mirrors
/
talks
mirror of https://github.com/vbatts/talks.git
1
0
Fork 0
Code Releases Activity
talks/2017/09-containing_security/index.html

2446 lines
82 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html class="sl-root decks export offline loaded">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Containing Security</title>
<link rel="stylesheet" type="text/css" href="lib/offline-v2.css">
<!-- Team CSS -->
<style id="global-css-output" type="text/css">
@import url("https://s3.amazonaws.com/static.slid.es/fonts/overpass2/overpass2.css");
.reveal {
/*fix icon inversion*/
}
.reveal svg,
.reveal text,
.reveal tspan,
.reveal svg text {
font-family: "Overpass 2", Overpass, sans-serif !important;
color: currentcolor;
fill: currentcolor;
}
.reveal .sl-block {
color: #354045;
fill: currentcolor;
}
.reveal .sl-block svg {
color: currentcolor;
}
.reveal .has-dark-background,
.reveal .has-dark-background > .sl-block {
color: white;
fill: currentcolor;
}
.reveal section > .sl-block .redhat-logo .logotext {
fill: #000000;
}
.reveal .has-dark-background > .sl-block .redhat-logo .logotext {
fill: #ffffff;
}
.reveal .has-dark-background > .sl-block[data-block-type="image"] {
color: #ffffff;
}
.reveal [fill="none"] {
fill: none !important;
}
.reveal [fill="#a30000"] {
fill: #aa0000 !important;
}
.reveal [fill="#cc2029"],
.reveal [fill="#cb2027"],
.reveal [fill="#c00"] {
fill: #cc0000 !important;
}
.reveal [fill="#fff"] {
fill: #ffffff !important;
}
.reveal [fill="#6d6e70"] {
fill: #6d6e70 !important;
}
.reveal [fill="#231f20"] {
fill: currentcolor !important;
}
.reveal [fill="#efab1f"] {
fill: #efab1f !important;
}
.reveal [fill="#92d400"] {
fill: #92d400 !important;
}
.reveal .has-dark-background [fill="#6d6e70"] {
fill: #266272 !important;
}
.reveal .has-dark-background [fill="#fff"] {
fill: #555555 !important;
}
.reveal .has-dark-background [fill="#fff"] {
fill: #333333 !important;
}
.reveal .has-dark-background [stroke="#231f20"] {
stroke: currentcolor;
}
.reveal [data-inline-svg="true"] img {
display: none;
}
</style>
<!-- Theme CSS -->
<style id="theme-css-output" type="text/css">
@import url(//overpassmonotest-30e2.kxcdn.com/overpass-mono.css);
.reveal {
/*
.sl-block[data-block-type="snippet"],
.sl-block[data-block-type="image"]
{
text,
tspan,
polygon,
path,
rect,
ellipse {
fill: currentcolor;
}
}
*/
/*slide-default*/
/*Custom Ordered Lists */
/*helpers*/
/*fixing left aligned text*/
/*h1,h2,h3,h4,h5,h6{&::first-letter{margin-left:-.09em;}}*/
/*icon absolute brute-fix*/
/*
.present .icon.stroked path.long{ stroke-width: 2px ;
-webkit-animation: icon-animation-long 3.5s 1.5s 1;
-moz-animation: icon-animation-long 3.5s 1.5s 1;
animation: icon-animation-long 3.5s 1.5s 1;
}*/
/*
.present .icon.stroked path.short{
-webkit-animation: icon-animation-short 3.5s 1.5s 1;
-moz-animation: icon-animation-short 3.5s 1.5s 1;
animation: icon-animation-short 3.5s 1.5s 1;
}*/
/*controls logic*/
/*animated logos with complex svg segments*/
/*transitions*/
/*logos svg files that contain inverted path alternates */
/* call to action */
/* tables in snippets.... the devil */
/* tables in text */
/*testimonial snippet */
/*for inverting images*/
/**/
/*code blocks*/
/* round line arrows */
/*fix icon inversion*/
/*body:hover .corner svg{transform: translate(30%, 30%)}*/
}
.reveal.reveal[role="application"] > .backgrounds > .slide-background:not(.stack):first-child,
.reveal.reveal[role="application"] > .backgrounds > .stack:first-child > .slide-background:first-child,
.reveal.reveal[role="application"] .slides > .pdf-page:not(.stack):first-child .slide-background,
.reveal.reveal[role="application"] .slides > .stack:first-child > .pdf-page:first-child .slide-background {
background-color: #900;
color: #fff;
background-size: cover;
background-repeat: no-repeat;
background-position: 50% 50%;
background-image: linear-gradient(-45deg, #8e0000 20%, #820000 20%, #990000 85%, #890000 85%);
min-height: 100vh;
}
.reveal.reveal[role="application"] > .backgrounds > .slide-background:not(.stack):first-child.has-light-background,
.reveal.reveal[role="application"] > .backgrounds > .stack:first-child > .slide-background:first-child.has-light-background,
.reveal.reveal[role="application"] .slides > .pdf-page:not(.stack):first-child .slide-background.has-light-background,
.reveal.reveal[role="application"] .slides > .stack:first-child > .pdf-page:first-child .slide-background.has-light-background {
background-image: none;
}
.reveal.reveal .slides > .section:first-child,
.reveal.reveal[role="application"] > .slides > .section:first-child .sl-block {
color: #fff;
}
.reveal .name {
white-space: nowrap;
}
.reveal .reveal,
.reveal .sl-block,
.reveal .sl-block-content,
.reveal .sl-block-content div,
.reveal .sl-block-content p,
.reveal .sl-block-content h1,
.reveal .sl-block-content h2,
.reveal .sl-block-content h3,
.reveal .sl-block-content h4 {
font-family: "Overpass 2", overpass, "Hiragino Kaku Gothic", "Hiragino Kaku Gothic ProN", "ヒラギノ角ゴ Pro W3", sans-serif;
}
.reveal .future .sl-block-content,
.reveal .past .sl-block-content {
transition: none !important;
}
.reveal section,
.reveal.reveal .has-dark-background,
.reveal section.background-shade-dark {
color: #fff;
}
.reveal.reveal .has-dark-background a {
color: #eee;
}
.reveal.reveal .has-dark-background a:hover {
color: #fff;
}
.reveal .backgrounds {
background: #f3f4f4;
}
.reveal .slide-background {
background-size: cover;
background-position: 50% 50%;
background-repeat: no-repeat;
}
.reveal .slide-background.has-light-background {
/*background-image: url(//s3.amazonaws.com/media-p.slid.es/uploads/team-32/images/1297460/standard-background.svg);*/
}
.reveal .backgrounds .paint-it-red {
background-color: #c00 !important;
-moz-background-blend-mode: multiply;
-webkit-background-blend-mode: multiply;
-ms-background-blend-mode: multiply;
background-blend-mode: multiply;
}
.reveal .paint-it-red {
color: #fff;
}
.reveal .has-dark-background .icon.stroked path,
.reveal section.background-shade-dark .icon.stroked path,
.reveal section.light-foreground .icon.stroked path {
stroke: #fff !important;
}
.reveal .has-dark-background .redhat-product-logotype path,
.reveal section.background-shade-dark .redhat-product-logotype path,
.reveal section.light-foreground .redhat-product-logotype path {
fill: #ffffff;
}
.reveal .has-dark-background text.logotext,
.reveal section.background-shade-dark text.logotext,
.reveal section.light-foreground text.logotext,
.reveal .has-dark-background .logotext text,
.reveal section.background-shade-dark .logotext text,
.reveal section.light-foreground .logotext text,
.reveal .has-dark-background path.logotext,
.reveal section.background-shade-dark path.logotext,
.reveal section.light-foreground path.logotext,
.reveal .has-dark-background path.logotype,
.reveal section.background-shade-dark path.logotype,
.reveal section.light-foreground path.logotype,
.reveal .has-dark-background .logotext path,
.reveal section.background-shade-dark .logotext path,
.reveal section.light-foreground .logotext path {
fill: #fff !important;
}
.reveal .has-dark-background .closing-logo .logotext,
.reveal section.background-shade-dark .closing-logo .logotext,
.reveal section.light-foreground .closing-logo .logotext,
.reveal .has-dark-background .redhat-logo .logotext,
.reveal section.background-shade-dark .redhat-logo .logotext,
.reveal section.light-foreground .redhat-logo .logotext {
fill: #ffffff !important;
}
.reveal .has-light-background .icon.stroked path {
stroke: currentcolor;
}
.reveal .has-light-background .redhat-logo .logotext {
fill: #000000 !important;
}
.reveal .sl-block-content ol li {
position: relative;
padding-bottom: .5em;
}
.reveal .sl-block-content ol li > p:first-child {
margin: 0;
}
.reveal .sl-block-content ol > li::before {
margin-left: -2.5em;
}
.reveal .sl-block-content > ol > li:before {
float: left;
text-align: center;
box-shadow: inset 0 0 0 .1em;
border-radius: 50%;
}
.reveal .sl-block-content ol {
counter-reset: section;
list-style-type: none;
margin: 0 0 0 2.5em;
display: block;
}
.reveal .sl-block-content ol ol {
margin-top: .5em;
}
.reveal .sl-block-content ol > li:before {
font-weight: 400;
display: inline-block;
width: 1.75em;
height: 1.75em;
line-height: 1.75em;
text-align: center;
letter-spacing: 0;
font-size: .75em;
margin: 0 0.75em 0 -2.5em;
counter-increment: section;
content: counters(section, ".") " ";
white-space: nowrap;
}
.reveal .sl-block-content > ol > li ol li:before {
opacity: .5;
text-align: left;
box-shadow: none;
letter-spacing: .1em;
}
.reveal .sl-block-content > ol > li > ol > li > ol > li:before {
width: 4em;
left: -3em;
font-size: .75em;
}
.reveal .has-dark-background .sl-block-content > ol > li:before {
color: currentcolor;
background-color: rgba(0, 0, 0, 0.1);
box-shadow: inset 0 0 0 0.2em rgba(0, 0, 0, 0.2);
font-weight: 500;
letter-spacing: -0.05em;
