05 juni 2019
Conference report NLUUG Voorjaar 2019
NLUUG Voorjaarsconferentie 2019. Netherlands UNIX User Group, Spring Conference 2019.
Thursday 23 may 2019, Van der Valk Hotel, Utrecht.
Easy to reach from my home town, by car. I arrive on time at the car parking (garage) of the venue that houses the NLUUG conference. Imideatly it is clear that there are a lot of attendees this time. And after 20 years of attending these conferences I know a lot of them, it feels like a UNIX reunion. During the Opening words of the chair of the NLUUG it is confirmed, the 200 attendee mark has been passed.
09:30-10:30 Keynote: ownCloud/nextCloud, why I forked my own project and my own company. Frank Karlitschek
In the beginning the cloud was just the cloud, nobody cared they were using someone others computer. But now Data is the new oil and it does matter where your data is. Frank shows where you put it when you put it "in the cloud" : Some where west in the USA, Silicon Vally to be more precise. That was the reason for own/nextCloud, keep your data in your own control. Frank show us the many nice options of nextCloud, before telling the story about how it cam to be. Like the first Open Source project Frank participated in (KDE) he wanted ownCloud to be about open source and the community but wanted to pay developers for their work. So he founded ownCloud Inc. in the USA, because that is where the money is. Before he knew it he was part of the System. Managers and financial people without any Open Source affinity where taking over. The community stopped contributing because the didn't like the Dual Licensing, Open Core / Enterprise edition and the company owning the code. Meanwhile Frank became very unhappy with the company and after "burning 10 Million dollar" (quote) he left the company (together with more developers) to fork the open source part of ownCloud into nextCloud. Again this was a company, but now on Franks terms: Sustainable (no external investments), 100% OpenSource (there are paid developers but there is no enterprise edition) and a Business Model like SUSE or Red Hat. NextCloud is getting momentum and the company can exist on its own, this to the relief of Frank who had some very difficult years behind him.
11:00-11:45 How new OS technologies & standards will not only excite admins… but users as well. Brian Joseph
Brian is the CEO of Kopano, a open source collaboration tool. Open Source is so much better than a proprietary model Brian explains in some detail. All though Open Source is not new it is becoming a succes due to the Usability according to Brain. Front-End frameworks have grown-up and are Open Source now which lead to more succes for Open Source. Like PWA (Progressive WebApps) and UI frame works of which Material UI is a beautiful example. And the there is the API (REST) that connects it all together. Identity Management is now also open, OpenID and Konnect are examples. Still a lot of our daily IT is very centralised, besides email which is very decentralised. Luckily Open Source solution for Decentralised Chat (WebRTC), Decentralised API's (Matrix, OpenAPI) and decentralised social networks (ActivityPub, Open Social, Mastadon). All these new open source frameworks and tools are very user centric and that will make Open Source a succes for the users, as it already was for the Admins.
11:50-12:35 FIDO2 and Web Authentication. Joost van Dijk
Before FIDO2 there was FIDO (should have been FIDO1 and even FIDO0, but who is counting). FIDO failed because it was not in the browser, FIDO2 is in most browsers and has a W3C API so it will be a much bigger succes hopefully. FIDO2 is Multi-factor authentication and can use a hardware token like YubiKey or a fingerprint for example. While describing the advantages and possibilities of FIDO2 Joost shows an example implementation https://webauthn.io/
based on code available on GitHub, which I could try using my MAcBook with fingerprint in the Touch Bar. As advertised by FIDO2 I was able to login password-less.
The "Van der Valk" venue has a great lunch buffet that serves plenty of food for every taste. And it is a great opportunity to meet and talk with the conference attendees and the presenters that all come together.
