Simon Lyall's Blog – Page 2 – New Zealand, Sysadmin, Linux, Curry, Chess

Linux.conf.au 2018 – Day 4 – Session 1

Panel: Meltdown, Spectre, and the free-software community Jonathan Corbet, Andrew ‘bunnie’ Huang, Benno Rice, Jess Frazelle, Katie McLaughlin, Kees Cook

FreeBSD only heard 11 days beforehand. Would have liked more notice
Got people involved from the Kernel Summit in Oct
Hosting company only heard once it went official, been busy patching since
Likely to be class-action lawsuit for $billions. That might make chip makers more paranoid about documentation and disclosure.
Thoughts in embargo
- People noticed strange patches going in beforehand.
- Only broke 6 days early, had been going for 6 months
- “Linus is happy with this, something is terribly wrong”
- Sad that the 2nd-tier cloud providers didn’t know. Exclusive club and lines as to who got informed were not clear
- Projects that don’t have explicit relationship with Intel didn’t get informed
Thoughts on other vendors
- This class of bugs could affect anybody, open hardware would probably not fix
- More open hardware could enable people to review the processors and find these from the design rather than poking around
- Hard to guarantee the shipped hardware matches the design
- Software people can build everything at home and check. FABs don’t work at home.
Speculative execution warned about years ago. Danger ignored. How to make sure the next one isn’t ignored?
- We always have to do some risky stuff
- The research on this built up slowly over the years
- Even if you have only found impractical attacks against something doesn’t mean the practical one doesn’t exist.
What criteria do we use to decide who is in?
- Mechanisms do exist, they were mainly not used. Perhaps because they were for software vulnerabilities
Did people move providers?
- No but Containers made things easier to reboot stuff and shuffle
Are there similar vulnerabilities ( similar or general hardware ) coming along?
- The Kernel page-table patches were fairly general, should cover many similar ones
- All these performance optimising bit of your CPU are now attack surfaces
- What are people going to do if this slows down hardware too much?
How do we explain problems like these to politicians etc
- Legos
- We still have kernel devs getting their laptops
Can be use CPUs that don’t have speculative execution?
- Not really. Back to 486s
Who are we protesting against with the embargo?
- Everybody
- The longer period let better fixes get in
- The meltdown fix could be done in semi-public so had better quality

What is the most common street name in Australia? Rachel Bunder

Why?
- Saw a map with most common name by US street
Just looking at name, not end bit “park” , “road”
Data
- PSMA Geocoded national address file – Great but came out after project
- Use Open Street Maps
Started with Common Name in Sydney
- Used Metro Extracts – site closing down soon
- Format is geojson
- Road files separately provided
Procedure
- Used python, R also has good features and libaraies
- geopandas
- Had some paths with no names
- What is a road? – “Something with a name I can drive a car on”
Sydney
- Full street name
  - Victoria Road
  - Pacific Highway
  - oops like like names are being counted twice
- Tried merging them together
- Roads don’t 100% match ends. Added function to fuzzy merge the roads that are 100m apart
- Still some weird ones but probably won’t affect top
- Second attempt
  - Short st, George st, William st, John st, Church st
Now with just the “name bit”
- Tried taking out just the last name. ended up with “the” as most common.
- Started with “The” = whole name
- Single word = whole name
- name – descriptor – suffex
- lots of weird names
- name list – Park, Victoria, Railway, William, Short
Wouldn’t work in many other counties
Now for all over Australia
- overpass data
- Downloaded in 50kmx50x squares
Lessons
- Start small
- Choose something familiar
- Check you bias (different naming conventions)
- Constance vigerlence
- Know your problem
Common plant names
- Wattle – 15th – 385
Other name
- “The Esplanade” more common than “The Avenue”
Top names
- 5th – Victoria
- 4th – Church – 497
- 3rd – George – 551
- 2nd – Railway
- 1st – Park – 693
By State
- WA – Forest
- SA – Railway
- Vic – Park
- Tas – Esplanade
- NT – Smith/Stuart
- NSW – Park

