f9c-9a72-7515a863b559.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/208-5fd12d3a-3144-5f9c-9a72-7515a863b559_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/208-5fd12d3a-3144-5f9c-9a72-7515a863b559.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/208-5fd12d3a-3144-5f9c-9a72-7515a863b559.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-208-opensuse-aeon-desktop-linux-finally-done-right-","url":"https://api.media.ccc.de/public/events/5fd12d3a-3144-5f9c-9a72-7515a863b559","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"deb3e7cc-824d-5af6-85a0-c96897749d90","title":"Casync is not dead, or how I learned to love desync","subtitle":null,"slug":"all-systems-go-2023-209-casync-is-not-dead-or-how-i-learned-to-love-desync","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/9MVYFU/","description":"Image based OS updates are the future. One way to handle updates is via\ncontent-addressable synchronisation software, like casync and desync.\n\nThis talk with give a presentation about the two - their overall design,\nfeature set and strengths and weaknesses. It will also demonstrate a real\nworld use-case of them.","original_language":"eng","persons":["Emil Velikov"],"tags":["asg2023","209","2023"],"view_count":156,"promoted":false,"date":"2023-09-13T17:35:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-07T23:15:05.821+02:00","length":206,"duration":206,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/209-deb3e7cc-824d-5af6-85a0-c96897749d90.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/209-deb3e7cc-824d-5af6-85a0-c96897749d90_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/209-deb3e7cc-824d-5af6-85a0-c96897749d90.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/209-deb3e7cc-824d-5af6-85a0-c96897749d90.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-209-casync-is-not-dead-or-how-i-learned-to-love-desync","url":"https://api.media.ccc.de/public/events/deb3e7cc-824d-5af6-85a0-c96897749d90","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"e7564b70-f4ef-593c-830f-17dc1c965117","title":"Closing session of All Systems Go! 2023","subtitle":null,"slug":"all-systems-go-2023-240-closing-session-of-all-systems-go-2023","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/PKSMVD/","description":"Closing session of All Systems Go! 2023","original_language":"eng","persons":[],"tags":["asg2023","240","2023"],"view_count":46,"promoted":false,"date":"2023-09-14T18:15:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2025-10-20T10:45:04.010+02:00","length":154,"duration":154,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/240-e7564b70-f4ef-593c-830f-17dc1c965117.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/240-e7564b70-f4ef-593c-830f-17dc1c965117_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/240-e7564b70-f4ef-593c-830f-17dc1c965117.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/240-e7564b70-f4ef-593c-830f-17dc1c965117.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-240-closing-session-of-all-systems-go-2023","url":"https://api.media.ccc.de/public/events/e7564b70-f4ef-593c-830f-17dc1c965117","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"4090e292-62ee-5322-ab95-5d8d0180b0ca","title":"Talos Linux - TrustedBoot for a minimal Immutable OS","subtitle":null,"slug":"all-systems-go-2023-202-talos-linux-trustedboot-for-a-minimal-immutable-os","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/Q9YBUZ/","description":"The Talos Linux distribution is built from scratch with the goal of providing a secure, verified, and minimal-footprint operating system for running Kubernetes clusters. Talos is designed to be immutable, minimal, and secure. Talos includes only the bare minimum required to run Kubernetes.\n\nThis talk will cover how Talos uses Unified Kernel Images (UKIs) to provide immutable, verified, and secure booting. We will also cover how Talos partially conforms to the Linux Userspace API Group specification (UAPI) to implement some of the best practices with regards to fully verifiable TrustedBoot extending to the userspace.\n\nWith the upcoming Talos 1.5 release, Talos ships with custom ISO and metal images that are UKI compliant. This means that the kernel, initramfs, and the root filesystem are all signed and verified by the bootloader. This allows Talos to provide a fully verified boot process from the bootloader to the userspace attested by TPM.