I had the opportunity to attend the Ubuntu Developer’s Summit for the Karmic Koala (9.10) release from May 25th through the 29th. It really turned out to be an good conference. For those of you who are unfamiliar with the style of UDS, it consists of informal, hour long sessions. Most of the sessions I attended had the feel of either, “Here’s the goal, now how do we get there?” or “Here’s my idea of how we can reach this goal, what does everyone think about it?”. It resulted in good ideas and plenty of discussion.
Each session was assigned to a track. The following tracks were defined:
I mainly stayed in the Server track and attended the security and virtualization sessions.
Security
The conference started off well, making me think outside of server security and more along the lines of desktop security with the Malware/Trojans and PolicyKit sessions. Wine as a MIME handler that firefox can utilize struck me as particularly scary. I attended a session on filesystem integrity in hopes that IMA (merged in 2.6.30) would be considered, but the decision to use AIDE made the most sense for the Karmic time frame. The filesystem capabilities session turned out well. To begin the transition away from binaries marked as setuid, the use of filesystem capabilities with setuid fallback is targeted for Karmic. There was some concern about the lack of extended attribute support in key system tools (such as tar), but the setuid fallback mitigates that if the security.capability xattr is lost or the user is using a filesystem that doesn’t support xattrs in the security namespace.
It was great to find out that there were quite a few eCryptfs users there and that they were generally happy with the version shipped in Jaunty. Most were using the encrypted home featur, but some were wanting more flexibility and had custom setups. A decision that I was very happy to hear is that encrypted swap is on the roadmap for Karmic. There are some difficulties in encrypted swap and resuming from hibernation, so hibernation will be disabled when swap is encrypted. Having encrypted swap available opens up the possibility of encrypted home directories being an option in the Karmic graphical installer. It was nice to hear that Michael Rooney has been working on graphical applications to compliment some of the eCryptfs userspace tools that are currently bound to the command line. He also demoed a nice looking nautilus plugin which placed a bar at the top of the nautilus browser window to inform the user that the current directory is encrypted. To wrap up the eCryptfs discussions, I held an eCryptfs roadmap talk to let interested users know what is in store for eCryptfs in the future. Some of the major features discussed were eCryptfs on top of popular network filesystems, improved key management, and an attempt to get someone interested in completing the eCryptfs GPG key module. I plan on writing more about these features soon.
I was also able to give an informal SELinux brain dump to the Canonical security team. They have some interest in SELinux, but are currently committed to AppArmor. My talk was mainly to get them familiar with the policy language in hopes that the Ubuntu SELinux support continues to improve.
Virtualization
There were many talks on virtualization. Of course, there was a large emphasis on cloud, QEMU/KVM, and using virtualization for testing.
The main focus of the public cloud talks was Amazon EC2, as Ubuntu wants to be the premier guest available in EC2, while the private cloud talks revolved around Eucalyptus. The idea is that a company (I envision mainly web startups) that need to scale quickly, but can’t afford their own data center, can start off on EC2. Down the road they begin to become profitable and it makes sense to begin investing in their own infrastructure Eucalyptus can be used to migrate their EC2 based workloads to an internal Eucalyptus cloud. What I think makes this interesting is that Eucalyptus implements the EC2 API and supports KVM (EC2 is XEN only). The problem from Canonical’s standpoint? 86 new packages that must be officially supported due to Eucalyptus dependencies.
Sessions about using KVM for testing branched off into several helpful topics. It began with how to ensure that bumping up a package version in the Ubuntu virtualization stack doesn’t cause a regression in guest support. For example, making a newer version of QEMU available in the apt repositories doesn’t cause Windows Server to stop functioning as a guest on Ubuntu. Anthony Liguori pointed everyone to step files and encouraged attendees to contribute step files for Ubuntu and other guests of interest so that regressions would be discovered before a new QEMU release ever happens. Another testing with KVM topic that made a lot of sense was automated package testing in the cloud. It also looks like Ubuntu users will soon have a daily build of the virtualization stack available, which is a big win for both the upstream developers and the users. It will be easy to ask capable users to attempt to reproduce bugs in the daily build packages and will make it simple for users to try out the latest features (and find bugs).
Other
Dustin Kirkland gave a talk on leveraging the cloud for data center power savings. With the short time it takes to suspend/resume and the considerable power savings it provides, consolidating virtualized workloads and putting non-utilized severs to sleep seems like a no-brainer.
The kernel team committed to removing non-upstream kernel code that no one is using anymore and to send most of the non-upstream code that is still useful to the -staging tree.
Finally, something that I’d really like to see improve is the multi-arch support in Ubuntu. Anyone who has tried to run an amd64 version of Ubuntu while still having to use proprietary 32-bit apps should be happy to hear that there are many people interested in improving the multi-arch support. Fedora handles this nicely with the /lib and /lib64 layout and provides both x86_64 and i586 versions of packages and it is time for Ubuntu/Debian to ditch the ia32-libs package and catch up in this area.
I felt that UDS was a very helpful conference to attend. Canonical brought in a lot of upstream developers to help guide the Karmic planning process. If they don’t have an developer working on your project, the amount of users/testers that they can throw your way is the perfect way to quickly mature your code. Launchpad (and it’s upcoming open-source release) and Apport crash detection/reporting are also very promising projects that can help out any upstream developers. Any developers who have a project with a large Ubuntu following should definitely attempt to attend the next UDS (Lethargic Llama, anyone?).