Linux.conf.au 2018 – Day 4 – Keynote – Hugh Blemings

Wandering through the Commons

Reflections on Free and Open Source Software/Hardware in Australia, New Zealand and beyond

Past Linux.conf.au’s reviewed
FOSS in Aus and NZ
- Above per capita
List of Aus / NZ people and their contributions
- John Lions , Lions book on Unix
- Pia Andrews/Waugh/Smith – Open Government, GovHack, Linux Australia, Open Data
- Vik Oliver – 3D Printing
- Clare Cuuran – Open Government in NZ
- plus a bunch of others

Working in Free Software and Open Hardware

The basics
- Be visable in projects of relevance
  - You will be typed into Google, looked at in GitHub
- Be yourself
  - But be business Friendly
- Linkedin is a thing, really
- Need a accurate basic presence
Finding a new job
- Networks
- Local user groups
- Conferences
- The projects you work on
Application and negotiation
- Be professional, courteous
- Do homework about company and culture
- Talk to people that work there
- Spend time on interview prep
  - Know your stuff, if you don’t know, say so
- Think about Salary expectations and stick to them
  - Val Aurora’s page on this is excellent
- Ask to keep copyright on your code
  - Should be a no-brainer for a FOSS.OH company
In the Job
- Takes time to get into groove, don’t sweat it
- Get out every now and then, particularly if working from home
- Work/life balance
- Know when to jump
  - Poisonous workplaces
- An aside to People’s managers
  - Bring your best or don’t be a people manager
  - Take your reports welfare seriously

Looking after You

Ours is in the main a sedentary and solitary pursuit
- exercise
Sitting and standing in front of a desk all day is bad
- takes breaks
Depression is a real thing
Eat more vegetables
Find friends/colleagues to exercise with

Working if FOSS / OH – Staying Current

Look over a colleagues shoulder
Do something that is not part of your regular job
- low level programming
- Karger systems, Openstack
Stay uptodate with Security Blogs and the like
- Many of the attack vectors have generic relevance
Take the lid off, tinker with hardware
- Lots of videos online to help or just watch

Make Hay while the Sun Shines

Save some money for rainy day
Keep networks Open
Even when you have a job

You’re fired … Now What? – In a moment

Don’t panic
- Going out in a twitter storm won’t help anyone
It’s not personal
- It is the position that is no longer needed, not you
If you think it an unfair dismissal, seek legal advice before signing anything
It is normal to feel rubbish
Beware of imposter syndrome
Try to keep 2-3 opportunities in the pipeline
Don’t assume people will remember you
- It’s not personal, everyone gets busy
- It’s okay to (politely naturally) follow up periodically
Keep search a little narrow for the first week or two
- The expand widely
Balance take “something/everything” as better than waiting for your dream job

Dream Job

Power 9 CPU
- 14nm process
- 4GHz, 24 cores
- 25km of wires
- 8 billion transisters
- 3900 official chips pins
- ~19,000 connections from die to the pin

Conclusions

Part of a vibrant FOSS/OH community both hear and abroad
We have accomplished much
The most exciting (in both senses) things lie before us
We need all of you to be part at every level of the stack
Look forward to working with you…