}
.reveal .sl-block-content > ol ol ol li:before {
opacity: 1;
font-size: .55em !important;
width: 3.5em !important;
}
.reveal .sl-block-content > ol ol ol {
margin-left: 1.5em !important;
}
.reveal .uppercase {
text-transform: uppercase;
}
.reveal .sl-block[data-block-type="text"] > .initial h1,
.reveal .sl-block[data-block-type="text"] > .initial h2,
.reveal .sl-block[data-block-type="text"] > .initial h3 {
text-transform: initial;
}
.reveal .force-mono text,
.reveal .force-mono tspan,
.reveal .force-mono polygon,
.reveal .force-mono path,
.reveal .force-mono rect,
.reveal .force-mono ellipse {
fill: currentcolor !important;
}
.reveal .force-red .stroked path {
stroke: #c00;
}
.reveal .force-red,
.reveal .force-red text,
.reveal .force-red tspan,
.reveal .force-red polygon,
.reveal .force-red path,
.reveal .force-red rect,
.reveal .force-red ellipse {
color: #c00;
fill: currentcolor !important;
}
.reveal .force-red .stroked {
fill: none;
stroke: #cc0000;
}
.reveal .background-shade-dark .sl-block {
color: #fff;
}
.reveal .dark-foreground text.logotext,
.reveal section.background-shade-light text.logotext,
.reveal section.dark-foreground text.logotext,
.reveal .dark-foreground .logotext text,
.reveal section.background-shade-light .logotext text,
.reveal section.dark-foreground .logotext text,
.reveal .dark-foreground path.logotext,
.reveal section.background-shade-light path.logotext,
.reveal section.dark-foreground path.logotext,
.reveal .dark-foreground path.logotype,
.reveal section.background-shade-light path.logotype,
.reveal section.dark-foreground path.logotype,
.reveal .dark-foreground .logotext path,
.reveal section.background-shade-light .logotext path,
.reveal section.dark-foreground .logotext path,
.reveal .dark-foreground .product,
.reveal section.background-shade-light .product,
.reveal section.dark-foreground .product {
fill: currentcolor !important;
}
.reveal .dark-foreground .redhat-logo .logotext,
.reveal section.background-shade-light .redhat-logo .logotext,
.reveal section.dark-foreground .redhat-logo .logotext {
fill: currentcolor !important;
}
.reveal .slide-background.background-shade-dark:after {
content: "";
display: block;
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
width: 100%;
height: 100%;
background-color: rgba(40, 40, 40, 0.8);
}
.reveal .slide-background.background-shade-light:after {
content: "";
display: block;
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
width: 100%;
height: 100%;
background-color: rgba(255, 255, 255, 0.8);
}
.reveal .slides section {
text-align: left;
}
.reveal .slides section h1 {
line-height: 1em;
font-weight: 700 ;
font-size: 3em ;
}
.reveal .slides section h2 {
font-size: 2em;
font-weight: 400 ;
line-height: 1.15em;
}
.reveal .slides section h3 {
font-weight: 700 ;
font-size: 1em ;
line-height: 1.25em;
}
.reveal .slides section p {
margin-bottom: .5em;
}
.reveal .slides section blockquote {
font-style: normal;
box-shadow: none;
}
.reveal .progress {
background-color: transparent;
}
.reveal .progress span {
background-color: #5e6a71;
}
.reveal .absolute-element svg {
position: absolute;
top: 0;
left: 0;
right: 0;
width: 100% !important;
height: 100% !important;
}
.reveal .icon.stroked {
width: 282px;
height: 282px;
}
.reveal .icon.stroked.icon-arrow path {
stroke-width: 4px !important;
}
.reveal .icon.stroked path {
fill: none;
stroke-width: 1.5px;
transition-delay: .5s !important;
stroke-dashoffset: 0;
stroke-width: 1.5;
stroke-linecap: round;
stroke-linejoin: round;
stroke: currentcolor;
}
.reveal .icon.stroked path.long {
stroke-dasharray: 420,420;
transition: 2.5s all ease;
}
.reveal .icon.stroked path.longer {
stroke-dasharray: 512,512;
transition: 2.5s all ease;
}
.reveal .icon.stroked path.short {
stroke-dasharray: 90,90;
transition: 5s all ease;
}
.reveal .icon.stroked path.shortest {
stroke-dasharray: 5,5;
transition: 2s all ease;
}
.reveal .icon.stroked path.round {
stroke-linecap: round ;
stroke-linejoin: round ;
}
.reveal .icon.stroked path.virtual {
transition: .5s all ease;
stroke-dasharray: 1.1, 3;
stroke-linecap: round ;
}
.reveal .icon.stroked path.dashed {
stroke-dasharray: 3, 3;
}
.reveal .icon.stroked path.hand {
stroke-linecap: round;
}
.reveal .present path.virtual {
-webkit-animation: virtual-outline 60s infinite linear;
-moz-animation: virtual-outline 60s infinite linear;
animation: virtual-outline 60s infinite linear;
}
@-webkit-keyframes virtual-outline {
0% {
stroke-dashoffset: 0;
}
100% {
stroke-dashoffset: 512;
}
}
@-moz-keyframes virtual-outline {
0% {
stroke-dashoffset: 0;
}
100% {
stroke-dashoffset: 512;
}
}
@keyframes virtual-outline {
0% {
stroke-dashoffset: 0;
}
100% {
stroke-dashoffset: 512;
}
}
.reveal a {
box-shadow: 0 0.066666em;
}
.reveal .overview section.present {
border: 12px solid white !important;
box-shadow: 0 0 0 10px #ffffff, inset 0 0 0 6px rgba(0, 0, 0, 0.2);
}
.reveal .rh-pattern {
width: 256px;
height: 256px;
}
.reveal .rh-pattern path {
transition: all .5s ease;
}
.reveal .future .rh-pattern path {
stroke-dasharray: 0, 85 !important;
}
.reveal .present .rh-pattern path {
stroke-dasharray: 80, 0 !important;
}
.reveal div[data-block-type="snippet"] .sl-block-content > svg,
.reveal div[data-block-type="snippet"] > .sl-block-content > svg,
.reveal div[data-block-type="snippet"] .icon,
.reveal div[data-block-type="snippet"] .product {
position: absolute;
top: 0;
left: 0;
right: 0;
bottom: 0;
width: 100%;
height: 100%;
}
.reveal div[data-block-type="snippet"] .sl-block-content > svg:not(:last-child) {
position: relative;
}
.reveal div[data-block-type="snippet"] .icon {
top: -15%;
right: -15%;
bottom: -15%;
left: -15%;
width: 130%;
height: 130%;
}
.reveal div[data-block-type="snippet"] {
min-width: 60px !important;
}
.reveal div[data-block-type="text"] {
font-size: 20px;
}
.reveal .triangle-element,
.reveal .triangle-element * {
user-select: none;
}
.reveal .has-light-background .closing-logo.logotype path {
fill: black !important;
}
@-webkit-keyframes closing-animation {
0% {
-webkit-transform: scale(4) translate(40%);
transform: scale(4) translate(40%);
opacity: 0;
}
80% {
-webkit-transform: scale(1) translate(30%);
transform: scale(1) translate(30%);
}
}
@-moz-keyframes closing-animation {
0% {
-webkit-transform: scale(4) translate(40%);
transform: scale(4) translate(40%);
opacity: 0;
}
80% {
-webkit-transform: scale(1) translate(30%);
transform: scale(1) translate(30%);
}
}
@-o-keyframes closing-animation {
0% {
-webkit-transform: scale(4) translate(40%);
transform: scale(4) translate(40%);
opacity: 0;
}
80% {
-webkit-transform: scale(1) translate(30%);
transform: scale(1) translate(30%);
}
}
@keyframes closing-animation {
0% {
-webkit-transform: scale(4) translate(40%);
transform: scale(4) translate(40%);
opacity: 0;
}
80% {
-webkit-transform: scale(1) translate(30%);
transform: scale(1) translate(30%);
}
}
.reveal .present .closing-logo.icon {
-webkit-animation: closing-animation 1.5s 1;
-moz-animation: closing-animation 1.5s 1;
-o-animation: closing-animation 1.5s 1;
animation: closing-animation 1.5s 1;
}
.reveal .present .closing-logo.logotype {
-webkit-animation: closing-text-animation 1.8s 1;
-moz-animation: closing-text-animation 1.8s 1;
-o-animation: closing-text-animation 1.8s 1;
animation: closing-text-animation 1.8s 1;
}
@-webkit-keyframes closing-text-animation {
0% {
opacity: 0;
-webkit-transform: translate(-10%);
transform: translate(-10%);
}
70% {
-webkit-transform: translate(-10%);
transform: translate(-10%);
opacity: 0;
}
100% {
transform: none;
opacity: 1;
-webkit-transform: none;
}
}
@-moz-keyframes closing-text-animation {
0% {
opacity: 0;
-webkit-transform: translate(-10%);
transform: translate(-10%);
}
70% {
-webkit-transform: translate(-10%);
transform: translate(-10%);
opacity: 0;
}
100% {
transform: none;
opacity: 1;
-webkit-transform: none;
}
}
@keyframes closing-text-animation {
0% {
opacity: 0;
-webkit-transform: translate(-10%);
transform: translate(-10%);
}
70% {
-webkit-transform: translate(-10%);
transform: translate(-10%);
opacity: 0;
}
100% {
transform: none;
opacity: 1;
-webkit-transform: none;
}
}
.reveal .brand-pattern-paths path,
.reveal .pattern-path {
stroke-width: 1;
fill: none;
}
.reveal .brand-pattern-paths path {
fill: none !important;
}
.reveal pattern {
patterntransform: scale(2) !important;
}
.reveal pattern.normal use {
stroke: currentcolor;
fill: none;
}
.reveal pattern.light use {
stroke: #fff !important;
fill: none;
}
.reveal pattern.dark use {
stroke: #000 !important;
fill: none;
}
.reveal .brand-pattern {
min-width: 40px;
min-height: 40px;
position: absolute;
top: 0 ;
left: 0 ;
right: 0;
bottom: 0;
width: 100%;
height: 100%;
}
.reveal .brand-pattern path,
.reveal .brand-pattern rect {
width: 100% !important;
height: 100%;
}
.reveal .brand-pattern.corporate {
fill: url(#pattern-corporate);
}
.reveal #pattern-corporate-2 use {
