Southern California Linux Expo 20x
My Experience at the Southern California Linux Expo (SCaLE 20x)
This originally started as a presentation I made for work after visiting the
SCaLE 20x in March of 2023. I santized this of work-specific information so
that the notes could be published here and made useful. Then I threw in some
background of my time in Pasadena (or well... todo anyway).
What is SCaLE 20x?
What is SCaLE? It's an event in Pasadena, CA going on for 20 years, although
it's not really a “Linux” expo. 20x was a four-day event beginning Thursday
(03/09) and ending Sunday (03/12).
Multiple “sub-conferences” took place:
- SQL series (pSQL and later mySQL)
- Kubernetes Community Day
- E-ALE (embedded Linux folks)
- DevOps Day L.A.
- Other groups??? (a bajillion sponsors)
What is at SCaLE?
image redacted until I can replace my friends' faces with Guy Fawkes masks
- Talks
- Workshops
- CTFs
- Exhibit hall
- Game night
- Keynotes
- Lightning “Upscale” talks
- Why is this relevant?
- See what is current and relevant.
- Hopefully there is something interesting for everyone.
- Check-in with the developer community IRL
- Scour for takeaways and highlights
Weekday Talks
Thursday
- Workshop: Embedded Board Intro
- Intro to U-Boot Loader
- Intro to GPIOs and libgpio
Friday
- Workshop: Intro to I2C and I2Cdev
- Workshop: Introduction to SPI and SPIdev
- Workshop: Introduction to IIO and Input Drivers.
- Confidential Story of Well-kept Secrets
- Taming Feral DevOps
- Kubernetes Homelab BoF
Embedded Systems Workshop
Three instructors and one's of them kid led embedded talks. We were supposed to
get Raspberry Pis, but we got BeagleBoards (BeagleBone) due to supply chain
issues. This altered our schedule.
1st lesson:
– info dump on theory
- board specifications
- first boot
- SSH
- network (WiFi) connection
- runtime development environment
2nd lesson:
– History and theory of u-boot (v. GRUB2, syslinux, etc.)
- Boot process (3 phases to load the kernel)
- Serialed in over GNU screen (alternatively minicom or picocom)
- U-boot conditional compilation and self-healing superpowers
3rd and 4th lessons:
– low-level board input and output
- GPIOs and libgpio
- Formalizing “bit bashing” (or “bit banging”)
- I2C protocol – the spec-less, bus-based catch-all protocol
- RTOS v. embedded Linux (RTOS is less performant but more responsive)
I also had the privilege of meeting a guy who has been going to SCALE for 17
years and what he has seen. The guy won prize two years in a row.
Kubernetes and Homelab B.O.F
Professional evaluation of homelabs:
- keeps skills current
- self-hosting (a sort of “on-prem”) gives control over software
The instructor's network:
- one master node
- 3 PXE booted boxes
- Small-scale k8s network (k3s)
- software:
- dashboards
- databases
- "non-critical" home automation
- media streaming servers
- proxies
- news readers
- even a game
I asked about his running his own dev solution. He said he's done enough of
that for CI/CD stuff. I also asked for his network visualization solution.
He keeps it simple but that was still a TODO… No recommendation.
Weekend Talks
Saturday
- Keynote: Arun Gupta
- Symmetric Multiprocessing (SMP) with FreeRTOS and Raspberry Pi Pico
Pasadena Nights: The Legend of Rust and Zephyr
- Building a Plant Monitoring App with InfluxDB, Python, and Flask Edge to Cloud Replication.
- What Nix Can Do.
- Maintaining and Contributing Code Easier with Devcontainers
Sunday
- Keynote: Creativity and Productivity in the Age of Tech Hype
- eBPF Superpowers for Security
- Your Infrastructure needs to D.I.E
- Keynote: Ken Thompson
What Nix Can Do
Nix is lately a buzzword in the Linux world… which means and does a lot of
things… or it’s a meme. Nix is being rapidly adopted as a solution for trending
"immutable systems" or "immutable distros". Nix is a secondary package manager
and scripting language (which the build system is written in).