Linux.conf.au 2018 – Day 3 – Session 3 – Booting

Securing the Linux boot process Matthew Garrett

Without boot security there is no other security
MBR Attacks – previously common, still work sometimes
Bootloader attacks – Seen in the wild
Malicious initrd attacks
- RAM disk, does stuff like decrypt hard drive
- Attack captures disk pass-shrase when typed in
How do we fix these?
- UEFI Secure boot
- Microsoft required in machines shipped after mid-2012
- sign objects, firmware trusts some certs, boots things correctly signed
- Problem solved! Nope
- initrds are not signed
initrds
- contain local changes
- do a lot of security stuff
TPMs
- devices on system motherboards
- slow but inexpensive
- Not under control of the CPU
- Set of registers “platform configuration registers”, list of hashes of objects booted in boot process. Measurements
- PCR can enforce things, stop boots if stuff doesn’t match
- But stuff changes all the time, eg update firmware . Can brick machine
Microsoft to the resuce
- Tie Secure boot into measured boot
- Measure signing keys rather than the actual files themselves
- But initrds are not signed
Systemd to the resuce
- systemd boot stub (not the systemd boot loader)
- Embed initrd and the kernel into a single image with a single signature
- But initrds contain local information
- End users should not be signing stuff
Kernel can be handed multiple initranfs images (via cpio)
- each unpacked in turn
- Each will over-write the previous one
- configuration can over-written but the signed image, perhaps safely so that if config is changed, stuff fails
- unpack config first, code second
Kernel command line is also security sensative
- eg turn off iommu and dump RAM to extract keys
- Have a secure command line turning on all security features, append on the what user sends
Proof of device state
- Can show you are number after boot based on TPM. Can compare to 2FA device to make sure it is securely booted. Safe to type in passwords
Secure Provision of secrets
- Know a remote machine is booted safely and not been subverted before sending it secret stuff.

Linux.conf.au 2018 – Day 3 – Session 2

Dealing with Contributor Overload Holden Karau

Developer Advocate at Google
Apache Spark, Contributor to BEAM

Some people from big projects, some from projects hoping to get big

Remember it’s okay to not fix it all
The fun of a small project
- Simple communication
- Aligned incentives
- Easy to tell who knows what
- Tight community
The fun of a parge project
- More people to do the work
- More impact and people thanking you
- Lots of ideas and experiences
- If $s then fun conferences
- Get paid to work on it.
Is my project on Fire? or just lots of people on it.
- Measurable
  - User questions spike
  - issue spike
- Lesss measurable
  - Non-explicit stuff not being passed on
Classic Pipeline
- Users -> contributors -> committers _> PMC
- Each stage takes times
- Very leaky pipeline, perhaps it leaks too much
With hyper-growth project can quickly go south
- Committer:user ration can’t get too far out.
Even without hyper-growth: sadness
- Same thing happens, but slower
Overload – Mitigation
- You don’t have to answer everyone, this can be hard
- Stackoverflow
- Are your answers easily searchable
- Knowledge base – “do you mean”
- Take time and look for patterns in questions
- Find people who like writing and get to to write a book
  - Don’t to for core committers, they will have no time for anything else
Issue overload
- Try and get rid of duplicate tickets
- Autoclose tickets – mixed results
How to deal with a spike
- Raise the bar
- Make it easier
- Get Perl to solve the problem
Raising the bar
- Reject trivial changes – reduces the onramp
- Add weird system – more posts on how to contribute
What can Perl solve
- Style guide
- bot bot bots
- make it faster to merge
- Improve PR + reviewer notice
- Can increase productivity
Add more committers
- Takes time and effort
- People can be shy
- Make a guide for new folks to follow
- Have a safe space for people to ask questions
Reduce overhead for contributing well
- Have doc on how to contribute next to the code, not elsewhere that people have to search for.

The Open Sourcing of Infrastructure Elizabeth K. Joseph

The recent history of infrastructure

1998
- To make a server use Solaris or NT. But off a shelf
- Linux seen as Cheap Unix
- Lots of FUD

Got a Junior Sysadmin Job

2004
- Had to tell people the basics “What is free software?” , “Using Open Source Web Applications to Produce Business Results”
- Turning point LAMP stack
- Flood of changes on how customers interacted with software over last
  - Reluctance to be locked-in by a vendor
  - Concerns of security
  - Ability to fix bugs ourselves
  - Innovation stifled when software developed in isloation

Last 10 years

Changes in how peopel interacted with software
- Downtime un-acceptable
- Reliance of scaling and automation
- Servers as Pets -> cattle
- Large focus on data