stroke: #dd0000;
}
.reveal #pattern-corporate use {
stroke: #cc0000;
}
.reveal section,
.reveal .slide-background {
-webkit-backface-visibility: hidden;
-ms-backface-visibility: hidden;
backface-visibility: hidden;
}
.reveal .slides > section.transition-slide,
.reveal .slides > section.transition-slide + section.future,
.reveal .slides > section.transition-slide + section.present,
.reveal .backgrounds > .slide-background.transition-slide,
.reveal .backgrounds > .slide-background.transition-slide + .slide-background.future,
.reveal .backgrounds > .slide-background.transition-slide + .slide-background.present {
transition: all 1s ease !important;
}
.reveal .backgrounds > .slide-background.transition-slide {
opacity: 1 ;
}
.reveal .backgrounds > .slide-background.transition-slide.past {
z-index: 99;
-webkit-transform: translate(-100%, 0);
-ms-transform: translate(-100%, 0);
transform: translate(-100%, 0);
}
.reveal .backgrounds > .slide-background.transition-slide.future,
.reveal .backgrounds > .slide-background.transition-slide.present + .slide-background.future {
-webkit-transform: translate(100%, 0);
-ms-transform: translate(100%, 0);
transform: translate(100%, 0);
}
.reveal .slides > section.transition-slide.past {
z-index: 99;
-webkit-transform: translate(-150%, 0);
-ms-transform: translate(-150%, 0);
transform: translate(-150%, 0);
visibility: hidden;
}
.reveal .slides > section.transition-slide.future,
.reveal .slides > section.transition-slide.future + section {
-webkit-transform: translate(150%, 0);
-ms-transform: translate(150%, 0);
transform: translate(150%, 0);
visibility: hidden;
}
.reveal .slides > section.transition-slide-up,
.reveal .slides > section.transition-slide-up + section.future,
.reveal .slides > section.transition-slide-up + section.present,
.reveal .backgrounds > .slide-background.transition-slide-up,
.reveal .backgrounds > .slide-background.transition-slide-up + .slide-background.future .backgrounds > .slide-background.transition-slide-up + .slide-background.present {
transition: all 1s ease !important;
}
.reveal .backgrounds > .slide-background.transition-slide-up {
opacity: 1 ;
}
.reveal .backgrounds > .slide-background.transition-slide-up.past {
z-index: 99;
-webkit-transform: translate(0, -100%);
-ms-transform: translate(0, -100%);
transform: translate(0, -100%);
}
.reveal .backgrounds > .slide-background.transition-slide-up.future,
.reveal .backgrounds > .slide-background.transition-slide-up.present + .slide-background.future {
-webkit-transform: translate(0, 100%);
-ms-transform: translate(0, 100%);
transform: translate(0, 100%);
}
.reveal .slides > section.transition-slide-up.past {
z-index: 99;
-webkit-transform: translate(0, -150%);
-ms-transform: translate(0, -150%);
transform: translate(0, -150%);
visibility: hidden;
}
.reveal .slides > section.transition-slide-up.future,
.reveal .slides > section.transition-slide-up.present + section {
-webkit-transform: translate(0, 150%);
-ms-transform: translate(0, 150%);
transform: translate(0, 150%);
visibility: hidden;
}
.reveal .slides > section.transition-zoom-in,
.reveal .slides > section.transition-zoom-in + section.future,
.reveal .slides > section.transition-zoom-in + section.present,
.reveal .backgrounds > .slide-background.transition-zoom-in,
.reveal .backgrounds > .slide-background.transition-zoom-in + .slide-background.future .backgrounds > .slide-background.transition-zoom-in + .slide-background.present {
-webkit-transition: all 1s ease !important;
-moz-transition: all 1s ease !important;
transition: all 1s ease !important;
}
.reveal .backgrounds > .slide-background.transition-zoom-in.past {
opacity: 0 !important;
-webkit-transform: scale(1.5);
-ms-transform: scale(0.1 0.5);
transform: scale(1.5);
}
.reveal .backgrounds > .slide-background.transition-zoom-in.future,
.reveal .backgrounds > .slide-background.transition-zoom-in.present + .slide-background.future {
opacity: 0 !important;
-webkit-transform: scale(0.01);
-ms-transform: scale(0.01);
transform: scale(0.01);
}
.reveal .past {
z-index: -1;
opacity: 0 !important;
}
.reveal .present + .slide-background.future {
z-index: 99;
}
.reveal .slides > section.transition-zoom-in.past {
z-index: 99;
-webkit-transform: scale(1.5);
-ms-transform: scale(1.5);
transform: scale(1.5);
visibility: hidden;
}
.reveal .slides > section.transition-zoom-in.future {
-webkit-transform: scale(0.1);
-ms-transform: scale(0.1);
transform: scale(0.1);
visibility: hidden;
}
@-webkit-keyframes icon-animation-long {
0% {
stroke-dashoffset: 420;
stroke-width: .5px;
}
}
@-moz-keyframes icon-animation-long {
0% {
stroke-dashoffset: 420;
stroke-width: .5px;
}
}
@keyframes icon-animation-long {
0% {
stroke-dashoffset: 420;
stroke-width: .5px;
}
}
@-webkit-keyframes icon-animation-short {
0% {
stroke-dashoffset: 90;
}
}
@-moz-keyframes icon-animation-short {
0% {
stroke-dashoffset: 90;
}
}
@keyframes icon-animation-short {
0% {
stroke-dashoffset: 90;
}
}
.reveal .present .animate.icon.stroked path,
.reveal .present .animate .icon.stroked path,
.reveal .fragment .icon.stroked path {
animation: 0;
-moz-animation: 0;
-webkit-animation: 0;
display: none;
}
.reveal .present .animate.icon.stroked path.long,
.reveal .present .animate .icon.stroked path.long,
.reveal .fragment.visible .icon.stroked path.long {
display: block;
stroke-width: 2px ;
-webkit-animation: icon-animation-long 3.5s 0.5s 1;
-moz-animation: icon-animation-long 3.5s 0.5s 1;
animation: icon-animation-long 3.5s 0.5s 1;
}
.reveal .present .animate.icon.stroked path.short,
.reveal .present .animate .icon.stroked path.short,
.reveal .fragment.visible .icon.stroked path.short {
display: block;
-webkit-animation: icon-animation-short 3.5s 0.5s 1 !important;
-moz-animation: icon-animation-short 3.5s 0.5s 1 !important;
animation: icon-animation-short 3.5s 0.5s 1 !important;
}
.reveal .triangle-element {
transition: all 0.4s cubic-bezier(0.21, 0.9, 0.55, 1) 5s;
}
.reveal.reveal:hover .triangle-element {
transition: all 1s cubic-bezier(0.21, 0.9, 0.55, 1.16) 0s !important;
top: 100% !important;
left: 100% !important;
opacity: 0.95;
}
.reveal .has-dark-background .only-dark {
display: none;
}
.reveal .has-light-background .only-light {
display: none;
}
.reveal .thinner .icon.stroked path {
stroke-width: 1px !important;
}
.reveal .thinnest .icon.stroked path {
stroke-width: 0.05em !important;
}
.reveal .thicker .icon.stroked path {
stroke-width: 3px !important;
}
.reveal .thickest .icon.stroked path {
stroke-width: 4px !important;
}
.reveal .angle {
-ms-transform: rotate(-45deg);
-moz-transform: rotate(-45deg);
-webkit-transform: rotate(-45deg);
transform: rotate(-45deg);
}
.reveal .rangle {
-ms-transform: rotate(45deg);
-moz-transform: rotate(45deg);
-webkit-transform: rotate(45deg);
transform: rotate(45deg);
}
.reveal .sl-block > .vertical {
-ms-transform: rotate(-90deg);
-moz-transform: rotate(-90deg);
-webkit-transform: rotate(-90deg);
transform: rotate(-90deg);
}
.reveal .skewed {
transition: all 1s cubic-bezier(0.13, 0.81, 0.08, 1);
-moz-transform: skew(-45deg, 0);
-ms-transform: skew(-45deg, 0);
-webkit-transform: skew(-45deg, 0);
transform: skew(-45deg, 0);
}
.reveal .future .skewed {
margin-left: -800%;
opacity: 0;
}
.reveal .past .skewed {
margin-left: 800%;
opacity: 0;
}
.reveal .item-label,
.reveal .item-box {
letter-spacing: 0em;
font-weight: 500;
}
.reveal .epic-content-box {
height: 100%;
width: 100%;
position: absolute;
top: 0;
right: 0;
bottom: 0;
left: 0;
}
.reveal .has-dark-background .epic-content-box {
box-shadow: inset 0 0 0.51em rgba(0, 0, 0, 0.25), 0 0.05em 0.05em rgba(255, 255, 255, 0.1);
background-color: rgba(0, 0, 0, 0.15);
}
.reveal .has-light-background .epic-content-box {
box-shadow: inset 0 0 0.2em rgba(255, 255, 255, 0.5), 0 0.06666em 0.555em 0 rgba(0, 0, 0, 0.12);
}
.reveal .controls {
bottom: 1%;
right: 1%;
}
.reveal .controls button {
opacity: 0;
}
.reveal .controls button.enabled {
opacity: 1;
}
.reveal .controls {
opacity: 0 !important;
transition: opacity .5s ease 4.8s, transform .5s ease 4.8s;
transform: scale(0.4);
}
.reveal.reveal:hover .controls {
transform: scale(1);
opacity: 1 !important;
transition: opacity .5s ease 0s, transform .5s ease 0s;
}
.reveal .backgrounds {
transition-property: height;
transition-duration: 1s;
perspective: 1000px;
transform-style: preserve-3d;
}
.reveal .complex-logo {
min-height: 70px;
min-width: 70px;
width: 100%;
}
.reveal .complex-logo,
.reveal .complex-logo svg,
.reveal .complex-logo > div {
position: absolute;
top: 0;
right: 0;
bottom: 0;
left: 0;
width: 100%;
height: 100%;
}
.reveal .complex-logo > div.line-icon,
.reveal .complex-logo svg > div.line-icon,
.reveal .complex-logo > div > div.line-icon,
.reveal .complex-logo > div.logomark,
.reveal .complex-logo svg > div.logomark,
.reveal .complex-logo > div > div.logomark {
transform-origin: 12% 50%;
}
