summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <smcv@collabora.com>2017-08-03 19:09:32 (GMT)
committerSimon McVittie <smcv@collabora.com>2017-08-03 19:09:32 (GMT)
commit7c411e62fdeab545697f1d5f71f5bf993cfe9b26 (patch)
tree3528e1b85f887ba94f5feec97150cc75dd73d35f
parentb0d91d6193813569c2a237640ed373e6db334c5d (diff)
downloaddc17-7c411e62fdeab545697f1d5f71f5bf993cfe9b26.tar.gz
dc17-7c411e62fdeab545697f1d5f71f5bf993cfe9b26.tar.xz
Write more talk
-rw-r--r--Makefile8
-rw-r--r--aisle-cropped.jpgbin0 -> 200226 bytes
-rw-r--r--aisle.jpgbin0 -> 352506 bytes
-rw-r--r--bubblewrap.jpgbin40239 -> 96038 bytes
-rw-r--r--flatpack.jpgbin0 -> 69024 bytes
-rw-r--r--helping.jpgbin0 -> 182823 bytes
-rw-r--r--openlogo.svg154
-rw-r--r--presentation.md759
-rw-r--r--rubbish-cropped.jpgbin0 -> 407939 bytes
-rw-r--r--rubbish.jpgbin0 -> 738810 bytes
l---------s51
-rw-r--r--s5/default/COLLABORA_01_RGB.pngbin0 -> 25365 bytes
-rw-r--r--s5/default/COLLABORA_03-400px.pngbin0 -> 12473 bytes
l---------s5/default/blank.gif1
l---------s5/default/bodybg.gif1
-rw-r--r--s5/default/debian.pngbin0 -> 17673 bytes
l---------s5/default/framing.css1
l---------s5/default/iepngfix.htc1
l---------s5/default/opera.css1
l---------s5/default/outline.css1
l---------s5/default/pretty-default.css1
-rw-r--r--s5/default/pretty.css47
l---------s5/default/print.css1
l---------s5/default/s5-core.css1
l---------s5/default/slides.css1
l---------s5/default/slides.js1
-rw-r--r--thinking-with-portals-cropped.jpgbin0 -> 78904 bytes
-rw-r--r--thinking-with-portals.jpgbin0 -> 140715 bytes
-rw-r--r--throne.jpgbin0 -> 108408 bytes
29 files changed, 911 insertions, 69 deletions
diff --git a/Makefile b/Makefile
index ae0a564..016d59a 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ all: out/presentation.html
resources = bubblewrap.jpg
-out/presentation.html: presentation.md Makefile
- mkdir -p $(dir $@)
- cp $(resources) $(dir $@)/
- pandoc --standalone --self-contained -f markdown -t s5 -o $@ $<
+out/presentation.html: presentation.md Makefile $(wildcard s5/*)
+ @mkdir -p $(dir $@)
+ @cp $(resources) $(dir $@)/
+ @pandoc --standalone --self-contained -f markdown -t s5 -o $@ $<
diff --git a/aisle-cropped.jpg b/aisle-cropped.jpg
new file mode 100644
index 0000000..3749452
--- /dev/null
+++ b/aisle-cropped.jpg
Binary files differ
diff --git a/aisle.jpg b/aisle.jpg
new file mode 100644
index 0000000..7b6a467
--- /dev/null
+++ b/aisle.jpg
Binary files differ
diff --git a/bubblewrap.jpg b/bubblewrap.jpg
index d3c243d..5b0b740 100644
--- a/bubblewrap.jpg
+++ b/bubblewrap.jpg
Binary files differ
diff --git a/flatpack.jpg b/flatpack.jpg
new file mode 100644
index 0000000..b3563af
--- /dev/null
+++ b/flatpack.jpg
Binary files differ
diff --git a/helping.jpg b/helping.jpg
new file mode 100644
index 0000000..ed3860c
--- /dev/null
+++ b/helping.jpg
Binary files differ
diff --git a/openlogo.svg b/openlogo.svg
new file mode 100644
index 0000000..f0ffd18
--- /dev/null
+++ b/openlogo.svg
@@ -0,0 +1,154 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 10.0, SVG Export Plug-In . SVG Version: 3.0.0 Build 77) -->
+
+<svg
+ xmlns:ns0="http://ns.adobe.com/SaveForWeb/1.0/"
+ xmlns:ns="http://ns.adobe.com/Variables/1.0/"
+ xmlns:i="http://ns.adobe.com/AdobeIllustrator/10.0/"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ i:viewOrigin="251 467"
+ i:rulerOrigin="0 0"
+ i:pageBounds="0 792 612 0"
+ width="108.758"
+ height="144.133"
+ viewBox="0 0 108.758 144.133"
+ overflow="visible"
+ enable-background="new 0 0 108.758 144.133"
+ xml:space="preserve"
+ version="1.1"
+ id="svg45"
+ sodipodi:docname="openlogo.svg"
+ inkscape:version="0.92.2pre0 (973e216, 2017-07-25)"><defs
+ id="defs49" /><sodipodi:namedview
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1"
+ objecttolerance="10"
+ gridtolerance="10"
+ guidetolerance="10"
+ inkscape:pageopacity="0"
+ inkscape:pageshadow="2"
+ inkscape:window-width="1920"
+ inkscape:window-height="1016"
+ id="namedview47"
+ showgrid="false"
+ inkscape:zoom="2.3156002"
+ inkscape:cx="-46.778316"
+ inkscape:cy="72.066498"
+ inkscape:window-x="0"
+ inkscape:window-y="27"
+ inkscape:window-maximized="1"
+ inkscape:current-layer="svg45" /><metadata
+ id="metadata2"><ns:variableSets><ns:variableSet
+ varSetName="binding1"
+ locked="none"><ns:variables /><ns:sampleDataSets /></ns:variableSet></ns:variableSets><ns0:sfw><ns0:slices /><ns0:sliceSourceBounds
+ y="322.867"
+ x="251"
+ width="108.758"
+ height="144.133"
+ bottomLeftOrigin="true" /></ns0:sfw><rdf:RDF><cc:Work
+ rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><g
+ id="g4596"
+ transform="translate(-132.14715,39.730519)"
+ inkscape:export-xdpi="200.14195"
+ inkscape:export-ydpi="200.14195"><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path4"