Open Source is now Ubiquitous

Even Microsoft is using it a lot and interacting with the community

Operations tools were not as Open Sourced

Configuration Management
- puppet modules, chef playbooks
Open application definitions – juhu charms, DC?OS Universe Catalog
Full disk images
- Dockerhub

The Cloud

Cloud is the new propriatory
EC2-only infrastructure
Questions you should ask beforehand
- Is your service adhering to open standards or am I locked in?
- Recourse if the company goes out of business
- Does vendor have a history of communicating about downtime and security problems?
- Does vendor responds to bugs and feature requests?
- Will the vendor use data in a way I’m not comfortable with?
- Initial costs may be low, but do you have a plan to handle long term, growing costs
Alternatives
- Openstack, Kubernetes, Docker Swarm, DC/OS with Apache Mesos

Hybrid Cloud

Tooling can be platform agnostic
Hard but can be done

Linux.conf.au 2018 – Day 3 – Session 1 – k8s @ home and bad buses

How to run Kubernetes on your spare hardware at home, and save the world Angus Lees

Mainframe ->
PC ->
Rackmount PC
- Back the rackmount PC even with built-in redundancy will still fail. Or the location will go offline, or your data spreads across multiple machines
Since you need to have distributed/redundancy anyway. New model (2005). Grid computing. Clever software, dumb hardware. Loosely coupled servers
- Libraries > RPC / Microservices
- Threadpool -> hadoop
- SQL -> key/store
- NFS -> Object store
- In-place upgrades -> “Immutable” image-based build from scratch
Computers in clouds
- No cases. No redundant Power, journaling on filesystems turned off, etc
Everything is in clouds – Secondary effects
- Corperate driven
- Apache license over GPL
- Centralised services rather than federated protocols
- Profit-driven rather than scrating itches
Summary
- Problem
  - Distributed Systems hard to configure
  - Solutions scale down poorly
  - Most homes don’t have racks of servers
- Implication
  - Home Free Software “stuck” at single-machine architecture
Kubernetes (lots of stuff, but I use it already so just doing unique bits)
- “Unix Process as a service”
- Inverts the stack. Data is important then app. Kernel and Hardware unimportant.
- Easy upgrades, everything is an upgrade
- Declarative API , command line interface
“We’ve conducted this experiment for decades now, and I have news for you, Hardware fails”

Hardware at Home

Raid used to be “enterprise” now normal for home
Elastic compute for home too
Kubernetes for Home
- Budget $100
  - ARM master nodes
  - Mixed architecture
- Assume single layer-2 home ethernet
- Worker nodes – old $500 laptops
  - x86-64
  - CoreOS
  - Broken screens, dead batteries
- 3 * $30 Banana pis
  - Raspberry Pi2
  - armv7a
  - containOS
- Persistentvolumes
  - NFS mount from RAID server
- Service – keepalived-vip
- Ingress
  - keepalived and nginx-ingress , letsEncrypt
  - Wildcard DNS
- Status
  - Works!
  - Printing works
  - Install: PXE boot and run coreos-install
- Status – ungood
  - Banana PIs a bit too slow.
- github.com/anguslees/k8s-home