.reveal .animated .complex-logo div {
transition: all .5s ease;
}
.reveal .animated .complex-logo div.line-icon {
transition-delay: 2s;
}
.reveal .animated .complex-logo div.line-icon path {
transition: all 1s ease .52s;
stroke-dasharray: 100 ,10;
}
.reveal .animated .complex-logo div.event-name {
transition-delay: 1s;
}
.reveal .animated .complex-logo div.location {
transition-delay: 1.4s;
}
.reveal .future .animated .complex-logo > div {
transition: none;
}
.reveal .future .animated .complex-logo > div.line-icon path {
stroke-dasharray: 0 ,100;
transition: none;
}
.reveal .future .animated .complex-logo {
/*.line-icon{transform:rotate(30deg); opacity:0;}*/
}
.reveal .future .animated .complex-logo .logomark {
transform: translate(0, -20%);
}
.reveal .future .animated .complex-logo .location {
transform: translate(0, 0.5em);
opacity: 0;
}
.reveal .future .animated .complex-logo .event-name {
opacity: 0;
transform: translate(-0.6em, 0);
}
.reveal .lowercase {
text-transform: lowercase;
}
.reveal .pop-in.fragment {
-webkit-transform: scale(0.2);
-moz-transform: scale(0.2);
-ms-transform: scale(0.2);
transform: scale(0.2);
-webkit-transition: 2s ease 0.25s;
-moz-transition: 2s ease 0.25s;
-ms-transition: 2s ease 0.25s;
transition: 2s ease 0.25s;
-webkit-animation-delay: 0.66s;
-moz-animation-delay: 0.66s;
-ms-animation-delay: 0.66s;
animation-delay: 0.66s;
}
.reveal .pop-in.fragment.visible {
-webkit-transform: scale(1);
-moz-transform: scale(1);
-ms-transform: scale(1);
transform: scale(1);
}
.reveal .pop-in.fragment.current-fragment {
color: #c22;
}
.reveal .grow-width {
-webkit-transition: all 0.5s ease 0.2s;
-moz-transition: all 0.5s ease 0.2s;
-o-transition: all 0.5s ease 0.2s;
-ms-transition: all 0.5s ease 0.2s;
transition: all 0.5s ease 0.2s;
}
.reveal .future .grow-width {
width: 0% !important;
-webkit-transition: none;
-moz-transition: none;
-o-transition: none;
-ms-transition: none;
transition: none;
}
.reveal .stampit {
-webkit-transition: all 1s cubic-bezier(0.79, 0.53, 0.46, 1.3) 1s;
-moz-transition: all 1s cubic-bezier(0.79, 0.53, 0.46, 1.3) 1s;
-ms-transition: all 1s cubic-bezier(0.79, 0.53, 0.46, 1.3) 1s;
transition: all 1s cubic-bezier(0.79, 0.53, 0.46, 1.3) 1s;
}
.reveal .future .stampit {
-webkit-transform: rotate(-12deg) scale(2);
-moz-transform: rotate(-12deg) scale(2);
-ms-transform: rotate(-12deg) scale(2);
transform: rotate(-12deg) scale(2);
-webkit-transition: none;
-moz-transition: none;
-ms-transition: none;
transition: none;
opacity: 0;
}
.reveal .headshot img {
border-radius: 50%;
border: 4px solid #c00 !important;
}
.reveal .condensed {
letter-spacing: 0.02em;
}
.reveal .condensed li {
margin-bottom: 1em ;
}
.reveal .has-light-background .sl-block .has-dark-background > svg.redhat-logo .logotext {
fill: #ffffff !important;
}
.reveal .has-light-background .sl-block .reversed.redhat-logo .logotext,
.reveal .has-light-background .sl-block .reversed .redhat-logo .logotext,
.reveal .has-light-background .sl-block .has-dark-background > .redhat-logo .logotext {
fill: #ffffff !important;
}
.reveal .has-dark-background .sl-block .reversed.redhat-logo .logotext,
.reveal .has-dark-background .sl-block .reversed .redhat-logo .logotext,
.reveal .has-dark-background .sl-block .has-light-background > .redhat-logo .logotext {
fill: #000000 !important;
}
.reveal .has-dark-background .has-light-background .logo .only-dark path,
.reveal .has-light-background .mono.redhat-logo path {
fill: #000000 !important;
}
.reveal .has-dark-background .mono.redhat-logo path {
fill: #ffffff;
}
.reveal .has-dark-background .logo .only-dark {
display: block;
}
.reveal .has-light-background .logo .only-light {
display: block;
}
.reveal .has-light-background .logo .only-dark {
display: none;
}
.reveal .has-dark-background .logo .only-light {
display: none;
}
.reveal .has-light-background .reversed svg path {
fill: #ffffff !important;
}
.reveal .has-dark-background .reversed svg path {
fill: currentcolor;
}
.reveal .has-dark-background .has-light-background .logo .only-light,
.reveal .has-dark-background .reversed .logo .only-dark {
display: block;
}
.reveal .has-light-background .has-dark-background .logo .only-dark,
.reveal .has-light-background .logo .only-light {
display: block;
}
.reveal .has-light-background .has-dark-background .redhat-logo .only-dark,
.reveal .has-light-background .redhat-logo .only-light {
fill: #ffffff !important;
}
.reveal .has-light-background .has-dark-background .logo .only-light,
.reveal .has-light-background .logo .only-dark,
.reveal .has-dark-background .has-light-background .logo .only-dark,
.reveal .has-dark-background .logo .only-light {
display: none;
}
.reveal .future .fade-up,
.reveal .future .fade-down,
.reveal .future .fade-left,
.reveal .future .fade-right,
.reveal .future .fade-zoom {
-webkit-transition: none;
transition: none;
opacity: 0;
filter: alpha(opacity=0);
}
.reveal .future .fade-up,
.reveal .fade-up.fragment {
-webkit-transform: translate(0, 2em);
-ms-transform: translate(0, 2em);
transform: translate(0, 2em);
opacity: 0;
filter: alpha(opacity=0);
}
.reveal .future .fade-down,
.reveal .fade-down.fragment {
-webkit-transform: translate(0, -2em);
-ms-transform: translate(0, -2em);
transform: translate(0, -2em);
opacity: 0;
filter: alpha(opacity=0);
}
.reveal .future .fade-left,
.reveal .fade-left.fragment {
-webkit-transform: translate(2em, 0);
-ms-transform: translate(2em, 0);
transform: translate(2em, 0);
opacity: 0;
filter: alpha(opacity=0);
}
.reveal .future .fade-right,
.reveal .fade-right.fragment {
-webkit-transform: translate(-2em, 0);
-ms-transform: translate(-2em, 0);
transform: translate(-2em, 0);
opacity: 0;
filter: alpha(opacity=0);
}
.reveal .future .fade-zoom,
.reveal .fade-zoom.fragment {
-webkit-transform: scale(0.1);
-ms-transform: scale(0.1);
transform: scale(0.1);
opacity: 0;
filter: alpha(opacity=0);
}
.reveal .future .fade-in {
transition: none;
opacity: 0;
}
.reveal .present .fade-in,
.reveal .present .fade-up,
.reveal .present .fade-down,
.reveal .present .fade-left,
.reveal .present .fade-right,
.reveal .present .fade-zoom {
-webkit-transition: all .5s ease .5s;
transition: all .5s ease .5s;
opacity: 1;
filter: alpha(opacity=100);
}
.reveal .present .fragment.visible.fade-up,
.reveal .present .fragment.visible.fade-down,
.reveal .present .fragment.visible.fade-left,
.reveal .present .fragment.visible.fade-right,
.reveal .present .fragment.visible.fade-zoom {
-webkit-transform: none ;
-ms-transform: none ;
transform: none ;
opacity: 1;
filter: alpha(opacity=100);
}
.reveal .sl-block {
font-family: "Overpass 2", "Hiragino Kaku Gothic", "Hiragino Kaku Gothic ProN", "ヒラギノ角ゴ Pro W3", Overpass, sans-serif !important;
}
.reveal .has-light-background .icon.stroked {
color: currentcolor;
}
.reveal .has-dark-background .icon.stroked path {
stroke: currentcolor;
}
.reveal .has-dark-background .only-light-background {
display: none !important;
}
.reveal .has-dark-background .only-dark-background {
display: block !important;
}
.reveal a.call-to-action:hover {
background-color: #d00 !important;
box-shadow: 0 0.5em 1em rgba(0, 0, 0, 0.05) !important;
text-shadow: none !important;
}
.reveal .sl-block[data-block-type="snippet"] table {
width: 100% !important;
max-width: 100% !important;
}
.reveal .sl-block[data-block-type="snippet"] table td {
border-color: currentcolor !important;
}
.reveal .sl-block[data-block-type="snippet"] table td {
text-align: inherit !important;
}
.reveal .sl-block[data-block-type="text"] table {
width: 100%;
}
.reveal .sl-block[data-block-type="text"] table td {
border-color: currentcolor;
}
.reveal .sl-block[data-block-type="text"] table td {
text-align: inherit;
}
.reveal.reveal .sl-block[data-block-type="image"] .person {
border-radius: 50%;
position: relative !important;
background-color: transparent;
height: auto !important;
}
.reveal.reveal .sl-block[data-block-type="image"] .person:before {
content: "" !important;
display: block !important;
padding-top: 100% ;
position: relative !important ;
/* 4:3 aspect ratio */
}
.reveal.reveal .sl-block[data-block-type="image"] .person > img {
position: absolute ;
margin: 0 auto !important;
left: 0% ;
right: 0 ;
width: auto !important;
top: 0 ;
bottom: 0 ;
}
.reveal .present .delay-1 {
transition-delay: 0.1s;
}
.reveal .present .delay-2 {
transition-delay: 0.2s;
}
.reveal .present .delay-3 {
transition-delay: 0.3s;
}
.reveal .present .delay-4 {
transition-delay: 0.4s;
}
.reveal .present .delay-5 {
transition-delay: 0.5s;
}
.reveal .present .delay-6 {
transition-delay: 0.6s;
}
.reveal .present .delay-7 {
transition-delay: 0.7s;
}
.reveal .present .delay-8 {
transition-delay: 0.8s;
}
.reveal .present .delay-9 {
transition-delay: 0.9s;
}
.reveal .present .delay-10 {
transition-delay: 1s;
}
.reveal .present .delay-11 {
transition-delay: 1.1s;
}
.reveal .present .delay-12 {
transition-delay: 1.2s;
}
