 I'm so sorry, guys. Good morning, everyone. So I do apologize for how cold it is. I have asked for them to change the temperature and it goes colder, so. I'm so sorry. I'm actually here to introduce Kyle Rankin, who is a fantastic speaker. He's been here a few years now and he is doing jams, cams, and cubes. Take it away. All right. Good morning, everybody. Everybody hear me all right? Fantastic. Thank you in the back. All right, so my name's Kyle Rankin. I'm the VP of Engineering Operations at a company called Final. We're a credit card company. And that's part of the genesis of this talk because when I'm, since I'm working for a credit card company, I have to take like the security of our data and just my personal security because I work as assistant man there pretty seriously because I'm one of the people that has a lot of access to things. So it sort of caused me to relook at how I do my personal desktop security. And one of, and I found cubes to be, which is a high security desktop operating system to be really useful in that kind of environment with that kind of threat. So that's sort of part of the genesis of this talk. In addition, in addition to my day job, I do a lot of technical writing on the side. So I'm a columnist for Linux Journal Magazine where I've written this, I've actually written a series in there on this and the last slide has a link to that. In addition to that, I also just recently finished writing a book called Linux Hardening and Hostile Networks. And it's gonna be out this summer and it has a whole chapter on workstation hardening and the advanced section of that chapter goes in depth into how to set up and use cubes as well. So all of those things are based, like the talk is sort of based on a combination of these things. All right, so here's what we're gonna talk about. I'll give sort of a brief introduction about how sort of the thinking behind this talk and what the approach is going to be. Then I'm going to talk about how traditionally we've tried to preserve computers and food against infection. Then I'm gonna talk a little bit about how to make jam and sort of the history of computer infection before we had compartmentalization. I'll briefly talk about some of the things the military has added to protect their own security and a lot of the advances in infection prevention technology that comes from the military. Then talk about cubes, which is a way to apply some of that same military notion of compartmentalization into computer, personal computer security. Then from that point on, we'll be talking more specifically about how cubes does things. So I'm going to dive into sort of how cubes allows you to label different VMs based on threats. I'll talk a little bit about how they do OS templating and talk about some of the disposable VMs that they have set up and how to use that. And then finally talk about some of the more advanced threats that cubes can help mitigate. And then very finely, I'll have a slide where I just sort of talk about how I personally organize all of my VMs and cubes. If you don't know anything at all about cubes, this will all make sense by the end. And even if it doesn't, you'll probably at least leave with a good understanding of how to can green beans. So there's always that. And we'll take some questions at the end too. All right. So security sort of feels like a modern topic. At least it has for me, you know, like it feels like security's in the news all the time now. And it sort of feels like there's, there's this grounds full of attention and being paid to security. So it feels like this is like a modern thing that's from our current age. So it feels really modern, but really security is not anything particularly new. Throughout history, maybe not computer security, but securities is something that we've been focused on to apply to a lot of different problems that we've had. In fact, when we talk specifically about computer security, you'll find that security people will borrow metaphors from all kinds of other security things. In fact, if you wanna challenge a security guy, ask them to describe the fence in depth without talking about castles. And they're gonna have a really hard time. They'll be like, oh, first, you know, you have like the wall around the, okay, well, I can't, so, and then so anyway, castles are a great metaphor for that. We like to call certain programs that replicate and infect systems viruses, right? We like to apply these different metaphors to sort of understand computer security. But the thing is, all of these disciplines can teach us a lot about computer security because a lot of the approaches to threatening us or infecting a computer, I mean, we use the word infection, right? What is it? It's a metaphor from something else. If we learn from the centuries of civilization that have applied security techniques to other problems, to computer security, we can learn a lot and maybe skip ahead and save ourselves a lot of hassle. So one of the most fundamental things that human beings have to deal with is food. And one of the most fundamental aspects of our survival is being able to eat food. And that's also one of the things that we've had to figure out ways to secure against a number of things, including infection. So what this talk's going to be about is specific, is how we apply, how we protect food from infection, take all of those lessons and then apply them to how we protect computers from infection because the technology is very similar, it turns out. Specifically, I'm going to focus on security by compartmentalization, so we'll talk about what that means. Both with canning vegetables and with cubes, the operating system. All right, so both, like I said, computer and culinary history are both the stories of a war against infection. So that said, the tools and techniques that we use to protect against infection have changed as we have advanced in our technology. So some of the first approaches were pretty crude and then they get more sophisticated, as our technology gets sophisticated. But all that said, the general approach and the general idea is one, kill existing infection in the environment, whatever it is, there's different means to do that. Once you've done that, try to identify when a new infection has taken place in this previously relatively clean environment. And then in addition, that attempt to either block or at least slow down the spread of infection along with identifying it. So that's sort of like the general approach to dealing with infection. So that said, our countermeasures against infection historically at least have been pretty crude. So in the case of food cooking, so when you cook food, it doesn't just provide browning via Maillard reactions that increase the flavor of the food in certain ways. But it also kills a lot of bacteria that are living in the air and are covering your food before you cook it. So what it does is it kills those bacteria. Now the thing that cooking doesn't do is prevent bacteria from infecting the food in the future. But you can sort of think of this as starting with a laptop that has a clean wipe on it, right? Like it's not infected yet. It will be infected very soon, but it's not infected yet. So you're starting from this nice clean state. So another approach would be curing. So when you cure food, what you're doing is you, one approach would be to pack it in salt. And salt creates this environment that bacteria cannot live in. And so you pack a food in salt and it will last a very long time and won't spoil because bacteria can't survive there. Some people have taken it a step further and they found that if I pack it with salt and also sodium like salt peter, salt peter contains sodium nitrate that over time breaks down into sodium nitrite. And that has a reaction with some of the proteins in the meat that do a couple of things. One, make them inhospitable to bacteria and two, turn it pink. So if you've ever wondered why a pork belly is kind of brownish or, you know, but a, but bacon's pink. Bacon's pink because of this reaction between sodium nitrite and the proteins in the bacon. But again, that's why you can have bacon. It's raw. You have it in your refrigerator for a very long time, way longer than you'd put a pork chop and it's fine. Cooling is another way. Now cooling is an approach to slow down infection. So it turns out that for every 10 degrees Celsius, you cool an object. You slow down the metabolic processes of bacteria by half. Or you, yeah, so they are half as fast, I guess, to simplify it. So that's why refrigerators work so well. They cool it down. It's not that they kill the bacteria. Now freezers can because they get so cold the bacteria can't live in the bacteria you can live in your refrigerator. It just, they're so slow. It takes a really long time or at least a longer time to spoil their food. At the same time, if you put your food in a warm environment, every 10 degrees C hotter you get, you double the reactions of the bacteria in your food. So we've traditionally cooled things either by putting them in a root cellar or now we have refrigerators or things like that to help slow down infection. Finally, we use our senses. That's sort of how we identify infection, right? So you look at the food and oh, there's some green fuzz on it. Maybe it's not so good or you smell the food. Like you don't typically look at milk if you wanna see if it's good. The first thing you do is you open up the cart and you're like, okay, it doesn't smell like it's infected, awesome. Drink some milk, right? So we use our senses and what we're doing is sort of basing this off of a traditional approach of this smells different than it smelled before, but it's weird because we also eat a lot of foods that otherwise would smell infected if it weren't the food that we've trained ourselves is okay, right? Like if you open your mind to the wide world of cheese, there's a lot of cheeses that in some cases are intentionally infected, but they have a smell that if it were in another food you wouldn't eat it, right? But we've trained ourselves to identify infection this way. So computers are the same way. We have a lot of crude defenses against infections. So passwords are one of the first one. You know, you pick a really weak lane password and put it on a site and that's a way to stop someone from getting into your computer and infecting it. Antivirus and IDS are both the same sort of approach of is there green fuzz on this thing? Cause I saw green fuzz one time before and it made me sick. So I see the green fuzz again and it's gonna hopeful and so antivirus, same approach, like I have a big list of things that I've found out in the past for bad. And if they come around again, I will stop them. IDS is basically just antivirus for your network. Same thing, it attacks equally effective as antivirus, only for your network. So it can protect you against yesterday's threats, no problem. Firewall, same kind of crude approach, just either come all the way in and access my website or I stop you from accessing my website or there's some more sophisticated means now, but generally that's kind of a crude approach. Also, you can sometimes use one infection to stop a different infection. So in the case of food, fermenting is one way that we do this. So if you were to take either a wort or a must, so where it would be sort of like you take barley and you boil it and you take it, it's malted barley and there's some reactions that converts some of these sugars into other sugars that bacteria and a lot of small organisms love to eat. You create this really sugary, delicious soup as it were in the case of a must, you take grapes and you squish them and they have a bunch of sugars in them. You introduce yeast into that and what the yeast do is they take hold, ideally you introduce yeast in a way that no other bacteria or thing, not other bacteria, but no bacteria or things from the outside can get in. They take hold and either eat up all of the available food before bacteria can get in and start taking hold too or they sort of colonize it so that other infections can't take hold. In addition, they excrete CO2 and alcohol and alcohol is also antimicrobial and either they excrete enough alcohol that they've eaten up all the available food and they just sort of go into stasis and settle at the bottom or they create so much of their own filth that they can't survive anymore and they die off. It just depends on like if you've had like a really strong beer that's pretty much what's happened. They've either, they've had yeast that have been genetically engineered to like withstand their own filth for high concentrations. Those of you who saw the keynote I think about the urine in the pool, same kind of deal. So also sometimes we'll use some bacteria to stop other bacteria. So if you've ever had yogurt, that's a way that we've applied one helpful bacteria into a food to take root and produce a bit of an acidity that will slow down or stop other bacteria from infecting that same food. Do the same thing in servers with honey pots. In that approach what we do is we set up a server that may have known infections and we put it out on the internet and see what people try to do to that and by doing that we say oh well this bad thing infected this so now we know this is bad and we won't allow it to infect something else or like use that to learn approaches. So all right so now let's talk about making jam. So traditionally and probably if you're not using cubes your desktops today you put everything in just one big compartment. You have your computer, your file system and so the same file system has everything from your pictures of your cat to your email history to your tax forms and your GPG keys. They're all in one and all the games you downloaded from the internet that are playing and you got from questionable sources. It's all in one big batch compartment. Jam is too. So I always kind of associate jam with jars of jam but that's because of the century I grew up in but jam predates canning. So all jam really is is you take some fruit and some sugar and you heat it up over a stove in a pot until it sort of combines and you have jam, right? And so it would go into something like this like a nice bowl of jam. You make your jam, you have a bowl of jam you use it with your food. Essentially what would happen is you'd make jam you would use it until it was infected and then you'd throw it out and replace it, right? So pretty much like a Windows desktop. The fact is when everything is in one big compartment if you get an infection in just this corner of the jam or this corner of the computer it very easily spreads to the rest there's nothing to stop it from spreading. So the idea is to get away from that. If you have everything in one big compartment infections like a fact of life in a matter of time eventually there will be some infection and when that infection happens it will spread to the rest of the environment and infect the entire environment over time. But the thing is like the military like has given us some advanced ways to protect against infection. So if we scoot back to the era of Napoleon Napoleon had this problem. So Napoleon has been quoted as saying an army marches on its stomach. And what he's trying to say there is if you're trying to like move an army to advance against your enemies one of the most important things you have to figure out is how to get them food and supplies. And supply lines are one of the most fundamental aspects of sort of military strategy and a lot of times battles have been won or lost based on thinning supply lines getting way too far away from supplies. Now traditionally if you needed to have fresh food you would just bring livestock along with you and as long as they're alive then it's fresh and you kill them when you need them and you eat that, right? Otherwise if you couldn't do that then you do things like make hard tack which if you can imagine a biscuit imagine the least moist biscuit you could make and make it a little less moist than that that's sort of hard tack. It's technically bread, it has no moisture in it therefore it's really hard for bacteria to take hold because bacteria like us, like water water's kind of nice to have. So there's no water so they can't survive on it and we can barely survive on it. So but that's what we would ship. We would ship like tons of this hard tack and people would just sort of know on it and that's what they would survive on along with some other things. Well Napoleon's trying to conquer the world he needs a massive army and he needs to feed a massive army but the logistics of getting livestock to go over to Russia kind of messed up. So he issues a 12,000 franc d'arpa challenge essentially which is if you can figure out a cheap way to preserve large amounts of food you get 12,000 francs. The result was this. Nicholas the Pear discovered that if he took food he put it in a jar cooked it in that jar and then sealed that jar it didn't spoil. Awesome. So problem with jars of course is that they're expensive to make and they're not exactly cheap but he won the prize and what the army started doing is they took that and then applied it to metal cans so they would take metal cans which are cheaper to produce pack full of food, cook it in that can, seal it. Bam they would use the transport food. This is sort of near the end of the Napoleonic Wars they were able to start using this in their supply lines. It was a successful program. Thing is though no one actually knew why they knew it worked but they didn't know why it worked for 50 more years until Louis Pasteur came along and started explaining what bacteria were doing in that food to spoil it. So let's talk about computer security. So military networks have long been compartmentalized. We all sort of have been told even if we don't operate in a high security environment that yeah the military at least has the top secret network and the regular network and never shall the twain meet. You have like these separate phone lines these separate networks everything sort of isolated at least in one compartment from each other in reality probably a lot of other different compartments. Like I said if you have a risky environment that's just everybody uses it you don't want that touching classified information so you intentionally create that isolation so the risky behaviors in the risky environment and the safer behaviors in the environment with the things that you care about the most. Thing is both of these approaches both military canning of food and also network isolation require more technology than your average person had at home for a good long time and is more expensive until now. So let's talk a little bit about cubes and home canning. So home canning jars brought the power of preserving food to the person at home so you didn't have to have a big factory that manufactured cans. You just had this is a great example in America we use mason jars for this. It's sort of like the quintessential your grandma makes jam or makes green beans and puts it in the mason jar. So what you do basically is you make your jam you then take this mason jar you put it in boiling water the boiling water sanitizes so it's completely clean of any bacteria put your jam in the jar then close it up screw the lid on put it back in boiling water and that boiling water causes the rest of the air inside that jar to bubble out so it creates a vacuum the vacuum both keeps the lid on and also creates there's no oxygen in the environment so both the fact that it's sterile the and it's both in the jar the jar sterile the food that you put in had been cooked before and the fact there's no air makes it really difficult for bacteria to take hold. Essentially once you do that it's protected from infection until you open it there's jars of preserves that may last years and years and years in a pantry despite what the FDA says and they're safe from infection because there's nothing to take how does it get infected if there's no bacteria in it if you've killed every bacterial cell in it and there's nothing to take hold there's no way to get in there then it's fine. Every now and then if you've ever done canning you might get a bad seal to where air is allowed in and when the air is allowed in again there's dust in the air and there's bacteria floating on that dust in the air by the way and so if you suck a little bit of air in because there's a bad seal sometimes you might get some bacteria that survive this process the great thing about canning is when that happens you open the jar you're like oh there's some green mold on the top or whatever it smells kind of weird okay I'll just throw that one out but the thing is that infection's only in that jar the rest of your canning is perfectly safe right like you can go to all of your other jars and they're probably fine. So cubes is a desktop operating system that uses Zen and it uses Zen VMs to do the same exact thing only on your desktop that's sort of the fundamental thing that cubes does to protect you. What you do is you take all of your files and your applications that you use and you figure out what sort of workflow they're in and their level of risk that they have and how important they are to you and you put them in different VMs so I will give examples down the road of how I personally do it but for example you might say web browsing's pretty risky I will do all of my web brows my just random web browsing from this untrusted VM that I just do for that but I'm not going to put any of my personal files on that I'm going to put my personal files over here somewhere else and don't do web browsing from there because web browsing's pretty risky thing to do. The cool thing about cubes though is so hackers have done this for a long time like they've said well if I want to do something particularly risky I'll fire up a VM do it and then close the VM and that's fine but it's pretty clumsy the traditional approach is to using VMs for this. What's nice about cubes is it sort of integrates it all into one desktop experience so it feels like you're using a regular Linux desktop for the most part there's a couple of changes of course but the VMs you don't see like a bunch of windows with individual desktops on it all you see are like oh a Firefox window a terminal window or whatever and I'll talk a little bit about some of the other cool things it does about that but it's just like a regular desktop there's like with a couple of differences. Also the cool thing about cubes is it allows you to isolate your networks and firewall via what's known as a net VM so the idea with cubes is that the outside network is untrusted so the network card is assigned to an untrusted VM and all of your network goes through that untrusted VM and then there's a firewall VM that connects to that untrusted VM that's more trusted and you can set up firewall rules for each VM and say well this VM should never actually try to talk to the internet so maybe it doesn't have a network card at all or this VM is only for web browsing so I only allow 80 and 443 or things like that to go out. The cool thing is just like with cans if you get a VM that's infected ideally a couple of things one it's more likely to be infected in a VM where you're doing riskier things that may put you at risk for infection and two so the infection is restricted to just that VM because we're relying