Feed cleverhans-blog [copy] http://www.cleverhans.io/feed.xml has loading error: cURL error 22: The requested URL returned error: 404
Systing: tracing for the lazy (asg2025)
Systing helps you solve problems in minutes rather than days. Out of the box it gives you everything you could possibly need, combined with perfetto’s visualization you will never be confused again. This talk will introduce systing, a tracer that is built on modern BPF tooling, purpose built to debug large applications with complicated interactions. This will be little talk and mostly demo. Two decades of experience debugging kernel problems has been poured into this tool to make it as straightforward as possible. I will walk through the basic usage, and show a case study investigation...
A simpler and faster firewall with bpfilter (asg2025)
For many years, firewall solutions on Linux have grown and evolved, without any major change, until eBPF. While eBPF can allow very fast and efficient packet filtering, the learning curve doesn't make it easily accessible to non-developers. bpfilter aims to bridge the gap between existing tools (nftables, iptables) and modern technologies such as eBPF.
By translating filtering rules into native code, bpfilter abstracts the complexity behind cutting-edge kernel technologies while maintaining backward compatibility with existing solutions. Let's discuss about bpfilter and see it in action!
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/JEVBTZ/
Video:asg2025-329-eng-A_simpler_and_faster_firewall_with_bpfilter_hd.mp4
Extending Fedora Atomic Desktops using systemd system extensions (asg2025)
On image based desktops distributions such as Fedora Atomic desktops and Universal Blue, users are expected to run their graphical applications using Flatpaks and their command line ones using containers. But that approach does not work well for some applications that require more privileges, direct access to devices or kernel interfaces. With systemd system extensions (sysexts), it is possible to extend an image based system on demand. Sysexts come with a lot of advantages: they can be created out of arbitrary content (not only packages), are quickly enabled or disabled and can be built and...
A new systemd container runtime?! (asg2025)
At Meta, we've been looking to revamp our internal container runtime (Twine). Instead of maintaining all the low level container runtime code ourselves, we'd much prefer having more of this managed by systemd. This talk will go over what we did to make systemd transient units a suitable environment for running system containers (pid namespace support, cgroup namespace support, namespace delegation, ...), and why we went this route instead of reusing systemd-nspawn.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/BBTJSF/
Video:asg2025-342-eng-A_new_systemd_container_runtime_hd.mp4
systemd: round table (asg2025)
Let's have an open discussion with systemd developers who are at ASG and users in the audience. We will open with the developers saying what they plan to work on in the near future, and then allow questions / comments from the audience.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/PXZGEL/
Video:asg2025-338-eng-systemd_round_table_hd.mp4
How I optimized away 94% CPU from zbus (asg2025)
Haven’t you ever wanted to find ways to make your Rust code the most optimal in the world? I know how you feel. This is a talk, where I’d tell you how easy it is to profile your Rust software and how most often the solutions are trivial. This is a story of how I used a few readily-available Open Source tools to achieve huge optimizations in [zbus](https://crates.io/crates/zbus), a pure Rust D-Bus library. This was long journey but gains were worth the efforts. I will go through each single bottleneck found, how it was found...
systemd-confext Two Years On: Versioned Overlays for /etc, Reloaded (asg2025)
systemd-confext is a lightweight overlay mechanism for /etc, allowing you to drop in a configuration extension ("confext") bundle and let systemd make it visible to your service as though it was already shipped with the base image. Building on the same extension magic as systemd-sysext, confext also introduces extra features tailored for the /etc use case, such as vpick-ing the newest version and the ability to pick up config revisions with a `systemctl reload`. This talk presents the changes to systemd-confext since [its debut at All Systems Go! 2023](https://cfp.all-systems-go.io/all-systems-go-2023/talk/XLQNDJ/), the lessons learned along the way...
ParticleOS: Why is Lennart still not dogfooding systemd?! (asg2025)
More than six months have passed since Daan tried to ~~shame~~ gently peer pressure Lennart to actually use the stuff he builds, via a FOSDEM talk: https://fosdem.org/2025/schedule/event/fosdem-2025-4057-particleos-can-we-make-lennart-poettering-run-an-image-based-distribution-/ Did he succeed? Is dogfooding standard practice now in the systemd development process? Or do things like randomly breaking logging in GNOME (*cough*) still happen from time to time? Join us for this talk to find out, and to apply yet more peer pressure. We will also spend some time talking about more boring and mundane topics, such as giving an overview of the current status of ParticleOS, and how...
isd: interactive systemd (asg2025)
Simplify systemd management with `isd`! `isd` is a TUI offering fuzzy search for units, auto-refreshing previews, smart sudo handling, and a fully customizable interface for power-users and newcomers alike. If you ever became frustrated while typing: - `systemctl start --user unit-A.service` (manually starting a unit) - `systemctl status --user unit-A.service` (seeing that it failed) - `journalctl -xe --user -u unit-A.service` (checking the logs) - `systemctl edit --user unit-A.service` (updating the unit) - (repeat until problem is solved) `isd` could help. In this presentation, we will discuss the features that `isd` currently supports, the features that are planned for the future, and the...
Container Networking With Netkit: The BPF Programmable Network Device (asg2025)
Introduced in kernel v6.7, the Netkit device is an eBPF-programmable network device designed with containers in mind. In this talk, I will go over the the basics of the Netkit device, and discuss the performance gains we have realized and challenges we faced when rolling out Netkit across millions of containers at Meta.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/WAHYE8/
Video:asg2025-327-eng-Container_Networking_With_Netkit_The_BPF_Programmable_Network_Device_hd.mp4