.reveal .present .delay-13 {
transition-delay: 1.3s;
}
.reveal .present .delay-14 {
transition-delay: 1.4s;
}
.reveal .present .delay-15 {
transition-delay: 1.5s;
}
.reveal .present .delay-16 {
transition-delay: 1.6s;
}
.reveal .present .delay-17 {
transition-delay: 1.7s;
}
.reveal .present .delay-18 {
transition-delay: 1.8s;
}
.reveal .present .delay-19 {
transition-delay: 1.9s;
}
.reveal .present .delay-20 {
transition-delay: 2s;
}
.reveal .present .delay-21 {
transition-delay: 2.1s;
}
.reveal .present .delay-22 {
transition-delay: 2.2s;
}
.reveal .present .delay-23 {
transition-delay: 2.3s;
}
.reveal .present .delay-24 {
transition-delay: 2.4s;
}
.reveal .present .delay-25 {
transition-delay: 2.5s;
}
.reveal .present .delay-26 {
transition-delay: 2.6s;
}
.reveal .present .delay-27 {
transition-delay: 2.7s;
}
.reveal .present .delay-28 {
transition-delay: 2.8s;
}
.reveal .present .delay-29 {
transition-delay: 2.9s;
}
.reveal .present .delay-30 {
transition-delay: 3s;
}
.reveal .present .delay-31 {
transition-delay: 3.1s;
}
.reveal .present .delay-32 {
transition-delay: 3.2s;
}
.reveal .present .delay-33 {
transition-delay: 3.3s;
}
.reveal .present .delay-34 {
transition-delay: 3.4s;
}
.reveal .present .delay-35 {
transition-delay: 3.5s;
}
.reveal .present .delay-36 {
transition-delay: 3.6s;
}
.reveal .present .delay-37 {
transition-delay: 3.7s;
}
.reveal .present .delay-38 {
transition-delay: 3.8s;
}
.reveal .present .delay-39 {
transition-delay: 3.9s;
}
.reveal .present .delay-40 {
transition-delay: 4s;
}
.reveal .light-foreground .sl-block * {
color: #fff;
}
.reveal .dark-foreground .sl-block * {
color: #000;
}
.reveal .has-dark-background .invert {
color: #000;
}
.reveal .has-light-background .invert * {
color: #fff ;
}
.reveal .has-light-background .invert .only-light-background {
display: none ;
}
.reveal .has-light-background .invert .only-dark-background {
display: block !important;
}
.reveal .has-dark-background .invert .only-light-background {
display: block !important ;
}
.reveal .has-dark-background .invert .only-dark-background {
display: none !important;
}
.reveal .slide-number {
position: absolute !important;
opacity: 1;
right: 1em;
height: 28px;
min-width: 28px;
bottom: auto;
left: auto;
text-align: center;
font-size: 14px;
border-radius: 28px;
line-height: 28px;
color: white;
text-shadow: 0 0.1em 0.5em rgba(0, 0, 0, 0.4);
top: 1em;
font-family: "Overpass 2", Overpass, sans-serif;
font-weight: 500;
white-space: nowrap;
padding: 4px;
box-sizing: content-box;
}
.reveal .slide-number-delimiter {
margin: 0 1px;
}
.reveal.reveal .present.in-3d-appear {
transform: translatez(0em) !important;
animation: none !important;
transition: transform 1s ease !important;
}
.reveal.reveal .future.in-3d-appear {
transform: translatez(10em) rotateX(21deg) !important;
animation: none !important;
}
.reveal .no-filter img,
.reveal .no-filter {
filter: none !important;
-webkit-filter: none !important;
}
.reveal .present .fade-in-slow {
transition: all 5s ease;
}
.reveal .future .fade-in-slow {
transition: none;
opacity: 0;
}
.reveal .redhat-logo .logotext {
fill: #000000 !important;
}
.reveal .has-dark-background .redhat-logo .logotext {
fill: #ffffff !important;
}
.reveal [data-block-type="table"] .sl-block-content {
font-size: .75em;
background-color: #c00;
color: #fff;
}
.reveal [data-block-type="table"] td {
background-color: #e5e5e5;
color: #333;
border-color: white;
}
.reveal div[data-block-type="table"] th {
font-weight: 500;
}
.reveal [data-block-type="table"] tr:nth-child(odd) td {
background-color: #f5f5f5;
color: #333;
}
.reveal .has-dark-background > [data-block-type="table"] td {
background-color: #131619;
color: #fff;
}
.reveal .has-dark-background > [data-block-type="table"] tr:nth-child(odd) td {
background-color: #232629;
color: #fff;
}
.reveal [data-block-type="code"],
.reveal .hljs {
background-color: white ;
color: rgba(55, 55, 55, 0.85) !important;
}
.reveal section .hljs {
background-color: white !important;
}
.reveal .has-dark-background [data-block-type="code"],
.reveal .has-dark-background .hljs {
background-color: #012736!important ;
color: rgba(255, 255, 255, 0.85) !important;
}
.reveal [data-block-type="code"] pre {
letter-spacing: 0.015em;
line-height: 1.5em;
}
.reveal .has-light-background[data-block-type="code"] pre,
.reveal [data-block-type="code"] pre {
background-color: white ;
color: currentcolor;
padding: 1em !important;
}
.reveal .has-dark-background [data-block-type="code"] pre {
background-color: #012736 ;
}
.reveal .hljs,
.reveal pre,
.reveal code {
font-family: 'Overpass Mono', monospace !important;
font-weight: 200 !important;
}
.reveal .hljs-literal {
color: #ffb612 !important;
}
.reveal .hljs-keyword {
color: #ffb612;
font-weight: 700 !important;
}
.reveal .hljs-string {
color: #88c639;
font-weight: 700;
}
.reveal .hljs-comment {
color: #94a0a7 !important;
font-weight: 400 !important;
}
.reveal .hljs-params {
color: #028c98 ;
font-weight: 700;
}
.reveal .hljs-attr {
color: #EC7A08 !important;
}
.reveal .hljs-tag {
color: #7F5FAE !important;
}
.reveal .hljs-name {
color: #028c98 !important;
}
.reveal .hljs-string {
color: #7f5fae !important;
}
.reveal .hljs-comment {
color: rgba(125, 125, 125, 0.65) !important;
}
.reveal .hljs-number {
color: #4e9fdd !important;
}
.reveal .hljs-attribute {
color: #ec9e34 !important;
}
.reveal .hljs-variable {
color: #4e9fdd !important;
}
.reveal .hljs-built_in {
color: #ee1122!important;
}
.reveal .hljs-selector-class {
color: #55aab2 !important;
}
.reveal [data-line-end-type="line-arrow"] line,
.reveal [data-line-start-type="line-arrow"] line,
.reveal [data-line-end-type="line-arrow"] path {
stroke-linecap: round;
stroke-linejoin: square;
}
.reveal div[data-block-type="line"] line[stroke="#000000"],
.reveal div[data-block-type="line"] path[stroke="#000000"] {
stroke: currentcolor;
}
.reveal [fill="none"] {
fill: none !important;
}
.reveal [fill="#a30000"] {
fill: #aa0000 !important;
}
.reveal [fill="#cc2029"],
.reveal [fill="#cb2027"],
.reveal [fill="#c00"] {
fill: #cc0000 !important;
}
.reveal [fill="#fff"] {
fill: #ffffff !important;
}
.reveal [fill="#6d6e70"] {
fill: #6d6e70 !important;
}
.reveal [fill="#231f20"] {
fill: currentcolor !important;
}
.reveal [fill="#efab1f"] {
fill: #efab1f !important;
}
.reveal [fill="#92d400"] {
fill: #92d400 !important;
}
.reveal .has-dark-background [fill="#6d6e70"] {
fill: #266272 !important;
}
.reveal .has-dark-background [fill="#fff"] {
fill: #555555 !important;
}
.reveal .has-dark-background [fill="#fff"] {
fill: #333333 !important;
}
.reveal .has-dark-background [stroke="#231f20"] {
stroke: currentcolor;
}
.reveal .has-dark-background [fill="#221F1F"],
.reveal .has-dark-background [fill="#221f1f"],
.reveal .has-dark-background [fill="#231F20"],
.reveal .has-dark-background [fill="#010101"] {
fill: #ffffff !important;
}
.reveal [data-inline-svg="true"] img {
display: none;
}
.reveal .corner {
position: absolute;
top: 0;
right: 0;
bottom: 0;
left: 0;
overflow: hidden;
z-index: 8;
}
.reveal .corner svg {
transition: all .75s ease 5s;
}
</style>
</head>
<body class="reveal-viewport theme-font-overpass2 theme-color-no-color">
<div class="reveal">
<div class="slides">
<section data-background-color="#b21a0f" data-background-image="201709-containing_security/5e1a7c37f8b075137176a16db5edc490.svg" data-background-size="cover" data-id="104124bc9471640953b625b5574edf7d" data-background-position="50% 50%">
<div class="sl-block" data-block-type="text" style="height: auto; width: 852px; left: 108px; top: 244px;" data-block-id="d47113ddc5922a083caff91ea62b4024"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h1 style="color:rgb(209, 212, 211)">CONTAINING Security</h1>
<p> </p>
<p><a href="http://bit.ly/2017-containing_security" target="_blank">bit.ly/2017-containing_security</a></p>
<p> </p>
<p style="color:rgb(209, 212, 211)">Vincent Batts @vbatts</p>
</div></div>
</section><section data-background-color="#7c7c7c" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="43c67a8fd2abdb057ed6d2fbfd010939">
<div class="sl-block" data-block-type="image" style="min-width: 30px; min-height: 30px; width: 478.222px; height: 269px; left: 241px; top: 389px;" data-block-id="7e8f21afa8ae97d7f7a463287afa0887"><div class="sl-block-content" style="z-index: 11;"><img data-natural-width="320" data-natural-height="180" data-lazy-loaded="" data-src="201709-containing_security/339e84e5deca8af62480a1dc3fb7af96.gif"></div></div>
<div class="sl-block" data-block-type="code" style="min-width: 30px; min-height: 30px; width: 896px; height: 356px; left: 47px; top: 15px;" data-block-id="d978286e7b3525a0195af2d6e397bf77"><div class="sl-block-content" style="z-index: 12; font-size: 141%;" data-highlight-theme="zenburn"><pre class="none"><code>$&gt; finger $(whoami)
Login: vbatts Name: Vincent Batts
Directory: /home/vbatts Shell: /bin/bash
Such mail.
