Debian Conference 2014

Speakers: Ana Guerrero López, René Mayorga
The Purpose of the MIA(Missing In Action) team is to track the inactive developers/maintainers with a main concern for the quality of their packages. In the past years the MIA process and tools have not changed so much, the purpose of this discussion is to improve our process, get more feedback of what we are doing good, what we are doing wrong and how can we improve; Before the discussion starts we will give a brief introduction on how does the MIA team works right now, which tools we have at hand and how do we handle the MIA process.

Speaker: Bdale Garbee
Software in the Public Interest is the legal and financial umbrella organization providing services to Debian in the United States. This session will provide an opportunity to meet the members of the SPI board attending Debconf, hear a brief update on the organization's activities in the last year, and get your questions answered.

Speaker: Daniel Kahn Gillmor
GnuPG is a critical part of debian infrastructure. Upcoming changes to GnuPG may have significant impact on debian. This will be a convening of people involved with debian packaging of GnuPG and its related tools, and an attempt to plan for the future. Some topics for discussion: * Making gpg an alternative that can be gpg1 or gpg2 * Thoughts on making the default gpg be gpg2 (or gpg 2.1?) * More shared maintenance via pkg-gnupg. * cross-building and gpg's place in bootstrapping debian

Speaker: Steve McIntyre
Regular meetup of the Debian WWW and Wiki teams

Speaker: Brian Gupta
For members of the two teams to meet, and discuss plans for upcoming year. (Meeting of two teams is combined as there is overlap in team memberships.) Topics like roles of Debian's Trusted Organizations, and how best to manage Debian assets (including Trademarks) will be covered. If anyone is interested in the work of either team, team members will be available for Q&A.

Speaker: Daniel Kahn Gillmor
Computer users leave traces of data on local and remote machines that record their activity. These records can cause problems for people who do not want their activities tracked, and they facilitate both mass and targeted surveillance. Service operators are put in an uncomfortable position because of the existence of this data: they have a responsibility to protect their users, but they may also be at risk of compelled data disclosure against their users' interests. One way to avoid this problem is to reduce or eliminate the quantity of data generated and stored by any system by default in its regular operations. If you don't have the data, it can't be used against you or against your users. Debian is in a good position to shape norms around this -- we can configure default logging levels; we can tune what specifically gets logged, and we can determine how long logs are kept by default. This is a discussion about how to achieve the goal of data minimization within Debian, while considering the tradeoffs and consequences of this sort of change. We should cover at least: * what kind of statement (if any) about default levels of logging for debian packages might belong in Debian Policy * points of convenient control for minimizing logging on standard debian systems * different system logging architectures and how they can support data minimization * how to provide both data minimization and useful debugging information at a system level

Speaker: Stefano Zacchiroli
Debsources is an infratructure and a web application to publish on the web the entire source code of Debian, allowing to search and browse through it. The main Debsources instance, currently running at http://sources.debian.net , spans Debian history from Debian early releases of the 90s to sid and experimental. In this talk I will present Debsources and sources.d.n, highlighting plans for the future and how people could hack on Debsources for fun and/or profit.

Speaker: Jimmy Kaplowitz
Eric Johnson and I from Google are here to work on improving several aspects of Debian on Google's cloud: * Proper Debian packaging of Google's tools and their dependencies * Getting you involved in building the Debian images we ship to customers * Introducing you to our platform and answering questions you might have Come join us and collaborate! We also have a talk on Friday, which will look back and forward at how this effort is going.

Speaker: Jérémy Bobbio
How can we enable multiple parties to verify that a binary package has been produced untampered from a given source in a distribution like Debian? With free software, anyone can inspect the source code for malicious flaws. But most distributions provide binary packages to their users. We would like them to be able to verify that no flaws are introduced during the build process. The idea of “deterministic” or “reproducible” builds is to enable anyone to reproduce a byte-for-byte identical binary packages from a given source. Last year at DebConf13, a last minute BoF kicked off the effort. The last large scale experiment on 5151 source packages yield 62% of them producing matching binaries after a couple changes to the toolchain. A pretty encouraging result! The presentation will explain why we need reproducible builds, what has been done over the past yeast, the problems that have been identified so far and possible solutions. A subsequent BoF will allow interested parties to discuss solutions to some hard problems that were found during this first year of research.

Speaker: Holger Levsen
What is the Debian LTS, what are the experiences so far, what are the plans and expectations?