+ d="m 60.969,47.645 c -1.494,0.02 0.281,0.768 2.232,1.069 0.541,-0.422 1.027,-0.846 1.463,-1.26 -1.213,0.297 -2.449,0.304 -3.695,0.191"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path6"
+ d="m 68.986,45.646 c 0.893,-1.229 1.541,-2.573 1.77,-3.963 -0.201,0.99 -0.736,1.845 -1.244,2.749 -2.793,1.759 -0.264,-1.044 -0.002,-2.111 -3.002,3.783 -0.414,2.268 -0.524,3.325"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path8"
+ d="m 71.949,37.942 c 0.182,-2.691 -0.529,-1.839 -0.768,-0.814 0.278,0.146 0.499,1.898 0.768,0.814"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path10"
+ d="m 55.301,1.163 c 0.798,0.142 1.724,0.252 1.591,0.443 0.876,-0.193 1.073,-0.367 -1.591,-0.443"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path12"
+ d="M 56.893,1.606 56.332,1.723 56.855,1.675 56.893,1.606"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path14"
+ d="m 81.762,38.962 c 0.09,2.416 -0.705,3.59 -1.424,5.666 l -1.293,0.643 c -1.057,2.054 0.105,1.304 -0.652,2.937 -1.652,1.467 -5.006,4.589 -6.08,4.875 -0.785,-0.017 0.531,-0.926 0.703,-1.281 -2.209,1.516 -1.773,2.276 -5.152,3.199 L 67.766,54.78 c -8.33,3.92 -19.902,-3.847 -19.75,-14.443 -0.088,0.672 -0.253,0.504 -0.437,0.774 -0.43,-5.451 2.518,-10.926 7.49,-13.165 4.863,-2.406 10.564,-1.42 14.045,1.829 -1.912,-2.506 -5.721,-5.163 -10.232,-4.917 -4.421,0.072 -8.558,2.881 -9.938,5.932 -2.264,1.425 -2.528,5.496 -3.514,6.242 -1.329,9.76 2.497,13.975 8.97,18.936 1.016,0.686 0.286,0.791 0.422,1.313 -2.15,-1.006 -4.118,-2.526 -5.738,-4.387 0.86,1.257 1.787,2.479 2.986,3.439 -2.029,-0.685 -4.738,-4.913 -5.527,-5.085 3.495,6.258 14.178,10.975 19.775,8.634 -2.59,0.096 -5.879,0.053 -8.787,-1.022 -1.225,-0.629 -2.884,-1.93 -2.587,-2.173 7.636,2.851 15.522,2.158 22.128,-3.137 1.682,-1.31 3.518,-3.537 4.049,-3.567 -0.799,1.202 0.137,0.578 -0.477,1.639 1.672,-2.701 -0.729,-1.1 1.73,-4.664 l 0.908,1.25 c -0.34,-2.244 2.785,-4.966 2.467,-8.512 0.717,-1.084 0.799,1.168 0.039,3.662 1.055,-2.767 0.279,-3.212 0.549,-5.496 0.291,0.768 0.678,1.583 0.875,2.394 -0.688,-2.675 0.703,-4.503 1.049,-6.058 -0.342,-0.15 -1.061,1.182 -1.227,-1.976 0.025,-1.372 0.383,-0.719 0.52,-1.057 -0.268,-0.155 -0.975,-1.207 -1.404,-3.224 0.309,-0.475 0.832,1.229 1.256,1.298 -0.273,-1.603 -0.742,-2.826 -0.762,-4.057 -1.24,-2.59 -0.439,0.346 -1.443,-1.112 -1.32,-4.114 1.094,-0.955 1.258,-2.823 1.998,2.895 3.137,7.385 3.662,9.244 -0.4,-2.267 -1.045,-4.464 -1.834,-6.589 0.609,0.257 -0.979,-4.663 0.791,-1.405 C 87.189,15.552 81,9.062 75.305,6.018 76,6.655 76.879,7.455 76.565,7.581 73.731,5.896 74.229,5.763 73.823,5.051 71.518,4.112 71.364,5.128 69.839,5.053 65.489,2.745 64.651,2.99 60.648,1.546 L 60.83,2.398 C 57.949,1.438 57.473,2.76 54.36,2.4 54.171,2.253 55.358,1.864 56.336,1.723 53.55,2.091 53.68,1.173 50.954,1.824 51.625,1.353 52.337,1.04 53.053,0.64 50.782,0.778 47.629,1.962 48.602,0.884 44.897,2.538 38.316,4.859 34.623,8.322 L 34.507,7.546 c -1.692,2.031 -7.379,6.066 -7.832,8.699 l -0.453,0.105 c -0.879,1.491 -1.45,3.18 -2.148,4.713 -1.151,1.963 -1.688,0.756 -1.524,1.064 -2.265,4.592 -3.392,8.45 -4.363,11.616 0.692,1.035 0.017,6.232 0.278,10.391 -1.136,20.544 14.418,40.489 31.42,45.093 2.492,0.893 6.197,0.861 9.349,0.949 -3.718,-1.064 -4.198,-0.563 -7.822,-1.826 -2.613,-1.232 -3.185,-2.637 -5.037,-4.244 l 0.733,1.295 c -3.63,-1.285 -2.111,-1.59 -5.065,-2.525 l 0.783,-1.021 c -1.177,-0.09 -3.117,-1.982 -3.647,-3.033 l -1.288,0.051 c -1.546,-1.906 -2.371,-3.283 -2.31,-4.35 l -0.416,0.742 c -0.471,-0.809 -5.691,-7.158 -2.983,-5.68 -0.503,-0.458 -1.172,-0.747 -1.897,-2.066 l 0.551,-0.629 c -1.301,-1.677 -2.398,-3.826 -2.314,-4.542 0.695,0.938 1.177,1.114 1.655,1.275 -3.291,-8.164 -3.476,-0.449 -5.967,-8.31 l 0.526,-0.042 c -0.403,-0.611 -0.65,-1.27 -0.974,-1.919 l 0.23,-2.285 c -2.368,-2.736 -0.662,-11.645 -0.319,-16.53 0.235,-1.986 1.977,-4.101 3.3,-7.418 l -0.806,-0.138 c 1.542,-2.688 8.802,-10.799 12.166,-10.383 1.629,-2.046 -0.324,-0.008 -0.643,-0.522 3.579,-3.703 4.704,-2.616 7.119,-3.283 2.603,-1.545 -2.235,0.604 -1.001,-0.589 4.503,-1.149 3.19,-2.614 9.063,-3.197 0.62,0.352 -1.437,0.544 -1.953,1.001 3.75,-1.836 11.869,-1.417 17.145,1.018 6.117,2.861 12.994,11.314 13.266,19.267 l 0.309,0.083 c -0.156,3.162 0.484,6.819 -0.627,10.177 l 0.751,-1.591"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path16"
+ d="m 44.658,49.695 -0.211,1.047 c 0.983,1.335 1.763,2.781 3.016,3.821 -0.902,-1.759 -1.571,-2.486 -2.805,-4.868"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path18"
+ d="m 46.979,49.605 c -0.52,-0.576 -0.826,-1.268 -1.172,-1.956 0.33,1.211 1.006,2.252 1.633,3.312 l -0.461,-1.356"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path20"
+ d="m 88.063,40.675 -0.219,0.552 c -0.402,2.858 -1.273,5.686 -2.605,8.309 1.472,-2.767 2.421,-5.794 2.824,-8.861"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path22"
+ d="M 55.598,0.446 C 56.607,0.077 58.08,0.243 59.154,0 57.756,0.117 56.365,0.187 54.992,0.362 l 0.606,0.084"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path24"