on the security of Xen and its ability to isolate RAM from individual VMs and so it depends on your hardware's ability to do that but yeah when you do that it's infected okay fine that's infected but my files over here are completely fine I don't have to worry about the infection spreading I can just turn that one out and blow it away bring up a new one and I'm fine. All right so let's talk a little bit about labeling because when you're creating a lot of compartments that all do different things it's really important labeling becomes really important so for instance let's look at this picture here so what is that? Well let's see so the color provides a clue I guess so if I were to look at that I would say well it could either be like maybe a raspberry or a strawberry jam one of those I'm not sure which maybe like a really weird dark tomato sauce or something about the glimmer that makes me think it's a jam but I don't know for sure if there were seeds maybe you could identify but that's why labels are pretty important when you're canning things because it lets you know one what's in there and two how old is it right? So with cubes what you'll find is you end up having multiple instances of a browser open at the same time that are operating in different security contexts so I have personally I will have a browser that I do all entr- if you send me a link if it doesn't look really sketchy then I'll just open it in my untrusted VM and browse the web with it but whenever I log into a website that requires my passwords I don't ever enter a password into that entrusted VM I have a different web browser that I enter my passwords into and so I often will have three, four, five web browsers sometimes open at the same time how do you tell them apart? Well with cubes what it lets you do is you can assign a VM a color based on the level of trust so it supports it goes from red being the least trusted orange, yellow, green, blue, purple and black so black is sort of ultimately trusted and so you assign the VMs those colors and what it does is when you look at any particular window the window border and the title on the window is all colorized according to that level of trust and it's also labeled with the VM it came from and whatever name you assign to that VM so what that lets you do is it gives you a visual cue so among other things it helps prevent you from pasting a password into an untrusted window because if you like copy from a password manager then you alt tab through and you accidentally alt tab to an untrusted web browser or whatever like oh wait red window popped up though I really want to paste my password into a red window never because it's untrusted passwords don't go in untrusted windows so that's one thing it allows you to do it also makes it more difficult for that VM to do malicious things like spoof up a dialogue that looks like it's from something else because it'll pop up a dialogue but that the window border around it will be colorized still untrusted so it could try to pretend to be a cubes dialogue for you to accept but it can never spoof a legitimate cubes dialogue because it will always have that extra border around it that's colorized alright so when you're canning you make a batch and what you're doing is you're preserving whatever the thing you just made at that particular time when you're canning so if you make jam, jam from a particular batch should all taste the same in every jar it would be really weird if you open one jar and it tastes one way and you open another jar of the same jam it tastes different right so but what if you don't like it's not sweet enough or it's too sweet or you want to change the recipe well what you end up having to do is you can't just like you don't change individual jars those jars are sort of set in time what you do is you go back to the recipe you change the recipe and then you make a new batch and you can that so the thing about cubes that's also interesting is the entire file system doesn't persist it only persists your home directory user local and then a slash RW directory that's sort of like a utility directory those are the only things that persist the root file system itself is doesn't persist you can write to it it sort of puts a RAM disk over the top of it so you can write to it but the moment you reboot it wipes it and it's based off of a template VM that you define and they support a couple of different operating systems depending on what distribution you like you can base it off of that but that template VM is powered off you never really turn it on you don't typically turn it on it just takes a copy of it puts a RAM disk over the top of it and uses it also as far as persistence goes cubes turns off certain services like cron and by default it turns them off and the idea is it makes it more difficult for someone to create a script that sets a crontab entry that might persist so in general what this does is it makes it really difficult for a malicious application to persist it's not that it can't happen but it's very difficult if you think about it what's most likely a root kit going to try to do it's going to try to exploit and in fact like say LS replace LS and cat and a couple common utilities now it can do that while the VM's running the moment you reboot that VM all of those changes to the root files are some are wiped and they start again with the fresh image from the template your personal settings persist but your personal settings it's very challenging to then say okay this personal setting here I'm going to start it up the next time I boot and then reinfect with no cron and nothing like that it makes it way more challenging to get something to automatically launch like that it's not impossible though there's definitely ways to do it but it's more it's trickier to infect in a root kit kind of way okay so you have that but how do you add applications in cubes so what you do is let's say for example I use the Debian template that they include if I want to install a new Debian package I fire up the Debian I open up the Debian template and open the terminal in it or you can open whatever the GUI package manager install a package and then shut down the template because the idea is the template is ultimately trusted any changes you make their impact every other VM if someone were to infect the template VM then they own all of the other VMs based on that template so you just fire it up when you want to make a change you make your change you shut it down and then reboot all of the other application VMs and then they get the change sometimes you may have a VM where you don't want to do that model it cubes allows you to create a standalone VM that has its own file system it's its own separate thing and it does persist to root so if this doesn't work for something that you're trying to do you don't have to use this model it's just really nice to be able to say oh there's a new security patch for Debian or Fedora I just fire up that template update, shut it down and bounce my VMs and I'm back up and running so okay container sometimes the risk of infection is too high for you to want to just sort of reuse a jar or a compartment all over and over again so for instance I don't know if you've ever been to a diner that they use like at the table they have that jar of jam for your toast right that's been there for a little bit like it's shared like the next customer comes and use it and you kind of open it up like okay I'll use this and there's like a little bit of butter in the corner and there's like some toast crumbs in it and you're like man that's pretty messed up but what am I going to do I'm in like you know Flo's diner or whatever I'm going to do and the other thing is that kind of stuff gets infected pretty fast you know because you have like 50 different people like putting knives in there it's gross right so but we have a solution we have like single serving jam now so what it lets you do is you use your jam you throw it away when you're done because the risk of infection is way higher so you just use it and you throw it away so cubes has this notion has what they call a disposable VM it's a single use throwaway VM whenever you're doing anything particularly risky so the idea is if you were to send me a super sketchy link in the past I would have been like nevermind that's sketchy I'm not even going to bother with that now I just fire up a disposable VM open your sketchy link like yeah that was super sketchy and then shut down the web browser once I close that web browser the entire disposable VM shuts down and erases itself and so if you did infect me for that you know five seconds it was open fine have a field day for the five seconds and then shut it down you won't persist you can't infect the rest of my environment so it's really nice for super risky activity the other nice thing is you can all the other VMs you can tell you can the cubes has both a command line in a gooey way to say could you please open this particular file in a disposable VM so that's useful for things like a word document or a PDF you're like that's kind of sketchy but I have to kind of sometimes you will get an email in particular you'll get a PDF that you have to open but you're like man I just I don't know I don't feel good about this but I kind of have to open it anyway for my to do my job I have to open it well with cubes you can say well let me open it that word docker that PDF in a disposable VM you can see it you can even make changes to that if say it's a word document you can make changes to the document and then when you close when you save and close it will copy the contents back to the VM that called it and the idea there is even if there were something malicious the document was saved in the disposable environment then the copies here not open on your desktop again on your other VM so even if that were infected you shut down the disposable VM that infection didn't spread anywhere it stayed in that disposable VM but you can still modify the document that's pretty much what I say there it's pretty it's very handy feature so what I do is I use that personally in particular all of my email attachments automatically I've configured my local mail client to automatically open attachments in a disposable VM so if you send me a PDF I don't even think about it I just open it just like back in the olden days where you just get a PDF like yeah I just open it up all the time why not like what hack me dot PDF yeah no problem let's just open it now I do that because it automatically opens in a disposable VM I can look at it no problem close it I know that I'm okay again it's questionable websites no problem I just open it up and so I kind of look at the URL and every now and then like one time someone posted a new story and I was like oh a new story interesting I will click on that and then after I opened it in my untrusted VM I was like oh man that's like a super sketchy link I just didn't even think about it but at least but the thing is I default to opening things in an untrusted web browser so it was at least in my untrusted web browser that had no files like oh that was sketchy I might have just been popped so no problem it took less than like 30 seconds to power that untrusted VM down create it again bring it back up and I'm back in the running back how I was before again it's untrusted there's no personal files in it so there's nothing I need to worry about saving. Some CUBE's users are concerned about security enough that they do literally everything in a disposable VM like they open all files in disposable VM no matter what they are they do all web browsing in disposable VMs they live their entire life that way I don't do that myself but some people go as far to do it that way and CUBE's let you do that. All right now sometimes depending on your threat you have advanced persistent threats so some infection risks are so severe that they require additional countermeasures. So for instance green beans pretty scary thing about green beans is let's talk a little bit about botulism so think about botulism, botulism itself you boil a can of green beans it dies no problem the living botulism dies in boiling water it can't take the heat no problem the problem is their spores can survive without air in a complete vacuum and survive boiling water temperatures so what happens is you can your green beans you just put them you boil them like you did your jam you put them on the shelf those botulism spores hatch or the equivalent for what spores do and then they infect your green beans with botulism and you eat them and you die so that's a problem so we've come up with some advanced measures to deal with that now you may say okay but there's other vegetables is it just like what's green beans must be really messed up why well what about like other vegetables like I can have pickles pickles are it's not a jam like what about jam why doesn't jam have this why doesn't pickles have these problems the thing about those is both of those have high acidity and high enough acidity that it kills the botulism including the botulism spores they can't survive in that high acidity but green beans and if you're canning meats or things like that all those things where the recipe doesn't have a whole lot of acid all those things don't kill botulism so what you have to do if you don't have a recipe that has high acidity what you have to do is you have to do something like use a pressure cooker because the problem with thing about water is you can't at sea level boil it hotter than 212 degrees Fahrenheit 100 degrees Celsius right that's a problem if you have botulism that can survive 240 degrees up you know they die at 240 so what you do is you put it all in a pressure cooker and that allows you to raise the boiling point to where you can heat this up to 240 or so degrees or the 120 Celsius ish that you need to kill all the botulism spores you do that for four or five minutes at least and then it's dead okay so we also have advanced threats against cubes so what cubes does is it provides you this highly trusted vault application VM by default it has no network it's not that it just has a firewall the firewall is everything off that VM does not have a network card it cannot talk to the network at all the idea behind that is you can store your GPG keys your password vaults your Bitcoin wallets all of those things in this vault VM and it's completely isolated from all the other VMs and it can't talk on the network well how do you use that stuff then well in the case of GPG cubes provides this tool called split GPG that essentially turns it into a poor man's hardware security module so the idea is your GPG key is in this vault all of your application VMs have this wrapper around GPG that you call and you issue it similar commands that you would for GPG it takes the payload whether it's an encryption or decryption or signing payload sends it using split GPG to the vault the key is used in the vault only it never leaves the vault and the output then gets sent back to the VM so you can encrypt files, decrypt files do all that sort of thing without any of the keys ever leaving that vault that it's only resident in RAM in the vault another counter measure they have is they have a notion called the USB VM because one of the main ways that a lot of people get hacked is by plugging in a USB device where they don't know where it's been and they plug it in and it infects their machine so cubes has a notion of a USB VM and what that is is it gets assigned all of the USB PCI devices on your computer and it's considered untrusted so when you plug in a USB keyboard or you go to DEF CON you get a malicious USB stick and you plug it in it infects and tries to hack this untrusted USB VM only but what it does is say for example you plug in something that says it's a keyboard what cubes will do if you allow it to it will give you a trusted prompt on the desktop that says hey you plugged in a keyboard would you like to use this keyboard with the rest of your share it with the rest of your app VMs you can say yes or no if you trust that device now if I'm in the middle of just doing something and that prompt pops up on my window like what or if I plug in a USB thumb drive that's supposed to just be a hard drive and that prompt pops up on my window something sketchy is going on right it's really nice because it isolates any of those threats just to that USB VM and gives you the power to decide when you want to use it so yeah definitely protects against malicious USB keys and this is sort of the whole approach that cubes takes to compartmentalization all right so all that said how do I personally use cubes because one of the big challenges after you install it the installation itself is very easy it's like any other Linux distribution to install but the challenge is how do I compartmentalize my life into these different VMs that protect me correctly that's always the challenge when I did it what I found useful was the author of cubes Joanna Ruzkova provided a list of how she compartmentalized her environment and I sort of looked at that as a guide and then built my own based on that so what I'm going to do for you is sort of talk about how I do it and then you can adapt that to what your threat is and how you want to organize things so like I said I've said a couple of times I have a VM that's just run trusted web browsing it's colored red I don't do anything that I trust and I don't buy things online in it anything like that it's just like browsing the web normally you give me a link I just look at it normally there I do all my searches there all that stuff I have a completely separate VM for authenticated web browsing I color it yellow so if I were to buy something online anything that requires a username and password is in this VM only so passwords never are input into the other VM ever they never touch that they go in here I also use the vault I use that for my GPG keys in my password database I use USB VM as well turn that on and I also use a disposable VM for my email attachments like I said so if you send me an email attachment it automatically just sort of opens up in there I also have a finance VM specifically for online banking so I don't even do my online it's color green I don't so all it does is just online banking sites and in fact I take advantage of the fact that cubes allows you to set up firewall rules per VM and I only allow port 443 to those VMs to those banking websites host names so it can only go out and talk to my bank and so I feel comfortable putting my banking passwords in there where I may not want to do that in other VM so it's even more highly secure because it only does a couple of things and most of the time it's off so Facebook has always been sort of questionable for me like to use it because I have some concerns about the privacy implications of using Facebook but the same time there's a certain group of your friends that you will never talk to ever again if you don't have a Facebook account you'll never know what's going on in their life and because they use Facebook they don't find the need to ever email you or see you in person anymore so if you would like to interact with those people you need a Facebook account but the problem is there's some privacy concerns about that well what you may not know is that Facebook offers a tour onion endpoint so you can access Facebook completely over tour now you're like doesn't make any sense well it makes perfect sense because only you and Facebook know that you're using Facebook any other site along the way doesn't happen to know that you're using Facebook so the way that I use this is cubes includes a network VM that if you connect to it if you say your VM uses it as its router everything goes over tour so what I do is I create a I have an app VM just for Facebook it connects to Facebook only over tour and I just when I fire up Facebook I go to launch my Facebook web browser it pops up connects to it over tour it's all isolated if they do any sneaky things with cookies or whatever I don't care because I don't browse the rest of the web on my Facebook web browser I close it it's out of the way and I go back to my regular web browsing and I know that there's no tracking cookies popping around doing other things also Facebook doesn't know what IP I'm logging into it from right because I'm using tour so I'm logging into it from a random tour exit node I'm not the only weird thing I noticed is I started getting a lot of Russian ads like no joke when I started using Facebook over tour it was a little weird just like no that's not relevant no that's not although honestly as a policy if you don't like ads on Facebook if you just keep saying nothing's relevant eventually they run out of things that are relevant and you get fewer ads this is just extra little pro tip on the side there so another thing I do for my work VMs is one of the challenges if you like to isolate your environments at work so as a best practice you really should have Dev be completely separate from production and not on the same networking they can't talk to each other and ideally you would use something like a VPN to connect to each of those environments so they're not just like have SSH open through the world whatever you have a VPN that lets you talk to that internal network then you can decide what you can talk to through the VPN well as a result you end up having a VPN for Dev and a VPN for prod well now the problem is typically usually you can only connect to one VPN at a time because often your internal address schemes are shared and stuff so you'll find what will always happen is you'll be logged into production doing something and someone will say oh I have a problem in Dev you're like hmm well I'm in the middle of doing a thing here but there's an urgent thing in Dev or vice versa so I have to sort of save my work here drop the VPN, reconnect to my Dev VPN do the work over there with cubes it allows you to create what they call a proxy VM a proxy VM is sort of halfway between a network one and an app one to the apps VMs that looks like a network one to the network VMs that looks like an application service so it allows you to proxy all of your traffic through it so what I do is I create one of these for Dev one of these for prod and they have my VPN credentials and only they have my VPN credentials so even if you were to pop my Dev VM that I use for my development work or my production VM I use for my production work you can't get my VPN credentials because my VPN credentials are on a completely different VM that just does VPN work and the beauty of it is I can be connected both at the same time and I just have different windows that are color coded according to Dev and prod so my Dev environment is always green which is moderately trusted and then my production environment is blue which is more trusted and I also changed the foregrounds of my terminals so that the foreground of my prod is blue and the foreground of my Dev is green so I also get another visual cue about which environment I'm in so it helps me again to try to avoid pasting like Dev passwords in the prod or vice versa or doing bad things in prod when I thought I was doing them in Dev or whatever that just an extra little level of protection but again it also lets me be in both at once so if I'm in one and someone says I need you to do something for