Plan:
OHMAN
$&gt; id -Gn
devel opencontainers docker appc redhat golang slackware</code></pre></div></div></section><section data-background-color="#efefef" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="b7d8b0e84f42a99bd85a74cb3f49f839">
<div class="sl-block" data-block-type="text" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 80px; top: 24px;" data-block-id="a5b4e7954a36b69290dcd16876c8c908"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h2>Containers</h2>
</div></div>
<div class="sl-block" data-block-type="image" data-block-id="ed922660e3fedce662ae522d1fbf5540" style="min-width: 30px; min-height: 30px; width: 660px; height: 392px; left: 150px; top: 210px;"><div class="sl-block-content" style="z-index: 12;"><img style="" data-natural-width="550" data-natural-height="327" data-lazy-loaded="" data-src="201709-containing_security/798496c4607c11d48ebc0056daad3a57.png"></div></div>
<div class="sl-block" data-block-type="text" data-block-id="74543548cc7f3e8b8f4bd1cc01b69c3c" style="height: auto; min-width: 30px; min-height: 30px; width: 246px; left: 714px; top: 630px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;" dir="ui">
<p><a href="https://s3.amazonaws.com/static.samaritanspurse.org/occ/images/2015-occ-how-to-pack/shoebox_empty.png" target="_blank">(Cite: the internet)</a></p>
</div></div></section><section data-background-color="#efefef" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="c5a2cf06815f58aeef7d22c99ff5c3bc">
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 80px; top: 24px;" data-block-id="f36e763f022e3a676a0843ed9659480a"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h2>Containers</h2>
</div></div>
<div class="sl-block" data-block-type="image" style="width: 660px; height: 363px; left: 150px; top: 197px;" data-block-id="2cd3452c64be6e82a4492a6a6d51c886"><div class="sl-block-content" style="z-index: 12;"><img data-natural-width="320" data-natural-height="176" data-lazy-loaded="" data-src="201709-containing_security/41bdbfee7c1333d20604b26b7ed5087c.gif"></div></div>
<div class="sl-block" data-block-type="text" data-block-id="1b0f9b21474654a8a2b879f23c2c98b4" style="height: auto; min-width: 30px; min-height: 30px; width: 232px; left: 720px; top: 630px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<p><a href="http://i.imgur.com/ijajqjg.gif" target="_blank">(Cite: The Internet)</a></p>
</div></div></section><section data-background-color="#e1efba" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="9a74b051b021d729c6e6a5b166f30f21">
<div class="sl-block" data-block-type="image" data-block-id="06414d4cee7712487bd914403102eca6" style="min-width: 30px; min-height: 30px; width: 933px; height: 700px; left: 14px; top: 0px;"><div class="sl-block-content" style="z-index: 11;"><img data-natural-width="960" data-natural-height="720" style="" data-lazy-loaded="" data-src="201709-containing_security/3fd21ac5f001d8d0be7add814e4c2804.svg"></div></div></section><section class="stack" data-id="45cf8701cb11a1d3127789276da868ba"><section data-background-color="#e1efba" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="16e71e8e57b9645db80462bcd8467861">
<div class="sl-block" data-block-type="text" data-block-id="a0b0e230502f41888c149300aad0f46c" style="height: auto; min-width: 30px; min-height: 30px; width: 728px; left: 80px; top: 29px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<p><span style="font-size:1.6em">Kernel's Guarantee:</span></p>
<p><span style="font-size:1.6em"><strong>DON'T BREAK USERSPACE</strong></span></p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="d8773dc8489c0d1c74ba188d6a44e08f" style="height: auto; min-width: 30px; min-height: 30px; width: 264px; left: 108px; top: 210px;"><div class="sl-block-content fragment" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;" data-fragment-index="0">
<p>But what is there to break?</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="ebaf53955cf9a133a73ab8256d2a289b" style="height: auto; min-width: 30px; min-height: 30px; width: 673px; left: 160px; top: 280px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<ul>
<li class="fragment" data-fragment-index="1">
<a href="https://linux.die.net/man/2/syscalls" target="_blank">syscalls</a> (open, read, write, close, exec, fork, mmap, mount, stat, etc.)</li>
<li class="fragment" data-fragment-index="2"><a href="https://linux.die.net/man/7/signal" target="_blank">signals</a></li>
<li class="fragment" data-fragment-index="3">
<a href="https://linux.die.net/man/2/ioctl" target="_blank">ioctl</a>'s</li>
<li class="fragment" data-fragment-index="4">
<a href="https://linux.die.net/man/2/prctl" target="_blank">prctl</a>'s</li>
<li class="fragment" data-fragment-index="5">
<a href="https://linux.die.net/man/2/fcntl" target="_blank">fcntl</a>'s</li>
<li class="fragment" data-fragment-index="6"><a href="https://github.com/torvalds/linux/blob/master/Documentation/filesystems/sysfs.txt" target="_blank">sysfs</a></li>
<li class="fragment" data-fragment-index="7"><a href="https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt" target="_blank">procfs</a></li>
<li class="fragment" data-fragment-index="8">and more, I'm sure</li>
</ul>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="9d479c1030e12103ca0ea2d6dda04255" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 144px; top: 545px;"><div class="sl-block-content fragment" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 14;" data-fragment-index="9">
<p style="text-align: center;">It's sprawling surface to deal with</p>
</div></div></section><section data-background-color="#e1efba" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="f7616919139354d124d01b22d142898d">
<div class="sl-block" data-block-type="text" data-block-id="96778761a79b61b80b138162c8dc8e65" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 180px; top: 335px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 10;">
<p style="text-align: center;">Context of errors is in kernelspace, not userspace</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="cb5f0db8be9a510d770eb9c6e57a1454" style="height: auto; min-width: 30px; min-height: 30px; width: 232px; left: 180px; top: 140px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<p style="text-align: center;"><span style="font-size:1.6em"><strong>EPERM</strong></span></p>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; min-width: 30px; min-height: 30px; width: 194px; left: 526px; top: 140px;" data-block-id="0b01d340258eff10ce77167789f7f108"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<p style="text-align: center;"><span style="font-size:1.6em"><strong>EACCES</strong></span></p>
</div></div></section></section><section data-background-color="#cfe68f" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="61b0f0beead3f9f76ea1b5d49e122480">
<div class="sl-block" data-block-type="image" data-block-id="1d55d0873f00fcf6328d0c0a81fe8891" style="min-width: 30px; min-height: 30px; width: 933px; height: 700px; left: 14px; top: 0px;"><div class="sl-block-content" style="z-index: 12;"><img data-natural-width="960" data-natural-height="720" style="" data-lazy-loaded="" data-src="201709-containing_security/72bbef28edbf1ec1baeead757c1a5abc.svg"></div></div></section><section data-background-color="#cfe68f" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="ab2d3586f683d63fd7041b0b7d2e9660">
<div class="sl-block" data-block-type="text" data-block-id="33bb4ab285c8c199b5406713150354da" style="height: auto; min-width: 30px; min-height: 30px; width: 434px; left: 160px; top: 110px;"><div class="sl-block-content fragment" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;" data-fragment-index="0">
<p>Share the host's kernel</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="afcdcc32d2fb1049b381bdb47c3839e8" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 80px; top: 40px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<h3>Containers:</h3>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; min-width: 30px; min-height: 30px; width: 434px; left: 240px; top: 180px;" data-block-id="1156a916c3217cf25312b53ffa60588c"><div class="sl-block-content fragment" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;" data-fragment-index="1">
<p>Crashes and Exploits alike</p>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; min-width: 30px; min-height: 30px; width: 616px; left: 160px; top: 265px;" data-block-id="c631fd779bfd7386f1cba24ecf8531ce"><div class="sl-block-content fragment" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 14;" data-fragment-index="2">
<p>virtualizing by "namespacing" kernel resources and concepts</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="c85ddcf8308ac8b3e077e5891a0473e9" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 180px; top: 335px;"><div class="sl-block-content fragment" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 15;" data-fragment-index="3">
<p>Isolation by control groups, syscall filtering, and Linux Security Modules (SELinux, apparmor, etc.)</p>
</div></div></section><section class="stack" data-id="06582090ab88a3e26b5055d01927497a"><section data-background-color="#cfe68f" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="d279ac403a5cd3a2df8b451f044e49aa">
<div class="sl-block" data-block-type="text" data-block-id="fafc86c72d23003a65a317e75722de32" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 80px; top: 40px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h3>Kernel Namespaces:</h3>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="d8956f68a61a08b3fcd913310e57425f" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 160px; top: 210px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<ul>
<li><span style="font-size:1.4em">mount</span></li>
<li><span style="font-size:1.4em">IPC (message queues, semaphores, shm)</span></li>
<li><span style="font-size:1.4em">UTS (hostname)</span></li>
<li><span style="font-size:1.4em">network</span></li>
<li><span style="font-size:1.4em">PID</span></li>
<li><span style="font-size:1.4em">cgroup</span></li>
<li><span style="font-size:1.4em">user</span></li>
</ul>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="6d42efb06b8180102da4e068e2c58f89" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 160px; top: 140px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<p><a href="https://github.com/torvalds/linux/blob/master/Documentation/unshare.txt" target="_blank">unshare()</a> and <a href="http://man7.org/linux/man-pages/man7/namespaces.7.html" target="_blank">namespaces</a></p>