NixOS is a Unix distribution that uses Nix as its system package manager. It is
touted as having the highest security of any Unix distribution.
Why is this relevant?
- RPM-world (RHEL, CentOS) competes with other immutable systems: Fedora
Silverblue, OpenSUSE MicroOS.
- reproducibility
- Configuration as Code – CM (or sysadmins, developers, etc.) write or adapt
one top-level, declarative configuration file, and Nix’s build system
reproduces the exact OS or environment on any machine.
- Every package is tracked by inputs and outputs in declarative language,
hashed, and cached by version.
- Needed software and versions are recursively and identically built from
source.
- Nix use is growing and noticeable on source platforms like GitHub.
- It can also cross-compile other OSs, environments, or files in a reproducible
(not just repeatable) manner.
Devcontainers
It is a standard pushed by Microsoft, with support in IDEs and editors; VSCode,
Jetbrains tools, vim, etc. Personally, some of our team have used them at our
work.
Essentially it is a JSON file with three different fields:
- Name + image or build definition (Dockerfile, args, context)
- Features – link to (others') feature repo that adds functionality
- Settings – Do not affect the running of the container.
- Improves consistency of developer experience
- Mirrors VSCode settings (and probably other editors)
They keeps the development environment more tracked and reproducible, and
allows quick spin up and contributions.
- CDE integration (cloud development environment)
- Codespaces on GitHub for a one-click to enter the development environment
- Similar solutions include GitPod… Oh and Nix which provides first-class
support for dev environments!
(left off at slide 9)
EBPF: Superpowers for Security
"What JavaScript is to the Browser, eBPF is to the kernel."
eBPF: extended Berkeley Packet Filter
This does more than its original namesake:
- It makes the kernel programmable by application developers.
- It is useful for “This is a known bug,” or “This fix will take 4 years to approve.”
- It is cross-platform for Windows, Linux distros, and cloud platforms.
Bpf() system call loads compiled (bytecode), sends it to the ePBF verifier (in
kernel), and then to the eBPF JITc.
There are mulitple hooks at runtime:
- U-probes (attach to userspace processes) for statistics, metrics… hacks?
- Syscalls, kernel functions, namespaces, file i/o, privilege changes, execution
- Deeper network, device, driver layers
- Attach to “hardware” (or probably firmware)
Some examples of eBPF project-relevance and business are:
- Networking: high performance networking (e.g. cloud where IP addresses are ephemeral)
- Security: trace system calls to ensure compliance with security policies.
- Observability: Collect logs and metrics across the system, helpful for debugging
- Isovalent’s Tetragon is the Kubernetes security solution based on eBPF programs.
Linus was actually impressed. He probably has fewer merge requests to approve.
Your Infrastructure Needs to D.I.E
D.I.E. supersedes traditional C.I.A. where:
- C.I.A.: confidentiality, integrity, and accessibility
- D.I.E.: distributed, immutable, and ephemeral
D.I.E. is distributed with “cattle” like containers, whenever possible, orchestrated with k8s, Helm, and other tools.
It is immutable in that no internal state of distributed nodes changes. Everything is RO. State is stored only in specially selected “pet” nodes (typically VMs) that have rock-hard security
It is ephemeral in that any node can be destroyed at any time and the
deployment can continue to function and self-heal.
Bamboozle layer
If an attacker tampers with a node, the container is destroyed without
explanation. One example combined an eBPF program to watch for any forbidden
system calls and trigger death. The buzzword for this is “Security Chaos
Engineering”
Highlights and Takeaways
A Jenkins plugin, “Lava”, for PXE booting with u-boot may be immediately useful
for infrastructure projects.
A BeagleBone could be setup in the lab as embedded training platform if desired
and permitted.