me in the other I'm like, okay, hold on, let me tear everything down and it's just like no problem let me switch windows and go do that so yeah, I also create separate SSH keys for each environment which you should also do just in general is the best practice if you can but it's challenging to do that on a traditional desktop because you typically it's a pain to have to set up SSH clients so that it uses one set of keys for one environment another for another and if they're both on the same desktop anyway what's the point but with this, my dev app VM has my dev SSH keys my prod one has my prod SSH keys and never shall the twain meet so if you pop my dev environment on my work station okay that it's not great but you have no prod credentials at all it's completely separate and vice versa and finally another thing I do is I for most of my VMs you don't have to do this you don't have to set firewall rules for VM but if you want extra protection you can set per VM firewall rules so one of the things I do is my production environment has an internal address scheme like one of the RFC 1918 addresses there's no reason for me to access the internet from my production VMs so I block all of that I only allow traffic to that internal IP scheme so if something were to try to talk out to the internet for my VM it can't it's all blocked and I do that for other things too my web browser VMs there's no reason for it to talk to more than 80 and 443 so I just turn those off my secure web browsing VMs I don't want to ever talk to 80 I only want to do HTTPS so I block I only allow 443 through so you can do that sort of thing to tailor depending on what the VM does so that it can only do things it can only talk to things in the network you want it to and then when I'm in doubt I just open a disposable VM so if I'm not exactly sure about the security or something or if I'm like that's a site that I have to log into and provide credentials but I don't know whatever then I just fire up a disposable VM do the work and then shut it down all right so a question so here's some additional resources the link to the talk that's on my website it's always up like I said I did a series in Linux Journal about this a four part series talking about cubes so you can go there and it sort of walks you through and more detail the whole process and again I have a book coming out this summer that's about Linux hardening and hostile networks that has a whole section of a chapter that's devoted to cubes and setting up cubes sort of like I talked about in this talk and there's site for cubes and of course email me so any questions? Yes, oh yes sorry. What kind of overhead do you experience by having these VMs and have you done any performance metrics? Sure yeah so I guess I don't have to repeat the question because we have a microphone that's awesome or should I repeat it anyway? Okay well no because everyone heard it so yeah so the biggest performance it depends on your resources right so for instance I found if you have cubes likes a lot of RAM so they have a minimum spec of like four gigs but I found eight gigs is decent if you can get more even better what will happen is if you don't have enough RAM after you fire up certain VMs you'll just try to fire up another one and you'll get a warning I can't fire it up. The most honestly once a VM is running it behaves as long as you have RAM and a solid state drive that's the other thing like if you have a traditional drive the problem is you have a lot of VMs that are trying to seek randomly on the drive which is sort of like the worst case scenario for a traditional drive but for a solid state drive it's like the best case scenario so I found a solid state drive in plenty of RAM once I fire up a VM if I launch Firefox it's just up and you can control how much CPU resources you can assign but honestly I haven't noticed that much of an over hit apart from launching a window when the VM is down and then it just feels more like how my desktops used to be before I had these really fast machines I have now where you launch Firefox and you sort of wait like three seconds and then it pops up the first time you launch something it may do that because it has to bring up the VM and any VMs up the stream that it depends on all have to be fired up maybe but once it's up it's pretty responsive it feels like a normal Linux desktop yeah thanks you haven't said anything about the chain of trust and signed applications is that the kind of old fashioned security that you don't need to worry about at all with cubes is there no utility for that in cubes? so no there's definitely utility for signed applications it's just that you're still using the signed applications for non cubes packages you're using the signed applications that you get from your upstream whether it's Fedora or Debian so all the templates by default that includes Fedora I think 23 right now in Debian 8 and there's other ones you can install and so you still get those upstream signed packages that it validates when you update your templates cubes itself is based off of the Fedora user space and so its packages are also Fedora RPMs and it uses DNF to upgrade them and those are signed as well so you still use signed packages and they provide signatures for the ISOs on their site they also GPG sign them and publish their key so you can validate them not just from a signature but also from a key right now so number one I think you've identified a really nice metaphor for thinking about cubes and kind of what it's resonatory is so give this talk as often as you can as my first piece of advice and two following on to the first question is there any way we can use containers in order to get most of this benefited at a smaller cost or is the isolation not good enough? No thank you, yeah so this is better stated on the cubes website because there's the common fact that they get is why did you pick ZIN and not insert name of virtualization or container technology right? So they chose this for a lot of reasons that's better to talk about there but among them is memory isolation and IO isolation that they feel that you get with ZIN and depending on hardware support that you may not get with others if you are interested in doing the same approach with containers I suggest you look in the sub graph OS which their whole security model is similar to this but they achieve it through containers instead of through VMs so yeah, so look at sub graph. I'm curious about the underlying file system of the cubes OS host I hope that it's got something like copy on right because otherwise a lot of this copying of VMs and stuff would take a long time what's it use underneath? Sure, yeah thanks. So the underlying file system is sort of traditional file system it's not copy on right but oh you mean like for individual app VMs? Yeah, yeah so like the app VMs for the persistent storage yeah it doesn't take up a lot of space until you ask for it and because they're all based on a template that's off the bulk of the file system doesn't have to move around and get touched so the only thing that sometimes takes a long time is if you change a template and you have a disposable VM based on that template the next time you fire up that disposable VM it says hold on a second I have to make a fresh copy a fresh from scratch copy of this and that takes it says it can take up to 120 seconds it just depends. That sort of thing is where solid state drives again really help a lot if you're going to use cubes. Another question? Thanks, do you recommend if you use cubes? What CPU flex do you mean for? How about in the processor for virtualization do you need? Oh yeah so you need VTD and VTX and the biggest hurdle in fact if you go to the cubes website they have a hardware compatibility list and they list a large number of machines and which one support one or the other or both and ideally you really want both. You really need both isolation of CPU that of course makes sense with a VM but you really need IO isolation and RAM isolation so that you can't have an untrusted VM potentially be able to infect the RAM of a trusted VM. So yeah the biggest hurdle for cubes for a lot of people is finding hardware that you can boot because it really does use all of the features of Xen and virtualization features of the CPU to work. So a couple of machines that I found work well so the Purism Libram 13 is my personal laptop it's one that's like cubes that said this is certified we certified this hardware we'll work with cubes we test it and make sure it works. So that's one. My work laptop the one I'm presenting on here is a ThinkPad X250 that works fine. I've gotten it working not quite as stable but I've gotten it working as old as an X200 but I have a lot of anecdotes about it working just fine on like X220s and X230s and because of the way that ThinkPads work other hardware that uses that sort of more commodity but higher end laptop components like the T series that uses of that same vintage should probably work similarly. So yeah but yeah the best thing is just to go to the hardware compatibility list and see what they say as far as support for the hardware what you'll find you'll find it pretty early on whether it works well because you'll go through the installation process and one it'll either not boot at all like the boot disk will either not boot or the first at first reboot it won't reboot. Generally speaking apart from that most other things in the working or they don't so. Hello. Come back to Tor in a little bit. I know there's this another one called Hunix. It's W, it's a Hunix, right? The Tor based OS. Yeah. Does it? I was looking at the site and it was like does it actually, it works in the same way because I know there's like there's like there's half there's a one machine for the client and then there's a server that and everything has to go for a VM. Is that similar to like Cubes? Not exactly. So the thing about Cubes is it uses Hunix for the template for Tor access. So it comes with Hunix installed by default. And so when you access, if you want to access Tor the best way to do it and you want to use like the Tor browser or something like that. The easiest way to do it is to just fire that up from the template that they've already provided. Like they have an app VM already baked pointing to that. As far as like whether the Hunix distribution itself does that by default, I don't use it outside of Cubes so I'm not sure. Has any workmen done to extend those VMs into the data center or the cloud to take advantage of those resources? Thanks, yeah. Some people talk about that every now and then. I mean, the main way that this really helps is in the context of a desktop and sort of the desktop workflows. So every now and then that topic comes up on the mailing list and they say, well, I suppose we could in a way but ideally a lot of people don't interact with their servers via a GUI. And a lot of, I mean, there's command line tool, every GUI tool on this has a command line counterpart and sort of starts with the command line and then they wrap a GUI around it. But, I mean, in the cloud, for instance, you already sort of have compartmentalization. Ideally because you have different VMs that have different OSs that if one of them gets popped hopefully that infection is just constrained there especially if you have inter VM firewall rules and things like that. So I'm thinking about this, well, sorry, this question is in the context of how cubes can be used for people like journalists who are under siege or at least have pretty big threats to manage but they also have to interact with untrusted sources and people in all sorts of platforms. So does cube support like Windows VMs or Mac VMs for opening attachments and using things like Word and stuff like that? Yeah, so it's support not Mac VMs that I know of but it might but it supports like ZINs HVM so you can have like a full on hardware virtualization instead of using like para virtualization. So people do run like Windows 7, Windows 8 at least in cubes via that way. So there's a lot of people that need, yeah. So you can definitely do windows that way. As far as journalists, the one thing about cubes is if you're familiar with a Linux desktop it's not that tricky to use. It's not that much of a leap. There's a couple extra pains to use cubes. For instance, copy and paste between VMs. There's the notion of a global clipboard but you can't just do control C and then control V some more else because what if you control C a password? Now it's in the clipboard and an untrusted VM's like well I'm just gonna read the clipboard then fine. So they have a notion of you can put something in a clipboard of one VM and you add an extra keystroke to copy it up to the global clipboard and another keystroke to paste it from the global clipboard to another VM so you highlight. So there's two extra steps for copy, paste for instance. For someone like me, but I've been using Linux for so long I expect a lot of pain to get the things done I want done so that's totally fine. But for someone who you're like, yeah drop your MacBook but for security reasons use this thing's completely different and also in addition copy and paste is like double the commands and it's crazy. I can see some journalists wanting to use it and that's awesome if they have the background. For others I'd probably point them more towards something like tails. So when they specifically need to do something something that needs high security then they load up their tails which can persist and they boot off of tails and use that and then they go back to the regular work station for non-sensitive work. Any other questions? Sure, I think one more then we can always talk on the hallway I love talking about this stuff. So you mentioned that you have a particular VM that holds your password vault which may or may not be an application itself and if it is an application what do you recommend or what are you currently using? Sure, thanks, yeah. So I use KeePassX for my password vault I mean it's included with tails so I was like well they already vetted and thought it was decent and the password database is pretty easy to use it's pretty compatible to move across a lot of systems. It doesn't do cloud-based support I can kind of consider that a feature. So yeah I really like KeePassX and that's what I use from the vaults I like its support for generating passwords things like that. So I would definitely recommend that. All right well anyway, thank you very much for coming to my talk. Check, check. So we will be starting in just a few minutes we're just trying to get the wifi password so we can run a video. So it'll just be a few more minutes, so sorry. All right everybody, welcome to life hacks like watch dogs. I am lucky enough to introduce an amazing girl who has grown up with scale as well as done many talks here and many different conventions including OzCon, BiCon, Kayla Banks. Hi everybody, my name is Kayla Banks and like Colleen said today I'm gonna tell you about life hacking like watch dogs. As you can see at the top you can ask a question and they're gonna appear on the website so at the end I can just answer you guys questions all at once. What is watch dogs? So there's been multiple people throughout the course of scale ask me what is watch dogs? Even when I was at the Facebook booth somebody said is that one the government's watching you? Well I'm gonna introduce what watch dogs is. So watch dogs is a really popular game and the second watch dogs just came out too. So the video game watch dogs is an open world action shooter game that follows a hacker seeking revenge throughout the urban city and he seeks revenge because his sister was murdered and it has kind of depressing storyline but the actual game is pretty cool. And he goes throughout the urban city, the suburbs, the countryside and the running down neighborhoods around downtown. And since it's the last day of scale the internet is really slow so I'll see if this trailer will play. Okay well it's not working so I'll just go on. Why? Why is a good question? Why do you want to hack? Why should you hack? There's a lot of questions about why. Why? Hacking has a lot of bad connotations. When you think of hack do you guys think of good or bad? Well through the media and games like watch dogs hacking tends to have a really bad connotation with it. So why should you hack? There's a lot of reasons why you should hack. Whenever I have a problem I just solve it. That's not as simple for other people but throughout the tools given through us through the internet, scale and various programming languages hacking is a great thing and not just for hacking to find out your neighbor's wifi password. You can use hacking as a good thing for other things. So hacking is really good because it gives us insight into other things and you can use hacking. Yeah you guys know what hacking is. So I'll just go on. So like I said earlier hacking comes with a lot of bad connotations. When I started hacking to Google this was the first thing that came up. Attack, terrorism, crime, offensive, theft, a lot of bad things. Why do you guys think hack has such a bad connotation with it's words? Does anyone want to volunteer? The media. Yes you're right. That's why one of these you can kind of see is security and unauthorized. Which is why you're right. Justin. So we're all hackers! Yay! What did you want to say Jared? Yeah I agree with you. So one main reason why I meet my dad and I decided to name this talk life hack like watchdogs because I don't know about you guys but I love the word life hack. It gives such a good connotation to hacking. It just basically revitalize the word of hack. When you look up life hacks you can look up a lot of different things like how to make weird food inventions in the toaster. But I want to thank Buzzfeed and Google and all those who helped make the word life hack because we're giving back the connotation of hacking. So because of this slide I just wanted to tell you that hacking is not always a good thing. It's just like you said, just the media that gives it a bad connotation. Okay so I know I've said this word a few times in my presentation. I know some of you guys may be beginners but I'm not sure. But APIs, APIs, APIs, APIs. I say it all the time because I love APIs. So now I'm going to explain what an API is. An API is an application program interface. And what that means is a system of tools and resources and operating system. Enabling developers to create software applications. So I know that seems kind of hard. So if you guys were on the exhibit hall you might have seen a lot of different APIs. Like Pokemon Go for example uses a lot of map APIs to find the Pokemons throughout the destinations. So APIs are basically what businesses use to connect to connect their product to your project. APIs are made just for us, consumers and developers because we're all hackers. And so yeah when I refer to this in the future I'll be using a lot of APIs which is what I use to life hack. So when I was researching for this talk I came across this picture and it was really really helpful to describe how to hack your life. Because throughout the Watch Dogs games he goes through the city and the suburbs and what connects your city that you can actually hack your life? Well there's security as some people say which is where the bad hacker connotation comes from. Alert systems, connected cars which are really cool because like Tesla, see I pass by SpaceX every day on the way to school. So just thinking about all the Tesla cars that Elon Musk is thinking of is really cool. But connected cars, mobile centric, public transit which is what I'll show you guys later. And smart automation. So these are what, this is the smart city. Every city that's named or deemed progressive it has all these elements. And if you use all these elements to hack your life then you're progressive and you're smart. What I'll be going over is public transit. So as many, some of you guys might know us I'm 15 years old and I just started high school. So I started taking the bus and I noticed that sometimes the bus comes at different times or sometimes it'll arrive late or the app I use called Move It it just predicts the wrong times. And so I found out that NTA which is Metropolitan Transportation Authority which is the bus I take. It has an API for the buses where you can basically go on the website and find the buses. So I'll show you guys how I hack my life and the buses through an API. So now I'm gonna tell you guys what my vision is for hacking my life. So my dad and I were thinking of this an app that basically is the centralization of hacking your life. You can go through this app and it can go through a host server or it can get your longitude and latitude and you can basically use this to get through the buses. But there's a lot of different APIs that are included within my vision. Like the ones I specifically tried are GeoNames, the Yelp API, the Eventful API, the Geoclutter API and the Yahoo Traffic API and along with others. This is just my vision but there's lots of different APIs that you guys can use. And there's one special API that I met on the exhibit before that I'll talk to you guys about later. So this is how it'll work. These are three apps. Termeus, File Explorer and ES File Explorer. So I made sure to put those two apps at the top because I have an iPhone. And for those of you who have iPhones know that it's not so easy to do technical stuff through your phone. So if you have Android, props to you. But as iPhone users, we wanna live back and have the enjoyment of an Apple iPhone. So Termeus is basically an app that uses SSH and it can connect through server which is what I would use. So since I didn't have enough time to create a mobile app, I'll basically have my phone go through a website that connects to a host server. And my host server will be a laptop that is at my house. And so Termeus will do this. And File Explorer and ES File Explorer are the same thing but if you have an Android you know ES File Explorer is incredibly useful. So File Explorer is just a very, very good alternative for that just for iPhones. So yeah, you can see on the iPhone there's like a little example of the SSH blobs which is used in Termeus which can help you hack your life. And now the host server is your computer. So like I said earlier, the host server will be on your computer. I asked my dad, I was like, how would you make a server? Well the server automatically comes with your laptop or a console and all that. Basically the SSH just helps to connect to the server. So say you use these APIs, I can make my code in my APIs in Python through PyCharm. And I basically make the phone take an example and it goes through the API and it sends it to the host because like if you can hack your life as long as you have internet everywhere and data makes this a lot easier. But yeah, you'll basically need the host server because your phone, since we don't have the app it will have something to rely on. So that's what the server will do. So this is where I use the Metropolitan MTA API. So first when we were developing this, we were like, well how are we gonna do this? Because in the specific API that I use you needed the latitude and longitude and you would have to like manually enter that in. And you know how many letters and, you know how many numbers