+ d="m 20.127,19.308 c 0.233,2.154 -1.62,2.991 0.41,1.569 1.09,-2.454 -0.424,-0.677 -0.41,-1.569"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path26"
+ d="m 17.739,29.282 c 0.469,-1.437 0.553,-2.299 0.732,-3.132 -1.293,1.654 -0.596,2.007 -0.732,3.132"
+ i:knockout="Off" /></g><g
+ id="g4605"
+ transform="matrix(1.4804637,0,0,1.4804637,-161.72304,-17.378282)"
+ inkscape:export-xdpi="200.14195"
+ inkscape:export-ydpi="200.14195"><path
+ inkscape:connector-curvature="0"
+ id="path28"
+ d="m 100.16109,72.372227 c -0.045,0.047 -0.045,7.506 -0.138,9.453 -0.092,1.574 -0.232003,4.957 -3.568003,4.957 -3.428996,0 -4.262996,-3.939 -4.540996,-5.652 -0.324,-1.9 -0.324,-3.477 -0.324,-4.17 0,-2.225 0.139,-8.436 5.374996,-8.436 1.576,0 2.456,0.465 3.151003,0.834 z m -13.436999,5.469 c 0,13.066 6.950996,13.066 7.969996,13.066 2.873,0 4.727,-1.576 5.514003,-4.309 l 0.093,4.123 c 0.881,-0.047 1.761,-0.139 3.197,-0.139 0.51,0 0.926,0 1.298,0.047 0.371,0 0.741,0.045 1.158,0.092 -0.741,-1.482 -1.297,-4.818 -1.297,-12.049 0,-7.043 0,-18.951 0.602,-22.566 -1.667,0.789 -3.105,1.299 -6.256003,1.576 1.251003,1.344 1.251003,2.039 1.251003,8.154 -0.879003,-0.277 -1.992003,-0.602 -3.892003,-0.602 -8.293996,10e-4 -9.637996,7.23 -9.637996,12.607"
+ i:knockout="Off" /><path
+ inkscape:connector-curvature="0"
+ id="path30"
+ d="m 111.85409,75.475227 c 0.047,-3.846 0.835,-7.275 4.124,-7.275 3.615,0 3.891,3.984 3.799,7.275 z m 12.51,0.465 c 0,-5.422 -1.065,-10.752 -7.923,-10.752 -9.452,0 -9.452,10.475 -9.452,12.697 0,9.406 4.216,13.113 11.306,13.113 3.149,0 4.68,-0.461 5.514,-0.695 -0.046,-1.668 0.185,-2.734 0.465,-4.17 -0.975,0.604 -2.226,1.391 -5.006,1.391 -7.229,0 -7.322,-6.582 -7.322,-8.852 h 12.328 l 0.09,-2.732"
+ i:knockout="Off" /><path
+ inkscape:connector-curvature="0"
+ id="path32"
+ d="m 139.43909,77.932227 c 0,4.309 -0.787,10.102 -6.162,10.102 -0.742,0 -1.668,-0.141 -2.27,-0.279 -0.093,-1.668 -0.093,-4.541 -0.093,-7.877 0,-3.986 0.416,-6.068 0.742,-7.09 0.972,-3.289 3.15,-3.334 3.566,-3.334 3.522,0 4.217,4.865 4.217,8.478 z m -13.298,5.051 c 0,3.43 0,5.375 -0.556,6.857 1.9,0.742 4.262,1.158 7.09,1.158 1.807,0 7.043,0 9.869,-5.791 1.344,-2.688 1.807,-6.303 1.807,-9.037 0,-1.668 -0.186,-5.328 -1.529,-7.646 -1.296,-2.176 -3.382,-3.289 -5.605,-3.289 -4.449,0 -5.746,3.707 -6.44,5.607 0,-2.363 0.045,-10.611 0.415,-14.828 -3.011,1.391 -4.866,1.621 -6.857,1.807 1.807,0.74 1.807,3.801 1.807,13.764 v 11.398"
+ i:knockout="Off" /><path
+ inkscape:connector-curvature="0"
+ id="path34"
+ d="m 153.25909,90.721227 c -0.928,-0.139 -1.578,-0.232 -2.922,-0.232 -1.48,0 -2.502,0.094 -3.566,0.232 0.463,-0.881 0.648,-1.299 0.787,-4.309 0.186,-4.125 0.232,-15.154 -0.092,-17.471 -0.232,-1.762 -0.648,-2.039 -1.297,-2.502 3.799,-0.371 4.865,-0.648 6.625,-1.482 -0.369,2.037 -0.418,3.059 -0.418,6.162 -0.091,15.989 -0.138,17.702 0.883,19.602"
+ i:knockout="Off" /><path
+ inkscape:connector-curvature="0"
+ id="path36"
+ d="m 168.09709,77.606227 c -0.092,2.92 -0.139,4.959 -0.928,6.58 -0.973,2.086 -2.594,2.688 -3.799,2.688 -2.783,0 -3.383,-2.316 -3.383,-4.586 0,-4.355 3.893,-4.682 5.652,-4.682 z m -12.744,5.701 c 0,2.92 0.881,5.838 3.477,7.09 1.158,0.51 2.316,0.51 2.688,0.51 4.264,0 5.699,-3.152 6.58,-5.098 -0.047,2.039 0,3.289 0.139,4.912 0.834,-0.047 1.668,-0.139 3.059,-0.139 0.787,0 1.529,0.092 2.316,0.139 -0.51,-0.787 -0.787,-1.252 -0.928,-3.059 -0.092,-1.76 -0.092,-3.521 -0.092,-5.977 l 0.047,-9.453 c 0,-3.523 -0.928,-6.998 -7.879,-6.998 -4.586,0 -7.273,1.391 -8.617,2.086 0.557,1.02 1.02,1.898 1.436,3.893 1.809,-1.576 4.172,-2.41 6.58,-2.41 3.848,0 3.848,2.549 3.848,6.162 -0.881,-0.045 -1.623,-0.137 -2.875,-0.137 -5.887,0.001 -9.779,2.268 -9.779,8.479"
+ i:knockout="Off" /><path
+ inkscape:connector-curvature="0"
+ id="path38"
+ d="m 194.78709,86.134227 c 0.047,1.576 0.047,3.244 0.695,4.588 -1.021,-0.092 -1.623,-0.232 -3.521,-0.232 -1.113,0 -1.715,0.094 -2.596,0.232 0.184,-0.602 0.279,-0.834 0.371,-1.623 0.139,-1.064 0.232,-4.633 0.232,-5.885 v -5.004 c 0,-2.178 0,-5.33 -0.141,-6.441 -0.092,-0.787 -0.322,-2.918 -3.012,-2.918 -2.641,0 -3.521,1.945 -3.846,3.521 -0.369,1.621 -0.369,3.383 -0.369,10.24 0.045,5.932 0.045,6.486 0.508,8.109 -0.787,-0.092 -1.76,-0.184 -3.15,-0.184 -1.113,0 -1.854,0.045 -2.779,0.184 0.324,-0.742 0.51,-1.113 0.602,-3.707 0.094,-2.549 0.279,-15.061 -0.141,-18.025 -0.23,-1.809 -0.695,-2.225 -1.203,-2.688 3.754,-0.186 4.957,-0.789 6.117,-1.389 v 4.91 c 0.555,-1.438 1.713,-4.635 6.348,-4.635 5.793,0 5.838,4.217 5.885,6.996 v 13.951"
+ i:knockout="Off" /><path
+ style="fill:#a80030"
+ inkscape:connector-curvature="0"
+ id="path40"
+ d="m 153.65009,58.399227 -3.838,3.836 -3.836,-3.836 3.836,-3.836 3.838,3.836"
+ i:knockout="Off" /></g></svg> \ No newline at end of file
diff --git a/presentation.md b/presentation.md