Speaker: Tom Marble
Many elements of security we rely on such as generating of encryption keys and synthesizing one time session keys depend on random number generation. Any predictability of these numbers introduces potential weakness in secure systems. We often use Pseudo-random number generators (PRNGs) because they are quick and convenient, yet they are deterministic algorithms for approximating a sequence of random numbers. By contrast a true random number generator (TRNG) is implemented in hardware based on a physical process that creates unpredictable noise. Often entropy from TRNGs is used to seed PRNGs to provide a balance of speed and unpredictability. In this talk I will discuss the USB TRNG project of AltusMetrum to create a fully open source hardware TRNG. Why make yet another TRNG when several are commercially available? Because most existing TRNGs are expensive, out-of-stock or based on closed designs. The USB TRNG can be connected to the Entropy Key Daemon (ekeyd) which can provide entropy directly to the kernel pool or serving via the EGD protocol. How can we evaluate the quality of the USB TRNG? Results of statistical analysis will provided along with detailed design documents in order to encourage critical community review.

Speaker: Eric Dorland
For various reasons, obsolete packages can accumulate in Debian. They may be old versions kept around for compatibility. They may be things long obsoleted by a newer piece of software. Eventually, they're all cruft cluttering up our beautiful archive. I'll briefly walk through the work I did to remove old versions of automake from the archive, including dramatized accounts of bug filings, NMUs, tools used, and maintainers cajoled. Then I'll lead a discussion of how we can make this easier, around these areas: * Tools that are missing that could make this easier. * How to encourage maintainers to do the right thing. * Best ways to proceed with mass bug filings & NMUs. * What to do about the long tail of broken packages and obstinate maintainers. Hopefully we can share techniques and come up with ideas to make this easier in the future.

Speaker: Nicolas Dandrimont
This joint session will be the occasion for this year's crop of Debian Google Summer of Code students to present the work they have done in Debian this summer. The planned presentations so far are: - debmetrics: powering metrics.debian.net — Joseph Bisch - Recursively Building Java Projects and their Dependencies — Andrew Schurman - WebRTC — Juliana Louback - Lil'Debi-Running Debian on Android — Kumar Sukhani

Speaker: Ryan Lortie
Casual session for those who are interested in learning (about) Esperanto. (from Wikipedia) Esperanto (/ɛspəˈrɑːntoʊ/ or /-ræntoʊ/; [espeˈranto] is the most widely spoken constructed international auxiliary language. Between 100,000 and 2,000,000 people worldwide fluently or actively speak Esperanto, including perhaps 1,000 native speakers who learned Esperanto from birth. Esperanto has a notable presence in 112 countries. Its usage is highest in Europe, East Asia, and South America We'll discuss: * what it is * why it was created * some basics about the structure of the language * online resources to help with learning it * Esperanto culture and community

Speaker: Alexandra Yates
In this talk we will do a reality-check in terms of the power consumption on off-the-shelve systems running “out of the box” Linux distributions. The goal is to prove how out-of the-box Linux distros on the latest commercial hardware is not optimal. We will demonstrate the steps needed to achieve optimal system power using various tools and analysis techniques including PowerTOP & Turbostat. Upon completion of the talk, the audience should understand the steps needed to properly configure an out of the box Linux distro to take advantage of the power features available on the latest Intel platforms.

Speaker: Nicolas Dandrimont
This joint session will be the occasion for this year's crop of Debian Google Summer of Code students to present the work they have done in Debian this summer. The planned presentations so far are: - debmetrics: powering metrics.debian.net — Joseph Bisch - Recursively Building Java Projects and their Dependencies — Andrew Schurman - WebRTC — Juliana Louback - Lil'Debi-Running Debian on Android — Kumar Sukhani

Speaker: Jérémy Bobbio
How can we enable multiple parties to verify that a binary package has been produced untampered from a given source in a distribution like Debian? While trying to get reproducible builds for Debian packages, several problems were identified. For some, like paths encoded in debug files, we are still missing good solutions. Let's review them and find great ideas!

Speaker: Rocky Craig
Join us Tuesday night after the evening session. HP is proviiding drinks and light food from 8:30 - 10:30 at the City Center Marriott in the second-floor bar. Please bring your DC14 badge so we can distinguish you from the riff raff :-) HP wants to learn more about (re)joining the Debian community, get feedback on Monday's hLinux presentation, forge new collaboration engagements, and explore employment opportunities. There will be a laptop running hLinux with an xfce desktop if you want to poke around deeper. Oh, and drinks and food if you're tired of tech :-) Hope to see you there! Portland Marriott City Center 520 SW Broadway (12 blocks north of Student Union) Second floor in "The DEN"

Speaker: Vagrant Cascadian
I'd like to invite folks to Blues Dancing tonight. It's a partner dance, easy to learn the basics without prior dance experience, and fairly open to incorporating other dance styles if you do have prior experience... Free of cost admission your first time, which includes beginners lessons at 8:30, dancing till 1am. It's all-ages, but there is a bar available, too. http://pdxblues.com Bossanova Ballroom 722 East Burnside (SE 7th & E Burnside) Portland, OR 97214 On the 2nd floor of the Bossanova Ballroom Entrance on Burnside. It's on the East side, the #12 or #19 busses will get you there and back again.