Talks

Wednesday, June 7, 2017

I figured it would be nice to have one canonical place for talks I have given on containers, container security, Docker, Kubernetes, and Open Source. So here it is…

2017

Google Cloud Next - Build user trust: running containers securely

Co-Speaker: Alex Mohr

This talk covers all the ways you can secure your Kubernetes cluster using a Certificate Authority, Authentication, Secrets and more. We also describe and demonstrate the ways you can use Seccomp, AppArmor, SELinux and cgroups to make your application containers as secure as possible - so you can build organizational and customer trust.

CoreOS Fest - Container Linux on the Desktop!

This talk covers how to build a secure desktop OS with only containers and CoreOS Container Linux. It also describes the benefits gained from using Container Linux as a base OS and how to go about running it on the desktop.

Kubecon - Dance Madly on the Lip of a Volcano

Co-Speaker: Brandon Philips

This talk covers how we designed an awesome security release process for Kubernetes and all it’s sub-projects.

Open source projects strive to be transparent in everything they do, but when it comes to fixing security patches they need to find the right balance of “open” and “responsible.” This means vulnerabilities should be reported in a safe way as well as patches tested and reviewed with a limited audience. The companies that rely on Kubernetes should have time to patch their systems before a public announcement.

Various sets of infrastructure and collaboration are needed to make this a reality. The design we used could also be applied to other projects and even internally in your company.

2016

Container Summit - Building Containers in Pure Bash and C

This talk demonstrates how to build containers from the Primitives in Linux without using a container runtime. Learn about the objects that make up containers themselves.

Arrested DevOps - Exciting Topics like Containers & Security

Ben Hughes and I chat with Bridget Kromhout about everyone’s favorite topic, security.

Github Universe - Blurry lines between individual contributor & corporate backers

When working on open source projects, your contributions and opinions on the project and its motives are usually very personal. This talk covers intricacies of “choosing your battles” and how personal passion for a project might conflict with corporate motives.

Container Camp - Application Sandboxes vs. Containers

This talk covers the differences between application sandboxes and containers. The most well known sandbox is Chrome, for providing “hard guarantees about what ultimately a piece of code can or cannot do no matter what its inputs are”.

At its core, the Linux Chrome sandbox uses namespaces along with seccomp and other native features to provide these guarantees. Containers are composed of the same primitives. What is needed for containers to provide this promise? Can it be done by default? What steps are already being made to get towards containers that actually “contain”? What challenges will be faced?

2015

Dockercon EU - The Latest in Docker Engine

Co-Speaker: Arnaud Porterie

Learn about the latest capabilities in Docker Engine and how to use them in your application. This session also covers best practices for using Engine, troubleshooting tips, and cool lesser known features.

This video has the first ever demo of Seccomp in Docker as well as a fun story about trying to save a docker image to a floppy disk.

DockerCon - Container Hacks and Fun Images

This talk is a 100% live demo of running desktop applications in containers. Everything from Spotify to Skype. Explore some of the more interesting things you can containerize on Linux. View first hand different workflows for how to run/build different apps in containers. This talk covers desktop apps as well as some other apps you would have never thought could run in a container.

Container Camp - Willy Wonka of Containers

This talk has live demos of desktop applications in containers including Steam.

HashiConf - Dockerizing all the Things

This talk goes over the way the Docker project uses containers for their testing infrastructure as well as internal infrastructure. Find out about real pain points solved by running things in containers as well as some different hurdles uncovered along the way.

DotGo - The Docker Trail

This talk recounts stories from the trenches of developing Docker, explaining 3 odd things her team stumbled upon in their Go code and how they fixed them. One of which is very odd and gets into the depths of dlopen-ing yourself.

Google Cloud Platform Podcast - Containers

Francesc Campoy and I talk all about Dockercon EU and containers.