index 08c48e4..edc5eed 100644
--- a/presentation.md
+++ b/presentation.md
@@ -1,42 +1,37 @@
% A Debian maintainer's guide to Flatpak
-% Simon McVittie <<!---->smcv@{collabora.com,debian.org}>
+% Simon McVittie, `smcv@{collabora.com,debian.org}`
% DebConf 17, Montreal
-# Introduction
-
-# hello && whoami
+# `hello && whoami`
* developer at Collabora
* open source consultancy
* I mostly work on Debian derivatives and the Freedesktop/GNOME stack
* Debian maintainer of the Flatpak stack and D-Bus
-
-. . .
-
-* … and the Quake series
+ * co-maintainers welcome!
# Introduction to Flatpak
* a sandboxed app framework for Linux
-* formerly xdg-app
+* formerly `xdg-app`
. . .
-* yes, the name is an Ikea reference
+* yes, the name is an IKEA reference
# Introduction to Flatpak
* app
- * as in “/usr/share/applications”
+ * as in `/usr/share/applications`
* … and “app store”
. . .
* sandboxed
* you trust them enough to use them
- * but not necessarily enough to give them access to ~/.gnupg
+ * but not necessarily enough to give them access to `~/.gnupg`
. . .
@@ -47,18 +42,21 @@
# Apps and runtimes
-# Linux desktops are a moving target
+![Fig.1. A stable flat-pack-based platform](helping.jpg){ width=480px height=360px }
+
+# Linux desktops: a moving target
ISVs can't target “generic Linux” like they can target Windows or OS X
-# ~~Linux desktops are a moving target~~
+# ~~Linux desktops: a moving target~~
I think you'll find it's a little more complicated than that
-# Linux desktops are lots of orthogonal moving targets
+# Many orthogonal moving targets
* Version numbers don't line up
- * does this distribution use libjpeg6 or libjpeg8?
+ * does this distribution use `libjpeg.so.62` or `libjpeg.so.8`?
+ * and is it IJG or `libjpeg-turbo`?
* SDL 1 or SDL 2 or both?
* GTK+ 2 or GTK+ 3 or both?
* which GTK+ 3? (subtle behaviour changes)
@@ -66,16 +64,17 @@ I think you'll find it's a little more complicated than that
* and that's before we get into GNOME vs KDE vs (etc.)
-# Traditional answer: a baseline version
+# Traditional answer
* Pick a baseline version from the distant past
* Assume the most common libraries are installed
* Traditionally an ancient version of Red Hat
- * Steam uses the Steam Runtime, based on a 5 year old copy of Ubuntu
* The LSB defines a standard baseline version
* but there isn't much in it
- * go to FIXME's talk on FIXME to learn why Debian doesn't
- really support this any more
+ * go to Didier Raboud's talk on Saturday!
+ * Steam uses the Steam Runtime, based on a 5 year old copy of Ubuntu
+
+# Traditional answer
* When we add a feature, ISVs don't get to use it for several years
* Ensures they have “the platform problem”
@@ -86,13 +85,13 @@ I think you'll find it's a little more complicated than that
they **still** don't get to rely on that for several years
* Disincentive to do the right thing
-# Traditional answer: bundled libraries
+# Other traditional answer
* Bundle everything that isn't in that baseline
* Simplest case: statically linked binaries bundle literally everything
* except for NSS and other plugins
- * -rpath $ORIGIN/../lib
- * LD_LIBRARY_PATH
+ * `-rpath $ORIGIN/../lib`
+ * `LD_LIBRARY_PATH`
* The app vendor is responsible for keeping up with security updates
* Spoilers: they don't
@@ -105,61 +104,67 @@ I think you'll find it's a little more complicated than that
# Flatpak runtimes
-* Basically a small /usr (with the /usr merge)
+* Basically a small `/usr` (with the `/usr` merge)
* Anyone can publish a runtime
* Set of libraries chosen by the runtime maintainer
* Versions chosen by the runtime maintainer
- * Flatpak app doesn't see the real /usr
+ * Flatpak app doesn't see the real `/usr`
* No development tools
* No package manager
* No init/boot/sysadmin layer
* Conventionally, com.example.Platform
+# Flatpak runtimes
+
+* Demo: Minetest
+
# Flatpak reference runtimes
* Reference runtimes from the author of Flatpak
* Yocto base system
- * org.freedesktop.Platform
+ * `org.freedesktop.Platform`
* base system + Python + common libraries
- * org.gnome.Platform
- * org.freedesktop.Platform + more GNOME libraries
+ * `org.gnome.Platform`
+ * `org.freedesktop.Platform` + more GNOME libraries
. . .
* Experimental KDE runtime
- * Like org.gnome.Platform, but with less GNOME and more KDE
+ * Like `org.gnome.Platform`, but with less GNOME and more KDE
# Flatpak SDKs
-* A larger /usr, with developer tools
+* A larger `/usr`, with developer tools
* compiler
* header files
* static libraries
* strace
-* foo.Sdk conventionally goes with foo.Platform
+* `foo.Sdk` conventionally goes with `foo.Platform`
# Flatpak runtime versioning
* Each runtime has *branches*
* An app depends on a specific branch
- * org.gnome.gedit//stable depends on org.gnome.Platform//3.24
+ * `org.gnome.gedit//stable` depends on `org.gnome.Platform//3.24`
. . .