14:00-14:45 Effective Virtual CPU Configuration with QEMU and libvirt. Kashyap Chamarthy
Working with Qemu, KVM and libvirt for many years, this is the first time I saw some really clear pictures of how these tools interact. Besides giving the overview Kashyap dives deeply in the Qemu virtualisation. qemu64 runs on all hosts but with bad default options. No RDRAND, which leads to bad/slow entropy, for example. A guest system can be protected against Spectre-NG by Qemu, but again the default qemu64 doesn't. The Host passthrough setting, where the quest gets all the capabilities of the host, is also not an ideal solution. When doing a live migration the result will be unpredictable and is a no-go in mixed environment where Kernel and microcode or not exactly the same. As of libvirt 4.4.0 a tool is available that checks all capabilities of all cpu's, kernels and microcode in an environment and the generates a baseline HypervisorCPU that can run on all. This allows for seamless live-migration for example. This talk explained a lot of issues I encountered when using KVM/Qemu/libvirt in a mixed environment and now I know how to address them.
14:50-15:35 XCP-ng: building an Open Source and turnkey virtualisation platform. Olivier Lambert
NCP-ng is XEN, OVS, SMAPI and XAPI put together with a web-interface (XenOrchestra) explains Olivier. And it becomes clear that again (like in the Keynote) the open source community didn't like the way XEN became closed source, then became more or less open en the closed again. Just before XEN becoming closed again XCP-ng was born (forked). NCP-ng strives to work out-of-the-box, just download and install and is promesses an easy upgrade from XenServer. And again behind the open source solution there is a company (started with kickstart money) that offers a support and not a license model. Since 2018 the project is growing in both users and contributors. For the near future the plans are to fix some "low hanging fruits" of witch the replacement of the the zlib compression to zstd (by facebook) is already implemented.
16:00-16:45 From Clippy to Kernel. Suzanne Daniels
Microsoft on an NLUUG conference was unthinkable a few years ago, but now Microsoft has gone the Open Source way and embraces Linux instead of FUDing it (Fear Uncertainty and Doubt). Suzzane describes the history of UNIX, GNU, Linux and how Microsoft came to where it is now. In 2014 the "open source internally" became the new way of working. Being a Clippy FanGirl the overview history consisted of two parts, the time before Clippy and the time after Clippy. The most resent announcement is WSL2 (Windows Subsystem for Linux Version 2), windows is shipping a Linux Kernel!, that allows faster execution of ELF64 Linux binaries, and allow docker to run much faster and better. And off course VS-Code is mentioned as it looks like every up-to-date developer is using this to code. Then Suzanne gave a live demo of AKS (Azure Kubernetes Service) and ACR (Azure Container Registry) from the command line, unfortunately I found it difficult to follow what was happening during the demo. Especially when Errors where visible but ignored.
16:50-17:35 DNS & TLS SNI: Now with encryption… and cloud. Bert Hubert
Bert is not only the creator of PowerDNS he is a very entraining speaker. Despite being the last talk of the day, the audience was energised, surprised and awake during the whole talk. DNS is, like a lot of people in the audience, old and the last plaintext protocol on the internet? Various attempts where done to encrypt the DNS traffic. DNSSEC is a complex way to get DNS message integrity but with a negative privacy impact ("Walking" a complete zone is now possible). In 2009 DNSCrypt (with DNSCurve) was developed by Dan Bernstein which nobody implemented. I everybody had, all the current issues would have been solved. In 2015 there was DNS over TLS (DoT) using port 853 which of course is broken by every firewall or home router. Now (since 2018) there is DNS over HTTPS (DoH) using port 443. Again nobody picked this up. Until... the US American browser vendors and CDNs (Content Delivery Networks) decided to fight for our privacy. The US Browsers and CDNs push this way of using DNS but there are issues. The metadata is not encrypted, so the HTTPS endpoints can see HTTP attempt, DNS lookups, (e)SNI, OCSP (not in Chrome) and IP address. Not interested in DoH is Google: Google knows already enough of you, it doesn't need the extra info.
It was a long day of interesting talks and meeting old and new people, what most impressed was het passion that most of the speakers had for Open Source. The motive for those who started a company was not the money but something that comes from the heart and has to do with Open Source and the community surrounding it. What that something exactly is, is difficult to describe, if not impossible, but if one sees it in somebody it is easily recognised.
Alain van Hoof, Senior IT Infrastructure Engineer Working Spirit ICT BV