The first part describes traveller’s experience in Bruxelles. Then I wrote few points for each lecture I visited on Saturday and Sunday, most importantly there are some tocheck marks for topics that are at least worth googling.

Day 0

Assorted impressions and thoughts from my first day in Belgium (ever):

Bilingual environment – French/GermanDutch

  • Until this comparison I thought that English was the most “Germanic” language I knew. Seeing the labels side by side, I realized how much English is affected by French and it is much less a representative of the Germanic language group than German.
  • Despite bilingual, most people spoke French.

Belgian style

  • When I was walking around the city, it somehow appeared to me typically Belgian (i.e. my fantasies about Belgium).
    • Dark facades or even dusty bricks.
    • Shops and services use cursive/curly fonts in their signs.
    • Narrow streets and narrow houses (e.g. width of only a single room).
  • Jugendstil, not medieval?


  • Division to uptown and downtown is literal.
  • I didn’t see a river, must be a small one.

French impact

  • No garbage containers (in the main streets) – people just piled boxes or bags with garbage in front of their shops, restaurants, etc.

Dutch impact

  • Although hilly and winter (well, ocean climate winter), still there were many people cycling (as transport, not sport).

Public transport

  • Neatly reconstructed interiors of trams (wood cover, pleasant sounds – no buzzer).
  • Underground carriage looked older and were without an outer paint, just aluminium.
  • Interior of the stations was rather ugly (functionalism?).
  • All ticket machines (in the center at least) accepted payment cards.
  • No checks in trains, automatic gates that scan a ticket.


  • Soldiers guarding underground/important buildings (hopefully a temporary measure).
  • Cosmopolitan city:
    • Poor (beggars), rich (nicely clothed) of all races/descents (Europeans, Asians, Africans, Arabs).
    • Party integrated (many kebab or halal shops), however, when I got lost I observed some partitioning to Arab and non-Arab quarters.


  • Maneken Pis is smaller than I expected, still not sure I didn’t accidentally saw a fake one.
  • In the historical center, there are many pubs, open gardens even in January. (They seemed stylish, although there were some differences between center and more distant locations.)
  • I saw the Atomium from the train and my my brain is now copyrighted :-)

FOSDEM beer-event

  • Traditional visit of the Delirium Café – high throughput (cl|p)ub – tens of taps, many fasses and pipings.
  • FOSDEM visitors almost DDoS’d it (no one was denied a beer :-) – you couldn’t move inside and tens (maybe few hundreds) people were overflowing to neighboring streets.

Day 1

systemd and Where We Want to Take the Basic Linux Userspace in 2016

  • unified cgroups hierarchy
  • systemd-resolved
    • DNSSEC
      • solves nothing, can break anything
  • unjustifiable attention?
  • OT: Gigantic lecture hall, my estimate is 1500 seats, I’ve never been in such a big room before. I wonder how could the ceiling not collapse with no column support in the room.

What’s coming up in containers?

  • cgroup namespaces
  • setting capabilities from within containers
  • usage of loopfs inside containers
  • didn’t catch the beginning so just watched the demos
    • Incidentally, I learnt about history expansion in Bash (via ! character).

Docker for developers

  • understanding containers as interconnectable components
    • testing network topologies
  • assorted use cases for application developers
    • sharing files into container via bind mounts
    • keeping a container with clean (fresh) database for carefree experimenting
    • container pool to shorten testing time
    • application with mock API inside a container?

Filesystem defragmentation strategies

  • reasons for defragmentation
    • almost full FS
    • files with holes
    • optimization of reading throughput (e.g. for boot sequence)
      • does it apply to (wear-levelled) SSDs too?
    • greater block size of thin-provisioned backing files of VMs
      • the main motivation: greater block size of the image negatively affects storage capacity efficiency
  • the guy patched e2fsprogs
    • some heuristics for relocation
      • readonly/old files, small files

Scaling with Kubernetes, Automatically!

  • container orchestrator at large scale wrt resources
    • controlled via REST API (even support for (reverse) notifications)
  • case study: Infinispan (distributed fault-tolerant in-memory cache (key-value))
    • adding/removing nodes from Infinispan system
    • quite useless visualization app (you just see individual nodes and items stored in them), however very impressive for presentation

Leveraging Docker in Automotive projects based on AGL/GENIVI

  • they are developing for a board with Yocto/Poky distro
    • two packages (Docker images)
      • Board Support Package (BSP) – to flash to the board
      • complementary SDK package for development
  • reduces cost and time-to-market, continuous integration
  • emphasis on repeatable builds
    • LTS versions of the embedded SW
    • idea: can’t it make OBS environment setup faster?
      • it’s basically chroot with cached packages already
    • curiosity: 40 yrs old nuclear powerplants in France, people keep such old computers to be able to rebuild the SW