* Examples
- * org.gnome.Platform//3.24
- * org.fedoraproject.Platform//26 (FIXME?)
- * net.debian.flatpak.Games.Platform//stretch
+ * `org.gnome.Platform//3.24`
+ * `org.fedoraproject.Platform//26`
+ * `net.debian.flatpak.Games.Platform//stretch`
. . .
* One runtime per branch per architecture
- * org.gnome.Platform/x86_64/3.24, etc.
+ * `org.gnome.Platform/x86_64/3.24`, etc.
+
+# The long tail
-# … but not everything will be in a runtime?
+* Will everything be available in a runtime?
* Probably not
* We have to draw a line somewhere
@@ -170,50 +175,111 @@ I think you'll find it's a little more complicated than that
* Uncommon libraries
* Libraries where the latest version is needed
+. . .
+
* The app vendor is still responsible for keeping bundled libraries up to date
* but there are fewer of them because larger runtimes are available
- * and if they're vulnerable, the sandboxing mitigates attacks[1]
+ * and if they're vulnerable, the sandboxing mitigates attacks^1^
. . .
-[1] eventually
+^1^ eventually
-# App appears in /app
+# App appears in `/app`
-* Canonically, you recompile with --prefix=/app
+* Canonically, you recompile with `--prefix=/app`
* Do the same for bundled libraries
-* Flatpak sets common environment variables to include /app
- * PATH
- * LD_LIBRARY_PATH
- * XDG_*_DIRS
- * SHELL
+* Flatpak sets common environment variables to include `/app`
+ * `PATH`
+ * `LD_LIBRARY_PATH`
+ * `XDG_*_DIRS`
+ * `SHELL`
-# App appears in /app
+# App appears in `/app`
* Flatpak runtimes can set environment variables for their own libraries
- * Runtimes with GNOME libraries set GI_TYPELIB_PATH, GST_PLUGIN_SYSTEM_PATH
+ * Runtimes with GNOME libraries set `GI_TYPELIB_PATH`,
+ `GST_PLUGIN_SYSTEM_PATH`
* SDK sets development environment variables
- * PKG_CONFIG_PATH
- * LDFLAGS
- * C_INCLUDE_PATH
+ * `PKG_CONFIG_PATH`
+ * `LDFLAGS`
+ * `C_INCLUDE_PATH`
* etc.
-# App appears in /app
+# App appears in `/app`
-* /app is the same length as /usr
+* `/app` is the same length as `/usr`
* As a last resort, this is good for binary editing
* The app does *not* need to be fully relocatable
- * Never relocated to /home/jsmith/local or similar
+ * Never relocated to `/home/jsmith/local` or similar
+
+# How runtimes work
+
+* `ostree`: like git, but for `/usr`
+
+ ```
+ ./config
+ ./refs/heads/master
+ ./refs/heads/stable
+ ./refs/remotes/origin/master
+ ./objects/3b/6f018809252480b740a48ea3cb746a434dd688
+ ./objects/c0/837b81795498042a3570b792cb2f41da0a0551
+ ```
+
+. . .
+
+* no, wait, that's just git
+
+# How runtimes work
+
+* `ostree`: like git, but for `/usr`
+
+ ```
+ ./config
+ ./refs/remotes/flatdeb/runtime/net.debian.flatpak.Games.Platform/x86_64/stretch
+ ./refs/remotes/flatdeb/app/org.debian.packages.openarena/x86_64/master
+ ./objects/a1/443a265b155be7d190c5a0a5e99427716a0a1432f6994fbde40aafb23fb11e.file
+ ./objects/e9/67eda76106efa124b736af20c14b3fea2a254b71927534bd869217e105c532.file
+ ```
+
+# How runtimes work
+
+* Mount namespace
+ * Mounts get isolated from the host system
+ * The new root directory is a tmpfs
+
+* Mount `${runtime}/files` on `/usr`
+ * that's why we need to do the `/usr` merge here
+
+* Mount `${app}/files` on `/app`
+
+* `/etc` is populated from `/usr/etc` and the host system
+
+* `/var` starts off empty
# Sandboxing with bubblewrap
-<div style="text-align: center; margin: auto;">
-<img width="480" height="360" src="bubblewrap.jpg" />
-</div>
+![Fig.2. Protecting an important subject with bubble wrap](bubblewrap.jpg){ width=480px height=360px }
+
+# Why sandbox
+
+* I trust this app's author enough to run it
+
+. . .
+
+* … but not enough to let it control the rest of my system
+
+. . .
+
+* … but they might have made an exploitable mistake
+
+. . .
+
+* … but a bundled library might be vulnerable
# Namespaces
@@ -250,15 +316,15 @@ I think you'll find it's a little more complicated than that
* RHEL 7: no unprivileged userns by default, adjust a parameter at
boot time to enable
-. . .
+# Namespaces
-* Portable code can't count on unprivileged userns
+* Portable code can't count on unprivileged userns being available
-# bubblewrap
+# Bubblewrap (`bwrap`)
* Small setuid helper
- * formerly Flatpak's xdg-app-helper
- * descended from linux-user-chroot
+ * formerly Flatpak's `xdg-app-helper`
+ * descended from `linux-user-chroot`
* Small subset of userns
@@ -269,8 +335,573 @@ I think you'll find it's a little more complicated than that
. . .
* Not enough to be a huge attack surface
- * Doesn't execute user code without PR_SET_NO_NEW_PRIVS first
+ * Doesn't execute user code without `PR_SET_NO_NEW_PRIVS` first
# Sandboxing
-*
+* Declarative capabilities
+ * “uses X11”
+ * “reads and writes `~/Downloads`”
+
+* Same general idea as Android permissions
+
+. . .
+
+* Example
+
+ ```
+ [Context]
+ shared=network;ipc;
+ sockets=x11;wayland;pulseaudio;
+ devices=dri;
+ ```
+
+# Limitations
+
+* Apps with X11 access can take screenshots
+
+. . .
+
+* Apps with X11 access can inject input
+
+. . .
+
+* Apps with X11 access can be keyloggers
+
+. . .
+
+* Mitigation: use Wayland (or Mir if you insist)
+
+. . .
+
+* Apps with PulseAudio access can record as well as playing back
+ * and, less seriously, do a DoS
+
+. . .
+
+* Being worked on in PulseAudio
+
+# Limitations
+
+* Apps' metadata declare the permissions they want
+ * Up to the app author to decide
+ * Repository operators can reject misbehaving apps
+ * Currently no UI for app *users* to reject over-broad permissions
+
+* Future: UI to summarize permissions, like Android?
