Dan Callaghan

Linux.conf.au 2020: day three

After the first and second day of miniconfs, day three was the start of Linux.conf.au proper.

From 2020 to 2121: how will we get there? – Donna Benjamin

The most inspirational of the three keynotes and the most related to the conference theme of digital privacy. Very light on actual substance. She wants us to consider the long-term future (“2021”) and decide what to make it. “Discover, dream, design, deploy”. “We are all problem solvers so all we tend to see are the problems.” Some surveillance capitalism alarmism thrown in at the beginning for good measure.

Automated acceptance tests for terminal applications – Roman Joost

Purebred is a terminal MUA written in Haskell. They wanted to write acceptance tests for it. By “acceptance tests” he explains he means tests that interact with the program by sending it input and observing its visual output as if a human were driving it. To accomplish that, he wrote a Haskell library tasty-tmux to run the program-under-test inside a tmux server and drive it remotely, observing what it draws back to the terminal.

It is based on a polling model, where it scrapes the contents of the tmux buffer at regular intervals and waits for certain regex patterns to appear indicating that the UI has reached the expected state. In that sense it is similar to Webdriver.

I suggested to him after the talk that this model is inefficient and that they could instead directly read the stream of VT100 escape sequences and feed them to an existing parsing library, like vte used by alacritty. Then each state change in the parser would be a point where you check if the UI has reached the expected state or not. And the expected states could be expressed in terms of the actual cells making up the terminal buffer instead of regex patterns matching escape sequences.

Nevertheless the tasty-tmux library is novel and interesting. There are no(?) open source terminal applications with UI tests of this kind and there is no well established library for doing this kind of testing.

I was wrong – Karen Sandler

Roughly two thirds of the audience knew that “Karen” was a meme on the internet but I had no idea. Luckily she explained it at the start so I knew what she was talking about.

The overarching point is that she wants to embrace her “Karen” powers as a privileged white lady (referring to the meme) and use them for good.

She gave several examples of things she has changed her mind about: an old Seven of Nine boob joke she had used in talk slides before, which she now realises some people find offensive, and the joke added nothing to the talk; diversity initiatives for women, which she used to find called into question her right to be there as a woman, but which she now recognises are important for addressing gender imbalance issues in our industry; and throwing around the word “crazy” to mean “a terrible idea”, which is both imprecise but also hurtful to people with mental illnesses who have that word used to insult them.

Panfrost: open source meets Arm GPUs – Robert Foss

Panfrost is an open source Linux driver stack (kernel + Mesa) for newer Mali GPUs which are present in many Arm SoC designs in laptops, tablets, Chromebooks, and TV boxes. He mentioned the Rockchip SoCs (RK3328, RK3399) specifically as being well supported in mainline Linux largely due to the efforts of Google’s Chrome OS teams because those chips are used in some Chromebooks.

He gave a run-through of the current state of the driver, and some high-level details about the unique challenges of driving the Mali chips. I would have liked more technical details about that stuff. The driver can run “normal desktop environments” by which he presumably meant GNOME, and it supports OpenGL ES up to 2.0. No indications how many bugs remain though. But it sounds like very promising work and I am looking forward to trying it on the RK3399-based SBC which, by coincidence, I ordered the week before the conference.

Clevis and Tang: securing your secrets at rest – Fraser Tweedale

“Like everything in security, as in life, there are trade-offs”. I liked that quote so I highlighted it in my notebook. Fraser was referring to the choice of how to manage private key material when it is stored at rest on a server. The prime example being the HTTPS private key. The most secure configuration is to require a passphrase to decrypt the key material but that means every time the server reboots, human intervention is required to bring up the web server. In many situations that is not an acceptable limitation so most people store their HTTPS private key unencrypted on the server’s hard disk.

Full-disk encryption itself requires a similar trade-off – it requires human intervention on boot – so again most server deployments do not use disk encryption. Clevis and Tang aim to provide a middle-ground solution to this problem, where the disk is encrypted but it is automatically unlocked when the server is connected to the network. That protects the data if the server or its disks are stolen and removed from the data centre, but it avoids the need for human intervention on every boot.

The novel contribution is that Tang is not a key escrow solution, it unlocks the private key material without storing a copy of the private key. It does this uses a modified form of RSA encryption that I did not understand.

Fraser bravely began the talk with a live demo of the automatic disk decryption in action. It almost didn’t work – “let me just fix the configuration” he said at one point, which elicited a laugh from the audience – but to his credit his fix worked and he finished the demo with plenty of time left to also go through some technical details of how the algorithms and tools work. They are usable today on Fedora/CentOS for full disk encryption, with support in the Dracut generated initramfs.

Open and high performance computing – Hugh Blemings

Hugh opened by talking briefly about the open hardware movement, which has gradually moved from peripherals towards open hardware CPUs over the years. He makes a throwaway mention of RISC-V which began in 2010. He also mentions the OpenPower “foundation” and the fact that it started in 2013, which seems a bit disingenuous to me. It was actually started as an industry consortium in 2013 and there was really nothing at all “open” about the hardware until much more recently. The most exciting thing originally released by the Foundation was the source code for boot firmware used on IBM’s Power servers.

He makes a side detour into some gentle Intel-bashing, with mentions of the hardware-assisted exploits we began seeing in 2017 (Spectre/Meltdown), while also conceding that Power CPUs were similarly vulnerable. He also makes a thinly veiled reference to the various Management Engine vulnerabilities in Intel hardware that have cropped up in recent years.

The more interesting second half of the talk was devoted to describing what the OpenPower Foundation has been working on more recently. There are apparently lots of OpenPower Foundation member companies nobody has ever heard of shipping high density POWER9 rackmount server machines. And the foundation has released RTL for implementing OpenCAPI and Open Memory Interface interconnects. Plus they have released the Microwatt toy CPU as presented in earlier talks.