Is the 370 the worst bus route in Sydney? Katie Bell

The 370 bus
- Goes UNSW and Sydney University. Goes around the city
If bus runs every 15 minutes, you should not be able to see 3 at once
Newspaper articles and Facebook group about how bad it is.
Two Questions
- Bus privitisation better or worse
- Is the 370 really the worst
Data provided
- Lots of stuff but nothing the reliability
- But they do have realtime data eg for the Tripetime app (done via a 3rd party)
- They have a API and Key with standard format via GTFS
But they only publish “realtime” data, not the old data
- So collected the realtime data, once a minute for 4 months
- 557 GB
Format
- zipfile of csv files
- IDs sometimes ephemeral
- Had to match timetable data and realtime data
- Data had to be tidied up – lots
Processing realtime data
- Download 1 minute
- Parse
- Match each of around ~7000 trips in timetable (across all of NSW)
- Write ~20000 realtime updates to the DB
- Running 5 EC2 instances at leak
- Writing up to 40MB/s to the DB
Is the 370 the worst?
- Define “worst”
- Found NSW definition of what an on-time bus is.
- Now more than 5:59 late or 1:59 early. Measured start/middle/end
- Victoria definition strictor
- She defined:
  - Early: more than 2min early
  - On time: 2m early – 5 min late
  - late more than 5m late
  - Very late – more thna 20m late
- Across all trips
  - 3.7 million trips
  - On time 31%
  - More than 20m late 2.86%
- Best routes
  - Nightime buses
  - Outside of Sydney
  - Shorter routes
  - 86% – 97% or better
- Worst
  - Less than 5% on time
  - Longer routes
  - 370 is the 22nd worst
    - 8.79% on time
- Worst routes ( percent > 20 min late)
  - 23% of 370 trips (6th worst)
  - Lots of Wollongong
- Worst agencies
  - No obvious difference between agencies and private companies
- Conclusion
  - Privatisation could go either way
  - 370 is close to the worst (277 could be worse) in Sydney
- bus-shaming.com
- github.com/katharosada/bus-shaming

Questions

Used Spot instances to keep cost down
$200 month on AWS
Buses better/worse according to time? Now checked yet
Wanted to calculate the “wait time” , not done yet.
Another feed of bus locations and some other data out there too.
Lots of other questions

Linux.conf.au 2018 – Day 3 – Keynote – Karen Sandler

Executive director of Software Freedom Conservancy

Previously spoke that LCA 2012 about closed-source software on her heart implant. Since then has pivoted career to more open-source advocacy in career.

DMCA exemption for medical device research
When you ask your doctor about safety of devices you sound like a conspiracy theorist
Various problems have been highlighted, some progress
Some companies addressing them

Initially published paper highlighting problem without saying she had the device

Got pushback from groups who thought she was scaremongering
Companies thinking about liability issues
After told story in 2012 things improved

Had to get new device recently.

Needed this disabled since her jobs pisses off hackers sometimes
All manufacturers said they could not disable wireless access
Finally found a single model that could be disabled made by a European manufacturer

Note: This is a quick summary, Lots more covered but hard to cover. Video should be good. Her slides were broken though much of the talk be she still delivered great talk.

Linux.conf.au 2018 – Day 2 – Keynote – Matthew Todd

Collaborating with Everybody: Open Source Drug Discovery

Term used is a bit undefined. Open Source, Free Drugs?
First Open Source Project – Praziquantel
- Molecule has 2 mirror image forms. One does the job, other tastes awful. Pills were previously a mix
- Project to just have pill with the single form
  - Created discussion
  - Online Lab Notebook
  - 75% of contributions were from private sector (especially Syncom)
  - Ended up finding a approach that worked, different from what was originally proposed from feedback.
  - Similar method found by private company that was also doing the work
Conventional Drug discovery
- Find drug that kills something bad – Hit
- Test it and see if it is suitable – Led
- 13,500 molecules in public domain that kill maleria parasite
6 Laws of Open Scrience
- All data is open and all ideas are shared
- Anyone can take part at any level of the project
Openness increasing seen as a key
Open Source Maleria
- 4 campaigns
- Work on a molecule, park it when doesn’t seem promising
- But all data is still public
What it actually is
- Electronic lab book (80% of scientists still use paper)
- Using Labtrove, changing to labarchives
- Everything you do goes up every day
- Todo list
  - Tried stuff, ended up using issue list on github
  - Not using most other github stuff
- Data on a Google Sheet
- Light Website, twitter feed
Lab vs Code
Have a promising molecule – works well in mice
- Would probably be a patentable state
- Not sure yet exactly how it works
Competition – Predictive model
- Lots of solutions submitted, not good enough to use
- Hopeful a model will be created
Tried a a known-working molecule from elsewhere, but couldn’t get it to work
- This is out in the open. Lots of discussion
School group able to recreate Daraprim, a high-priced US drug
Public Domain science is now accepted for publications
Need to to make computers understand molecule digram and convert to representative format which can then be search one.
Missing
- Automated links to databases in tickets
- Basic web page stuff, auto-porting of data, newsletter, become non-profit, stickers
- Stuff is not folded back into the Wiki
OS Mycetoma – New Project
- Fungus with no treatment
- Working on possible molecule to treat
Some ideas on how to get products created this way to market – eg “data exclusivity”

