Last week, I attended FOSS.IN, which had its origins as a community event ten years ago, and has evolved to become one of the world’s leading Free and Open Source developer gatherings. Even in the years I’ve attended since 2005, it’s been remarkable to see the progress of the event, from a somewhat traditional presentation-based conference with most attendees being end users, to a developer-oriented week where the main track talks are secondary, and where a lot of real work is done.
This year, the program included Project of the Day sessions, where major FOSS projects held a mini-conferences. I attended some of the Fedora PoTD sessions, including Joerg Simon’s talk on creating a Fedora Security Spin. An expo area was also assigned for major projects throughout the conference, where you’d often find Fedora, KDE etc. folk hanging out — hacking, chatting, and helping people who passed by (including myself, when my Macbook decided to have EFI issues with F12).
Fedora table at the FOSS expo area.
There were also workshops (tutorials), and workout sessions, where groups of people would gather and work on a project for a period of hours or days (up to the full length of the conference). Notable here were Harald Welte’s GSM workout, and a well-attended hardware hacking workout, run by Milosch and Brita Meriac of CCC and Blinkenlights fame. I think these ran all week. There were also workouts for GNOME performance, the SAHANA disaster management system, KStars, and web identity, to name a few that I can recall off-hand. There really was an incredible amount of stuff going on.
I participated in the Linux Kernel workout, which filled the final afternoon of the conference, as well as all the remaining room in the workout area.
Linux Kernel Workout Session
The kernel workout, which was organized by Kamalesh Babulal, included work on specific development tasks, and mentoring of new kernel developers. It was a little chaotic at first, but ended up being a very productive session, and seemed to be over too soon. I’d suggest holding this over perhaps 2-3 entire days next year.
I also gave a talk on SELinux Sandboxing internals, to demonstrate how to utilize various Linux OS features such as namespaces and Mandatory Accees Control (MAC) security, and also how useable and effective security can be implemented via high-level abstractions and encapsulation. This was similar to the talk I gave at FOSS.MY (and will also give at LCA), the slides of which may be found here. I think it’s very important for people to understand that there are no silver bullets for security, especially as we’re working with an OS which was not designed with security primarily in mind. At the lowest levels, security on a general purpose OS is inherently complicated, and like most other problems in computing, we solve this with layers of abstraction. You don’t need to understand the inner working of your CPU to play Scrabulous, for example. I think we’re gradually getting the message across, and I really hope to see more people engaged in helping to solve the always increasingly difficult problems in computer security. We’ve made a lot of progress overall, but still have a long way to go.
Preparing for the closing session.
I’d like to give a special thanks to the FOSS.IN team, who are all volunteers, and who manage each year to organize a very complex event and provide truly great hospitality. I missed the closing talk (and rock concert) to make a flight, although read that Atul Chitnis will be stepping back as leader of the event next year. The conference as it is today reflects his personal vision for fostering core FOSS development activity in India, and it has been inspirational to witness the progress of this. It will be interesting to see who steps up to lead the conference next, and where they will take it.