</div></div></section><section data-background-color="#cfe68f" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="ffe16737545c51fc8de91e5f9152b0a2">
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 80px; top: 40px;" data-block-id="d7110fd19d17021ae1f810181acd23c1"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h3>Kernel Namespaces:</h3>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="cd46bafb758293528adf8767d4d376ce" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 131px; top: 210px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<p>Orthogonal in nature</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="2e60552b7dcea63e08bf764e603afa26" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 295px; top: 320px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<p>Varying levels of maturity</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="f29a8fd8b94b6c0d93274380c182dd27" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 215px; top: 460px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 14;">
<p>Drastically increase complexity and attack surface</p>
</div></div></section><section data-background-color="#cfe68f" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="dc5e921f1e739563a1fca13139e748f2">
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 80px; top: 40px;" data-block-id="4eca72f469f8a1f50fc86e8b4dc39092"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h3>Kernel Namespaces:</h3>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 160px; top: 210px;" data-block-id="5ad833246bc3be1fa6f4f7e3974bb7b6"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<pre>User Namespace</pre>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="a6d83fda95ad3593e869a2dca039b993" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 180px; top: 280px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<ul>
<li>neat step for isolation</li>
<li>notable source of root escalations in the kernel</li>
<li>still no viable vfs solutions (apart from chown'ing)</li>
</ul>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="7d52e663ef9eda46714f37e4aa04b1ba" style="height: auto; min-width: 30px; min-height: 30px; width: 352px; left: 224px; top: 420px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 14;">
<p>OpenShift (and others) are opting for just explicitly running as non-root UID</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="7c05c34ad04ad0b7d79bfbb64518be27" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 224px; top: 490px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 15;">
<p>`runc' can now launch non-root containers directly</p>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="64de95605e599a8b0349f25de6a5cd35" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 224px; top: 530px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 16;">
<p>Access to Docker daemon means root privilege. Period.</p>
</div></div></section></section><section data-background-color="#cfe68f" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="a5ebc7ea42759f1e8f6b4bdf63b20002">
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 80px; top: 40px;" data-block-id="4e62f465f60504e0eaf1eaa331db29c1"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h3>Kernel Namespaces: PID</h3>
</div></div>
<div class="sl-block" data-block-type="image" data-block-id="aa07aac2de8575e84db45f37cade5273" style="min-width: 30px; min-height: 30px; width: 933px; height: 700px; left: 14px; top: 0px;"><div class="sl-block-content" style="z-index: 10;"><img style="" data-natural-width="960" data-natural-height="720" data-lazy-loaded="" data-src="201709-containing_security/ccc6c1f5cb558a0459d5574e88010b53.svg"></div></div></section><section class="stack" data-id="ee50be419011994f4ac94573208ff9a2"><section data-background-color="#fde2ce" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="a3a8e6083e264bb3e6b6b62ea57c7723">
<div class="sl-block" data-block-type="text" data-block-id="0913b47d03bf5c1ef16af8bd14f3e920" style="height: auto; min-width: 30px; min-height: 30px; width: 669px; left: 146px; top: 210px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<pre>LSM (Linux Security Modules)</pre>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="23f2e4b9967c3af4643fbb93b2fab6e2" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 160px; top: 280px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<ul>
<li><a href="https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html" target="_blank">Kernel Framework</a></li>
<li>There are several. Most compare SELinux vs. Apparmor</li>
<li>(Comprehensive and Complex) vs. (Simple and Narrow)</li>
<li>(RBAC and MAC) vs. (just MAC)</li>
</ul>
</div></div></section><section data-background-color="#fde2ce" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="b0b32ba663cabec5ef7658991e57b96d">
<div class="sl-block" data-block-type="text" style="height: auto; width: 669px; left: 146px; top: 210px;" data-block-id="614e3693c729de185f99825675aa50ac"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 10;">
<pre>Capabilities</pre>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 160px; top: 280px;" data-block-id="c42554aad875465c63292ef3d65aabe1"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<ul>
<li><a href="http://man7.org/linux/man-pages/man7/capabilities.7.html" target="_blank">capabilities(7)</a></li>
<li>
<a href="https://developers.redhat.com/blog/2017/02/16/find-what-capabilities-an-application-requires-to-successful-run-in-a-container/" target="_blank">Determine an application's capabilities</a> (and syscalls too)</li>
<li><a href="https://sourceware.org/systemtap/documentation.html" target="_blank">SystemTap (stap)</a></li>
<li><a href="https://01.org/linuxgraphics/gfx-docs/drm/userspace-api/no_new_privs.html" target="_blank">no_new_privs flag</a></li>
</ul>
</div></div></section><section data-background-color="#fde2ce" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="d4f69b49a5349e8460757d5dfc713ce5">
<div class="sl-block" data-block-type="text" style="height: auto; width: 669px; left: 146px; top: 210px;" data-block-id="15b8bd59a4831f193ded92f4d3c09e35"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 10;">
<pre>Syscalls</pre>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 160px; top: 280px;" data-block-id="e6b42f589bc67deef1ee1540c71f6a28"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<ul>
<li>
<em>wide</em> surface area</li>
<li>attempt at <a href="http://syscalls.kernelgrok.com/" target="_blank">syscall reference</a>
</li>
<li><a href="http://man7.org/linux/man-pages/man2/seccomp.2.html" target="_blank">seccomp(2)</a></li>
<li><a href="https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config-linux.md#seccomp" target="_blank">Container runtime configuration</a></li>
</ul>
</div></div></section><section data-background-color="#fde2ce" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="e62c8508f0610d2351dca7c8844e8005">
<div class="sl-block" data-block-type="text" style="height: auto; width: 669px; left: 146px; top: 210px;" data-block-id="ea780afb195c88ba63047bf274cc8261"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 10;" dir="ui"><pre>grsecurity</pre></div></div>
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 160px; top: 280px;" data-block-id="343a246c6c5455f092abd1564d93c24f"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<ul>
<li>paid subscription to patches</li>
<li>breaks support for kernel</li>
<li>RBAC, like SELinux</li>
</ul>
</div></div></section></section><section class="stack" data-id="d5c77ed1880aea13100ef4bc05caa9a5"><section data-background-color="#f8af78" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="e2cf8c69319d76cabe53e994c7dd67bf">
<div class="sl-block" data-block-type="text" data-block-id="5b1d750d8caafce704e1328cfebe5db4" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 80px; top: 40px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h3>Lock-Step</h3>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="9d7fd4ff208d58d603695d1a5eb8e273" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 160px; top: 210px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<pre>Audit</pre>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="5ce170db376582e19b9052097ceda15d" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 180px; top: 280px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<ul>
<li><a href="http://people.redhat.com/sgrubb/audit/" target="_blank">Linux Audit</a></li>
<li>BPF in kernel
<ul>
<li><a href="http://www.man7.org/linux/man-pages/man2/bpf.2.html" target="_blank">bpf(2)</a></li>
<li>
<a href="http://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html" target="_blank">eBPF Superpowers</a> </li>
<li><a href="http://www.brendangregg.com/ebpf.html" target="_blank">eBPF overview</a></li>
</ul>
</li>
<li>remove `docker' group. Require `sudo'</li>
<li>Container Runtime Events</li>
<li>OpenShift events and tracing</li>
<li>L7 application insights and policies</li>
</ul>
</div></div></section><section data-background-color="#f8af78" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="42f884d2298b922c6dc183e97c2d3efb">
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 80px; top: 40px;" data-block-id="849dbaf08fed0a234964c88d27a49c2f"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h3>Lock-Step</h3>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 160px; top: 210px;" data-block-id="f42fb534bb86822da3bcab2ea6341c08"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<pre>Signing
</pre>
</div></div>
<div class="sl-block" data-block-type="text" data-block-id="87e3c87f0151a5f0acd8e01b8b6f9dfc" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 180px; top: 280px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<ul>
<li>
<a href="https://github.com/containers/image/blob/master/docs/atomic-signature.md" target="_blank">simple signing</a> vs. <a href="https://docs.docker.com/notary/" target="_blank">Docker notary</a>
</li>
<li>detached, static vs. isolated service</li>
<li>your key rotation process vs. its key rotation process</li>
<li>Determine your requirements and use-cases</li>
</ul>
</div></div></section></section><section data-background-color="#f08d24" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="b11846cc3b78285d592026a1c3354810">