are in the latitude imagine typing that in every time you want to hack your life, put in a million numbers. And so basically we found this simple HTML code, HTML5 code that can help you just get your latitude and longitude coordinates straight from a script. And so I wanna thank W3Schools because that's the most awesome website it's been helping me since I was literally 11 years old to figure out every single thing as a savior and think you ought to check out that website. But yeah, this is how you get the coordinates for the latitude and longitude. This will help you out with your APIs later on. Okay, so now I'm gonna show you some code from when I use the MTA APIs to figure out the bus routes, the arrivals, and the dates. So when we went on the API website, oh well not the API, the MTA's API website it gave us the latitude, here we got the, it gave us the latitudes, the longitudes, the bus number, the routes. And actually, even if you're not a programmer, it's actually really really easy when you realize it to look at some of the code because it's hidden behind big numbers and semicolons and parentheses but it's actually pretty easy when you read it. So basically you don't even have to have a lot of information on coding, which is why I categorize this as a beginner talk because you really only need to use loops and have basic background knowledge of Python which is what I use this. And so basically in my code I use a loop, a for loop and I use the latitude and longitude code that you can find through HTML5. And basically me and my dad and I were struggling with this code. We were like, what is it? And then once we got the longitude and latitude we found out we can translate when the bus will be here or which bus it is and how long if the arrival times are accurate. So this is just one example. I know since it's a lot of code it's kind of blurred out to you guys but if you want to you can contact me and I can email you and yeah. So the next one is the Geonames API. Geonames API is actually a really good API because most apps and programs that use maps and geographical data use this API. And so I use this API to use city data and by the way if you guys need an extensive knowledge or a list of APIs you can go to Programmable Web. They have a nice database of APIs. Programmableweb.com and I'll repeat that at the end because it's a really good website. You guys should all check it out. So basically in the Geonames API all we need to do is import the API which is we just use the import code and the Python three and then yeah you need to. So one thing I want to advise you about APIs you always have to go to some for some APIs you have to go to the website and you have to get a authorization key. And at first I thought it was going to be a long process and he had to approve me but really all you got to do is put your name in the company. If you don't have a company like me I just put student and it just approves you. And so then you'll get your authorization key. In my case it was my username. So I put KP Kayla as the username and it gives you a result in the country. So Geonames works out to the country, the city. This is all around this global. So in our case we use the city Los Angeles and the country US. And then the end code is a print. And it prints the format, the ID and the name. So basically you can use this to find a latitude and longitude or you can use a longitude and latitude and you can find the city. So I think this is really, really useful and I think you guys should all take down the name of this Geonames. It's a really, really useful API that you can use in. Most of your projects are here. Yeah, anything. And lastly I wanted to add on that PyCharm has a really, really useful functionality that lets you install other models and modules and packages for API straight in. Because let me tell you guys, when I was doing the research for this I was gonna throw my computer at the wall because it was so hard to install the APIs. So it's so easy to just go into PyCharm. PyCharm is a lifesaver as usual. You can just go into PyCharm and you can go to settings and Python interpreter and it'll basically give you a list of packages. So I was having trouble installing all the Google API packages because I wanted to show you on that. And then my dad found out about this and you can basically just install all these modules and packages from one screen. So I just saved you guys life. Okay, so these are some other cool APIs to check out. So I just found out about SparkPost yesterday and that's why I put this API in here right now. And I know if the guy from SparkPost is here he's gonna be really happy. But basically SparkPost is like Twilio. Did any of you guys know what Twilio does? Yes, well I'll explain to you what it does. Well Twilio is an API that can send out mass calls or tweets to other people. So me and my dad used the Twilio API and we used it to, well we didn't actually use it for a project but we just tested it out. And it basically gives you your own Twilio number and it can text you, yeah it can just text you any number but it's like really useful say if you wanted a project that send out a mass tweets or I'm not tweets, messages. And so we found out SparkPost is just like Twilio but for emails. And so the guy who works at SparkPost was telling me that he used SparkPost to, he used it in conjunction with Spotify because he was having a party and he wanted other people of his party to contribute to the list of songs. So he used this, the SparkPost API and he sent out a mass email to all his friends and then they could contribute their songs to the Spotify playlist. And so that's just one example of how to use the API. And there's also the Yahoo API, Yahoo has lots, just like Google they have lots of APIs for lots of their different services like Google has a Google Maps API, Google Drive and Yahoo has Yahoo traffic so say if you wanted to make like a ways type app then you could use the Yahoo traffic. And also there's Eventful which basically tells you a lot of the events throughout laws, well any city but really what stuck out to me is Eventful that scale was on there so that makes it even more useful and accurate. And there's lots and lots and lots of APIs there's just about anything but these are just some APIs I wanted to check out and also just to shout out SparkPost because I met the guy yesterday he was very helpful. And that's the end of my talk. Thank you Sharon. You can find me at KaylaBanks4 and Kayla at MyZooty.com and I'll see if you guys sent me any questions but if there's not I can just answer questions from the crowd. Well they put it into Spotify and that's what makes the API so useful because they didn't have to put it in every single email it just made it as simplified and it sent it out to all his friends. Any other questions? Justin. Well mine was the only one in the actual questions link but basically why would a big company want to release an API for tiny projects? I mean wouldn't they want to do it only for projects that can make them money? Okay so that is one of the same questions I have when I was making this like why release an API because I noticed that Google they released a lot of their APIs and then they took them away for some reason. So the reason why companies want to let out their APIs so they can link their product to your project. So basically it helps them make money and not even in a closed source way. You can even be an open source project and an open source business and they're leaking out their API which helps other people and yeah it brings traffic and it just helps you out so it's always a win-win situation. Are there any other questions? What additional features do you have planned for your MTA life hack application? Well as I come across more problems with the bus then I'll probably expand on that but for now I'm trying to develop an app and that one is kind of a secret until I release it but I'll be sure to tell you every single API I use within that app, okay? And if there's any other questions then I can just end this right here. Thank you guys and make sure to visit my friend Justin, his talk is right after mine. Thank you, thank you for coming. So I have to load an app on my iPhone if I want to do terminals and stuff like that but does it come default on there? Because what's on default? I have an iPhone and I don't want to load apps on it for security reasons, do I have to load an app to do the terminal thing or is that something? Oh no, it's not an app, only the terminal is it's basically an SSH code. So like it's basically bringing the functionality it's bringing the laptop to your phone. So it's like you don't have to load anything there. Okay, so I'll be able to do that through the phone. Yeah, I just don't want the terminals to happen. And it's basically just like a consequence of being just makes it easier for me. Put the terminals out right here. See that's things I'm staying away from apps because of vulnerabilities and I don't want to worry about it so. Yeah, well I use so your features. No, I understand, I do banking and stuff and I don't have time to get too deep into stuff that's the thing. But I appreciate it. I enjoyed your talk. So glad that. Because what, this is what they enjoyed the most. And then once you got to know it and then only done a couple of years ago, it was so much faster. Yeah, well basically the problem, you want to do extremely fast transitions or integration, it's really hard. But this is really fast, isn't what I think it's the thing. Is that what that is? No, I tried. I wasn't joking when I said I asked them to turn down the heat, the cold and they turned it up. Peter said it. No, so they actually turned down the AC because of how many people we have, but it's so freezing that I asked them to turn down the air and they turned it up. So yeah, this is the mic you'll use. This is my mic. Yeah, I thought so. I thought so. You kind of switched it in the last one. Well, Kayla didn't put it on. I put my hair in. I'm used to those mics. Yeah. But I will be back in mics. Don't worry, I'll be setting it up because it's quite advanced what I'm doing. So, okay then, to configure since mine is jam-packed full of features, but you can stay in here. You will get a tiny bit of spoilers, but sorry, AC is very bad in here. Audio, I've set it to that audio, right? No one's spoilers don't look, but just letting you know, this one is a major spoiler. It's kind of hard because I have two screens. See, an extended display. So, okay, I will change that to a better font. There's a bold cursor under the screen to search. Okay, I kind of need help. I'm still working on my slides a bit. So, there are several console slides where I actually show examples on the console. And I need to know whether they have good font size or not. There's no reason I can't get Android access to this. Oh, wait, I can make it easy on myself and you. No, I'm starting at three. Oh, wait, maybe it is? I don't think it was, but I'll just forget when my own talk is. I said, if it's two-thirty, I'm gonna be pretty darn mad. No, no, no, no, wait. No, Kilius was supposed to end at two-thirty. Yeah, be it now. Yeah, I was right, it's three. It turns to three. Okay, how does this font look? Okay, so if I made everything that font would work better? If I made everything that font would it work better? What? Yeah, unfortunately, I couldn't make it any larger because it has to fit in within that slide. So, for example, here, here's another one. Which I will drag in the, not in presentation mode. Oh, especially this one, leave that to me. Okay, so try this one. I actually made that display an extended desktop. So on my computer, so on my computer, I actually have the speaker notes up on my computer and a tiny version of my slide and also the audience question. So I didn't have to have all you do it. Well, look, see, shoot, well, this is dangerous, but. If you advance the slide here, will it advance it there, too? Yeah, they're literally. Yeah, that was stupid of me. I literally disconnected it. It's actually fun. It's like jiggle it, that's right. So one of the three, like red, green, or blue. Yeah, I know, it all of a sudden tinted. Yeah. I've done that before. Actually, how is it yellow? It was the. It's not blue. Yeah. Well, no, no, no. It's blue isn't cyan. No, wait, you're right. It's actually not subtracted. Yeah, it's yellow. Yeah, so let's try this. Okay, so I can just use arrow keys. Yeah, I'm using gifts. Well, that was the only gift slide. Oh, you don't have any other gifts? No, I do have a lot of other, you know, me, but. I'm sorry, I can't resist, all right? Also, I'm gonna be throwing candy. Let's see, we got a whole bunch of different kinds of Hershey's and Reese's. You know what I'm talking about? Yeah, no, it was in the Hershey's variety bag. Oh, they have variety bags. They have variety bags. So, have you two done the battle of the death? Okay, sure, I do not mind either one of you. If you are okay with Keelia doing it, then Keelia should do it. The kids, you can't let them go on, you know, software. I'm not very good at mechanical engineering, okay? Oh, yeah, well, my check? Well, okay, okay, I have a really big problem. Audio does not work. Oh, wait, wait, wait, wait, wait, wait, wait, wait, wait. No, no, no, wait, look, look, look, look, look. That's the output for the audio, that's a VGA. You have an audio, yes, I know, I know, but. You use him, you'll turn it. And then the other thing is, hello, it's me. You all get spoilers, okay, and. Test. Okay, do a test. Test, test, okay, good. Can everybody hear me? Nice at this volume, we're louder. Test. Okay, oh, shoot, I can't see it. And now we have a scale veteran, Justin King, doing editing multimedia using open source tool. Hi, thank you, okay. So this talk is about why you should use open source tools for multimedia editing, which is, which in this case is audio, then there's images, vector images, and then video and 3D modeling, animation compositing, right? Okay. Oops, what's wrong with this? Okay. So, first of all, there are several objections and reasons why people just would not start to use multimedia tools. One of the big ones is they're often kind of unpopular, mainly because big companies don't really see them as professional, which is a big misconception, right? And oftentimes, independent people may want their company to change, but it's kind of hard to do that. So in this talk, I'm gonna explain some points that you should present to your company, or points you should present to yourself so that you can use these open source tools instead of closed source. Okay, oh gosh, I can't see this. All right, so several advantages of this is they are better than closed source because first of all, they're free, right? They tend to work on many different platforms, Mac, Windows, Linux, and some other lesser used ones like Solaris and SunOS and other stuff, right? Oh gosh, I can barely see this. Yeah. But there are several disadvantages as well, unfortunately, which one of them is they're sometimes not compatible with professional programs, right? They don't happen to be, oh, what happened there? Oh God, right? So they don't sometimes have licenses so they can't use professional formats, which means that you may not be able to import a Photoshop into Inkscape or something like that. Also, there's one, it's kind of sometimes hard to find one standard support resource. They're getting better at this in that they're making whole official wikis and usually there's a whole bunch of tutorials online but sometimes there isn't, so in that case. Also, they require some learning. Some of them are easier to adapt from the professional to the open source side but some of them take a bit more of a learning curve. Right, so here are some of the programs I'm gonna be talking about today. So Audacity is the alternative to Adobe Audition, audio editing program. GIMP is an alternative to Photoshop, Paint.net, PaintShop Pro, all the image editor and drawing programs, right? And yes, there are some other ones but this one tends to be a very popular one so I'm doing this one. Ankscape is an alternative to Adobe Illustrator. It's a vector graphics program. Blender is an alternative to every other 3D modeling, animation, rendering, video editing and video compositing software which is a lot but this thing is definitely worth it, right? Kden Live is a non-linear video editor and its alternatives are, what's it called? Adobe Premiere, Sony Vegas, Final Cut Pro and several others. And then I'm also gonna be talking about Image Magic and FFMPEG and why you should use those instead of graphical media converters. So first of all, there is Audacity. It is an audio editor plugin and sorry, it's an audio editor. It also supports VST and Nyquist. So VST is a digital audio workstation plugin which is where, so you know those setups with guitars, right? They have filter boxes. Think of a VST plugin as a software version of that filter box. And then Nyquist is what Audacity official plugins, right? So you can visit its homepage at audacity, www.audacityteam.org, right? So I have a live, well, somewhat live demonstration here and I'm gonna see if I can actually pinpoint the full screen button. Okay, so I'm currently opening up a file right here of an HP View ringtone. That's what it sounds like. And now I'm going to use the envelope a little bit later and I'm going to actually make it so it fades inward, right? It fades from almost zero and it just increments. And then I'm gonna show you how you can change speed without changing the pitch of the audio. So right now I think I am doing envelope. Yeah, so as you can see, it's going up in the volume. And then so now I'm gonna select it all. And what am I doing here? Yeah, there we go. So I'm changing the speed without changing the pitch. So this is a typical Audacity workflow, right? You may use tools and there you go. But I decided I don't really like that. So I'm just gonna undo it and then I'm gonna save it as an Audacity project, which means that it has all different tracks and it preserves your filter settings, right? And then I'm going to export it to an AUG file, which AUG VORBUS is an uncompressed audio file format that is very popular and it's really cool, right? There we go. So there we go, it just exported, right? So where can you find help for Audacity whenever you might need it? So you can find the official, the official documentation is up there. I can't see the links, so. By the way, I also put a meme over there because why not? Also, all these slides will be available after the talk. So if you ever need reference, you can just get it right here, okay? And so why use Audacity over Adobe Audition or a professional one? Well, first of all, you should do it because it's free, works with any computer, right? And it also has really, really good plugin support. Oftentimes professional programs have plugin support, but either their plugins are way too expensive or they're kind of hard to install, sometimes usually not, but. And then also it's a very small application size comparatively, I mean. And so professional programs tend to take a lot of application space, but open source ones are surprisingly small and they can do more functions, right? And before I go to the next section, does anybody have any questions about Audacity? Okay, you. Microphone, can somebody get a microphone? Can you repeat the question? Yeah, we. Can you repeat it, please? Where are the tutorials mentioned? The tutorials are on Audacity's official website and Audacity team picked them out as the best tutorials. Some of them were made by Audacity themselves and some weren't. So like I said, I'll provide the link to the slides later on. By the way, I think you get a candy, can somebody pass? Oh boy. Can somebody pass this over? Thank you. Good, you will be my candy runner. So can Audacity read Pro Tools files? Pro Tools, I don't believe it can, but maybe with a plugin. You, the problem with it reading professional formats is open source doesn't sometimes have the license for it, right? So you'd have to pay money and some of the open source tools just don't have enough money given to them by donations to buy a license like that. So maybe, maybe not. Any others before I move on or? Yeah, run the microphone, I can't hear. Also. Audacity is cool, but it's kind of, it takes a while to load and it's kind of complex. Like if you just have a quick cut and paste you want to do, do you have any alternatives? For a quick cut and paste, I mean, Audacity usually loads pretty quickly and for most tasks Audacity is nice and I guess I don't really have another alternative because Audacity, first of all, it does load really fast, at least in my experience and on many systems that I've tried it on and cut and paste you just select control X, control V. So I don't, not really, this is a general purpose thing, by the way, both of them get candies. Those are two people. All right, all right, moving on to the next section, I don't really have much time here so. Okay, and if you also, if you have any questions, slide link up at the top. All right, so I'm going to move on to GIMP. So GIMP is an image editor, similar to Photoshop and a whole bunch of other painting programs, but it's oftentimes better because there is a huge library of plugins. If it doesn't do something natively, then its plugins can more than make up for the difference and in some cases, like content aware fill in Photoshop, it's replaced by GIMP's heel selection tool and it does a better job in GIMP than it does in Photoshop, right? So the official website is gimp.org. Man, here's another example. By the way, for all these examples, if you can find where I hid them in the presentation and during the questions period, you pointed out to me, you get a candy. I put a little Easter eggs in here so. So what I'm doing right now is I open it up and I'm going to extract the candy hearts from the background and I'm gonna do it smoothly. So here I'm using the foreground selection tool to trace and outline around it. Is it playing? Thanks, all right. So there we go. So I'm gonna erase out the background using the eraser tool and then I'm just tracing in the foreground. So all these candy hearts, I just brush over them with this foreground extraction tool. And once I'm done with that, it takes a little while. Once I'm done with that, I hit enter to make a final selection and then I can grow. I can, I invert the selection, then I grow it and then I feather it so that I can basically extract the candy hearts without any of the white background, right? Okay, so now I'm going to use an unsharp mask which basically makes it to where it's a lot sharper without losing quality, right? It adds detail to it by exaggerating contrast and several other things. And so I just did that. And now I'm going to apply a brightness contrast effect. I might have already done that. Nope, there we go. And I'm just gonna tweak that a bit in order to get the kind of coloring I want. I did want it to be a bit gray. And now I'm going to export it. So I save it as a XCF file. This is the equivalent of a PSD and now I'm exporting it as a PNG. By the way, GIMP can import PSDs, but it can't export it because of licensing issues. All right, next slide. Here are the official GIMP resources. So I'll just leave that for a minute since if you need to write it