+
+# Thinking with portals
+
+![Fig.3. Portals have safety implications if used carelessly](thinking-with-portals-cropped.jpg){ width=480px height=360px }
+
+# Thinking with portals
+
+* Better than handing out permissions: get user consent when needed
+
+. . .
+
+* When done badly, you get browser SSL warnings
+ * Do you want to allow ghkscjjtklgoghkjxhtht? `[yes]` `[no]`
+
+. . .
+
+* When done well, it's fairly obvious what's going on
+ * Let hangouts.google.com use your microphone? `[yes]` `[no]`
+
+# Document portal
+
+* Demo: GNOME Recipes
+
+# Document portal
+
+* Looks like a normal dialog box
+
+* Implicitly gets permission
+
+* Selected file magically appears in a FUSE filesystem in the sandbox
+
+# Portals in `xdg-desktop-portal`
+
+* `Account`: get user's name and photo/avatar
+
+* `Email`: compose an email (like a `mailto:` URI)
+
+* `FileChooser`: Open or Save dialog
+
+* `Inhibit`: prevent user session logout, user switch, suspend, idle
+
+# Portals in `xdg-desktop-portal`
+
+* `Notification`: notification popups
+
+* `OpenURI`: open a link or file
+ * access to the file is transferred by fd-passing
+
+* `Print`: print documents
+
+* `Screenshot`: take a screenshot
+
+# Not quite portals
+
+* `NetworkMonitor`: determine whether we are on the Internet
+
+* `ProxyResolver`: determine whether we need a proxy
+
+# Library support
+
+* Transparently making apps sandbox-aware does not, in practice, work
+
+* Libraries help a lot
+
+. . .
+
+* Recent GLib transparently uses portals
+
+# How portals work
+
+* Filtered access to host system's D-Bus session bus
+ * Currently through a proxy
+ * smcv is working on enhancing `dbus-daemon` to do this itself
+
+. . .
+
+* The filter always allows talking to `org.freedesktop.portal.*`
+ * Reference (and only) implementation: `xdg-desktop-portal`
+
+# How portals work
+
+* `xdg-desktop-portals` talks to a per-desktop implementation
+ * `org.freedesktop.impl.portal.*` interfaces
+ * Reference implementation: `xdg-desktop-portal-gtk` for GNOME
+ * KDE has these too (not packaged yet)
+ * Delegates to appropriate per-desktop implementations
+
+# Achieving world domination
+
+![Fig.4. As much of the world as will conveniently fit in a warehouse](aisle-cropped.jpg){ width=480px height=360px }
+
+# Role of distributions
+
+If ISVs release apps in Flatpak form, and upstreams want to be ISVs,
+then what's the point of distributions?
+
+* Some people think there is none
+
+. . .
+
+* If I agreed, I wouldn't have come to Debconf
+
+. . .
+
+* But we should recognise that distributions aren't perfect
+
+# Not everything is an “app”
+
+… and that's OK
+
+. . .
+
+* Anything platform-level
+ * init
+ * udev
+ * NetworkManager
+ * gdm (and authentication in general)
+ * Flatpak
+ * Portals
+
+. . .
+
+* Desktop environments like GNOME
+ * GNOME Shell can't be an app
+ * Neither can gnome-settings-daemon
+
+# Not everything is an “app”
+
+* CLIs and development tools
+
+. . .
+
+* Servers and daemons in general
+ * Flatpak is for desktop apps
+ * Put your servers in VMs, or Docker, or similar
+
+# Maintainers matter
+
+> Maintainers' greatest power is the ability to outright say
+> “This is not good enough for our users”
+>
+> — Kyle Keen, [*Maintainers matter*](http://kmkeen.com/maintainers-matter/)
+
+. . .
+
+* There are many interesting points in that article
+
+. . .
+
+* … not all of which I agree with
+
+# Maintainers matter
+
+> Every package has a maintainer who is often an expert in the field of
+> the package
+>
+> — Raphaël Hertzog,
+> [*State of the Debian-Ubuntu relationship*](https://raphaelhertzog.com/2010/12/06/state-of-the-debian-ubuntu-relationship/)
+
+. . .
+
+* We aspire to be worthy of the name “maintainer” or “developer”
+
+. . .
+
+* … although sometimes we're still just packagers
+
+# Curation and QA
+
+![Fig.5. This flat-pack application had release-critical bugs and was removed](rubbish-cropped.jpg){ width=480px height=360px }
+
+# Curation and QA
+
+* At our best, we're domain experts on leaf packages (apps)
+
+* Debian is a ready-made source of things that ought to be ready to be
+ high-quality Flatpak apps
+
+* We fix their bugs even if upstreams don't
+
+. . .
+
+* We fix their security flaws even if upstreams don't
+
+# Building runtimes
+
+* Distributions are good at providing libraries
+
+. . .
+
+* Debian takes libraries very seriously
+
+. . .
+
+* Debian takes stability very seriously
+
+. . .
+
+* Debian takes security very seriously
+
+. . .
+
+* These are just what you want in a runtime
+
+# Distributions aren't perfect
+
+* We only release it^1^ when it^2^'s ready
+
+. . .
+
+^1^ The entire Debian system
+
+. . .
+
+^2^ Every package, except the ones we threw out
+
+. . .
+
+* For a stable platform, this is great
+
+. . .
+
+* For faster-moving components, not so much
+ * Flatpak as an alternative to `stable-backports`?
+
+# Distributions aren't perfect
+
+* At our worst, we're just getting in the way
+
+. . .
+
+* If we provide value, we should continue
+
+* If not, we should stop interfering
+
+* What value do we add to `gnome-mines`?
+ * Most uploads are just “New upstream release”
+
+> * What value do we add to `xonotic`?
+> * Trick question, it has been ITP since 2011
+> * Yet it somehow has a popcon score of 6
+> * An upstream-maintained Flatpak can't be any worse than an
+> upstream-maintained binary
+
+# This doesn't need to be either/or
+
+* Apps with good upstream maintenance can come from upstream
+
+* Apps where we are genuinely helping can come from Debian
+
+* We get some of the advantages either way
+
+# Some assembly required
+
+![Fig.6. Flat-pack applications ready for compilation](flatpack.jpg){ width=480 height=360 }
+
+# Using Debian for runtimes
+
+* Demo: OpenArena
+
+# Using Debian for runtimes
+
+[Flatdeb](https://git.collabora.com/cgit/user/smcv/flatdeb.git/):
+a prototype of building Flatpak runtimes with `apt`/`dpkg`
+
+* Proof-of-concept quality
+* I'm sure we can do better
+* … but it works
+
+# Using Debian for apps
+
+[Flatdeb](https://git.collabora.com/cgit/user/smcv/flatdeb.git/):
+also a prototype of building Flatpak apps with `apt`/`dpkg`
+
+. . .
+
+* Simple case: the app is already relocatable
+
+. . .
