below are my random notes/thoughts, taken during the session:
USBGuard – tool designed to give more control over a USB, including protection against BadUSB attack. i'm waiting for this babe to be finally released! :)
systemd contains nspawn (namespace spawn) for starting LXC containers (another alternative for docker.
systemd contains nsenter (namespace enter) for entering given LXC's container namespace. container itself can be created via both nspawn and docker!
more focus on resources-oriented permissions models, including polkit.
open build service – project that aims to provide packages builders/env for different linux distros.
rundeck – job scheduler, working on multi-machines env.
http://reproducible-builds.org – an initiative aiming at making all builds binary-reproducible, regardless of build time, machine, etc… this way packages can be verified against tampering, as these would alter the binary output.
faketime lib + command line tool to change time, perceived by an application. can be used to fool some tools, if needed.
hash containers does not randomize order for each bootup, to prevent complexity-attacks, in both GCC and clang (neither with libstdc++ nor libc++).
using qemu and iommu control over devices can be directly passed through to the guest OS. example usage is passing graphics card control the the guest. performance is very close to native! the down side is it means direct hardware access, thus it can crash host OS, if misbehaved.
all sessions were available online (streaming). recording should appear few days after the session too. enjoy! :)