down. Okay, so why use GIMP over Photoshop? Well, number one, of course, free every platform, but the plugins are where GIMP really shines because GIMP's plugins are huge. There's a massive library of free ones. For example, I was scanning an old article and I found that I had a whole bunch of printing dots. So I used GIMP, I searched on the plugin repository and I found a descreening plugin, put it in, and it was perfect, it just worked instantly, right? And also, it's a pretty low learning curve. If you go to Photoshop, going from Photoshop to GIMP, it's really easy to learn. And also, GIMP is much more customizable. In Photoshop, you can practically just move around panels, but in GIMP, you can literally change the entire workspace if you'd like. All right, and it's also much smaller. Okay, so any questions about GIMP? Okay, microphone over there, or loud here. Yes, you could, although, sorry, yeah. Yes, you absolutely can export a layered TIFF, but you might lose some several other things. For example, I don't know if layer blending modes are supported in TIFF, and other aspects. So you will get layers, but I'm not sure about much else. So to answer your question, and also you get a candy. Anyone else? Okay, microphone over here. Are there any plugins in GIMP to make thank you cards? No, not directly, but actually, I'd recommend, instead of using GIMP for thank you cards, I'd recommend Inkscape, which I'm gonna talk about next. And the reason why is because, first of all, infinite quality zoom, because it's vectors, and also it's a lot better layout than GIMP is. GIMP is mainly meant for image editing and applying filters to renders and stuff like that. Inkscape is more of a layout program. Okay, any others? Okay then, by the way, these two need candies. Okay, so Inkscape is a vector graphics editor. It allows you to manipulate points on an SVG. You can trace bitmaps into vector formats and do many other things. It's also pretty open to developers. I forgot to mention, all these are open to developers so that if you have an idea, you can request it, or if you're a developer, you can submit a pull request, and if it's good enough, if it really benefits the community and it's stable, then they will accept it in to their code. And so you can make a very big difference on these programs, which on close source, you pretty much can't do a lot of times. Its official website is Inkscape.org, I believe. Right? And here's my example. Where's my cursor? Oh god, where's my cursor? Thank you, there you go. So first what I'm doing is I'm going to import a bitmap that I got off the internet, right? And I'm going to resize my document so that it fits the dimensions of that exactly, just so that I don't use any unnecessary space and it's easier, right? So now I'm going to right click and I'm gonna trace the bitmap. And that essentially turns the bitmap into a vector. So vector is infinite quality zoom, right? So I'm tweaking a couple settings and I think yeah. So I'm currently gonna use a union after I ungroup this. So ungrouping it, explodes it into its paths and then the union actually takes those paths and then merges them into one. It essentially flattens it, right? So I'm doing that right now. Sorry, I can't really see this. And then later on, yeah, right about now, I'm going to actually, oh no, now I'm doing the union. So later on, I'm actually going to replicate the mouth with a shape and a gradient. So in the case of the tool, in the case of the trace bitmap tool, it can't do gradients. It basically posterizes everything. So you'll have to recreate gradients using it, but I just used the pen tool to trace out an oversized outline, apply the gradient to it and then put it behind the shape. So you'll see that in a minute, right about now. Yeah. So Inkscape is really powerful in this case because not only can you take a bitmap, you can compress it. Sorry, you can turn it into a vector which is infinite quality zoom, but you can also do simple shape manipulation really fast. And even the more advanced stuff like Boolean operations are natively supported. So I'm about to save this to an SVG which Inkscape produces fully compliant SVGs that are universally accepted, which is something that it definitely has an advantage over Illustrator for. And then I'm going to export a PNG from that. There is one main problem with Illustrator though, which happens to be it doesn't really snap like Adobe Illustrator. So it has basic snapping controls, but they don't often, they're not intuitive and they don't really have extended guides. If you have a bounding box then it doesn't extend past it, it only snaps to the edge of the bounding box. Here are the official help resources. So there's also, I believe, an offline manual if you go to help and then manual inside Inkscape. Right, so leave that on there. And okay, so why use Inkscape over Adobe Illustrator? Well, the main reason is because Inkscape, it is a really tiny program, it's free, and it also exports completely compliant SVGs. Unlike Illustrator, which you have to export SVG and it may not really work that well, it's not fully up to the standard, Inkscape natively makes its SVGs that way. There is an Inkscape SVG which does provide other content, but even Inkscape SVGs when imported to HTML or XML will work absolutely fine. And also the other ones. So I'll start with the questions I have up here and then I'll go to other ones. Right, how does one install a plugin on GIMP? Well, you install it by downloading its script foo file or Python file and dropping it into the scripts or plugins directory inside your GIMP directory, which you can find that info online. And open source tools almost by definition will be free. What makes it better than commercially available competitors? It's more accessible, that's why. Oftentimes expensive software may work for a large company, but sometimes not only is free software giving more budget for other areas of your company, but it's also making it to where it's instantaneous and you don't really have to worry about all the pricing and you don't have to buy it and go through all that. Obviously it's a minor inconvenience, but. All right, and then one more. At one point does a proprietary file format become the industry accepted standard. It becomes the industry accepted standard when overall other programs besides the file, besides the actual file, besides the program that produces it, when it becomes so widespread that about most of the programs in your space for doing it, accepted. In other words, PSDs are a complete standard for the industry. All right, and that's all the time I have for that. Okay, so now, any questions about Inkscape? I am running out of time on today. No questions? Okay, yes. Actually I wanted to ask something about your presentation about Inkscape. Was that a video of work you did while we were watching that? Yes, every single one of the examples is where I made an image for this presentation in these open source programs. So I can basically demonstrate a real world use case of each of them. Okay, and that brings about the question I wanted to ask, which was, is there a plug-in to make objects of light or take objects from photos you're out? Yes, actually that's built into GIMP. So GIMP has a foreground selection tool which allows you to draw a rough outline around your foreground and then use a brush tool to basically select more precisely the actual foreground image. And then it just does a selection and then you can go inverse and delete. Yeah, because it seems like that would be something that like you have those types of tools in computer vision programs. If you're talking about automatic, then I'm sure that GIMP does have a plug-in. And even if it doesn't, you can write one using Python and OpenCV. So. Thank you. Okay, by the way, gets a candy also. I'm sorry, it's just. We'll get it later. Okay, all right. Now we're moving on to KdenLive, which KdenLive is a non-linear video editing program. And what that means is while programs like iMovie just have a sequence of clips in a line, this has multi-dimensional clip stacking to where you can overlay a clip and then you can overlay another clip and you have blending modes in between them and also same for audio, right? It happens to be located at kdenlive.org, I believe. I can't see the links. And it's very, very simplistic and yet it has tons of features through its filters and effects. For example, speed effect is one I use a lot because it's just really simple, you apply it and even though it doesn't have speed inside the actual editor, the effect does more than that. So let's go on to the example, right? This is me editing the Audacity video in KdenLive and then I edited the KdenLive video in KdenLive. So, just wanted to point that out. Here I'm creating a new project. So, and now I am importing in the Audacity clip, right? And so I'm just quickly scrubbing through and looking at it. And then I'm going to chop apart segments. Yeah, so I'm previewing the audio there. So I'm gonna chop apart segments by using the cut tool and then I'm just gonna delete certain segments when they're similar, right? When the video is mostly similar, so it has a smooth transition. Sorry about screen flickers, by the way. That's a Linux thing. And then I'm just gonna chop them apart and I'm going to cut out certain sections and I'm gonna use the speed effect so that I can just run through them because I need to shorten these videos so that I don't waste too much time. So I'm just chopping it around the audio since speed with the audio doesn't really work and I want it to be the full audio. And I'm also going to ungroup the tracks that have no audio so I can just use the speed effect without having to worry about the audio synchronization or any of that. So I just ungroup, then I delete the audio track. Okay, well, while this is going, I'm just gonna take another question. Audio, video, and image processing software has a tendency to be a patent minefield. How does existing software get around this or how do you suggest countering it? So what I recommend is, as long as you are not using the same algorithms as a proprietary format, then you are completely fine. If you have the same ideas, you can't really do that. And by the way, it really should be copyright instead of patent, but that's a whole other topic. So basically, as long as you're not using the same algorithms, you should be absolutely fine. And if you're not sure, then you can, I'm pretty sure you can just ask the company. I don't know, I don't do legal stuff a lot. Anyway, so here is the KDN Live resources. And in this case, I also provided Googling instructions because that's something that oftentimes people don't really, it sometimes doesn't come natively to people, which I understand. So it's really easy in this case just KDN Live and then your area of the problem and what specifically. So for example, KDN Live speed effect not working. And you have plenty of help resources here. And okay. So why use KDN Live over Adobe Premiere, Sony Vegas, and also, what's it called, Final Cut? Well, number one, because it works on almost any platform. Yeah, there's a testing version for Windows. There's still working on it. But first, it works on many platforms, which you'll notice Premiere, Sony Vegas, and Final Cut don't work on Linux, and this does. And before anyone asks, I'm not doing OpenShot because it crashes every five minutes on my computer so I couldn't really give a good example with real points, right? And also, it launches fast and it exports fast because Adobe Premiere and many of the other programs have a gooey preview, but that's actually a disadvantage because it makes you render slower because if your computer has to render it to a full-size other format and also miniaturize it and then show it in a preview window, even though that doesn't take much other processing power, it still does take processing power. And if you really wanna get it on a tight deadline, then you definitely wanna go with a CLI tool or not previewing the render. Any questions then? I can't see any hands. Just go to a person with hands up. Okay, you first. Was the video you editing one of the first videos that you showed, or was that you editing an audio file? No, no, no, I edited, so I screen recorded every single video, right? I was editing the screen recording of the Audacity demo. Okay, thank you. Okay, perfect. Okay, you were using Kaden Live to edit your recording. Right. How did you capture that recording? I used Simple Screen Recorder, which is another free software. And FFMPay can also record your screen. So if you don't have Simple Screen Recording or PPAs don't support it or whatever, you can use FFMPay to do it. Although I'm not covering that in this talk, but you can easily find it out from the resources I'll provide later. Hi, you said import. It says import and export any format. I'm just wondering about formats, and that is, will it only naively export free formats like Oxyora, WebM, VP8, VP9, not X264, or anything like that, those panted formats? Yeah, well, it doesn't, okay, so the actual project file is only a dot Kaden Live, which pretty much nothing else can actually read, but that's the same way with Final Cut, Sony Vegas, and Premiere Pro. The project files are all proprietary, unfortunately. Same thing with Kaden Live, except you know it's not proprietary per se. What I mean by import and export is, you can import any type of video, any type of audio. Project files are different, so you can import WebM, H.264, all those, and also AUG, AAC, MP3. Question. Is it just a front end effectively to FFMPay? Is FFMPay used for all the rendering? For the rendering, I believe it is, yes. It either uses FFMPay or LibAV, I believe. And does it have the ability to do some kind of fast render previews? Yes, it does. I don't really show that in this demo, but absolutely. Okay, then, I don't see any other hands. Okay, okay, go ahead. Lightworks. No, I have nots, and mainly that's because, well, first of all, it's not really as popular as these options, and I'm using the popular ones, mainly because there's a whole bunch of different people with experience on them, and that means that if you're trying to tell your boss or your company to use these, then a whole bunch of other people have already given good reviews, and I'm sure that program has a lot of support in other things, but I'm not talking about it. Once again, you can look on these websites and judge for yourself. I'm gonna talk about general topics a bit later, but these are the specific, you know, the specific programs that are popular. So I'm pretty sure it is a good one, though. Okay, by the way, if your question isn't answered at the end, I can do it, or you can submit it to that slide link right over there. Blender, Blender is a huge program in terms of functionality, right? So it's a 3D modeling, compositing, and also video sequence editor. It's a game engine, it's also a video compositor, and it's a 3D animation studio, all in one program that's smaller than a regular 3D modeling program, including libraries. So it has a great advantage in that it's super popular. There are literally overflowing amounts of tutorials online for this. It's used by a lot of industry professionals as well, so this makes it a great target if you're doing any of that, any video sequence editing or 3D modeling or anything, especially for advertising. And I believe there have been some big budget movies that have been produced on it, correct me if I'm wrong, but I believe there have. Right, so my Blender, so this one requires a lot of explanation. So before I was, I'm trying to 3D model and render a penguin, right? So I tried a subdivision mesh, but that didn't really work out because I didn't really do it right. So instead what I decided to do is, I decided to do a MetaBalls, right? Which are basically spheres or other objects that plump together, they merge together. So I converted it to a vertex. I made the flippers, right? And then I subdivided it and I sculpted it. And over in this section, it is currently, yeah, I'm currently modeling it still. So right now, okay, I think I just, yeah, so I'm applying a material right here. So with Blender you might need to experiment a bit more. So I tried several methods to get the texturing right. I decided not to do vertex paint because that's given me kind of headaches in the past, but so I decided eventually that I would just slice it, use the slice tool along it and then I could take all those vertices and paint them with one material, others and paint them with another material, which worked really well. So yeah, here I'm just trying some vertex modeling using the subdivision and triangulate modifiers. But later on I'll do slicing, right? So I'll go over some background. Blender has two rendering engines, internal render and cycles. Cycles is the photorealistic, I would say better renderer and the internal renderer is more of a prototyping renderer I guess you could say and it can do some photorealistic stuff but cycles is much better at it. And so I'm doing this on internal render and I'm going to switch to cycles because modeling seems to be a bit easier on the internal render in terms of viewing materials and all that and they translate perfectly over. So, oh, what the heck, I wasn't... Yeah, this takes a while. This whole video is an hour and 20 minutes compressed into six. So yeah, anyway, so what I did there is I just used these sphere eyes tool. Well, it's not really a tool, that's more like a menu option to create the eyes, right? So here I am modeling the beak and texturing it, right? And so I have to pull it out and whatever you see the wireframe, that's just me going into wireframe mode using Z. So modifier keys are super easy in Blender. And also another benefit to Blender is it loads instantly. And when I mean instantly, I mean you literally launch the program, maybe it takes a couple of milliseconds and it loads up. What I did for the foot was I used a curve modifier, so I curve, I sculpted it and then I converted it to a mesh. Then I used the inset tool to make the steps. And here I'm just modifying it with a mirror modifier. And I textured it, put it on the feet, and now I'm setting the rendering settings. The default render is sRGB, which is not so good. So I changed it to Filmic Blender, which is a photorealistic version of it. And I'm adjusting the contrast settings here, right? So I did a final render and I'm adding freestyle, which is a stroke texturing, right? So, and now I'm actually going to, now I'm saving it and that's my demo. All right, and remember, this is really popular. So this is one of the easier ones so you know, convince your company boss to do or even yourself, because it's very simple in terms of tutorials and you can just learn it pretty quickly. So there are all of the links for it and in terms of Googling, Blender is one of the easiest because there are so many people using it, right? And so there are the links. Once again, I'll have them later on too. Okay, so Cycles is a photorealistic rendering engine that the Blender.org team has created for use in animation and 3D modeling, right? So it looks like real life. If you do it right, it looks like real life. It has the capability to do ray tracing to where it can simulate rays of light bouncing off of things and also it has specular glossy subsurface scattering and many other realistic shaders. So, okay. Why use Blender over any other option for 3D modeling, compositing and all that? First of all, works on any OS and there's overflowing amounts of tutorials on this. This is one of the subjects where you have so much support and also it loads really fast, it's very efficient and the only thing that may be a bit slower than other renderers is render time but it tends to be really good with that too as far as I've found, depending on your quality settings. And even if you don't choose a high quality setting in the render, image processing software can often just fix it for you. For example, Blender, sorry, Cycles has a, what's it called? I forget, I think it's a repetition. Basically the amount of samples you have. The more samples, the less grainy it is but you can also fix that in post-processing. So, many different options there. Okay. Oh, sorry, any questions before I go on or? I don't know, pick someone with their hand raised or if there is one. Okay, then there's no questions. All right, image magic and this is where I talk about why it's so important that you use a renderer that doesn't necessarily preview it as much because previewing does take extra CPU time and oftentimes you may not need it. As long as you set it up correctly and your draft render is good, your final render will usually come out perfect exactly the way you want it to so if you just preview it, it slows down. So, image magic is often embedded in many programs. This is a very popular library and standalone tool but some programs don't use it and it's just overall really fast. So, it's imagemagic.org, right? And so here is my demo. So, as you can see that's a lot of text right there but I'll run through it. First of all, I'm changing to the directory of my image files. Then I'm taking an animated GIF and splitting it into its frames. So, I'm using the coalesce option because what that does is GIFs sometimes have it to where only a part of the image changes and I'm just making it to where it shows the whole image for each frame so no transparency or anything. I mean, except for the background transparency and that's basically it. And by the way, I understand if you're kind of afraid of the command line, if you're doing media editing but I'll talk about what you should and shouldn't do for media editing and command line later, right? Here are the official support resources for it. So, there's not much because it's a pretty simple tool but it's incredibly powerful because not only can it actually convert images, it can also create images about, I don't know, something like 10 times faster. I don't know the exact multiple but it's a lot faster than GIMP or Photoshop because once again, you don't preview it and it also uses more efficient algorithms. And sometimes open source editing programs actually do use this but sometimes they don't as well. All right. So, why is it over Adobe Media Encoder which seems to be, I mean, it's not as popular as some of the other Adobe tools but why is it over a graphical renderer? Well, first of all, it's a lot faster and second of all, it tends to have less confusing options. When you specify all the stuff you need and you don't have to worry about all these options, I mean, you tend to make less mistakes so you may have less compression issues and all of that and that's pretty much all I had to say on that slide. Any questions? No questions. Okay. And FFMpeg. So, once again, it's really fast, much faster than a GUI renderer and it's embedded in most applications but some of them it's not embedded into. FFMpeg.org by the way. Here's another one where I'm splitting an MP4 into a frame sequence, right? And so, LS just shows the files in the directory. So, okay then. Another meme and so the simple guide and also Googling for it. Googling for it, these things is usually pretty easy. All right, all right then. So, okay, why use it over Adobe Media Encoder? Well, it's pretty much the same reasons and it's also because