Meetups/Infra/2025-10-27

From Noisebridge Wiki

< Meetups | Infra

Revision as of 04:52, 10 February 2026 by Maintenance script (talk | contribs) (Imported from Noisebridge wiki backup)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Stuff | Events | Projects | Meetings | Donate

E

Events | 5MoF | Hosting | Streaming | Meetup | Classes | Anniversaries | Hackathons
Upcoming Events | External Events | Past Events | Future Events

E

Meetups / Infra: 2026 | Template | Pad (live notes) | Jitsi (video call/screen sharing) | (M | lu.ma | discord events | chat)

V · T · E

Starting point of containers & docker, discussed in depth via strace, man pages, search, & discussion. Talked some about AWS outage.

Introductions[edit]

[name] - [background]. [goals for meetup, or interests to explore]

Loren -- bg in
Alex -- bg in ml stuff, bsky as a firehose, using k8s stuff
Gwen -- here to learn
Greg -- big tech production engineer day job, home lab & personal infra projects on the side
Abdou -- visiting the US for 4 weeks, 2nd time at NB, such a draw. Started something last year, with business partner, dealing with misconfiguration common in deep learning. Have a binary to do the audit.
Gary -- building a website, and system for the lockers
Max -- here to talk about infra, learn things, be here
Cole -- have been furiously obsessing over my laptop's battery life, cpu idle state, working on a universal clipboard for linux + android
Rob -- worked at a bunch of early stage startups, cloud startups, saas, nix
Doug --extremely simple man, self-host, learned about the utility of cloudflare tunnels to multiplex
Elan -- doing k8s full-throttle. At recommendation of .., getting into istio, k8s service mesh
Lulu -- first time here. learning backend development. Learn about people's passion for backend
Chris -- work in design, no infra quetsions now
Josh -- saw in discord chat

Lesson or Demo[edit]

Read aloud: clarify for meetup. We are taking notes in a riseup pad (or I am--help appreciated, and links). We have meeting notes posted to the wiki. noisebridge.net, search Infra, or Meetups/Infra. (the Infrastructure page has a disambiguation link.)
Shell, web services, self-hosting, networking!

systemd-detect-virt

docker
- cgroups! namespaces! ports! COW copy on write, overlayfs. linux! chroot!
  - namespace types? networking NET,
  - standard system resources. RAM, CPU -- cgroups
  - stop/control IPC,
  - file system -- OverlayFS
  - cap_* cap_net_admin (low ports <1024, rootless operation)
    - granting sub-sets of permissions without granting full root
  - preventing use of / filtering use of syscall
  - UID/GID / PUID/PGID

- oci -- Open Container Initiative

https://specs.opencontainers.org/image-spec/

jails?
https://github.com/p8952/bocker docker implemented in bash
another legendary docker from scratch https://www.youtube.com/watch?v=Utf-A4rODH8

One of the greatest celebrated, driving benefits of containers is not using full virtualization

https://nixery.dev/

assembly languages function calling
- lots of ceremony around this and loading and unloading data into registers and memory

- cuda != assembly
- https://github.com/xoreaxeaxeax/movfuscator

Security and stack overflows
- smashing the stack https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf

- weird programming with gadgets

https://en.wikipedia.org/wiki/Return-oriented_programming

- SAFE memory is numbers and permissions to access these numbers

apple improves on this with checksums
- https://security.apple.com/blog/memory-integrity-enforcement/
- signed pointers

topic request: in containers, query about the difference between container and vm, for security concerns

specifically security around untrusted workloads via containers vs vms
- https://en.wikipedia.org/wiki/W%5EX

Daniel -- roommate working on CFI (control-flow integrity), encrypted with key derivable from valid control-flow-paths into it

W^X: https://en.wikipedia.org/wiki/W%5EX

CHERI

https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/

https://en.wikipedia.org/wiki/Capability_Hardware_Enhanced_RISC_Instructions

https://grahamc.com/blog/nix-and-layered-docker-images/

https://xeiaso.net/talks/2024/nix-docker-build/

try yourself: strace -- docker run hello-world

Outro[edit]

Alex, Josh - intrigued about this nix instead of docker thing. Nix crew is making intriguing claims
Doug, Abdou -- learning more about docker
(Daniel's mention of Control Flow Integrity PhD thesis)
null smashing
I should do what my friend recommended a year ago, start using strace -- would like to go more into the example
- first principles learning
- cool link: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server, how to secure a linux server
2nd: memory layout, the fragility and conventions. And strace
ssh forwarding agents.
Robert, interested in learning more--all over the head

networking stuff 2 mondays how does netboot work.

netboot.xyz

Questions, Discussion, or Coworking[edit]

[Issue]

For next time[edit]

Questions[edit]

Readings & Exercises[edit]

Readings
Exercises

Join online[edit]

Try it yourself!
- Join libera.chat #nb-meetup-infra

https://www.noisebridge.net/wiki/Meetups/Infra

https://pad.riseup.net/p/nb-meetup-infra-aws-outage

Retrieved from "http://beyla.local/index.php?title=Meetups/Infra/2025-10-27&oldid=3693"