Devcontainers or Nix scripting/packaging (or GitPod, etc.) may be used per
repo. It decreases spin-up time, captures development dependencies, and
increases reproducibility. Bitbucket (and probably GitLab) may have a plug-in
for this.
For intermittent bugs/failures during signal processing, eBPF programs may
monitor and act on kernel operations. This is especially relevant when
containerized workloads are depending on a shared kernel.
While migrating and upgrading various machines, VMs, and containers to a more
regular k8s deployment, D.I.E architecture may enhance lab deployment and
security.
Vault is a good choice for storing secrets (see: Confidential Story of
Well-kept Secrets).
There were additional, "exotic" resources mentioned during the Upscale Talks:
- Conferences
- hackerspaces
- makerspaces
- usergroups
- Spatula for web-scraping (and moving sysadmin scripts to Python in general)
- Selenium for automated testing, etc.
Exhibit Hall
This was a warehouse-sized room of many, many booths ran from mid-Friday to
mid-Sunday.
There were various organizational presence from:
- professional: CNCF, GNU, GNOME, IEEE, IETF, IPv6, and LF
- commercial: Arm, Intel, AREDN (arednmesh.org)
- distros: FreeBSD, Gentoo, RedHat, and Ubuntu.
- other software: CircleCI, GitLab, Jenkins, NGINX, VLC
Current and popular tech being pushed IRL:
- CNCF: k8s, ArgoCD, etcd, Envoy, Fluentd (Calyptia), Rook
- Ceph
- Grafana
- postgreSQL
- AlmaLinux and (open)SUSE are memes.
The new technology here was: eBPF (Isovalent), Nix, NixOS
I got neat stuff here as well. :)
Game Night
On Saturday, SCaLE hosted a game night. It was a good break from all the
technical discussion. There were actually casino games, escape rooms, air
hockey, billiards, cornhole, and arcade cabinets. There was also a retro
computer showcase (interactive too!). There was also free food. :)
This was a new event to 20x to encourages nerds to mix and try new things,
and it was also a family friendly event!
I had the opportunity to network with some folks and talk high-level about
the company. I was surprised that people recognized each other despite its
being an annual event.
Lessons Learned
Some industry/technical terms:
- developer advocate: Often a former SWE who focuses on a specific product to
act as a liason between its developer community and the product's company.
- site reliability engineer: somewhere between IT and platform teams that use
DevOps-y principles to increase system reliability, observability, and
decrease latency, etc. (e.g. Artifactory's daily crashing).
- edge-to-cloud replication: Basically replicating databases on nodes closer to
“edge” (end-user) devices for lower latency. It's useful for SaaS... not SCIFs.
General lessons for travel and conference newbies:
- FOSS events (or just SCaLE) have no formality (just nerds in sweats running around). Along those lines, business cards were appreciated but not really a thing.
- Plan for fewer, most relevant talks. Use time to talk with the speakers and gather notes.
- Pack lunches… at least when important talks are close together. If a free
lunch is provided… it better be more worth your per diem.
- Bring friends who are ready for a knowledge share (but not too many).
Appendix
Thursday Talks
- Workshop: Embedded Board Intro
https://www.socallinuxexpo.org/scale/20x/presentations/workshop-embedded-board-intro
- Introduction to the u-boot Bootloader
https://www.socallinuxexpo.org/scale/20x/presentations/introduction-u-boot-bootloader
- Introduction to GPIOs and libgpio
https://www.socallinuxexpo.org/scale/20x/presentations/introduction-gpios-and-libgpio
Friday Talks
- Workshop: Intro to I2C and I2Cdev
https://www.socallinuxexpo.org/scale/20x/presentations/workshop-intro-i2c-and-i2cdev
- Confidential Story of Well-kept Secrets
https://www.socallinuxexpo.org/scale/20x/presentations/confidential-story-well-kept-secrets.