it tends to be a lot faster and command line tools oftentimes are kind of scary if you do a lot of GUI things but they're actually nicer though because they're a lot simpler in a lot of cases, they load faster certainly and there's a whole bunch of other things. Okay, any questions about this? Get a candy. Sorry about that. There you go, I see you found an Easter egg. Anybody can do that by the way. Okay, command line. This is the graphical media GUI persons guide to doing things on the command line, right? Actually, I don't know how this will work so I'll just do this. All right, so this is the basic command line. You get a simple shell prompt, right? So you just change your directory to the directory and then you follow the examples at first. You follow the examples provided exactly but you substitute file names. When you get more comfortable with it then you can add your own arguments based on the documentation and then eventually you'll just get used to it where you don't have to look at the documentation anymore or maybe not, that happens to me too where basically I've completely forgotten it, especially tar, dang tar. All right, so, oh God, what happened here? Please, yes, score, all right. So there's a simple example. Also, let me emphasize something real quick. Don't use sudo unless you're configuring something because you should never need to use sudo if you're just converting it. If you own the files, right, and they're not in some other directory, sudo should not be necessary and there aren't very many guides that are that dumb to include sudo for conversion commands but if they do just know, sudo may be used for configuring the actual, you know, the command line tool itself but never for actually converting unless, like I said, you're in a different, you're in a different folder that you don't own, right? Yeah? Yeah, and you can also use the alias command. Alias is great for when you don't want to have to retype common commands, right? Okay, I'm gonna answer a few questions. Is it recommended to use a more powerful machine to use Blender? It completely depends. If you're rendering something, then yes. If the faster your machine when rendering and the better your GPU as long as you set the setting and you have the proper drivers, then yeah, it's better to have a faster machine. When you're modeling and when you're setting up materials, it doesn't really matter. I mean, I've done Blender modeling on my Chromebook using Crouton, right? And I didn't render anything, but even the modeling is fine. So, okay, another question. How do I use tar properly? That's not related to this talk. You can look on the internet. And that's pretty much it. Okay, big summary, okay? This is the overall big summary for this entire talk. And if nothing else, keep note of this slide because this has the main points, right? So, FOS versus closed source. FOS is always free. It's in the name. And closed source can sometimes be expensive. There are free closed source programs. I'm not gonna deny that. And in fact, there are quite a lot of them, but the professional ones are often hundreds or thousands of dollars, right? So, that's a big advantage right there. It's much more accessible and easy to get a FOS program. And by the way, FOS, just so you know, does not mean you compile it from scratch every time, okay? That's another common misconception and I'm pretty sure all of you know that, but just in case. Also, there is often really big amounts of plugins for FOS programs, right? FOS programs like plugins because it allows the community to contribute without having a whole bunch of pull requests and bloating up their application with features that the user may not need. Unlike other programs like Illustrator, which, you know, might do that, right? Also, the plugins tend to be, once again, free on the side of FOS because the program is free and the developer mindset is I want to help other people instead of, you know, I wanna get money and yeah, Adobe does care about helping people, they wouldn't get money. But FOS is wholly geared towards that since it's a non-profit. And also, what's it called? Oh yeah, works on any operating system. Unlike companies like Adobe who target specific operating systems where there's a ton of audience, FOS programs just distribute everywhere, not only because they oftentimes use more libraries that are supported on every operating system and programming languages which can compile to multiple, but also because they want it to be accessible a lot of places, right? And that's it. So, my next slide, questions. And if there's no questions, I have something planned for this too. I will ask you questions and whoever can get them right or at least partially right will get a candy. So, any questions? Any questions from the audience, first of all? Okay, pick someone with the person who has the microphone. Or if you're really loud, just let us know, okay. And also you can submit it here and I'll get them. Have you used VLC? Yes, and I did not include VLC, mainly because it uses FFMPEG and LibAV in the background, right? So you might as well just use them directly, but VLC is a really good GUI interface and I do recommend it, yeah. I definitely recommend it. It's a great one, although it's not good for screen capturing. No, well, maybe. So, you mentioned you do some stuff on your Google Chromebook. Is that running the Chrome OS or did you just rip it out and install Linux? Okay, great, so this was actually... Are there good Chrome, I guess the Chrome OS Chromebook plug-ins, multimedia plug-ins for the stock Chromebook? Okay, so it was a couple months, actually more like a year ago, that I actually installed Crouton on my Chromebook. I don't have it anymore, but I did... So you can't just do, a lot of these things don't work natively on Chrome OS, right? But my Chromebook also runs Android apps, so you can use more of them, have been ported to Android, right? In terms of native Chrome OS plug-ins, there's not a whole lot of open source ones, because oftentimes they're hosted on a website, so you don't really have source code for that as much. Right, any others, any other questions or? I can't see your hands, sorry. I'm okay, I'll see you. I guess it's time for your quiz now. Oh, okay. Let me just check. Maybe more candy. Oh, okay. I just wanna ask, with FFmpeg, like I've tried using FFmpeg on Linux, like for example, I have a GoPro Hero 4 and I don't wanna use, and I do have a Mac, but I don't wanna use GoPro Studio, it's really hard, it's slow, and I found out that FFmpeg is a lot faster, but when I'm trying to do, it's, this is my own experience, trying to actually turn these one or any degree fisheye images that the Hero 4 captures, takes, it takes time to just flatten out, turn into a non-fisheye image, so it takes time, these are 12 megapixel images and in my experience, it takes like, in my experience, processing over 7,000 images from a two-hour drive from LA to San Diego, it takes like two, three, four, five hours to finish, and this is like on a quad-core, four giga, four gigabytes of RAM machine, and it's with the FFmpeg, and then converting it to a video, it takes time, so. Well, yeah, the reason why is because it's not FFmpeg's fault, you're trying to un-fisheye something and that requires a lot of calculation where it has to actually synthesize pixels, right, unless you wanna lose quality, so any rendering software has that problem, unless you super-optimize algorithms, which some of them do, but that's really specialized and that's most often closed source, and I actually have a question here. Can you move 3D projects around between the different programs? Yes, you can, but you have to export to a common format like Caledad or FBX is a popular one, although that is licensed, so some can't use it. Okay, can you give more info about GIMP and share more examples? Okay, so, okay, fine. GIMP has a layer managing similar to Photoshop, right? So I'm sure you played around with Photoshop, right? Think of GIMP as a version of Photoshop where you can basically add more, you can customize it more, you can add more functionality, but it doesn't have it out of the box, right? In terms of examples, we'll just look at pretty much any Photoshop document and GIMP can do the same thing, right? And you can also find tutorials online, just search GIMP and something, and I'm literally almost out of time, one minute left, so do you use Nome? Yes, I use Nome while using Blender. You could see that from the title bar there, and yes, I do. I'm just gonna take a few more questions. Said as an image editor, I have not used that, so I can't really give my own personal experience, because, guess what? I don't think it is an image editor, right? I don't know, okay. Sorry. Uh. Yeah. Okay, any questions in the audience? Because I'm practically out of time right here, but luckily I covered everything. So, either ask for the microphone or, okay, microphone over there. Oh, yes, I did. I covered audacity. Okay, good. Hey, and I'm at four o'clock, so one more question. Then I will just, you know, throw a candy to people, okay. Just nothing in particular, but have you tried a vidmux, or played with that? I'm sorry, vidmux? Yeah, I think that's what it's called. I have not. Once again, these are usually the really, really popular ones that you really hear as the face of open source software for their category. So, I did not cover nearly everything that's available. So, if you want to find out, just Google it and you can go to their official site and it will discuss all about it. Okay, well then I guess there's only one thing to do. You get a candy and you get a candy, everyone gets a candy. Here, candy. Yes, thank you. All right. And, no more questions. What do you think about MS Paint? How do I put this? Tux Paint. One word, Tux Paint. Thank you. If you want candy, come up. If you want candy, just come to the front of the room. I'll give you candy. I have too much. Especially if you answered a question. I actually covered what was said in the description. I went to talk yesterday and said it was gonna be about machine learning. There's two lines about machine learning and it takes an entire hour or more. Yeah. Like that. I don't know if you can sell the edited images. I'm really into the edited images. You're doing something wrong in life. It works. You're sure? Absolutely. By the way, just to feel that great thing on the quick flight, the previews that you've got. Here, have some candy. Oh, wow, God. I'll take the candy. Yeah, share it. Share with others. There is candies here. Oh, okay. I want this handed. I don't know. Oh, that's system 76. That's not ours. And this is my laptop. That's where I've been looking for it. I've been missing it all weekend. He's at it. Where you got it? Here. What's that? And this. Just throw it away for me. I don't have enough room. Where'd all the candy go? He's got it still in the bag. Can you hear me now? Ah, cool. You know, it requires 1024 by 768 and apparently with some really crazy refresh, but yeah, I mean, I can try a different resolution. I don't know if the 1024 by 768 is something they want for, because this is all live YouTube streamed, but if that's given you guys an asset trip, also that is apparently a 15 inch monitor. So that's still bad, but it was good for like momentarily during the mode switch. Yeah, let's try another four by three. Step one of every conference talk about Linux. Everybody team up and fix the projector. All right. Well, maybe if we just, let's see how it does a little bit better on white. We'll be okay. All right, I guess we're probably good enough to get started now. As I mentioned, this is apparently live YouTube streamed. So if you want to send people to the internet to find links that maybe not here right now and are interested in this, go ahead and do so. My name is Christian Hergert. It doesn't really say up here, but I work full-time on GNOME. I happen to be paid to do so by Red Hat, but I am 100% working upstream GNOME. That's all I do. So one of the technologies that we've been working on in GNOME for the last couple of years that has a history of about nearly a decade ago, we've cared a lot about trying to ship applications to users and make it easier. So Flatback is a technology we've come up with to do so. So quickly we can kind of just cover the basics of Flatback as everybody's been saying, Flatback whatever, like what is it? So for us, this is a way to ship your software efficiently and safely. And we'll get into a little bit more about why I chose those specific words. And it's also a way to protect your users from intrusive third-party applications. And it will provide more security for what are typically shipped as native applications today. It's decentralized to avoid App Store lock-in and it has a rich suite of developer tooling, some of which I've built, some of which some other people have built and we'll demo some of that today. And what we think this will allow you to do is to ship more frequently and with less latency from your release times than any of the distributions or both distribution channels and Linux distributions have allowed for us to do. So just to give you a background of who we are and like our understanding and knowledge and why we think and we have the hubris to believe that we can solve this problem. A bunch of us have worked on distributions but Alex Larson is the lead project and two very important projects which he worked on the past were called GLIC and GLIC2. And these were single file bundle applications for Linux much like people were really enamored with the .apps on Mac years ago. So it was an attempt to kind of try to figure out how we could do that on Linux. He also happens to be the person that fixed Docker so it could run on a lot more operating systems with different file systems than the AUFS that was shipped years ago. So incredibly, he has an incredible strong understanding of how the mountain name spaces work and the details and the difficulties involved in these very cutting edge file systems like the problems with overlay FS for example which we run into a lot of them or whether or not we should rely on butter FS and whatnot. And another very key person in the design of this tooling is Colin Walters. Colin Walters invented and designed a product called OS Tree. And, excuse me, additionally Linux user to root. And then we have a large group of collaborators on this. Red Hat obviously where I work. Endless computers are shipping an entire OS where all their applications are flat packed. Collaborate, Code Think, Intel, Convoke, Solis, KDE is working on some stuff as well and a bunch of individual contributors. So I'm gonna split this talk kind of up into three sections and I'm gonna try to get through the details of it fairly quickly so we have a little time for demos and questions. But I'm gonna split it up into what flat pack brings to users, which I assume will be everyone here. What flat pack brings to developers which will be some subset of us here and then what flat pack brings to distributions which will also be some subset. So for users, Linux has been fragmented for those of you that haven't been around for the 30 year history of it. Linux has been fragmented from the very beginning and it's been very difficult to make and ship software that could run on all distributions. About 10 years ago some technology started to come around that allowed us to think about this differently but it's taken a long time to stabilize and flat pack was built from the ground up, day zero designed, implemented and designed before implemented to be cross distribution. And it actually follows through on this. We have some really good examples of how this works today and we'll talk about the technology that allows you to do that. And we have really easy installation. Currently that's mostly through GNOME software and that's getting used by a few different distributions. But it's also, GNOME software is not gonna be the only software installation tool that can do this. There's software patches for different projects out there that are starting to land. And we have buy-in from a couple different desktops. Obviously GNOME cares about it. KDE, Solas, Fedora. And for those that aren't into the GUI stuff we have command line tools and we think that we're the first system here that can support proprietary graphic drivers top to bottom. And the reason we think that is because we did a lot of work with those graphics driver companies to be able to do that. So like NVIDIA, we have NVIDIA working inside a container and we'll discuss a little bit why that's so difficult later. In particularly with static linking and such. We don't rely at all on the host system. The only thing that relies on the host system is the setup process. So you don't have to deal with some of the libraries coming from the host, some of the libraries come from this like bundling or whatever. It's very clear where your application will use stuff. And really what that means to users before I get in too much of it. What that means to users is you don't have to worry about it. You can have applications that will work on some of your older machines. You can have applications that are gonna work on your machines when you've dist-upgraded like to releases later. They're still going to work. That's something that we've traditionally had a problem with. Those of you that maybe like bought a game 10 years ago or something. Like I bought the Quake 3 and like Unreal Tournament for Linux. And there's no way those run today, right? Like they were using libc 2.96 and like different ABI's and Linux threads for people that knew that before POSIX threads. Here's something that's kind of important to me. With efficient installs and updates. I used to live in the forest like way out in the forest. I had a T1 line. And this is up till about two months ago. I had like 1.53 megabit symmetric internet. Having an efficient download system is absolutely critical to a majority of the people on the internet. Very few people have fast internet. And everybody has only partially connected internet. So if you have a system that has large downloads. Whether that be an upfront cost to get all of the package header metadata. Fedora was terrible with this for years. Or your downloads are the entire bundling over and over again. You are self selecting who your users can be. This is terrible with phones. I'm sure you have those of you that use like an Android or iPhone. Maybe have updated Twitter or Facebook. And burnt through 200 megabytes of updates. And they update their apps five times a month. And you just burn through all of your data. So this, and that's here in an area where we have fast internet, we have access to this. So this is a big problem. And it is exclusionary if we don't get it right. So something that's built into the layer underneath Flatpak, which is OS tree is this concept of static deltas. What we can do is take two different versions of your application. We can compare them. And we can compress it into the minimal diff between the two. We use a tool that was invented on BSD years ago called BSDF to do efficient differences between binary applications. So those are into the geeky details. It looks at the elf headers and it tries to figure out if like instructions were slightly off and compresses this down. So between that and the static deltas, we get very small updates. Also going from zero to an installation is just an empty tree compared to an installation tree. So we can do a static delta for that. So it too is very fast. It's like just doing a single download. As I mentioned there, they are trees. Those that are familiar with Git, it's basically Git for binaries. OS tree can be simplified into that. Now that said, we don't have that problem last week. I'm sure some of you saw that there was the big SHA-1 attack on Git. This does not affect OS tree due to its difference in design. The problem with Git was that SHA-1 verification was only happening at your commit level. It did not go and validate each level all the way to the root of the tree. The design of OS tree from the beginning and if you're using Git, it's called GitEV tag which was written by the OS tree author. It does a defense in depth of checksum. So it includes the entire height of the tree. So even if there was this attack on it because you get that check all the way to the root, it still would not have been vulnerable to these attacks. One of the ways we also get smaller download sizes with Flatpak is this concept of an application versus runtime split. And what that means is you don't have to bundle everything. Your application is only gonna bundle the parts that you need that are not in your runtime. And we do that for a couple different reasons which we'll talk more about in the distribution section which allows us to share some of the burden of us kind of rethinking how we build and distribute applications. So by splitting these things out, we can make the applications very small, that adds some more work to the runtime problem and we think that by us coordinating together we can make that less of a problem. It's a little nebulous at the moment but it'll be more clear later. Another cool thing we have to provide for applications or for users of applications, as I mentioned the Git one issue. Applications will update automatically or sorry not automatically but atomically. We do not automatically update your applications today. We may do that in the future, I'm not sure. But the interesting thing and what I mean by atomically is the update to the application either succeeds or fails. And this is important because universally all of our distributions are actually broken with this today in very subtle ways. For example, if you're running Firefox and you update Firefox while you're running Firefox there's a small percentage chance that it could have not accessed a file yet that gets accessed while the update's in place and you end up getting like a new version of the file versus the old version. And so now you're running this inconsistent state of the application. This is not a problem with OS tree due to how we lay out the, how we explode out the application at runtime. So you are guaranteed to have either the entire old version and the entire new version and atomically switch between the two. And I guess with trustworthiness comes sandboxing now. This is kind of a state of the world moving forward. And what that means is we do not give applications access to system resources. You do not have access to the sound card directly. There are some caveats to this, like yes for graphics drivers we'll be doing it but you do not get access to the camera, right? Because if you have access to the camera you could potentially start taking pictures of the user or things like that, right? We don't even give you access by default to the home directory. We have a really neat trick for this. This concept is called portals. We learned from various previous security analysis that just asking people if they want to do something turns out to be a really bad security UI. This is the case with Firefox, right? When Firefox would ask you, hey do you want to accept this SSL certificate? I don't know. I don't know if I want to accept it. So how we provide this UI to people is an important part to keeping the integrity of the security. What we call this as portals and for