Linux.conf.au 2018 – Day 1 – Session 3 – Developers, Developers Miniconf

Beyond Web 2.0 Russell Keith-Magee

Django guy
Back in 2005 when Django first came out
- Web was fairly simple, click something and something happened
- model, views, templates, forms, url routing
The web c 2016
- Rich client
- API
- mobile clients, native apps
- realtime channels
Rich client frameworks
- reponse to increased complexity that is required
- Complex client-side and complex server-side code
Isomorphic Javascript development
- Same code on both client and server
- Only works with javascript really
- hacks to work with other languages but not great
Isomorphic ~~javascript~~ development
- Requirements
- Need something in-between server and browser
- Was once done with Java based web clients
- model, view, controller
API-first development
How does it work with high-latency or no-connection?
Part of the controller and some of the model needed in the client
- If you have python on the server you need python on the client
- brython, skulp, pypy.js
- <script type=”text/pyton”>
- Note: Not phyton being compiled into javascript. Python is run in the browser
- Need to download full python interpreter though (500k-15M)
- Fairly fast
Do we need a full python interpreter?
- Maybe something just to run the bytecode
- Batavia
- Javascript implementation of python virtual machine
- 10KB
- Downside – slower than cpython on the same machine
WASM
- Like assembly but for the web
- Benefits from 70y of experience with assembly languages
- Close to Cpython speed
- But
  - Not quite on browsers
  - No garbage collection
  - Cannot manipulate DOM
  - But both coming soon
Example: http://bit.ly/covered-in-bees
But “possible isn’t enough”
pybee.org
pybee.org/bee/join

Using “old skool” Free tools to easily publish API documentation – Alec Clew

https://github.com/alecthegeek/doc-api-old-skool
You API is successful if people are using it
High Quality and easy to use
Provide great docs (might cut down on support tickets)
Who are you writing for?
- Might not have english as first language
- New to the API
- Might have different tech expertise (different languages)
- Different tooling
Can be hard work
Make better docs
- Use diagrams
- Show real code (complete and working)
Keep your sentence simple
Keep the docs current
Treat documentation like code
- Fix bugs
- add features
- refactor
- automatic builds
- Cross platform support
- “Everything” is text and under version control
Demo using pandoc
Tools
pandoc, plantuml, Graphviz, M4, make, base/sed/python/etc

Lightning Talks

Nic – Alt attribute
- need to be added to images
- Don’t have alts when images as links
- http://bit.ly/Nic-slides
Vaibhav Sager – Travis-CI
- Builds codes
- Can build websites
- Uses to build Resume
- Build presentations
Steve Ellis
- Openshift Origin Demo
Alec Clews
- Python vs C vs PHP vs Java vs Go for small case study
- Implemented simple xmlrpc client in 5 languages
- Python and Go were straightforward, each had one simple trick (40-50 lines)
- C was 100 lines. A lot harder. Conversions, etc all manual
- PHP wasn’t too hard. easier in modern vs older PHP
Daurn
- Lua
- Fengari.io – Lua in the browser
Alistair
- How not to docker ( don’t trust the Internet)
- Don’t run privileged
- Don’t expose your docker socket
- Don’t use host network mode
- Don’t where your code is FROM
- Make sure your kernel on your host is secure
Daniel
- Put proxy in front of the docker socket
- You can use it to limit what no-priv users with socket access to docker port can do