\n\n This talk will cover the following topics:\n\n- Building UKI (ukify.py implementation in Go)\n    - Issues with reproducibility\n- sd-boot\n- sd-stub\n- Upgrades/Rollbacks\n- systemd-measure and systemd-cryptenroll partial implementation in Go\n\nFuture work:\n\n- IMA attestations for userspace runtime binaries (etcd, kubelet, containerd, etc)\n- Talos system extensions as sd-stub compatible sysexts\n- Kexec with Secureboot (how can we verify the TPM PCR values are populated correctly with values from new UKI)","original_language":"eng","persons":["Noel Georgi (he/him/they/them)"],"tags":["asg2023","202","2023"],"view_count":341,"promoted":false,"date":"2023-09-14T10:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-04-11T19:30:05.490+02:00","length":1076,"duration":1076,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/202-4090e292-62ee-5322-ab95-5d8d0180b0ca.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/202-4090e292-62ee-5322-ab95-5d8d0180b0ca_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/202-4090e292-62ee-5322-ab95-5d8d0180b0ca.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/202-4090e292-62ee-5322-ab95-5d8d0180b0ca.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-202-talos-linux-trustedboot-for-a-minimal-immutable-os","url":"https://api.media.ccc.de/public/events/4090e292-62ee-5322-ab95-5d8d0180b0ca","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"0422739e-4cd8-5e63-8965-dc9d027fe794","title":"Unified Kernel Images (UKIs)","subtitle":null,"slug":"all-systems-go-2023-185-unified-kernel-images-ukis-","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/ZEVAWH/","description":"UKIs are a fundamental building block of modern measured and trusted boot chains. Let's have a look at what happened in the area and discuss recently added new concepts, such as \"add-ons\", new PE sections, build tools and more.","original_language":"eng","persons":["Lennart Poettering"],"tags":["asg2023","185","2023"],"view_count":927,"promoted":false,"date":"2023-09-13T09:45:00.000+02:00","release_date":"2023-09-13T00:00:00.000+02:00","updated_at":"2026-02-26T15:15:07.321+01:00","length":2836,"duration":2836,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/185-0422739e-4cd8-5e63-8965-dc9d027fe794.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/185-0422739e-4cd8-5e63-8965-dc9d027fe794_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/185-0422739e-4cd8-5e63-8965-dc9d027fe794.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/185-0422739e-4cd8-5e63-8965-dc9d027fe794.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-185-unified-kernel-images-ukis-","url":"https://api.media.ccc.de/public/events/0422739e-4cd8-5e63-8965-dc9d027fe794","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"bb932844-2a47-55af-8f56-3e07f06909cf","title":"Fast, correct, reproducible builds with Nix + Bazel","subtitle":null,"slug":"all-systems-go-2023-219-fast-correct-reproducible-builds-with-nix-bazel","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/77YDZ8/","description":"The build system should get out of the way to let us focus on our tasks, not be distracted by slow or unreliable builds, get fast feedback on changes, and let us know what’s in the software we’re shipping to our users. But, what does it take for a build system to be really fast and reliable? What does it take to know what’s in the software?\n\nIt requires aggressive parallelism and distributed caching to avoid redundant work between colleagues. And it requires complete knowledge and control of dependencies, build isolation to identify mistakes, and reproducible builds to verify results across machines and strengthen supply-chain security.\n\nIn this talk you will learn how [Google’s open source build system Bazel](https://bazel.build/) and the [purely functional package manager Nix](https://nixos.org/) join forces to provide fast, correct, and reproducible builds.\n\nIn this talk I will explain what we mean by correct builds, and will motivate why fast and correct builds are important and why you would care about reproducible and isolated builds. We will see how many common build systems fail to provide these desirable properties.\n\nYou will be introduced to [Google’s open source build system Bazel](https://bazel.build/) and will learn how it provides fast builds, how correctness and reproducibility is relevant, and how Bazel tries to ensure correctness. But, we will also see where Bazel falls short in ensuring correctness and reproducibility.\n\nYou will learn about the [purely functional package manager Nix](https://nixos.org/) and how it approaches correctness and build isolation. And we will see where Bazel has an advantage over Nix when it comes to providing fast feedback during development.