example to give you access to files in your home directory we'll show you a file browser just like normal. Except for that file browser is not run in your application space. It's run on behalf of the operating system for lack of a better term. When you select a file that's implicit security grants to the application that yes you deserve to have access to this file. And then the way it works is we do some combination of fuse and file descriptor passing to get that file into your container. Give it access but never access to the raw file. You get access to a intermediary who can then write the file back. And the reason we do this is because there's actually a lot of programs that do not do POSIX renames correctly. What I mean by that is if you open a file for writing and you start writing and your program crashes in the middle of it, you might be left in an inconsistent state. So the way to do this correctly on Unix is you write a new file, a temporary file and then you rename it into the place where you want it to be on a destination. That way it's either in the old state or it's in the new state. And that's because the guarantee on POSIX that rename is atomic. So we piggyback on that and use that to make all the stuff work. So you can do like a lot of the other systems to be practical to, I couldn't repeat the question actually, what happens when you have applications that need access to .files? So there's a couple of different things. If it needs access to .files that already existed on the system, then it would need to have some override set that like, hey, I need to use these files. And that's because the sandboxing right now is opt into as much as you want. And I think what's gonna end up happening with the UI is based on how much of the sandbox you wanna roll back or like prevent from running will be how we show the trustworthiness of the application to the user. So there'll be some sort of like implicit security flow. I guess on Android it asks you what permissions. I don't know if that's the design we're gonna use because we're definitely gonna put it through a design phase to do that. But if you only need .files in your home directory and they only matter for that application, you probably shouldn't be putting them in home, you should be putting them in what's called like XDG dataters or user dataters or one of the .config or .local somewhere in there. And those are mapped for every application that starts. So they're persistent between runs, none of the other applications can see them, only that application can see them. So you can persist all the state you want but never have your state exposed to other applications. So that helps prevent like coordinating application attacks. Okay, yeah. So Wayland is an important part for us here and that's because fixing X, it's difficult to say. So fixing X is possible, but it's really, really, really, really not possible. If you ever wanna like argue about whether or not that's true I'd be happy to because I've worked on a lot of X extensions over the years and tried to use them and make them work and they don't. Plus it really all comes down to like what people have with X and like what you connect to and nobody has these extensions installed. It's like necessary to try to do some partial bits of the security. So and then those are almost in direct conflicts with how applications like to draw. So you have to re-architect all the toolkits to try to work in this different way as well. So anyway, once you have Wayland and you have the rest of the security stuff set up, the goal is that applications can't snoop on each other. We don't have that attack where like you could just get an update every time this other application repainted and then like screen scrape their data from the X server and figure out what passwords they're doing between that and like snooping on their key presses. Like that type of stuff will no longer be a problem. All right, I think that's enough for users. We can go on to what we have for developers. Oh wait, did I go backwards? Where am I? That was interesting. All right, like I talked earlier, cross distribution. That helps developers as much as it helps users. For users it's nice because you don't have to choose a distribution based on what application you use. You can choose a distribution on what you care about, like what community you're part of or what not and not restrict your application use. But for the developers it's really huge because you don't have to go test something five, 10, 15 different times and then for each of their last five LTS releases versus rel and all that type of stuff. So some of the other systems out there do rely on the host ABI and as someone who works and maintains some of the upstream host ABI, that's a really bad idea. Don't rely on us to be absolutely perfect with ABI because it's really difficult and we think we do it and we still don't do it. And we can get into a little bit of that later. But for example, the one here that I find very problematic to building a robust system long time is it's something the app image does and they whitelist certain libraries from the system and relies on them. That's something we tried to do at VMware since about like many years before I worked there, like 1999 and it was an absolute disaster. Trying to get this set up in such a way that you could have your applications run and rely on any mismatch of host system libraries, I mean just everything broke. And then the common complaint would be like, oh, upstream should fix their stuff. Well, it's like, well, that stuff's out in the wild, so how are you gonna work around it? We don't rely on any out-of-tree LSMs. Most of the LSMs are upstream these days. The one that we do support is SE Linux. It's not required, it's there. And you can use, you can do this all just like mainline Linux kernel. There's no like exotic kernel features we need to be able to make this stuff work. And if you are on a really old kernel that doesn't support some of the newer features, the one in particular I'm thinking of is called username spaces. If you do not have username spaces, we can make all this stuff work with a suid helper. And that suid helper is 2,000 lines of C, very easy to omit and is in the process of having that done so. We only require a POSIX compliant file system. So pretty much everyone has those unless you're using overlay.fs and I will tell you that you should stop using overlay.fs. But people won't. We do hardlink farms, content addressing, those that don't get familiar with it. There's this really cool feature in butter.fs and it's landing in XFS right now, it's called reflink. And what reflink is, it lets you do hardlinks between files except for if you change the file that is hardlinked it will become copy on write. So you get very, very cheap file system copies and only when you make a change should they become copy on write. So whether or not you take any of this in, something that you should totally keep an eye on is XFS reflink. And I say XFS reflink because who knows when we're gonna use butter.fs. Atomic upgrades, you don't have to worry about your applications breaking. And then the final one here, runtimes provide predictable and reliable user spaces. We think this is super, super awesome. Every time someone runs your application, maybe you have a problem where something was in user lib64 versus user lib, where do you find plug-ins, all sorts of stuff. And it's different on every single person's computer that is running your application. And you always get those like, it's broken for me. And I don't know, it works for me, you know this seems to work, right? How many times will we close bugs like works for me, sorry. This single piece allows us to simplify testing drastically. Every time your application runs, the user space is going to look almost identical. I say almost because there's a couple things that can change. The GL library for the system hardware enablement and extensions, which I don't really get into too much here because it's not super important, but extensions let you do things like gstreamer plugins so they like get overlaid and like no matter what applications you have, you can have additional plug-in enablement. So for the general case, what your application sees as their system is always going to be the same no matter where you run it. So here's one of the things that I work on more and it's the build tooling. Flatpak Builder is a simple command line program and you give it like a JSON file that describes your project, like your name, a list of dependencies, maybe those dependencies have like a patch that you need to apply because upstream doesn't maintain things well or doesn't do something in quite the way you want or maybe you want some performance improvement. There can be tons of things that you need to patch and people and distributions often do. And it can take all of that, wrangle it together and generate your final application. One of the really cool things about that is it does it in a build environment that almost identically matches your runtime environment. The only difference is it still has the compiler tooling. So you have a compiler inside that runtime, you have the headers, the debug symbols, stuff like that. But it's the same runtime that your application is running with the additional bits for building stuff. We have this thing called OS tree cache points. And what that does is at each stage of the pipeline building your application like each of your dependency libraries maybe, it takes a cache of the entire state of that build system and it stores it away for later. So if you have a continuous build system based on this and one of your upstream libraries updates get, it will only rebuild from that point forward. So we do nightly builds of all the good home projects like this and it could take like 20 seconds to rebuild the project. It's really, really fast. It all depends how deep in the pipeline it was changed. And it is linear or serial in this fashion in that we will build from the change point all the way forward and we do that to try to be somewhat close to reproducible builds. And we're not there yet. Reproducible builds are really, really, really hard. And that's because maybe your compiler takes the date and shoves it into your build or something, right? Like you can't make that right every time if you're dynamically generating the date from running the command on the shell. So you can't do things like that to get reproducible builds and you also can't do things like you can't use compilers that will use uninitialized memory in the output because that could be different each time. But one of the best things we've done to get close to reproducible builds in this process is sharing compilers between different people building the system and having a predictable user space. Those two things get us a lot further with a lot less work than all of the other reproducible build stuff, which don't get me wrong, is hugely important. But it's that 80% easy versus that 20% really, really hard. So if we can get everyone forward to a certain amount, we all end up getting more secure systems in the process. QA testing is never done enough, which means it's even worse if everybody has to do it 10 different times. And I don't care if your entire QA system is automated. Like there's a big push for automated QA, that's great. It never fully replaces manual testing. You have to still do manual testing. Now, if you have a project that you use and one distribution is shipping one version of one dependency on theirs and another distribution ships a different dependency of theirs, you have to test both. But if you can bring that into your life cycle and bring it into your container space that you are testing, your QA and the exact version that your users are using, you can reduce that test load a bunch. Not to mention that maybe the library broke in between the two versions and now you can't ship your application on both distributions because what you need has been ABI broken on one and doesn't exist on another. Ask me how I know. As I mentioned, build and test in the same environment as your users, big use there. And then the last few things are things that I'm working on now. I've built this IDE called Builder and I demoed it a couple of years ago here and the primary build engine behind Builder is Flatback Builder. So it's in the process of making us get contributors to GNOME into our life cycle of creating and distributing software, very easy. We're basically down to cut and paste a URL and click build and I'll demo that in a bit. The profiler here that I wrote and maintained called SysProf and it integrates, I think it's the first profiler to work with containers and that we do all the work that's necessary to, if doing profiling in a container, be able to extract symbols from the L files, everything natively and it just kind of works so. And then the part I'm working on now, hope to land here before too long, is a new debugger for containers and this is traditionally very difficult because GDB has required a lot of patches to do container stuff. Anyway, I'll have a big blog post about that in the future. It's kind of nebulous at the moment. Okay, so runtimes versus SDKs. Runtimes are this shared base system for applications to target and different platforms might have different ones. So GNOME has a platform, Free Desktop has a platform, KDE has a platform. I assume that Solis and some of the other projects that are working on things will have their own platform. You probably don't want to create your own and it's because there's a lot of burden, right? If you have this runtime and it's doing libraries like GTK, GLIB, Geo Objects, stuff like that, you probably don't want to deal with all the CVE potentials, right? For like SSL, OpenSSL and stuff like that. So we want to keep the number of runtimes small so that we actually get the value of like a shared group of people working on runtimes together because that CVE tracking is a lot of burden. But the feature that we get out of it is this small per app downloads because most of the things that your application's going to use is going to be in the runtime that you and all the other applications that depend on that same runtime don't ever have to download the runtime bits again. You only have to download those once. So what we find is like even Builder, which is an entire IDE with like 50 some plugins and 200,000 lines of C, like the application is less than five megabytes. So having these like runtimes really, really does bring the size of the applications down. So as I mentioned, you probably don't want to make your own. I personally suggest the GNOME one, but obviously I'm a GNOME hacker, so I take that for what you will. I mentioned this just briefly earlier that an SDK is just a runtime without the developer bits removed. So that could be debug symbols, headers, package config files with valid, it's Vapi files, any of those little accessory stuff. And you can rely on an SDK instead of a runtime because it is a runtime with all of the stuff in there and that's what we do for Builder. Builder depends on the GNOME SDK, not the GNOME runtime. And that means that I have access to like libclang to do auto completion for C and C++ and all of those little bits. So a little bit more on portals. They run out of process as I mentioned and they don't get raw access to things. And these portals are meant to make things seem as if everything's on your local computer, like you shouldn't know that you're using a portal, but it should be very clear that it's authorizing elevated privileges to the application, but only through safe APIs. You can open documents as well, URLs, you can share things, that's one of the newest portals is the ability to share and that might like mean you wanna copy and paste something and share it to an email or share it to a website, Facebook, all that type of stuff. A capture portal to use to take a photo without giving your application access to the raw camera device. And we're actively going and working upstream. So Wim has been working on both Pulse Audio and Pinos and this is allowing us to do sandboxing of these frameworks. The difficulty here with audio, very low latency problem, getting Pulse Audio to be safe is a decent amount of work. The problem here is you may need to add echo cancellation to your recording stream so that you can do video conferencing. The way that works is you load these modules into the Pulse Audio Damon so they can do it as efficient as possible. In some cases it's even pushed off into hardware. Now if you have a client that's talking to Pulse Audio Damon to stream audio and you end up loading one of these modules because you know there's an exploit and then you can use that to get elevated privileges, not really gonna help us from a sandboxing standpoint. Pinos is the same thing but it does it for video. So video capture devices. It's basically like a Pulse Audio for video. So and I've heard some rumors that maybe it's going to subsume Pulse Audio. I don't know if that's the case but we'll find out. Anyway, we have plenty more portals to write. They're not difficult to write because of how we design this. And so if there's something that your application needs you can either talk to us to write the portal for you or come help write portals. They're not difficult. They don't take too long. For us by using Flatpak we're getting a ton more testing before release. This means we're shipping more stable builds every release of GNOME. I have a nightly channel for Builder which means I have people testing my application within like six hours of me shipping code to get. This has been huge. I get bug reports the same day that I'm pushing code so I'm, you know, the code is still fresh in my memory and it's very easy for you to set up if you set up yourself a Flatpak repo. Some people are doing betas and having like the normal stable beta nightly so you can do that. The other stuff, the last one here is actually pretty cool. Multiple architecture support. Thanks to QEMU getting some features fixed in the Linux kernel this last cycle. You can take, well you've always been able to do this for a while. You can take an ARM binary and you can run it through QEMU on an x8664 system. Not even a whole virtual machine. You can take like a single binary and it translates the syscalls to the host syscall interface from the ARM syscall interface. But now you can do it inside a container seamlessly as of like 4.9 Linux kernel I think. So this means that we can actually run ARM Flatpaks on x8664 seamlessly without you doing anything. It does all the hooks correctly to set up QEMU. So this might be useful as we get to the point of doing simulators where you actually wanna do a production build and test it and have all that type of stuff. So I expect to see more on that in the next year but just know that it's there, it works. Distributions. Distributions are very, very unhappy people for very, very good reasons. They are probably the most overworked people in free software. And I work a lot and they are more overworked than me. We think that Flatpak can help reduce the load of the distributions and allow them to compete with each other on the parts that they're actually good at rather than having to have the only way to be a successful distro, to have so many people working on it that you win based on the number of applications that you can package good or bad. And for those that don't know what Sisyphean is, he's like the guy that was climbing up the rock up the mountain and then rock would roll down and you'd have to keep doing it over and over again. So I like to think of that when I think about problems that just can't be fully solved. So one of the big complaints that I've heard so far about application developers taking apps back from the distros, right? That's kind of like the scary statement from the distros, is that distros provide these really good things like CVE tracking. And it's true, today they do provide CVE tracking and it's nice. But it's actually not terribly difficult. You get on the right security lists for the things you're bundling in your runtime. You get notified, you update a file, you run it, you sign the build, you push it to the build servers. Yes, Joe Ranham developers should not be making runtimes. Right, but that's why the sandboxing doesn't give you access to security related stuff. Like I get it, like sandboxing is not 100%, right? Like it'll never be perfect and there's exploits in the Linux kernel, there's lots of different layers. But SSL, for example, should be bundled by the runtimes. And the runtimes hopefully share a common core. So runtimes can, they don't inherit but they can build off of each other. We just don't track the dependency chain of them. So for us, we all, at least all the runtimes that I know of today, all depend on Yachto stable. So they're all part of the same day CVE releases, part of Yachto and can get updates, automated build, signed, pushed. Yeah, I mean, so I guess the question, the areas where you can have problems are like, okay, you're doing network communication in a library and it crashes, right? This is why the important thing for us to not give the application access to your home directory where the only things that it has gotten access to are things that we've implicitly granted it access to. And that doesn't mean there's not surface area but it does drastically reduce the surface area, right? Like if I use my web browser and then it steals my GNU cache file, like that's a pretty serious problem. But if I've never opened up, if I, let's say I'm using a flat packed version of Epiphany, like if I've never opened up the GNU cache file, it's not even available in the container space for Epiphany to read and steal through like, you know, remote code execution. So in that sense, you know, like all security, it's not absolute, but we do try to put in many, many layers of mitigation factors. And it's better than it is today because today that web browser like Epiphany or Firefox isn't even protected with any sandbox. And if we can get the distributions to be doing that for our core applications, we increase the status quo rather than continuing for it to be, you know, where it is. So yeah, the sandboxing we think is good. It can always be better and we'll continue to make it better. And I do think that the automated CVE tracking for developers could be useful. The difficulty is getting on the embargo list. So it might be the type of thing that we have to do through like an intermediary where, you know, we're watching JSON files and get repos or something and we're on the embargo list. I mean, certainly I would be at Red Hat, I'd be on the embargo list, right? And then we notify developers the same day and we could even provide them updates. But I mean, it is a difficult problem, but it's not one that's intractable and it's not even one that's takes an advanced developer to do. It just has to be done. Okay, so a little bit more on the security. Like I said, the sandboxing should help us protect, you know, more from third party applications, right? Like if I get Spotify, it's only binary, right? It's proprietary software. And, you know, most of us have come to the terms of accept that some people will want to run some level of proprietary software, whether that's Chrome, whether that's Spotify, you know, who