[presentations] 01/01: more wip
Holger Levsen
holger at layer-acht.org
Fri Jan 27 10:05:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository presentations.
commit c9ce8f569c2931fa7df730212edbc37430cf8734
Author: Holger Levsen <holger at layer-acht.org>
Date: Fri Jan 27 10:58:31 2017 +0100
more wip
---
2017-01-27-devconf.cz/2017-01-27-devconf.cz.tex | 110 +++++++++---------------
2017-01-27-devconf.cz/TODO | 18 +---
2 files changed, 46 insertions(+), 82 deletions(-)
diff --git a/2017-01-27-devconf.cz/2017-01-27-devconf.cz.tex b/2017-01-27-devconf.cz/2017-01-27-devconf.cz.tex
index f0a704b..e9b0cac 100644
--- a/2017-01-27-devconf.cz/2017-01-27-devconf.cz.tex
+++ b/2017-01-27-devconf.cz/2017-01-27-devconf.cz.tex
@@ -235,45 +235,6 @@ from a given source}
\end{frame}
-\begin{frame}
- \frametitle{jenkins.debian.net.git contributors}
- \begin{center}
- \begin{columns}
- \small
- \column{.46\linewidth}
- {akira} \\
- \only<1>{Alexander Couzens}\only<2>{{\color{debianred} Alexander Couzens}} \\
- \only<1>{Levente 'anthraxx' Polyak}\only<2>{{\color{debianred} Levente 'anthraxx' Polyak}} \\
- {Antonio Terceiro} \\
- {Axel Beckert} \\
- \only<1>{Bryan Newbold}\only<2>{{\color{debianred} Bryan Newbold}} \\
- {Chris Lamb} \\
- {Daniel Kahn Gillmor} \\
- {Gabriele Giacone} \\
- \only<1>{Hans-Christoph Steiner}\only<2>{{\color{debianred} Hans-Christoph Steiner}} \\
- Helmut Grohne \\
- \only<1>{Holger Levsen}\only<2>{{\color{debianred} Holger Levsen}} \\
- \only<1>{HW42}\only<2>{{\color{debianred} HW42}} \\
- {James McCoy} \\
- {Joachim Breitner} \\
- \column{.46\linewidth}
- {Johannes 'josch' Schauer} \\
- {Jérémy Bobbio} \\
- {Mattia Rizzolo} \\
- {Niels Thykier} \\
- {Paul Wise} \\
- {Petter Reinholdtsen} \\
- {Philip Hands} \\
- \only<1>{Reiner Herrmann}\only<2>{{\color{debianred} Reiner Herrmann}} \\
- {Samuel Thibault} \\
- {Steven Chamberlain} \\
- {Tails developers} \\
- {Ulrike Uhlig} \\
- {Wolfgang Schweer} \\
- {Wouter Verhelst} \\
- \end{columns}
- \end{center}
-\end{frame}
\placelogofalse
@@ -284,10 +245,11 @@ from a given source}
\frametitle{The problem: we need to believe}
\begin{itemize}
\item Free Software is great: one can study, modify, share and use it!
- \item<2-3> We study, modify and share sources.
- \item<2-3> We use binaries.
- \item<3> We need to believe our binaries come from the sources they are said
- to made from.
+ \item<2-4> We study, modify and share source code.
+ \item<2-4> We use binaries.
+ \item<3-4> We need to believe our binaries come from the source code they are said to made from.
+ \item<4> \textbf{I don't want to believe.}
+
\end{itemize}
\end{frame}
@@ -305,13 +267,13 @@ from a given source}
\frametitle{A few examples from that 31c3 talk}
\begin{itemize}
\item CVE-2002-0083: remote root exploit in \texttt{sshd}, a single bit difference in the binary
- \item<2-6> 31c3 talk had a live demo with a kernel module modifying source code in memory only
- \item<3-6> How can you be sure what's running on your machine or on a build
+ \item<2-5> 31c3 talk had a live demo with a kernel module modifying source code in memory only
+ \item<3-5> How can you be sure what's running on your machine or on a build
daemon network connected to the net? Do you ever leave your computers
physically alone?
- \item<4-6> How much do you pay your admins? Enough to withstand a multi million
+ \item<4-5> How much do you pay your admins? Enough to withstand a multi million
dollar attack?
- \item<6> Legal challanges. Could you be forced to backdoor (some of) your
+ \item<5> Legal challanges. Could you be forced to backdoor (some of) your
software (for some customers)?
