GHM — GNU Hackers' Meetings

The GHM 2016 took place in Rennes (Brittany, France) from August 18-20 hosted by Inria (check the map).

You can check the videos of the talks.

Group photo of GHM 2016 participants

GHM Program

Wednesday

Thursday

Friday

Saturday

Abstracts

GNU Guix is 4 years old! (40 min)

Speaker: Ludo

The possibility of a GNU package manager and distro was first discussed at the 2012 GHM. Since then, it has become a reality and an exciting experience! This talk will look at where we are today, describing the Guix and GuixSD achievements available to users today. I will then discuss the road to 1.0, cool projects we have in mind, and ways you can help.

Cuirass: Continuous integration tool for GNU Guix (20 min)

Speaker: mthl

Cuirass is a continuous integration tool à la Hydra but built on top of Guix package manager. It will improve integration with Guix and will power continuous builds of packages. This talk will present the work done this summer for Google Summer of Code.

GNU Taler (45 min)

Speaker: Florian & Marcello (Inria)

Introducting taler.net, a new GNU payment system.

Xotol: A mix network packet format with hybrid anonymity (15 min)

Speaker: Jeff (Inria)

We describe a new double ratchet construction Xotol, inspired by the Axolotl ratchet, that integrates with the Sphinx mix network packet format. We believe this opens the door to compact mix network formats with truly hybrid anonymity, meaning they rest upon the stronger of the security assumptions required by the different public key primitives employed.

ZFS: Love Your Data (60 min)

Speaker: Neal Walfield (GnuPG)

ZFS is a next generation file system: it improves upon the reliability, flexibility, performance and scalability of traditional file systems. ZFS better protects data by hashing stored data and making updates to the underlying drives atomic. ZFS is flexible: it is a copy-on-write file system, which enables inexpensive snapshotting of data sets. This, in turn, enables quickly rolling back a data set to a given snapshot or even forking a data set. ZFS also supports hierarchical storage management: it can use an SSD to transparently cache reads. Finally, ZFS is scalable: some existing installations have over a PB of storage.

In this talk, I will present ZFS's features and provide practical advice on how to deploy ZFS.

GNUnet as a text message transport system (45 min)

Speaker: Volker Birk (pEp Foundation)

Abstracting text messages is what pretty Easy privacy does. There is email, XMPP, even Facebook Messages. But all these messaging systems create a lot of meta data, even if you encrypt. So the idea is to use GNUnet for implementing a text message transport system based on CADET, which is using onion routing ideas to protect all meta data. Then this message transport goes into the transport system of pEp engine, and can be used on all text message platforms, which are addressed by pEp, from Microsoft Outlook, Thunderbird/Enigmail up to K-9/pEp and Kontact. This lecture is about ideas and design of the implementation we started together with GNUnet.

Security for programmers - everything your programming language never told you about (30 min)

Speaker: Beuc

When I worked as a devop I thought I knew a lot about security.
But recently I had the opportunity to get a full-time job in the field, and I saw that while I knew the basic principles of protecting my code, I had no idea on what a cracker could do with a vulnerability, nor how easy that could be!
Moreover, I discovered that my programming languages could be quite sneaky and provide features seemingly meant for an attacker to exploit.
So I'll share some anecdotes about PHP (of course!) but also Perl, Python, or even bash. I'll also explain the basics of C exploitation so you understand how an "off-by-one" vulnerability in C can morph into full remote code execution.

An Advanced Introduction to GnuPG (60 min)

Speaker: Neal Walfield (GnuPG)

Abstract: GnuPG is a powerful tool. In this practical presentation, I will start with an overview of OpenPGP, the messaging protocol that GnuPG implements. Then, I will explain GnuPG's architecture, some good practices, and some neat tricks. This talk is specifically targeted at people who already have a basic understanding of how GnuPG works, and are interested in understanding what's under the hood.

Biography: Neal has been hacking on and contributing to free software for over 20 years. Among other projects, he has contributed to GNU Hurd and GPE (the GNU Palm Environment). After g10code's highly successful fund raising campaign at the end of 2014 for GnuPG, he was hired by Werner Koch to work on GnuPG. During the past year and a half at g10code, Neal has implemented trust on first use (TOFU), and fixed GNOME Keyring to better interact with GnuPG, among other things.

Latest news about GNU Hurd (40 min)

Speaker: Samuel Thibault

In the past years, the GNU Hurd project has made a lot of progress in terms of stability and performance, as well as functionality: we have a prototype for userland sound drivers support through the Rump kernel.

GNU and SPARC (120 min)

Speaker: Jose E. Marchesi

Like the Gaul, this talk is divided in three parts. The first part introduces the latest SPARC hardware and CPU models. The second part summarizes the extensive work being performed in the GNU toolchain (and other parts of the system) in order to properly support that hardware. The third part discusses several characteristics being introduced in modern processors such as secret instructions, "software-in-silicon", firmware hypervisor and virtualization, and its potential impact in the user's freedom.

New libraries in the upcoming Emacs 25.1

Speaker: Nicolas Petton

Emacs 25.1 will come with new and streamlined collection libraries, with the purpose to help package authors and remove the need for third party libraries. This talk will present three of these libraries: seq.el, map.el and stream.el

Using Guix and Emacs in perfect harmony

Speaker: anonymous

GNU Guix comes with a delightful Emacs interface covering many aspects of it. First, it has a visual package management user interface, similar in style to package.el, but with access to all the bells and whistles that Guix provides. But beyond that, it has interfaces to navigate packages, licenses, source code, to browse build logs, to query the continuous integration tool, and more. This talk will drive you through all these features with many demos.

Tidy GNU Emacs config (15 min)

Speaker: psachin

After many years of using GNU Emacs, you learn a lot, you keep on customizing your configuration file(s). Finally, it is a mess. You can't find your own configuration. And when you share the configuration with a new user, he is demotivated. In this session, lets learn to keep you GNU Emacs configuration neat.

How I am trying to make Debian more Free for its users (15+15 min)

Speaker: Ian Jackson

In practice it can be quite difficult to modify Debian, privately, and use one's own modified version: the tools don't make it easy, particularly if you want to keep up to date with security patches provided by Debian. I'm working on a long-term personal project to make this easier, so that everyone can have their own trivial local Debian derivative.

Navigating the Guix subsystems (30 min)

Speaker: anonymous

What does it take to go from a high-level package definition to an actual package in /gnu/store? This talk will walk you through the subsystems involved in making that happen. We will also discuss subsystems used by maintainer tools, such as importers and updaters.

The BareMetalC framework (15m)

Speaker: Hugo Delchini

The BareMetalC project is a framework that gives developers a tool to build applications in a completely baremetal environment. This means without any operating system but with the same features than with an operating system. The first version allow to build complete applications in a BareMetal environment on standard PC with 32 bit CPU. Other versions for other platforms will follow. It includes the BareMetalC compiler and programming language with a complete framework of libraries and tools to build applications without relying on an operating system but with a very similar development environment.

libbrandt (45m)

Speaker: Markus Teich (GNUnet e.V.)

In this talk I will show how to run digital auctions securely. I'll present advantages over platforms like eBay, and areas where the privacy and security parameters of libbrandt are actually needed. A brief overview of the library, the internal crypto, and how to use it will be given as well. (libbrandt is a Google Summer of Code 2016 project under the GNU organization.)