Linux.conf.au 2018 – Day 1 – Session 2

Manage all your tasks with TaskWarrior Paul ‘@pjf’ Fenwick

Lots of task management software out there
- Tried lots
- Doesn’t like proprietary ones, but unable to add features he wants
- Likes command line
Disclaimer: “Most systems do not work for most people”
TaskWarrior
- Lots of features
- Learning cliff

Intro to TaskWarrior

Command line
Simple level can be just a todo list
Can add tags
- unstructured many to many
- Added just put putting “+whatever” on command
- Great for searching
- Can put all people or all types of jobs togeather
Meta Tags
- Automatic date related (eg due this week or today)
Project
- A bunch of tasks
- Can be strung togeather
- eg Travel project, projects for each trip inside them
Contexts (show only some projects and tasks)
- Work tasks
- Tasks for just a client
- Home stuff
Annotation (Taking notes)
- $ task 31 annotate “extra stuff”
- has an auto timestamp
- show by default, or just show a count of them
Tasks associated with dates
- “wait”
- Don’t show task until a date (approx)
- Hid a task for an amount of time
- Scheduled tasks urgency boasted at specific date
Until
- delete a task after a certain date
Relative to other tasks
- eg book flights 30 days before a conference
- good for scripting, create a whole bunch of related tasks for a project
due dates
- All sorts of things give (see above) gives tasks higher priority
- Tasks can be manually changed
Tools and plugins
- Taskopen – Opens resources in annotations (eg website, editor)
Working with others
- Bugworrier – interfaces with github trello, gmail, jira, trac, bugzilla and lots of things
- Lots of settings
- Keeps all in sync
Lots of extra stuff
- Paul updates his shell prompt to remind him things are busy
Also has
- Graphical reports: burndown, calendar
- Hooks: Eg hooks to run all sort of stuff
- Online Sync
- Android client
- Web client
Reminder it has a steep learning curve.

Love thy future self: making your systems ops-friendly Matt Palmer

Instrumentation
- Good article
Instrumenting incoming requests
- Count of the total number of requests (broken down by requestor)
- Count of reponses (broken down by request/error)
- How long it took (broken down by sucess/errors
- How many right now
Get number of in-progress requests, average time etc
Instrumenting outgoing requests
- For each downstream component
- Number of request sent
- how many reponses we’ve received (broken down by success/err)
- How long it too to get the response (broken down by request/ error)
- How many right now
Gives you
- incoming/outgoing ratio
- error rate = problem is downstream
Logs
- Logs cost tends to be more than instrumentation
Three Log priorities
- Error
  - Need a full stack trace
  - Add info don’t replace it
  - Capture all the relivant variables
  - Structure
- Information
  - Startup messages
  - Basic request info
  - Sampling
- Debug
  - printf debugging at webcale
  - tag with module/method
  - unique id for each request
  - late-bind log data if possible.
  - Allow selective activation at runtime (feature flag, special url, signals)
- Summary
  - Visbility required
  - Fault isolation

Linux.conf.au 2018 – Day 1 – Session 1 – Kernel Miniconf

Look out for what’s in the security pipeline – Casey Schaufler

Old Protocols

SeLinux
- No much changing
Smack
- Network configuration improvements and catchup with how the netlable code wants things to be done.
AppArmor
- Labeled objects
- Networking
- Policy stacking

New Security Modules

Some peopel think existing security modules don’t work well with what they are doing
Landlock
- eBPF extension to SECMARK
- Kills processes when it goes outside of what it should be doing
PTAGS
- General purpose process tags
- Fro application use ( app can decide what it wants based on tags, not something external to the process enforcing things )
HardChroot
- Limits on chroot jail
- mount restrictions
Safename
- Prevents creation of unsafe files names
- start, middle or end characters
SimpleFlow
- Tracks tainted data

Security Module Stacking

Problems with incompatibility of module labeling
People want different security policy and mechanism in containers than from the base OS
Netfilter problems between smack and Apparmor

Container

Containers are a little bit undefined right now. Not a kernel construct
But while not kernel constructs, need to work with and support them

Hardening

Printing pointers (eg in syslog)
Usercopy