<div class="sl-block" data-block-type="text" style="height: auto; width: 600px; left: 80px; top: 24px;" data-block-id="496f5785ea4e5271457340ac8e0b4949"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 11;">
<h2>Cloud</h2>
</div></div>
<div class="sl-block" data-block-type="image" data-block-id="b734495f6a47aed00e767ca6fc212b43" style="min-width: 30px; min-height: 30px; width: 568px; height: 319px; left: 152px; top: 217px;"><div class="sl-block-content" style="z-index: 12;"><img style="" data-natural-width="500" data-natural-height="281" data-lazy-loaded="" data-src="201709-containing_security/64ef75dca16bff31cb46a23c074439aa.gif"></div></div>
<div class="sl-block" data-block-type="text" data-block-id="f9a472d1af9e8d75adbd9667eda9af65" style="height: auto; min-width: 30px; min-height: 30px; width: 194px; left: 760px; top: 630px;"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 13;">
<p><a href="https://m.popkey.co/8e4ec3/EjyED.gif" target="_blank">(Cite: the internet)</a></p>
</div></div></section><section data-background-color="#cc2114" data-background-image="201709-containing_security/60672f0849c5b758b11dc0905dc42c02.svg" data-id="f493b413871c1e2cc59b0016ba9f03db"><div class="sl-block" data-block-type="text" style="height: auto; min-width: 30px; min-height: 30px; width: 600px; left: 180px; top: 491px;" data-block-id="b907e1a44da82b3a5f0e3af6097b2ebf"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 10;">
<h2 style="text-align: center;">Thanks!</h2>
</div></div>
<div class="sl-block" data-block-type="text" style="height: auto; min-width: 30px; min-height: 30px; width: 800px; left: 80px; top: 294px;" data-block-id="ef51e9976de4838e5a1d814b1e95a71f"><div class="sl-block-content" data-placeholder-tag="p" data-placeholder-text="Text" style="z-index: 12;">
<h2 style="text-align:center">Vincent Batts</h2>
<h2 style="text-align:center">@vbatts| vbatts@redhat.com</h2>
</div></div></section>
</div>
</div>
<script>
var SLConfig = {"deck": {"id":1066819,"slug":"201709-containing_security","title":"Containing Security","description":"","width":960,"height":700,"visibility":"self","published_at":null,"sanitize_messages":null,"thumbnail_url":"https://s3.amazonaws.com/media-p.slid.es/thumbnails/a78fdf873797fbdaf0a1271543b0791c/thumb.jpg?618333087","view_count":9,"user":{"id":352550,"username":"vbatts","name":"Vincent Batts","description":"","thumbnail_url":"https://www.gravatar.com/avatar/a76bbb02d3ce311820f53ef484c0f8bf?s=140\u0026d=https%3A%2F%2Fstatic.slid.es%2Fimages%2Fdefault-profile-picture.png","paid":true,"pro":true,"lite":false,"team_id":32,"settings":{"id":185974,"present_controls":true,"present_upsizing":true,"present_pointer":false,"present_notes":true,"default_deck_tag_id":null},"enterprise":true,"membership":{"role":"member","manager":false,"activated":true}},"background_transition":"none","transition":"none","theme_id":176,"theme_font":"overpass2","theme_color":"no-color","auto_slide_interval":0,"comments_enabled":true,"forking_enabled":false,"rolling_links":false,"center":false,"shuffle":null,"should_loop":false,"share_notes":false,"slide_number":false,"slide_count":25,"rtl":false,"version":2,"collaborative":false,"deck_user_editor_limit":1,"data_updated_at":1504724230152,"font_typekit":null,"font_google":null,"notes":{"b7d8b0e84f42a99bd85a74cb3f49f839":"","9a31d21232bc7b9c95cf55dea8c67528":"Ask the audience to shout out some words.\nBuild system? pushing images? Immutable runtime?","92f87b47321515efd469a6b7fdd0b7b8":"Packages? \nLike distributing file systems?\nOh my god no. We _solved_ that problem already.\n\nLet's stick all these packages in an even bigger package","59c48b37c55612e6adbe6fb049eeebd3":"","ade1d1532b65f5cd89c0534356bcd58a":"It's an all new API and model for networking.\nDifficult for outside plugins to maintain their own state.\nRequires libkv integration, likely needing another daemon to the infrastructure.","b5810a00d5ba26824cc9f8c7bdc560a0":"spec-first\nStaged approach for sandbox and exec\nDefines pod for groups of applications as a service","b99e1461d3f88260c9845321cab9a9a6":"","fe0b3035817b0010681e9dcb95645309":"","3c8420c074073c8d0600122a5add94ee":"tar archives!","36ce870c10e084014b7ba91b330f8250":"Ridiculous Contentions?\nAversion to being humble?\n\nIs this about being able to have a build of an image last forever? I sure hope not.\nBut your tooling and infrastructure ought not have pervasive churn with every upstream release. ","b40af9a3eee5d605371b2434fb4b6587":"","bb89c31aabf25cfcbe365755ec9d0300":"v1 is intended to be generally the infrastructure that many have already been working on.\nOnce we're all on the same open page, then we can continue improving the baseline together.\n\nEnsuring that a \"container integration\" done today, is not _completely_ broken on the next minor release of some tool. If a switch is needed, it ought not demand re-architecture.\n\nMaybe not tarballs foreva\nAnd now Brandon announces `quayctl` that can do bittorrent replication of container images. Amazing.","31d4a1253bc0e1e7824fa7dc00e15bde":"Is this really standardized?\n\nIsn't this what folks use config management for?","4ab0867b39a2610f7393f3c017096dba":"I welcome to hear any particular wishes now. or send them to the oci-dev mailing-list","a3a8e6083e264bb3e6b6b62ea57c7723":"Role-Based Access Control (RBAC)\nMandatory Access Control (MAC)\n"}}};
SLConfig.theme = {"id":176,"created_at":"2014-05-27T12:38:16.183Z","updated_at":"2018-05-04T07:53:25.097Z","name":"Red Hat Corporate","thumbnail_url":"https://s3.amazonaws.com/media-p.slid.es/thumbnails/66755080be2b0c8c0146bfa70069ef16/thumb.jpg?1525420403","sanitize_messages":null,"slide_template_ids":[56706,56689,28642,36442,27160,26765,26762,56684,56696,56704,56703],"font_typekit":"","font_google":"","width":960,"height":700};
// Use local fonts
SLConfig.fonts_url = 'lib/fonts/';
</script>
<script src="lib/head.min.js"></script>
<script src="lib/reveal.min.js"></script>
<script src="lib/offline.js"></script>
<!-- Initialize the presentation -->
<script>
Reveal.initialize({
width: 960,
height: 700,
margin: 0.05,
controls: true,
progress: true,
history: true,
mouseWheel: false,
showNotes: false,
slideNumber: false,
autoSlide: 0 || 0,
autoSlideStoppable: true,
center: false,
shuffle: false,
loop: false,
rtl: false,
transition: "none",
backgroundTransition: "none",
dependencies: [
{ src: 'lib/reveal-plugins/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'lib/reveal-plugins/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'lib/reveal-plugins/highlight/highlight.js', async: true, callback: function() { hljs.initHighlighting(); hljs.initHighlightingOnLoad(); } },
{ src: 'lib/reveal-plugins/notes/notes.js', async: true, condition: function() { return !!document.body.classList; } },
{ src: 'lib/reveal-plugins/zoom/zoom.js', async: true }
]
});
</script>
<script id="theme-js-output" type="text/javascript">var themeHTMLOutput = document.getElementById('theme-html-output');
if( themeHTMLOutput ) {
themeHTMLOutput.innerHTML = '<link rel="stylesheet" href="https://overpassmonotest-30e2.kxcdn.com/overpass-mono.css" />';
}
// (function() {
//
// var slidesInitInterval = setInterval( function() {
// if( window.SL && window.SL.view ) {
// // If we're in the editor, wait for the Blocks controller
// // to be initialized
// if( SL.editor ) {
//
// if( SL.editor.controllers && SL.editor.controllers.Blocks && SL.editor.controllers.Blocks.textSaved ) {
// SL.editor.controllers.Blocks.textSaved.add( function( element ) {
// var html = element.html();
// html = html.replace( /(@RedHat | @redhat)/g, '@redhat' );
// html = html.replace( 'redhat.com', 'redhat.com' );
// html = html.replace( /(Red Hat|red hat|RedHat|Red hat|Redhat|redHat|red Hat)/g, '<span class="name">Red Hat</span>' );
// html = html.replace( /( redhat |redhat )/g, ' <span class="name">Red Hat</span> ' );
// html = html.replace( 'REDHAT', '<span class="name">RED HAT</span>' );
// html = html.replace( 'redhat<', '<span class="name">Red Hat</span><' );
// html = html.replace( 'openshift', '<span class="name">OpenShift</span>' );
// html = html.replace( '<span class="name"><span class="name">Red Hat</span></span>', '<span class="name">Red Hat</span>' );
// html = html.replace( 'redhat.com', 'redhat.com' );
// html = html.replace( 'REDHAT.COM', 'REDHAT.COM' );
// html = html.replace( '@redhat', '@redhat' );
// html = html.replace( /(@RedHatNews | @redhatnews)/g, '@RedHatNews' );
// html = html.replace( /(@RedHat | @redhat)/g, '@RedHatInc' );
// html = html.replace( /(RHEL-OSP|RHELOSP|Red Hat Enterprise Linux OpenStack Platform)/g, 'Red Hat OpenStack Platform' );
// html = html.replace( /(openstack |openstack|open stack|openStack|Openstack)/g, 'OpenStack' );
// html = html.replace( 'openstack', 'OpenStack' );
// html = html.replace( 'openstack<', 'OpenStack<' );
//
// element.html( html );
// } );
//
// clearInterval( slidesInitInterval );
// }
//
// }
// else {
// clearInterval( slidesInitInterval );
// }
// }
// }, 500 );
//
// })();
// piwik script
var _paq = _paq || [];
_paq.push(["trackPageView"]);
_paq.push(["enableLinkTracking"]);
(function() {
var u = (("https:" == document.location.protocol) ? "https" : "http") +
"://engstats.redhat.com/piwik/";
_paq.push(["setTrackerUrl", u+"piwik.php"]);
_paq.push(["setSiteId", "8"]);
var d=document, g=d.createElement("script"),
s=d.getElementsByTagName("script")[0]; g.type="text/javascript";
g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s);
})();
function sliceString(selector) {
var elements = document.getElementsByClassName(selector);
for (var h=0; h<elements.length; h++){
var string = elements[h].innerText,
total = string.length,
div = '';
// futile attempt to clean space
var string = elements[h].innerText.trim();
for (var i=0; i<total; i++) {
var letter = string.charAt(i);
div+= '<span class="'+letter+'">'+letter+'</span>';
}
elements[h].innerHTML = div;
}
}
sliceString('lettering');
sliceString('lettering'); //no rogue spaces when fired twice for some reason
// function sliceString(selector) {
// if (!document.querySelector) return;
// var string = document.querySelector(selector).innerText,
// total = string.length,
// html = '';
// for (var i=0; i<total; i++) {
// var letter = string.charAt(i);
// html+= '<span class="'+letter+'">'+letter+'</span>';
// }
// document.querySelector(selector).innerHTML = html;
//}
//sliceString('.lettering');</script>
</body>
</html>
View Git Blame Copy Permalink