\n\nI will share how you can get the best of both worlds and combine Nix and Bazel and how you can get started with these tools. But, we will also touch on potential caveats and shortcomings of this approach.","original_language":"eng","persons":["Andreas Herrmann"],"tags":["asg2023","219","2023"],"view_count":258,"promoted":false,"date":"2023-09-14T11:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-02-27T13:00:04.866+01:00","length":2320,"duration":2320,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/219-bb932844-2a47-55af-8f56-3e07f06909cf.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/219-bb932844-2a47-55af-8f56-3e07f06909cf_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/219-bb932844-2a47-55af-8f56-3e07f06909cf.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/219-bb932844-2a47-55af-8f56-3e07f06909cf.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-219-fast-correct-reproducible-builds-with-nix-bazel","url":"https://api.media.ccc.de/public/events/bb932844-2a47-55af-8f56-3e07f06909cf","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"1d8a5caa-369e-5950-a072-9d9e1bb4a807","title":"Y2038: replace utmp with logind","subtitle":null,"slug":"all-systems-go-2023-183-y2038-replace-utmp-with-logind","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/3Z7XEE/","description":"The utmp implementation of glibc uses on quite some 64bit architectures a 32bit time variable, which leads to an overflow on 03:14:07 UTC on 19 January 2038. This talk will explain the current work on replacing utmp with logind.\n\nThe year 2038 problem (also known as Y2038) is a time formatting bug on Unix systems with representing times after 03:14:07 UTC on 19 January 2038. This happens with a 32bit time_t, not with a 64bit time_t. The general statement so far has always been that on 64bit systems with a 64bit time_t you are safe with respect to the Y2038 problem. But this isn't correct: on bi-arch systems like x86-64 (so which can execute 64bit and 32bit binaries) glibc defines __WORDSIZE_TIME64_COMPAT32, which leads to the fact, that struct utmp (used for utmp, wtmp and btmp) and struct lastlog uses int32_t instead of time_t. So we have a Y2038 problem, which is not easy fixable, as this would require ABI and on disk format changes. In this talk I will speak about the background, which tools are affected and a radical solution: drop utmp, wtmp, btmp and lastlog completely and make use of systemd-logind and other tools instead.","original_language":"eng","persons":["Thorsten Kukuk"],"tags":["asg2023","183","2023"],"view_count":134,"promoted":false,"date":"2023-09-13T17:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-02-09T15:45:08.255+01:00","length":1475,"duration":1475,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/183-1d8a5caa-369e-5950-a072-9d9e1bb4a807.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/183-1d8a5caa-369e-5950-a072-9d9e1bb4a807_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/183-1d8a5caa-369e-5950-a072-9d9e1bb4a807.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/183-1d8a5caa-369e-5950-a072-9d9e1bb4a807.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-183-y2038-replace-utmp-with-logind","url":"https://api.media.ccc.de/public/events/1d8a5caa-369e-5950-a072-9d9e1bb4a807","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"8b487f6f-30f1-579d-93b9-30bd3f50ab47","title":"Linux \u0026 TPMs","subtitle":null,"slug":"all-systems-go-2023-186-linux-tpms","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/HSEJY9/","description":"Let's get you up to speed on Trusted Platform Modules (TPM 2.0) and Linux. Specifically, the various additions to basic Linux userspace, i.e. systemd in our goal to make measured boot a default on Linux.","original_language":"eng","persons":["Lennart Poettering"],"tags":["asg2023","186","2023"],"view_count":4942,"promoted":false,"date":"2023-09-13T14:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-11T23:45:06.507+01:00","length":2620,"duration":2620,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/186-8b487f6f-30f1-579d-93b9-30bd3f50ab47.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/186-8b487f6f-30f1-579d-93b9-30bd3f50ab47_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/186-8b487f6f-30f1-579d-93b9-30bd3f50ab47.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/186-8b487f6f-30f1-579d-93b9-30bd3f50ab47.