https://www.youtube.com/watch?v=zUfEERh4DXU
- Taming Feral DevOps
https://www.socallinuxexpo.org/scale/20x/presentations/taming-feral-devops
https://www.youtube.com/watch?v=ZbLOu8LnqhY
- Kubernetes Home Lab BoF
https://www.socallinuxexpo.org/scale/20x/presentations/kubernetes-home-lab-bof
Saturday Talks
- Keynote: Arun Gupta
https://www.socallinuxexpo.org/scale/20x/presentations/keynote-arun-gupta
- Symmetric Multiprocessing (SMP) with FreeRTOS and Raspberry Pi Pico
https://www.socallinuxexpo.org/scale/20x/presentations/symmetric-multiprocessing-smp-freertos-and-raspberry-pi-pico
https://www.youtube.com/watch?v=cEzTF95wkWA
- Building a Plant Monitoring App with InfluxDB, Python, and Flask with Edge to Cloud Replication
https://www.socallinuxexpo.org/scale/20x/presentations/building-plant-monitoring-app-influxdb-python-and-flask-edge-cloud
https://www.youtube.com/watch?v=gZ8OrW7EHEE
- What Nix can do.
https://www.socallinuxexpo.org/scale/20x/presentations/what-nix-can-do
- Maintaining and Contributing Code Easier with Devcontainers
https://www.socallinuxexpo.org/scale/20x/presentations/maintaining-and-contributing-code-easier-devcontainers
https://www.youtube.com/watch?v=IqDwzawACpM
https://www.socallinuxexpo.org/scale/20x/game-night-general-admission
Sunday Talks
- Keynote: Creativity and Productivity in an Age of Tech Hype
https://www.socallinuxexpo.org/scale/20x/presentations/keynote-creativity-and-productivity-age-tech-hype
- eBPF Superpowers for Security
https://www.socallinuxexpo.org/scale/20x/presentations/ebpf-superpowers-security
https://www.youtube.com/watch?v=xI6BV7kZeDM
- Your Infrastructure Needs to D.I.E.
https://www.socallinuxexpo.org/scale/20x/presentations/your-infrastructure-needs-die
https://www.youtube.com/watch?v=iNKgyRDqzaE
Other Weekday Talks of Interest
Thursday:
- Leigh Capili, Eddie Zaneski – GitOps Workshop: Collaborating at Organizational Scale
- Paige Cruz – Intro to Instrumentation
Friday:
- Alvaro Leiva, Anita Zhang – Worshop: Guided Journey into the heart of systemd.
- Natalia Ivanko, John Fastabend – The Next Log4jshell?! Preparing for CVEs with eBPF.
- Christopher Travers – SRE Lessons. https://www.youtube.com/watch?v=iYzYQRfKmes
- Noah Kantrowitz – Minimum Viable Kubernetes.
https://www.youtube.com/watch?v=Mk4aDyf1V0E
Other Weekend Talks of Interest
Saturday:
- Frederic Desbiens – Pasadena Nights: The Legend of Rust and Zephyr
https://www.youtube.com/watch?v=jh8L0p5FEc8
- C++ Things you were Taught to do Wrong
- https://www.socallinuxexpo.org/scale/20x/presentations/c-things-you-were-taught-do-wrong
- https://www.youtube.com/watch?v=Fz5omseNHGc
- Yarden Laifenfeld – Debugging the Developer Way
https://www.youtube.com/watch?v=VVbidkqteLI
- Carl George – The Road to EPEL 9
https://www.youtube.com/watch?v=0PbQ-IJEb1o
- Rizel Scarlett – Level up with Copilot
- Julia Kreger, Jay Faulkner – The Death of Hardware Knowledge
https://www.youtube.com/watch?v=-9SjVINjHUM
- Mel Kaulfuss – Applying SRE principles to CI/CD
https://www.youtube.com/watch?v=gP3VBi8lmcA