New horizons for the CRIU project

  • learnt about Checkpoint & Restore In Userspace project
    • it doesn’t capture a single process only but whole graph (with kernel resources such as TCP connections)
    • newly providing API via libsockcr
  • application: live migration, seamless kernel updates (under containers)
  • interdependent on kernel (from user’s POV, actual CRIU implementation must cooperate with/watch upstream)
  • ongoing challenges
    • binary logging (~qb-blackbox + not wasting time on printf)
    • advanced procfs support
      • it’s slow to get info from kernel (workflow: binary -> text -> binary)
  • interesting project

Container mechanics in Linux and rkt

  • rkt alternative to Docker to build upon namespaces API, part of CoreOS project
  • seems more lightweight (no client-server architecture)
  • then uncounted repetition of Linux namespaces theory

Powering Twitter’s infrastructure with containers

  • 10^5 containers (didn’t understand whether for internal processing or in total)
  • tocheck: Aurora, Mesos
  • presented data that indicated drawbacks of hyperthreading (i.e. really not equal to two full CPUs) and necessity to take this into account when assigning tasks to CPUs

Privacy and Tracking Protection in Firefox

  • corporate vs government surveillance
    • notify government every time you have a new friend, new job, write a letter, …
    • the users did it voluntarily
  • privacy as a business model
    • nice metaphor: suck up information dust
    • Google, Facebook etc. + unknown companies
    • over world it’s tens billions dollar industry (much of it is Google)
  • methods
    • third party cookies
      • 67 % of top million sites use Google Analytics
    • browser fingerprinting (loaded 3rd party JS)
      • Lightbeam extension visualizing 3rd party links
  • solution
    • political
      • General Data Protection Regulation, succeeding law from 1995 (they realized OK button for cookie isn’t actually working)
    • technical
      • limit network requests
      • using similar infrastructure, list (GPL 3) collected by Disconnect company
        • and limiting 3rd party cookies in private mode
      • sites shouldn’t have hard dependencies on 3rd party services
      • don’t use Firefox, use Tor (browser)
  • curiosities from QA
    • referrer header (https -> https is passing(!))
    • tocheck: Cloudflare, SSL termination

Day 2

etcd: the cornerstone of distributed systems using Go

  • etc distributed key-value storage, higher order systems building block
  • v1 had consensus algorithm with flaws, now it implements Raft (tocheck paper: In Search of an Understandable Consensus Algorithm)
    • current version is 2.0, and 3.0 is coming
  • peers communicate using protobuf (tocheck)
  • why etcd: HA, HR (reliability), strong consistency guarantees
  • API provides interesting operations for atomicity (compare and swap/delete)
  • application/motivation (within CoreOS project)
    • locksmith: CoreOS reboot lock after updates
    • SkyDNS (DNS and service configuration, backed by etcd)
    • vulcand: load balancer for microservices (it’s stateless thanks to etcd)
  • Go experience
    • pro: rapid development, good concurrency
    • drawbacks:
      • CloseNotify (leaking FDs), unpredictable GC (latency spikes), scheduler startvation (Raft goroutine)

Building a peer-to-peer network for Real-Time Communication

  • aka Ring
  • demo
    • first highlighted portability (installers for various systems)
    • then call to Canada with webcam to a room, and a Python script to turn on/off a lamp remotely
      • and then Android and Beaglebone device demo
    • little problem that the GUI was in French
      • Erreur de segmentation :-) (it’s Alpha yet)
  • three levels of distribution: centralized, decentralized (multiple servers), distributed
  • based on OpenDHT - explanation
    • QA: entry points
      • well-known node operated by them (only for the first start)
      • later published list of entry nodes
  • problem of NATs/firewalls: STUN, TURN
    • every peer can register as one
  • DHT objects are the clients and mailboxes
    • they extended upstream OpenDHT to support LISTEN (on the mailbox) call
  • security
    • no servers, no subscriptions
    • users are identified by public keys
      • RSA handshake?, checking certificates
        • by default they are self-signed, or can be X.509
      • communication itself is enrypted with AES128
  • implemented as a daemon + client application
    • client application can be crafted for another purpose

Containers and virtualization

  • evolution of buzzwords: VM, cloud, container
  • tocheck: priviliged containers, vagrant, Atomic, JeOS
  • demo: 5 levels of nested virtualization
    • running a VM inside container (thus it’s privileged)
    • inside that is container and in that another VM (vagrant?)
    • inside that another Docker with just busybox

How containers work in Linux

  • brief summary of history and purposes
  • importance of shared kernel
    • updates, scheduling
  • fruit of 2011 agreement on virtualization/namespaces API
    • cgroups (controllers), namespaces
    • API is terrible (with exception of network ns (ip netns))
  • comparison with full virtual machines
    • their images are 10^2 MBs (cf. 10 MBs)
    • hypervisor doesn’t see into the machine (scheduling)
    • complicated preemptiveness (keyword: (memory) ballooning)

Key-signing party

  • didn’t spot a fake passport, saved by community
  • subjective ID based statistics of FOSDEM audience: 6/14 Germans, 4/14 French, 2/14 Belgian, 1/14 British, 1/14 others