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-186-linux-tpms","url":"https://api.media.ccc.de/public/events/8b487f6f-30f1-579d-93b9-30bd3f50ab47","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"b11ed4ed-5ea0-5719-b831-0f1826806b45","title":"Wolfi: A Secure-by-Default Distro for Curing Container CVE Chaos","subtitle":null,"slug":"all-systems-go-2023-241-wolfi-a-secure-by-default-distro-for-curing-container-cve-chaos","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/V9EZSS/","description":"Are you using container images with hundreds of known vulnerabilities?\n\nThe majority of us are using images based on the Docker official images available on the Docker Hub. This includes base images – such as Debian and Ubuntu – as well as application images such as nginx and redis. Unfortunately these images often have hundreds of known vulnerabilities due to excessively large dependency trees with out-of-date packages. This security debt can lead to unnecessary security risks and slower development cycles.\n\nWolfi (​​https://github.com/wolfi-dev/) is a new Linux distribution optimized for building minimal, secure container images. Wolfi maintainers prioritize a rolling release model built on a rapid package update cycle, which ensures that new vulnerabilities are remediated quickly.\n\nThis talk not only describes the problems that motivate Wolfi but also provides hands-on knowledge to help developers take advantage of Wolfi. By the end of the talk, developers will learn about packaging techniques with apko and melange, tools specifically designed to build Wolfi packages and turn them into minimal, low- or no-vulnerability containers.\n\nKey Takeaways and Highlights\n\nPopular, off-the-shelf base images and containers often have hundreds of known vulnerabilities (“CVEs”), which can, at worst, be a security risk and, at best, be a giant time suck.\nWolfi is a new secure-by-default linux distribution that prioritizes rapid package updates and, by extension, fast mean time-to-remediation for known vulnerabilities.\nPackages in Wolfi can form the foundation of secure, minimal base images and containers, freeing developers of tedious vulnerability management tasks and increasing security for cloud-native applications.\n\nTalk Outline\n\nThe Cloud-Native Application Status Quo: Bloated, Outdated, Vulnerability-Laden Images\nContainers 101\nShow the results of running security scanners against popular Dockerhub official images\nUse (grype, an open source scanner) to scan golang:latest and nginx:latest. Show via command line.\nShow data and analysis on package counts, package staleness, vulnerability counts of official Docker Hub images\nDraw on six months of daily scanning results collected by presentation team\nOverview of Wolfi\nFast package update times\nFast vulnerability mean time-to-remediation\nGranular packages\nWolfi packages are often packaged at a more granular level than their counterparts in other distributions, which allows developers to pick and choose only the components that are essential for an image, without dragging in unnecessary functionality and attack surface.\nRolling release\nWhy not alternative approaches, either other minimal images or using other distros?\nGoogle distroless\nDebian-based so there can be slow update times for packages\nDebian - Slow package updates\nHow to build images with Wolfi packages\nExplain melange and building packages\nExample of building a package with melange\nExplain apko and building images\nDemo of building an image with apko","original_language":"eng","persons":["James Strong","Carlos Tadeu Panato Junior"],"tags":["asg2023","241","2023"],"view_count":189,"promoted":false,"date":"2023-09-14T16:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-03-15T18:00:06.181+01:00","length":2296,"duration":2296,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/241-b11ed4ed-5ea0-5719-b831-0f1826806b45.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/241-b11ed4ed-5ea0-5719-b831-0f1826806b45_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/241-b11ed4ed-5ea0-5719-b831-0f1826806b45.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/241-b11ed4ed-5ea0-5719-b831-0f1826806b45.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-241-wolfi-a-secure-by-default-distro-for-curing-container-cve-chaos","url":"https://api.media.ccc.de/public/events/b11ed4ed-5ea0-5719-b831-0f1826806b45","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"5e65dc07-4631-541e-81fe-bb0db3fd3bcc","title":"Replica.one: A Software-defined Operating System","subtitle":null,"slug":"all-systems-go-2023-227-replica-one-a-software-defined-operating-system","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/LBWXKL/","description":"Network operating systems commonly provide a stable userspace platform for networking devices. Integration of userspace applications as well as low-level hardware support are handled by firmware build systems.