Abstract
Big part of the modern security practices around container images is crafting minimal runtime environments. In plain language: “how little can we put into the container, and make it still do the thing we want it to do?”. Building such minimal containers is a fascinating exploration of the way dirent pieces of software work and fit together. In this talk I will explore how rust toolchain works, how we build our hardened rust images at Canonical, and what lies beyond.
Speaker Bio
Marcin Konowalczyk
By training I’m a chemist, but by passion I’m a software engineer. During my academic years I found a niche in programming custom machines and data analysis pipelines. I’ve never had a good head for complex maths, so writing little programs and simulations turned out to be my way into understanding more theoretical subjects. Following my interest in programming I’ve gone on to work as a data scientist, and then as systems/data engineer. My main programming languages are Python and Go, but I’ve engaged in a few fights with the (in)famous borrow checker. On a hobbyist front I’m particularly interested in programming language design and computational art. My favourite algorithm is the unconstrained optimisation using a simplex method.