+
+* Less simple case: the app needs build-time changes
+ * or source changes
+
+# Alternatives
+
+![Fig.7. Flat-pack technology is not suitable for all use cases](throne.jpg){ width=480 height=360 }
+
+# `apt`
+
+* Tightly integrated into the Debian platform
+
+* One version per package per `apt` suite, unless specifically made
+ co-installable
+
+* Leaf packages and libraries treated equivalently
+
+* Package installation is open-heart surgery on the OS
+ * The system passes through a transitional broken state
+ * In practice it's fine, except when it isn't
+ * The worst case scenario is very bad
+ * Reboot afterwards, or at least run `checkrestart`
+
+# `apt`
+
+* Only root can install extra packages, and only system-wide
+
+* Installing is a trust decision
+ * Maintainer scripts do arbitrary things as root
+ * Packages are inserted into everyone's `PATH`
+
+* No sandboxing unless you specifically add it
+ * `systemd` hardening features use the same kernel features as bubblewrap
+ * Security-sensitive apps (games!) could use bubblewrap too
+
+# `apt`
+
+* Good for: system services, the platform layer of desktop environments
+
+* Good for: when upgrades are a big deal anyway
+ * Debian stable
+ * Ubuntu LTS
+
+* Bad for: atomic upgrades
+
+* Bad for: safe use of third-party software
+
+* Bad for: insulating ISVs' software from this week's ABI
+
+# `libostree`-based deployment
+
+* Currently disabled in Debian's `libostree`
+ * [Please help](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824649)
+
+* One version per package per `apt` suite, unless specifically made
+ co-installable
+
+* Package installation is atomic
+ * … but it does need a reboot
+
+# `libostree`-based deployment
+
+* Only root can switch which image is deployed, and only system-wide
+
+* Installing is a trust decision (by the image maintainer)
+
+* No sandboxing unless you specifically add it
+
+# `libostree`-based deployment
+
+* Good for: appliance-style systems with known functionality
+
+* Good for: when upgrades would demand a reboot anyway
+ * kernel upgrades
+ * `dbus-daemon` upgrades
+
+* Bad for: third-party software
+ * If it's baked into the image then can we really say it's third-party?
+
+* Good for: combining with Flatpak
+ * hi Endless!
+
+# System-level containers
+
+* Docker, systemd-nspawn and friends
+
+* An entire other OS, except the kernel
+ * Contents of container isolated from all ABI changes, except the kernel
+
+* Root privileges typically needed
+
+* If you get root in the container, assume you probably get root in real life
+ * “Containers don't contain”
+
+# System-level containers
+
+* Good for: servers designed to run without a host OS
+ * “application container” (beware, not the same meaning of application
+ as in Flatpak)
+
+* Good for: servers without extensive host OS requirements
+
+* Good for: development and debugging
+
+* Bad for: unprivileged users
+
+* Bad for: desktop integration
+
+# Virtualization
+
+* An entire other OS, including the kernel
+
+* Root privileges sometimes needed
+
+* If you get root in the virtual machine, the host is typically still safe
+
+# Virtualization
+
+* Good for: servers
+
+* Good for: code you want to keep at arm's length
+
+* Bad for: efficiency
+
+* Bad for: desktop integration
+
+# Snap
+
+* Centralized distribution
+
+* Application code needs to be relocatable
+
+ > “it’s necessary not to hardcode any pathname in your code”
+
+* Dependencies must be either bundled or assumed
+ * Located via `LD_LIBRARY_PATH`, etc.
+ * They can be shared, like a generalization of Flatpak runtimes
+
+* Sandboxed via AppArmor^1^
+
+. . .
+
+^1^ subject to status, terms and conditions apply
+
+# Snap
+
+* Good for: Ubuntu users
+
+* Good for: non-desktop uses, apparently
+
+* Bad for: mainstream kernels
+
+# AppImage
+
+* A descendant of `klik`
+
+* App distributed as a wrapped filesystem image that can be made
+ executable and run
+
+* No built-in update mechanism
+
+* Optional sandboxing via Firejail
+
+* Dependencies must be either bundled or assumed
+
+# AppImage
+
+* Good for: Windows- and Mac-like UX - just download and run
+
+* Good for: transparently using system libraries if present, or bundled
+ libraries otherwise
+
+* Bad for: getting updates
+
+* Bad for: avoiding the moving target problem
+
+* Bad for: deduplication
+
+# Firejail
+
+* Setuid program to set up sandboxes, like bubblewrap
+
+* Uses the same technologies as bubblewrap
+
+* Much more general and configurable than bubblewrap
+
+. . .
+
+* Much more attack surface than bubblewrap
+
+# Firejail
+
+* Good for: AppImage integration
+
+* Good for: curated “security profiles” to run popular applications
+
+* Good for: users who are already root-equivalent anyway
+
+* Bad for: users who you do not want becoming root-equivalent
+
+# Questions?
+
+<div class="fine-print">
+
+## Image credits
+
+* Bubblewrap cat:
+ [donabelandewen](https://www.flickr.com/photos/donabelandewen/4106414108/), 2009.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+* Thinking with portals:
+ [roninkengo](https://www.flickr.com/photos/roninkengo/2321788223/in/photostream/), 2008.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+* Flat-pack:
+ [alberth2](https://www.flickr.com/photos/alberth2/19093719026/in/photolist-v6fisb-uR7tDX-878Yh5-v6fniN-ubHzci-51CjZX-brVGNV-r77tZK-79kpCS-oaR8oC-nmPXEd-RUVXYh-3ca9xV-8dG44V-6EuWok-evngDb-6Qd6fw-wYuDo-8aBNwZ-82iqYW-a115Bv-6Qd5YW-q48HGH-anWQsD-qkvJo5-qkz4ZX-q4acf4-afLway-82t5Zf-4GBTR9-m8sP2K-bNBbvT-7hHJLH-8aCq7v-59T7s3-e8KL4Q-hPPGph-SnLUev-ScbX65-5tMsWL-dZnXug-5d4mhZ-iXKqp4-ubxVPS-6hqegS-5nH5Dj-ByEX4w-5nH55J-6xHCUx-6Qd7Wu), 2015.
+ [CC-BY-SA-2.0](https://creativecommons.org/licenses/by-sa/2.0/)
+* Rubbish:
+ [Gwydion M. Williams](https://www.flickr.com/photos/45909111@N00/33169200580/in/photolist-6JQqJw-Sx3PJC-6xb2RB-4Qmjjj-4naAub-x247o-8kwrYg-8HqYLu-8HqWzJ-SfM5-x4wwj-5nfxyt-CXh2k-5VeJsW-3eAuvU-Sx3NXC), 2017.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+* Aisle:
+ [themightycondorman](https://www.flickr.com/photos/themightycondorman/6720879311/), 2012.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+* Some assembly required:
+ [dullhunk](https://www.flickr.com/photos/dullhunk/8457458573/), 2013.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+* Stable platform cat:
+ [Simon_sees](https://www.flickr.com/photos/39551170@N02/11618280895/), 2013.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+* Throne:
+ [Kinshuk Sunil](https://www.flickr.com/photos/kinshuksunil/3582226486/), 2009.
