#+TITLE: Practical, verifiable software freedom with GuixSD
#+AUTHOR: David Thompson
#+EMAIL: dthompson2@worcester.edu
#+DATE: Sunday, March 25th, 2018
#+DESCRIPTION:
#+KEYWORDS:
#+LANGUAGE:  en
#+OPTIONS:   H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
#+OPTIONS:   TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
#+EXPORT_SELECT_TAGS: export
#+EXPORT_EXCLUDE_TAGS: noexport
#+LINK_UP:
#+LINK_HOME:
#+startup: beamer
#+LaTeX_CLASS: beamer
#+LaTeX_CLASS_OPTIONS: [bigger]
#+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %4BEAMER_col(Col) %10BEAMER_extra(Extra)
#+LATEX_HEADER: \beamertemplatenavigationsymbolsempty
#+BEAMER_THEME: metropolis

* about me

  GNU Guix contributor since 2013

  GNU Guile user and contributor since 2012

  Day job: DevOps (AWS, Ruby)

* the four freedoms

  0: The freedom to run the program as you wish, for any purpose

* the four freedoms
  1: The freedom to study how the program works, and change it so it
     does your computing as you wish

* the four freedoms
  2: The freedom to redistribute copies so you can help your neighbor

* the four freedoms
  3: The freedom to distribute copies of your modified versions to
     others

* the four freedoms

  a wonderful set of rights, but often *difficult to exercise in
  practice*

* common issues

  figuring out how to view the exact source for a running program is
  tricky

  - ??

* common issues

  building from source is difficult or sometimes impossible

  - non-standard build system
  - build scripts make assumptions that aren't true for your system

* common issues

  sharing source or binaries has many pitfalls

  - dependency hell
  - incompatible libraries between systems
  - high barrier to entry for common package managers

* common issues

  trying out new stuff can lead to sadness

  - ever upgrade your distro, reboot, and get an unusable system?

* freedom: embedded

  GuixSD removes many of the common barriers that prevent users from
  exercising their four freedoms

* what is guixsd?

  <logo>

  fully-free GNU/Linux distribution with an advanced package
  manager and system upgrade mechanism

* what is guix?

  GuixSD's package manager

  “functional” package manager

  atomic updates and rollbacks

* unprivileged package management

  Users can build and install software *without root privileges*

  tired: =sudo apt install emacs=

  wired: =guix package -i emacs=

* unprivileged package management

  Each user may have one or more “profiles”, a union of many packages.

  Use cases:

  - Alyssa and Ben use different versions of Emacs
  - Alyssa hacks on 2 Ruby projects that require different versions

* experiment without fear

  =guix package --upgrade emacs=

  oh no, the new version of Emacs is broken!

  =guix package --roll-back=

* experiment without fear

  =guix system reconfigure=

  oh no, the latest GuixSD updates broke my system!

  <image of grub menu with older generations?>

* inspecting source code

  quickly grab the source code for a package

  =guix build --source gimp=

* inspecting dependency graph

  =guix graph=

  <small dependency graph image>

* sharing system configurations

  <minimal code example here>

* sharing packages

  =guix build -L ~/daves-packages foo=

  <minimal package example>

* sharing development environments

  #+BEGIN_SRC scheme
    (use-modules (guix profiles)
                 (gnu packages base)
                 (gnu packages guile))

    (packages->manifest
     (list gnu-make
           guile-2.2
           guile-syntax-highlight
           haunt))
  #+END_SRC

  use it:

  =guix environment --manifest=guix.scm=

* sharing binaries

  start a server to share your builds:

  #+BEGIN_SRC sh
    guix publish
  #+END_SRC

  have a friend download them:

  #+BEGIN_SRC sh
    guix build \
         --substitute-urls=http://guix.example.com:8080 \
         hello
  #+END_SRC

* reproducible builds

  reproducible builds produce *bit-identical binaries* when performed
  multiple times under the same conditions.

  requires fixing issues in upstream build systems that are
  nondeterministic.

* reproducible builds

  this is a *cross-distro effort*, but Guix facilitates
  reproducibility more than others

  see Chris Lamb's talk /You think you're not a target? A tale of
  three developers.../ from yesterday for more perspective

* reproducible builds

  is this build reproducible on my machine?

  =guix build --rounds=3 hello=

* challenge authority

  is this build reproducible on many machines?

  is this build compromised?

  =guix challenge=

* customize packages

  show me how Ruby is built:

  #+BEGIN_SRC sh
    export EDITOR=emacs
    guix edit ruby
  #+END_SRC

* customize packages

  let's make some changes!

  #+BEGIN_SRC sh
    git clone https://git.savannah.gnu.org/git/guix.git
    cd guix
    guix environment guix
    ./configure
    make
    guix build ruby
  #+END_SRC

* interoperate with other systems

  need a Docker image?

  =guix pack --format=docker guile emacs geiser=

  \tiny(see /Solving the deployment crisis with GNU Guix/ from
  LibrePlanet 2016 for reasons why Docker may not be so great)

* extending guix

  GuixSD is essentially a big Scheme library

  easy to write new tools that use the exact same APIs that the core
  Guix tools use

* literally: embedded

  GuixSD now runs on the Beaglebone Black single-board computer!

* the freedom to contribute

  GNU Guix is a welcoming community:

  - we have a *code of conduct* and *enforce* it
  - we have started seeking new contributors via *Outreachy*
  - we participate in *Google Summer of Code* every year
  - oh, and no copyright assignment (in case you were wondering)

  join us!

* thanks!

  \begin{center}
  docs, past talks, source code, mailing list/IRC info, etc.:
  \huge{\textbf{https://gnu.org/s/guix}}
  \end{center}

* credits

  Copyright 2018 David Thompson

  Licensed under Creative Commons Attribution Share-Alike 4.0