Interview with Richard Brown
Resurrecting dinosaurs, what can possibly go wrong?. How Containerised Applications could eat our users.
Richard Brown will give a talk about Resurrecting dinosaurs, what can possibly go wrong?. How Containerised Applications could eat our users. at FOSDEM 2017.
Q: Could you briefly introduce yourself?
Hi, I’m Richard Brown, a Linux geek currently living in Nuremberg. I’ve been a contributor to the openSUSE Project for over 10 years, a project which I am now also the Chairperson of. For just over 3 years I’ve also been working at SUSE as a Senior QA Engineer, working with the SLE family of products and the openQA testing platform. I’m a passionate Linux advocate who uses openSUSE Tumbleweed & Leap extensively for Dev, Test, Production & Entertainment, while also keeping a close eye on and collaborate with other distributions and upstream projects, after all that’s what being part of a community is all about.
Q: What will your talk be about, exactly? Why this topic?
I will be talking about the proliferation of Containerised Applications, some of the benefits and risks they bring, and discuss how they transfer responsibilities traditionally held by Linux distributions towards Containerised Application developers. I then intend to give some advice and guidance on how these developers might be able to cope with their newfound responsibilities by sharing lessons learned from years of dealing with similar issues in the world of Linux distributions.
I think these technologies are amazingly exciting and are already having a positive effect on the Free/Open Source Software ecosystem, but as with many exciting technologies I think collectively we’ve started answering the question of “can we do this thing?” before properly answering “how?” or even “should we?”. I’m passionate to speak up to ensure that we consider a broader perspective before ultimately our users start getting eaten by the problems we’re responsible for creating.
Q: What do you hope to accomplish by giving this talk? What do you expect?
I’m hoping to start a debate on the points I’m going to raise and ideally I’d like to see collective steps being taken to address them. This could be as simple as individuals keeping the topics in mind as they use these technologies, it could be something more broader with cross-project collaboration, I guess it depends on how many people agree with what I’ll have to say.
Q: Why are containerised application technologies like AppImage, Snappy and Flatpak becoming so popular during the last years?
They make a lot of very exciting promises about software delivery and security. Who can’t be excited about the idea of distribution or platform neutral applications that don’t need packagers to put together for your distribution of choice? No more having to worry about distribution dependencies, just put everything you need in a single blob and away you go. And then run that in a nice safe sandbox so users don’t have to worry about the software being malicious. The promises are big, exciting, and if they can deliver all they promise, whatever issues they bring with them are probably worth dealing with, but they still need to be dealt with.
Q: What are some of the most important issues and risks these technologies bring to the table?
Generally speaking the big risk I see is the transference of responsibility for library maintenance & updates away from the distributions that do it currently and onto the individual application developers. This is a very important role in regards to not only ensure the application works on the user’s choice of platform, but also the security of the user and their data. As the reality of these technologies is that the sandboxing is not wholly sufficient to ensure 100% portability or 100% isolation, these responsibilities really need to be made clear even if they burst the myth that Containerised Applications are ‘less work’ for app developers.
Q: How could software developers benefit from containerised application technologies while minimising the risks associated with it?
I’ll save this answer for my session, thanks :)
Q: Have you enjoyed previous FOSDEM editions?
Thoroughly. FOSDEM is one of few conferences I will always attend every year, come rain or shine or snow. I’m thoroughly excited to be presenting in the Main Track this year and look forward to seeing everyone there.
Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.