+ [CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+
+## Some rights reserved
+
+© 2017 Collabora Ltd.
+[CC-BY-2.0](https://creativecommons.org/licenses/by/2.0/)
+
+</div>
diff --git a/rubbish-cropped.jpg b/rubbish-cropped.jpg
new file mode 100644
index 0000000..9c975ae
--- /dev/null
+++ b/rubbish-cropped.jpg
Binary files differ
diff --git a/rubbish.jpg b/rubbish.jpg
new file mode 100644
index 0000000..ba7f5df
--- /dev/null
+++ b/rubbish.jpg
Binary files differ
diff --git a/s5 b/s5
deleted file mode 120000
index dadc9fd..0000000
--- a/s5
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/javascript/s5/default/ui \ No newline at end of file
diff --git a/s5/default/COLLABORA_01_RGB.png b/s5/default/COLLABORA_01_RGB.png
new file mode 100644
index 0000000..498a87c
--- /dev/null
+++ b/s5/default/COLLABORA_01_RGB.png
Binary files differ
diff --git a/s5/default/COLLABORA_03-400px.png b/s5/default/COLLABORA_03-400px.png
new file mode 100644
index 0000000..4640f56
--- /dev/null
+++ b/s5/default/COLLABORA_03-400px.png
Binary files differ
diff --git a/s5/default/blank.gif b/s5/default/blank.gif
new file mode 120000
index 0000000..0da2fbd
--- /dev/null
+++ b/s5/default/blank.gif
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/blank.gif \ No newline at end of file
diff --git a/s5/default/bodybg.gif b/s5/default/bodybg.gif
new file mode 120000
index 0000000..86f1d48
--- /dev/null
+++ b/s5/default/bodybg.gif
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/bodybg.gif \ No newline at end of file
diff --git a/s5/default/debian.png b/s5/default/debian.png
new file mode 100644
index 0000000..80048d1
--- /dev/null
+++ b/s5/default/debian.png
Binary files differ
diff --git a/s5/default/framing.css b/s5/default/framing.css
new file mode 120000
index 0000000..96f08c6
--- /dev/null
+++ b/s5/default/framing.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/framing.css \ No newline at end of file
diff --git a/s5/default/iepngfix.htc b/s5/default/iepngfix.htc
new file mode 120000
index 0000000..3b348fe
--- /dev/null
+++ b/s5/default/iepngfix.htc
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/iepngfix.htc \ No newline at end of file
diff --git a/s5/default/opera.css b/s5/default/opera.css
new file mode 120000
index 0000000..1a9ff83
--- /dev/null
+++ b/s5/default/opera.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/opera.css \ No newline at end of file
diff --git a/s5/default/outline.css b/s5/default/outline.css
new file mode 120000
index 0000000..b8b768c
--- /dev/null
+++ b/s5/default/outline.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/outline.css \ No newline at end of file
diff --git a/s5/default/pretty-default.css b/s5/default/pretty-default.css
new file mode 120000
index 0000000..087124e
--- /dev/null
+++ b/s5/default/pretty-default.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/pretty.css \ No newline at end of file
diff --git a/s5/default/pretty.css b/s5/default/pretty.css
new file mode 100644
index 0000000..775f5d9
--- /dev/null
+++ b/s5/default/pretty.css
@@ -0,0 +1,47 @@
+@import url(pretty-default.css);
+
+/*
+ * Collabora palette:
+ * #43c200 green
+ * #5e3dcc purple
+ * #3c3c3e charcoal
+ * #8b8b89 grey
+ * #ced0d2 light grey
+ * #fff white
+ */
+
+body {
+ background: #fff;
+}
+
+div#header, div#footer {color: #3c3c3e;
+ font-family: Liberation Sans Mono, Verdana, Helvetica, sans-serif;}
+div#footer {
+ background: #ced0d2 url(debian.png) 98% center no-repeat;
+ background-size: 15%;
+}
+
+div#header {
+ background: #ced0d2 url(COLLABORA_01_RGB.png) no-repeat 2% center;
+ background-size: 25%;
+ line-height: 1px;
+}
+.slide h1 {
+ background: transparent; color: #000;
+ margin-left: 2em;
+}
+#controls #navLinks a, #controls #navList #jumplist {
+ background: #ced0d2; color: #3c3c3e;
+}
+
+.slide code { color: inherit; font-weight: normal; }
+.slide pre { color: inherit; font-weight: normal; }
+.slide .incremental code { color: inherit;}
+.slide .current { color: #3c3cde; }
+
+.figure { margin: auto; text-align: center; }
+
+.fine-print p, .fine-print li { font-size: 80%; }
+.fine-print li { margin-top: 0.2em; margin-bottom: 0.2em; }
+
+.incremental, .incremental *, .incremental *:after {color: #eef; visibility: visible;}
diff --git a/s5/default/print.css b/s5/default/print.css
new file mode 120000
index 0000000..8268629
--- /dev/null
+++ b/s5/default/print.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/print.css \ No newline at end of file
diff --git a/s5/default/s5-core.css b/s5/default/s5-core.css
new file mode 120000
index 0000000..0981e1a
--- /dev/null
+++ b/s5/default/s5-core.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/s5-core.css \ No newline at end of file
diff --git a/s5/default/slides.css b/s5/default/slides.css
new file mode 120000
index 0000000..995f2c1
--- /dev/null
+++ b/s5/default/slides.css
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/slides.css \ No newline at end of file
diff --git a/s5/default/slides.js b/s5/default/slides.js
new file mode 120000
index 0000000..c6c777d
--- /dev/null
+++ b/s5/default/slides.js
@@ -0,0 +1 @@
+/usr/share/javascript/s5/default/ui/default/slides.js \ No newline at end of file
diff --git a/thinking-with-portals-cropped.jpg b/thinking-with-portals-cropped.jpg
new file mode 100644
index 0000000..2eb4c86
--- /dev/null
+++ b/thinking-with-portals-cropped.jpg
Binary files differ
diff --git a/thinking-with-portals.jpg b/thinking-with-portals.jpg
new file mode 100644
index 0000000..7043d25
--- /dev/null
+++ b/thinking-with-portals.jpg
Binary files differ
diff --git a/throne.jpg b/throne.jpg
new file mode 100644
index 0000000..e9d0993
--- /dev/null
+++ b/throne.jpg
Binary files differ