\n\nExisting build systems for network operating systems display numerous limitations by either targeting only distinct types of devices, using cumbersome methodologies to add additional features or offering insufficient capabilities regarding what to include in the firmware image. In this presentation, we provide an overview of these limitations and how we mitigate them with Replica.one, an Open Source firmware builder which targets the entire networking stack.\n\nWe will focus on the solution's optimization features, its capability to generate firmware for diverse classes of devices across the entire networking stack, and the flexibility to select the desired operating system between various Linux-based distributions.\n\nThe presentation targets Linux users who are interested in replacing their existing build system infrastructure with a single unified software platform. The flexibility of image-based network operating systems will allow organizations and its users to operate their existing hardware resources more efficiently and securely.\n\nProfessionals who are working in the domain of firmware build systems to integrate applications and features will benefit from Replica.one’s ease of use as well as powerful image customization capabilities.\n\nThe novel element of a single platform running on an entire networking infrastructure stack will be of particular interest to a wide range of organizations and companies looking to reduce their operating cost while reaping the benefits of open source community effort.","original_language":"eng","persons":["Jakov Petrina Trnski"],"tags":["asg2023","227","2023"],"view_count":116,"promoted":false,"date":"2023-09-14T14:30:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2026-02-13T11:30:09.100+01:00","length":2231,"duration":2231,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/227-5e65dc07-4631-541e-81fe-bb0db3fd3bcc.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/227-5e65dc07-4631-541e-81fe-bb0db3fd3bcc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/227-5e65dc07-4631-541e-81fe-bb0db3fd3bcc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/227-5e65dc07-4631-541e-81fe-bb0db3fd3bcc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-227-replica-one-a-software-defined-operating-system","url":"https://api.media.ccc.de/public/events/5e65dc07-4631-541e-81fe-bb0db3fd3bcc","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]},{"guid":"2793b90e-03aa-5e85-9aab-625ec2233aed","title":"A story of a bootloader^W^Wthree bootloaders","subtitle":null,"slug":"all-systems-go-2023-210-a-story-of-a-bootloader-w-wthree-bootloaders","link":"https://cfp.all-systems-go.io/all-systems-go-2023/talk/SMQPWM/","description":"This talk will explore the ideas from Lennart's \"Fitting Everything Together\"\nblog post, particularly the A/B partitioning scheme and its bootloader design,\ncomparing it with the approach used on the SteamDeck. Spoiler alert, we're not\nusing sd-boot.\n\nWe will focus on the requirements that drove us to the latter design, some \nimplementation details, and hurdles we needed to overcome to achieve that\nproject.\n\nLastly, the idea of finding common ground will be entertained where audience\nparticipation is greatly encouraged. What features would be acceptable by the\nwider systemd community? Would those be enough for the SteamDeck to jump ship?","original_language":"eng","persons":["Emil Velikov"],"tags":["asg2023","210","2023"],"view_count":94,"promoted":false,"date":"2023-09-14T12:00:00.000+02:00","release_date":"2023-09-14T00:00:00.000+02:00","updated_at":"2025-04-02T09:30:04.649+02:00","length":1057,"duration":1057,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/210-2793b90e-03aa-5e85-9aab-625ec2233aed.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/210-2793b90e-03aa-5e85-9aab-625ec2233aed_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/210-2793b90e-03aa-5e85-9aab-625ec2233aed.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2023/210-2793b90e-03aa-5e85-9aab-625ec2233aed.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2023-210-a-story-of-a-bootloader-w-wthree-bootloaders","url":"https://api.media.ccc.de/public/events/2793b90e-03aa-5e85-9aab-625ec2233aed","conference_title":"All Systems Go! 2023","conference_url":"https://api.media.ccc.de/public/conferences/asg2023","related":[]}]}