\end{itemize}
\end{frame}
@@ -392,10 +354,11 @@ same.}
\begin{frame}[fragile]
\frametitle{More benefits than "just" security…}
\begin{itemize}
- \item smaller deltas, thus faster updates possible
- \item lots of QA benefits
- \item Google does reproducible builds, to save time and money
- \item …
+ \item lots and lots of QA benefits - we've found so many subtile bugs
+ \item<2-5> Google does reproducible builds, to save time and money
+ \item<3-5> smaller deltas, thus faster updates possible
+ \item<4-5> side effect: meaningful binary diff between two versions
+ \item<5> …
\end{itemize}
\end{frame}
@@ -467,14 +430,6 @@ same.}
}
-\begin{frame}
- \frametitle{two more tools}
-
- \begin{itemize}
- \item \texttt{strip-nondeterminism}
- \item<2> \texttt{reprotest}
- \end{itemize}
-\end{frame}
\placelogotrue
@@ -487,9 +442,7 @@ same.}
\texttt{experimental}
\item Also testing: coreboot, OpenWrt, LEDE, NetBSD, FreeBSD,
Arch Linux, Fedora and soon F-Droid too
- \item 12 \texttt{amd64} nodes, 150 cores and soon 500 GB RAM - thanks to
- Profitbricks.com!
- \item 44 \texttt{armhf} nodes, 98 cores and 53 GB RAM
+ \item 44 nodes (amd64/i386/arm64/armhf), 200 cores and 1 TB RAM
\item 486 jenkins jobs running on jenkins.debian.net
\item 43 scripts in Python and Bash, 283 lines of code in average
\item 37 contributors for \texttt{jenkins.debian.net.git}
@@ -589,6 +542,14 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
\end{itemize}
\end{frame}
+\begin{frame}
+ \frametitle{two more tools}
+
+ \begin{itemize}
+ \item \texttt{strip-nondeterminism}
+ \item<2> \texttt{reprotest}
+ \end{itemize}
+\end{frame}
\placelogotrue
@@ -741,16 +702,31 @@ hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minut
\begin{frame}
\frametitle{Skipping some more…}
\begin{itemize}
+\item Cygnus.com (1992)
\item Bitcoin (2011)
\item Tor (2013)
-\item NixOS, Guix, ElectroBSD
-\item Qubes, Tails
-\item very few commercial, propietary software (\only<1>{guess
-where}\only<2>{gamblingmachines}!)
-\item ?
+\item NixOS, GNU Guix, ElectroBSD
+\item openSUSE
+\item Qubes, Tails, webconverger
+\item ducible (build tool for Windows)
+\item very few commercial, propietary software
\end{itemize}
\end{frame}
+\begin{frame}
+ \frametitle{Detour: what, reproducible commercial Software???}
+ \begin{itemize}
+\item Guess which
+\item <2-3> windows? (the source is available)
+\item <2-3> medical devices in your body?
+\item <2-3> arms?
+\item <2-3> critical infrastructure like in nuclear powerplants?
+\item <2-3> cars?
+\item <3> Gambling machines!
+ \end{itemize}
+\end{frame}
+
+
\section{Status RPM world: Fedora and SuSE}
\begin{frame}
diff --git a/2017-01-27-devconf.cz/TODO b/2017-01-27-devconf.cz/TODO
index 6ca375e..eb9fcea 100644
--- a/2017-01-27-devconf.cz/TODO
+++ b/2017-01-27-devconf.cz/TODO
@@ -2,31 +2,19 @@ meta:
thank people for their work, diffoscope, disorderfs, armhf, mattia, val, … - mention peoples names and thank them. there's time now.
-explain problem and solution better
- include our new definition
- also mention qa side effecs
+include our new definition
+better mention qa side effecs
-replace j.d.n contributors with all involved projects?
+dennis bio first
-update skipping some
update debian numbers
update debian team
update variation slide!
gsoc + outreachy
have debian+fedora logo together on more slides
-add back slide about reproducible builds in the commercial world
explain .buildinfo in debian in more detail
-upstreaming patches project by bernhard
-fsf priority project
-john gilmore 1992 cygnus
-
-ars technica
- debian is really stupid allowing developer build binaries to be uploaded from every developer
- just because its useful to bootstrap new archs, which something like 3 people do
- but the build network of fedora/redhat doesnt make things magically safe nor secure, OTOH its a ideal attack target… how much do you pay your admins? etc ;-)
-
first fedora, then a suse slide:
mention suse in general
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git
More information about the Reproducible-commits
mailing list