 Fine, we'll go with that. Hi there, SMAC in 2016, big exciting year. Maybe not so much, except for our big news here is with the major success we're having with the Tizen operating system. Tizen is the number one in the smart TV market. So 36% of the smart TV market is running in SMAC. In smart watches, 16% of the market is running SMAC. And only Apple has more smart watches than Samsung. So the reality is that as Linux security modules go, it's the leading security module in both smart TVs and in smart watches. That's pretty cool. And we're the fourth largest smartphone operating system as well. So SMAC is by far the fastest growing security scheme in the world. That was fun. And just in case you think we're a one-trick pony, we're not quite. There are a couple of other projects that are supportable Linux foundation, automotive grade Linux and the Ostro IoT-based and targeted distribution are also SMAC-based for their security policy. And I've also got the T-shirt up here that says, sorry, we're in stealth mode. Because I keep getting these requests, people will say, hey, I'm trying to do ThingX. And I will say, oh, yeah, well, here's how you do ThingX. It's not hard. But what are you up to? And they'll say, oh, well, we've got this project going on. And we really love SMAC and say, well, why don't you tell me some more about what you're doing? And then I don't hear anything until they have another issue. So there are at least three of these, two of them with major corporations and another one with a government that they're not telling me what it is they're doing, what their product is, what their end use is, but they're there. And they're very clearly using SMAC for that. So we're gaining market acceptance not just in Tizen. Tizen is, again, driving the sheer numbers. But we've also got some adoption in other areas as well. Now, what did we change in SMAC in 2016? Not a whole lot, really. In fact, the one thing that was really an important change was to simplify the application launch process. Now, when you launch an application in Tizen, of course, you don't want to actually go out and do execs, because exec is, of course, too expensive. So you want to set up a bunch of libraries and you want to invoke the application using all sorts of hand-waving magic to make it more efficient. But that means that you have to be in this state where you don't want to be privileged, but you still want to be using the SMAC context that you were in when you're running part of the system. So there's this little window where you want to not have privilege, but you don't want to be at your final application label either. So we scratched our heads about this and said, well, it would be the best way to do this. And what precedents do we have from the way Linux treats other security attributes? And the closest thing we'd come up with that made sense was the way you use when you do a set UID, or set EUID, you have the saved user ID that you can switch back to at some point. That was a little bit too dangerous. So what we introduced was a mechanism where while you have privilege, you can scroll away a label and say, by the way, at some point in the future, you may want to change to this label, and that's OK. So what the launcher does is it looks at the application, says that application is going to run with this SMAC label, scrolls it away, drops privilege, does the startup stuff that it needs to do before it invokes the application. Before it invokes the application, it says, all right. Now I'm going to set that SMAC label that I scrolled away when I had privilege. So I don't have privilege now. I can change to that label. I can't change to anything else. And once I've changed to that label, it's erased from the process so it can't change to anything else. So it's just really an optimization for the situation where you're trying to launch an application, and you've got that awkward window where dropping privilege and changing attributes, it's possible to do it in the right order, but it's really hard when you've got user IDs involved and SMAC labels involved and capabilities involved and all that other stuff. So a little bit of a compromise, maybe. But actually, we've got precedent for it with the set UID, so it's not too bad. And we fixed a bunch of bugs and looked at a bunch of interesting conditions in the network stack. But on the whole, this is really the only major change in SMAC this year. So we have a backlog. Backlogs are good because that means you still have opportunities to improve. The biggest chunk of backlog we've got is in the networking code, because the networking code has evolved over the past 10 years and has gotten to the point now where it shows some of the evolution. So few places where the siting isn't quite the same color. So it needs to have some rework to it. There are some things that have come in over the past few years that haven't kept up with things like Calypso labeled NFS. These are just things that, yeah, they're in the backlog. They need to get taken care of. And since the code has gotten to look a little bit crufty, really needs to have some rework done to it. A few other things have come in as well. SystemD has become the prominent startup mechanism. And although SystemD does support SMAC, we don't have a Fedora that will run with SMAC running systemD, running processes with labels other than the floor label. So that's one of the things that we'd really get going properly. OverlayFS has come in. Binder has come in. There are a few other things where we've got new features in the kernel that we don't actually have good SMAC support for yet. So these are things that are in the backlog. It's not too terrible, but it's more than the people who are currently allocated to it can do in a weekend. And that's about it. That's the update. If I had more to talk about it, I would. And you go ahead and get a question. Go ahead and once. Thank you. Oh, wait a minute. Yeah. Can I draw up or move to a different second label so as if you're down to the application and pick the label? OK, so what you do while you have privilege is you take a particular label and you put it in a place and say, you can change to this label. So it's not a matter of a range or a list. If you want to change, you can change to this label. If you try to change to a different label, it fails. OK, so it is in policy. Well, in particular, it's when the privilege process says, here is the label that you can use. It's like saying, here's the user ID. Right. Yeah, but again, it requires privilege to set this. And again, all SMAC labels are equal under the eyes of the powers that be. OK, so anything else? Oh, yes, sir. OK, so the question is, in the smart TVs have we actually seen places where they've mitigated issues? Not that I can talk about. Yeah. Anything else? Well, thank you very much. See you next update.