====== 2016-04-05 - 13th linux session ======

{{ :blog:2016:04:05:13_linux_session_logo.png?1000|13th linux session logo}}

this weekend i was on a [[http://13.sesja.linuksowa.pl/en|13th linux session]], hosted in [[wp>wrocław]], [[wp>poland]].

below are my random notes/thoughts, taken during the session:
  * [[https://dkopecek.github.io/usbguard/|USBGuard]] -- tool designed to give more control over a [[wp>USB]], including protection against [[wp>BadUSB]] attack. i'm waiting for this babe to be finally released! :)
  * [[wp>systemd]] contains [[https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html|nspawn]] (namespace spawn) for starting [[wp>LXC]] containers (another alternative for [[wp>docker (software)|docker]].
  * [[wp>systemd]] contains [[http://man7.org/linux/man-pages/man1/nsenter.1.html|nsenter]] (namespace enter) for entering given [[wp>LXC]]'s container namespace. container itself can be created via both [[https://blog.docker.com/tag/nsenter/|nspawn and docker]]!
  * more focus on resources-oriented permissions models, including [[wp>polkit]].
  * [[https://www.96boards.org/products/ce/hikey/|HiKey]] -- a < $100, 8-core [[wp>ARMv8]] (i.e. [[wp>aarch64|64-bit ARM]])  development board.
  * [[wp>open build service]] -- project that aims to provide packages builders/env for different linux distros.
  * [[http://rundeck.org|rundeck]] -- job scheduler, working on multi-machines env.
  * [[http://reproducible-builds.org]] -- an initiative aiming at making all builds binary-reproducible, regardless of build time, machine, etc... this way packages can be verified against tampering, as these would alter the binary output.
  * [[http://www.code-wizards.com/projects/libfaketime|faketime]] lib + command line tool to change time, perceived by an application. can be used to fool some tools, if needed.
  * hash containers does not randomize order for each bootup, to prevent complexity-attacks, in both GCC and clang (neither with libstdc++ nor libc++).
  * using [[wp>qemu]] and [[wp>iommu]] control over devices can be directly passed through to the guest OS. example usage is [[https://wiki.debian.org/VGAPassthrough|passing graphics card control the the guest]]. performance is very close to native! the down side is it means direct hardware access, thus it can crash host OS, if misbehaved.

all sessions were available online (streaming). recording should appear few days after the session too. enjoy! :)