knows. But we can also improve the security story of the standard distribution. You know, photos, calendar, you know, web browser, any of these apps can have their security story improved over what it is today, which has access to everything, ran in your same user session, can snoop on other applications, right? Like each one of these, we can improve the state without making things worse. Again, we support LSMs, SC Linux in particular, and D-Bus filtering so that your applications can't attack your system through service access. This is important because for all the years we've been using D-Bus, it's just been kind of implied that if you could communicate with the D-Bus service, that implied that you could do things with it. And that meant that pretty much anybody in your session could do things with D-Bus APIs. Now that we're gonna be running potentially untrusted applications, we need to prevent who you can talk to, who you get signals from, and all sorts of stuff. So the D-Bus filter runs inside the flat pack, but inside the process namespace, but after the point where P-Trace can be attached and with no privileges. So it's both inside this handbox, but with absolutely no privileges. So you can't say, like your application, despite that it's in the same Pid namespace, can't P-Trace the D-Bus filter, hijack the process and get it to do whatever you want, so you can talk to the host system. So we get both the sandboxing and the inability to attach and attack. We mentioned earlier, Xorg, not really suitable for security. You can kind of do the security, you can kind of do efficient graphics, but you can't really do both at the same time. Really not much more about it, it's just, that's the end of it. Okay, so ABI's inversion skew, bane of my existence as an upstream developer. So libraries break their ABI in very subtle ways. How many people here know what an ABI is? You're wrong. So I guess, I mean, most people say like ABI, that's like the functions that are available right, and perhaps the calling convention for it, and also the structures, and the layout of the fields and the structures. Well, how about if you embed a file in your library, and it's not really public API, but people know how to access it and have been, and then you decide to move that resource. Is that breaking ABI? So what if you support CSS to style your widgets, and it's never been documented as public API, but instead of supporting just CSS2, you decide to support CSS3, and do all these really fancy features, or 3D transforms, all these other cool things, but it slightly breaks some old CSS element names. Is that breaking ABI? Yeah, it always, it always, it depends. Okay, I have another fun one. So let's say you do something that performs an asynchronous operation, and then you do something else that performs an asynchronous operation, and which callbacks get called first? They're both asynchronous operations. They have nothing to do with each other, but you might be doing something in a certain order that expects them, when that changes in the future. Yeah, yeah, so these are all things that aren't necessarily ABI, but people get really ticked off in their program breaks, and refuse to accept it like, okay, I made a mistake. That's just step one. Like, you still have to fix the problem, but it doesn't help. So now that we know that ABI is very nebulous, and we've been trying for 20 years, we have SimVir, we have ABI versioning, like we understand what we thought, how to solve these problems, but it's just, it's not enough, because it doesn't accept the reality of how every single piece of thing we do in a library is, what's the term, compounding, right? And so getting everything right and adding features is just like, at odds. So it's really, really, really hard, and I don't think that we're ever gonna get it fully correctly. So in my opinion, I think we should probably just accept defeat on that solution, and try to come up with something that actually works. And yeah, it's even worse in these other languages. Like, I hear it's absolutely terrible in Node. I haven't done Node, but I hear it's just like a disaster. The one that bit me last week was Python, Debian, and some other distributions have updated their auto-completion Python library to a version that totally changed their API. And so I have all this auto-completion code for Builder that uses the previous version from six months ago. And if I ship it on Flatpak, everything works. Any sort of container-based system like this isn't a problem, because I wrote this to a particular version. There's no new features to the users by doing the updated one. It's just bug fixes, refactoring, stuff like that. But at the end of the day, like the user just gets auto-completion for Python. It's not like they changed the language in this, so. And you know, we might consider and say that, oh, they don't have the strict rigid adherence to soname and ABI versioning that we do and see, and rarely, but sometimes in C++. And sometimes you just can't even deal with it, right? Like a Python application might have one, and a different Python application might require a different version of that dependency. And Python, the language itself, doesn't provide a mechanism to have different versions of the same package unless you go through virtual M and have like entire different Python installs. And the distributions have never really bought into that. Like do you have a different virtual M for every Python application you install? It's just kind of outrageous. People complain that, oh, bundling is gonna add all this file system overhead, which I demonstrated earlier, does not. But that really would. So this one's kind of a, just a little fluff piece. Reducing host costs. You know, if we get the applications off the backs of the distributions and then having to host all of the updates and continue updates and the mirroring of the updates, right? The core OS is only a couple hundred megabytes usually, maybe a gigabyte with the core applications installed. And if you remove that type of stuff from their burden, I mean, you cut the bandwidth costs in half at least. Anyway, we get smaller incremental updates. That's kind of nice. Some of the distributions do incremental updates, but maybe we can get updated mirrors faster and whatnot. So, okay, fun part. That's a really big terminal. Do something you shouldn't do, which is run out of tree against git. Where is my mouse? So running an IDE at 1024 by 768 is a pretty terrible idea. So I coined this a little bit earlier, just so we can kind of skip a bunch of the download phase or whatever. But I'll just kind of, let's hear a demo quick to what we would have done. Where is my mouse? Well, since I can't get my neck around this thing to see this well, I'll just take the easy route and we'll just open GNOME to do. All we have to do to clone this is you just put git at, or git hub.com slash whatever. And then we'll get brought into the project loading and we're kind of displayed here. And wow, that is, I'm just gonna mirror my screen so I can actually see stuff. All right, so I opened up the project. This is GNOME to do. For those who don't know, this is a simple to do app or whatever. And all we have to do is click on build here. And what happened in the background is, it went through and it downloaded and built all of the dependencies. In this case, I built them right before the talk. So it kind of like skipped past it. But they're just, they're automatically built. They're right in a JSON file, which I can show you quick. The JSON file here is, well it's JSON plus we allow comments. It just describes some of the deboss things we wanna talk to. Build options, if you want optimizations, some cleanup phases, and the different dependencies we depend on and how to configure them. Not super important to the talk, so I'm not gonna go into depth on how to go about doing that. But when we click build, it goes through, it gets all the dependencies, make sure that works. We click run. It's actually deploying it inside the container namespace, setting everything up, and hooking it up into Wayland, all those different types of things we need so that we can run it. And it's running out of a completely different mountain namespace right now. So this is like as the user would run it, it's in kind of like that same sort of runtime. Come in here, play around with it. You know, nothing entirely surprising. But one of the more fun things that we have is that you can also run with the profiler. And I landed profiler support with SysProf to support container namespaces. So now we actually can come in here. We'll try to like exercise it so the kernel gets some samples in our program. And we have profiler, right? So this goes through all the different hooks of like looking into your programs and what libraries were there, trying to extract symbols if the debug symbols were available. You can even go seamlessly between the kernel and the user space into your runtime and all that type of stuff still works, right? So it's very easy to like go figure out where you had a performance problem, even if it's in the shell or whatever. Select in here, some range you care about. Anyway, it's a profiler, nothing too exciting. But now that we've simplified this whole process of getting applications, building it, I mean really, it's about as easy as it gets now for us to put newcomers through the joining the developer process. Like you really just paste to get URL, click build and you're off, you can run, you can test, you can profile, you can debug. Well, you'll be able to debug soon. Right now it's still printfs. And then I have one more demo for you. Now, Endless Computers is a software company that's building computers to try to make them very easy for the next billion users on the internet. And they do build on top of GNOME and they've done this really cool thing with Builder and Flatpak because all of their applications are Flatpak on the OS. And they care about helping people learn how to code, right, this idea of turning users into developers. Is that aspect skewerly? Okay, cool. So this is the weather application. And you can click on this little button down here on the bottom. And in the meantime, it's cloning all the repositories from Git based on that Flatpak manifest which are included in the Flatpak files. Going through it, we can build it and run it. So it's like the same thing we saw except for you can seamlessly go through the application you're looking on and seeing like the code that's behind it and why that matters, right? So this idea of explorability, we're going to be able to take people going from a user into becoming a contributor to help ease our load. That one, so. Can you repeat the question? Yeah, so the question was, that one was the same being the SDK in the runtime. That one does not use the SDK. So the way that works is it's not actually the same application on both sides. That is a patch to GNOME shell that Endless has done that hopefully will have an upcoming release of GNOME. The intention I believe is for an upcoming release of GNOME. And it's just a GPU texture. So on the backside of it is the GNOME builder application that's been sent like a D-Bus signal or command line option to told to load this project. And then it's GPU textures rendered on the backside of the other application. And when you hit run, it'll be able to flip back and run the modified version of the program rather than the program before. So we kind of have like a really cool way of bringing people like an explorability to the system that is both users and developers. Yeah. Okay, so the question is, how much does this share with say LXC or Docker because they use the term container? And I apologize for using the word container. I generally try to avoid saying that word. But the reality is the infrastructure for which containers are built on does share a lot of the same Linux APIs. We use mount namespaces, network namespaces, PID namespaces, IPC namespaces. Yeah, yeah, it's all there. So C groups are more used from the session management. So we're not really doing a lot of C groups ourselves. We would rely on say like system D, login D and like the system D layers to do the session management for C groups, like how much memory or CPU we get, right? But we do rely on the namespaces. So if your application doesn't need network, we're not gonna give you the network namespace. And there are some problematic things with the plumbing today, like IPC namespaces are global in some sense. So you can't or abstract UNIX sockets are global. So like giving someone access to IP namespace might actually give them access to the XORG server, even though you didn't want to give them access to XORG. There's all sorts of like weird, funny edge cases with things, but you know, we're aware of most of them and they're documented in what needs to be done. And it's a matter of like getting things pushed upstream. So, yes. Yeah, so the question is what happens if you have an API or ABI break in a runtime? I would assume that this would be the same thing as it is today, right? Like your application's gonna break. You know, it's like your applications break if you break the runtime. The runtimes shouldn't be doing ABI breaks and generally only patch releases, right? So for the GNOME runtime, the GNOME, you wouldn't say like you have a GNOME runtime and it's like forevermore just a GNOME runtime. You have a version, just like a Git branch, right? So you have the GNOME 320 runtime comes out with 320, 322 came out with 322. Exactly, right? You know, for some period of time, yeah. But it's like, you know, the question is like, how far back do you go, right? Because it is an ever larger burden. So let's say I bought uplink in 2003, but like we had Flatpak and that type of stuff. Do we really want to be maintaining that for retro gaming? You know, like five years maybe. And I also would assume maybe like distros might choose a longer term, you know, like the equivalent of an LTS, right? The question is do applications specify a version or a minimum or max? And you specify a branch. So like Builder today targets the three, or if you're running nightly, it targets the master branch. Otherwise it's at release as we pin them. So there's a 320, 322, and it'll be 324 in a week or two. And then those only get dot updates, right? Like the patch level updates. Yes. Yeah, it's kind of like on a person by person basis, like the reactions. Not only do we have various distributions that are partaking in so many patches upstream for like especially things like bubble wrap, which is our sandboxing. And we extracted it out of Flatpak for people that like maybe didn't want to use Flatpak, but still want to go down the sandboxing route that we can get the maximum buy-in on that. So yes, we are working upstream. The other area which has been working out very well is the various free software consultancies have been doing a lot of work around Flatpak. So there's distributions, but then also people that aren't distributions, but like solution providers. So you're gonna see a proliferate from there. Yes. Sure. Oh yeah, I guess I didn't really dive into that too much. Graphic drivers are really a pain because one they're often broken in subtle ways. And so the developers are often releasing new versions of the graphics drivers and they'll release them for different distributions that they've done different builds. And until recently they were dynamically linking. And C++, which a lot of the graphics drivers use at some layer have happened to subtly break ABI, especially over some time period. Like we had the big C++ 11 move which did ABI breaking and whatnot. So it was very important that we get the driver vendors to start at minimum statically linking their graphics drivers. The important part of that is so that we can bring in a libgl into the application namespace, so that the application can use GL. And this is important not only for games but GTK4 is a fully Vulcan and GL based renderer. We have like Colleen and render trees and all sorts of really fancy stuff in GTK and we need access to like real graphics pipelines to do it. The other situation with those, having a brain moment. Anyway, we're gonna be doing some other things, neat things I guess with virtualization in there too. Like maybe we want to not give full access to a GL renderer and you wanna do a virtual renderer, it'd be possible to do that. Yeah, I don't know if there's anything else in particular. Yeah, so the question is, are the different driver vendors up and ready to use? NVIDIA, yeah, is there AMD ones? There was some stuff going on this week with it. It's their discussion on the mailing list. If it's not there, it's like imminent. We've been working upstream with Intel and the Mesa team. So that stuff's all there and remember just now, the other important component of this that makes it work is a thing called GL-VND. It's the vendor neutral dispatch for GL and this is problematic when you start having multi-head or just switching dynamically between drivers. So Red Hat did a lot of the work to get that in Mesa and I don't know if it finally landed but the idea was we were gonna ship it as part of Fedora 25. But that is another important piece into getting into the mountain namespace so that we can also support different GL drivers in an application, maybe when you switch monitors or something, right? Yeah, for me, I think it would be really cool if we had all the tooling in place to not need to rely on Travis. That's a missing piece, right? We need people to be very easy. You can do it, you can plumb it together yourself but you can't just go in to GitHub and say, oh, I wanna point this at a flat pack builder. It's not difficult to do, like I said, it's a command line, you pass the JSON file and it builds and you're done. It's not hard, it's just taking that and having someone work on that. That problem would be super key. Yeah. Sure, yeah, if anybody wants to, like hacking on like say GitHub hooks or whatever, I don't think it's a terribly lot amount of work, it's just, I'm already busy, I can't do it, I don't have time. Yeah. So the question is, is it using package kit, policy kit? What I'm not sure on is whether or not the code went in as a GNOME shell, or not GNOME shell, but as a GNOME software plugin or whether or not it went under package kit. I would be surprised if it didn't go under package kit but I don't know the implementation of it to be able to say. But the big thing is that this all uses app data and so it's like this very simple XML descriptions of applications and everything. So it's a fairly easy format for us to get access to the metadata without having to care about like was it RPM or DEB or like what the package type was underneath it. Oh, cool. And I guess you're using policy kit with like the JavaScript, like SpiderMonkey interpreted policy controls. Yeah, yeah. Cool. Yes. We do not do server stuff. Yeah. We focused very heavily, this is solving desktop. That's what we care about solving as desktop. That said, there are a couple things that I would like to see the server side things consider. And the design of portals for safe flow of elevation of privileges is hugely important and I think applicable to server type container technologies, right? Like I don't want to permanently have to give this process access to the kernel key ring to be able to do encrypted type stuff, right? There might be some workflow where you want to use a safe UI progression and curses, terminal, whatever to be able to put in your decryption key for your PEM files, right? And then it gets loaded in the kernel key ring and all that type of stuff, right? You have this like progression of flow. That is agnostic. The design of that is agnostic to flat pack. That is just good security policy. So we're not solving server stuff. I have no intention to, but we do hope that some of the design ethics cross pollinate. One more? Yeah. Hell yes. Yeah, we want you forking software and playing with it and sharing it. I actually hope to land this before 324 is out. Translators don't kill me. I'm gonna add a new string, but being able to actually do the export and everything right from there. So you'll be able to like share it. That feature's also mainline. Like it's really, I just have to do a sub-process launcher and I just have to insert it in the build pipeline. It's like, I don't know, 20 lines of code. So when you build a flat pack, the manifest that you use to build it, there's like a truncated version or you can have the whole version that gets, it's like a file inside the namespace. So we're gonna just like look inside the mountain namespace and get access to the flat pack manifest and then use that to prime all the projects to download. So it's very simple. If you're doing a commercial app, you wouldn't put the sources of your repos in there, but for the free software apps, it's a great way to take people from users to becoming partial or learners to developers. So KDE is probably the next biggest. And then there's the one that, you know, Alex also maintains the free desktop.org one. And free desktop.org is more of like your core lower level libraries plus like G-streamer and like the plugin infrastructure and SSL and stuff. It's kind of like our Yachto plus free desktop components. So because we're not focused on servers, that's kind of like our top level, right? Free desktop down. I mean, theoretically, but like I said, like we're not focused on servers. Now, I hope that they start using bubble wrap. And I think that may happen with Project Atomic or something like bubble wrap is fairly agnostic. It's a way to like set up your mountain namespaces and all that type of stuff. But like don't expect us with flat pack to be going to solve server technologies. Any more questions? Cool. Okay, one more. Yeah, so the question is like, is Yachto like a base layer image? We're all, those of us are, many of us are paid to work on GNOME. Like I'm paid by Red Hat to work on GNOME. And, but I really do just work on GNOME. Like I'm a Red Hat employee, but I just work on GNOME. But because of that, we're sensitive to this idea of being neutral in the community and we don't want to choose distributions as like a favorite. So Yachto is a great core because it's fairly agnostic. It's, Intel does a lot with it, Linux Foundation does a lot with it, but it's not choosing favorites. And it still gets CVE updates and like compiler tool chain management. It's like it has all the important things of a distribution, but because it's part of this like trade organization where like the automotive Linux uses it and various container systems use it. It's like, it's the best neutral hub that we had to choose from at the time. And I still think it is. Cool, any more? All right, I just want to say thank you to Endless for their awesome demo here because I did not do that flipping, right? Like I just wrote the program, like they did all the really cool 3D textures and stuff. So thank you. With that, I think we're pretty much done. Do we have another talk after this? Yeah, okay, cool. Well, you know, I get how it provides, and let me turn off the microphone. The build is triggered. You want CI. Yeah, builder does all of the difficulties of the building and the rendering. So it's really just listen to some web hooks. Yeah, I see. Exactly. Got it. Thank you. Yeah.