FOSDEM welcome and opening talk.

Join us for the opening of our 25th event.

Apache Arrow has become a critical foundation for the data science and data analytics FOSS communities. It is also a large project, with a number of official specifications, even more implementations, and common grounds with other projects such as Parquet.

This session will gather Arrow maintainers, contributors and interested parties (such as maintainers of other FOSS data analytics projects) to discuss the Arrow project, its continued sustainability and possible directions for the future.

What was your first programming language? For some, it might have been Logo; for others, Scratch. Regardless of the language, many of us have fond memories of creating playful, creative programs as kids - not because we had to, but because it was fun.

What many don’t realize is that the joy of these early experiences wasn’t by chance. It stems from the pioneering work of Seymour Papert, Cynthia Solomon, and others at the MIT Logo Lab in the late 1960s. They developed an educational philosophy called constructionism - the belief that children learn best when engaged in creative projects that connect with their personal interests. This philosophy shaped not only Logo but an entire lineage of educational programming tools designed to make coding fun, expressive, and meaningful.

Today, as the "Learn to Code" movement is challenged by generative AI, researchers and educators are revisiting these roots. They view programming not merely as a utilitarian skill for the job market but as a medium for exploration and creative expression. From analyzing complex data to creating art and understanding systems, programming can be much more than a language to be learned - it can be a language for learning.

For education, free and open-source software is a cornerstone. Free software ensures that tools remain accessible to all, fosters collaboration, and empowers learners to not only use but also understand and modify the systems they engage with - crucial for digital sovereignty.

In this talk, we’ll take you on a whirlwind tour of some of the most influential programming languages designed for children, from Logo, Smalltalk, and Etoys to Scratch and their modern descendants like Snap!, GP, and MicroBlocks. Rather than just describing these languages, we’ll show you their power through live demos.

Software code is not just content—it’s the foundation of critical digital infrastructure, and its unique functional purpose demands a specialized approach to platform governance. Unlike other digital media, code is widely duplicated, remixed, and shared under open source licensing terms, presenting distinct considerations for copyright and moderation. Additionally, the dual-use nature of software, such as security research projects, introduces complex challenges: tools designed to identify vulnerabilities can also be exploited for malicious purposes. Moderating a code collaboration platform requires careful consideration of open source software’s function as critical digital infrastructure and the network effects of takedowns. Likewise, code collaboration platforms must reflect the free and open source developer community’s values of collaboration and transparency, while empowering maintainers to support the health of their projects.

In this presentation, authors of the recently published article “Nuances and Challenges of Moderating a Code Collaboration Platform” in the Journal of Online Trust and Safety will discuss key takeaways. We’ll provide an under the hood look at how GitHub has developed tools and policies tailored to the needs of the free and open source software developer community. This will include a diverse set of case studies, including how we’ve responded to legal and policy challenges such as the EU Copyright Directive and US Digital Millennium Copyright Act, how we’ve evolved our approach to dual-use software over time, and how notable incidents such as the youtube-dl takedown and reinstatement have influenced our developer-first approach to content moderation. We will also touch on the importance of community content moderation and the tools we have developed for maintainers to establish expectations for conduct and contribution on their projects. Attendees will leave with an understanding of how the values of the free and open source developer community inform the governance of code collaboration platforms and how they can engage with platforms and policymakers.

The Special-Purpose Operating Systems (SPOS) Working Group is a collaborative initiative under the CNCF TAG Runtime, bringing together developers, maintainers, and adopters focused on operating systems designed for specific workloads—cloud-native, edge, embedded systems, and more.

In this Birds of a Feather (BoF) session, we aim to connect in person for the second time at FOSDEM, a pivotal event for the open-source operating system community. This meetup will provide a space for SPOS enthusiasts, contributors, and representatives from major Linux distributions to exchange insights, share experiences, and discuss the future direction of specialized operating systems.

https://tag-runtime.cncf.io/wgs/spos/charter/

Gathering feedback, discussing Weblate plans, features, bugs, collaboration within the community, and anything Weblate. Like every year, everybody is welcome! Michal Čihař, Weblate Founder and Benjamin Jamie, Community Manager will be there for sure.

In this talk, I will introduce Syd, a GPL-3 licensed, rock-solid application kernel designed for sandboxing applications on Linux systems (version 5.19 and above). Over the past 16 years, Syd has evolved from a tool used within Exherbo Linux to detect package build mishaps into a robust security boundary for applications. The recent rewrite in Rust leverages modern Linux APIs such as seccomp-unotify(2), openat2(2), and pidfd_getfd(2) to eliminate time-of-check to time-of-use (TOCTTOU) vulnerabilities, which is essential for building a secure sandbox.

Syd aims to provide a simple interface over complex Linux sandboxing mechanisms -- including Landlock LSM, namespaces, ptrace(2), and seccomp-BPF/Notify -- which are often considered brittle and difficult to use. This approach is somewhat similar to OpenBSD's pledge(2) system call, offering a practical way to restrict application behavior. Unlike other sandboxing tools like Falco, Bubblewrap, Firejail, gVisor, and minijail, Syd operates without requiring extra privileges, SETUID binaries, or privileged kernel context. It adheres to the UNIX philosophy of doing one thing well with the least privilege necessary.

The presentation will cover Syd's key features:

• Path Sandboxing: Controls filesystem access through various operations including read, write (with append-only paths and path masking), stat (aka path hiding), tmpfile creation, attribute changes, truncation, node creation, file creation, and deletion.
• Execution Control: Implements exec sandboxing with SegvGuard, force sandboxing for verified execution, and Trusted Path Execution to enforce strict execution policies.
• Network Sandboxing: Restricts network access, supporting UNIX, IPv4, IPv6, Netlink, and KCAPI sockets, along with application firewalls and IP blocklists.
• Advanced Features: Includes lock sandboxing using Landlock LSM, proxy sandboxing with network namespace isolation (defaulting to TOR), memory and PID sandboxing as simpler alternatives to control groups, SafeSetID for secure UID/GID transitions, and Ghost mode for enhanced process isolation.

I will also discuss how Syd addresses common security challenges such as TOCTOU issues and side-channel attacks, aligning with a threat model similar to that of seccomp. Attendees will gain insights into the design and implementation of Syd, its practical applications in enhancing system security, and how it can be integrated into various environments -- including as a login shell -- to provide robust application isolation.

This lightning-style talk will serve as a welcome and introduction to the Nix and NixOS devroom. It'll go over the rules and expectations of the devroom, as well as introducing you to the devroom managers.

It's a tradition. A TRADITION! So, sit back, relax, and enjoy the show.

I'll share what happened in Nextcloud in 2024. It's a lot, as always. Will it be 300 slides this year? 400? Nobody knows, not even me! But you will find out.

We're still working to change the world, here at Nextcloud. We grow, fast, and serve more users with more on-premises, secure and just beautiful software that keeps their data safe from Big Tech.

Share and work on documents with Nextcloud Files and Nextcloud Office. Chat and do your video calls with Nextcloud Talk. Discuss philosophy (or do useful things) with the Nextcloud Assistant. Or automate your business with Nextcloud Flow.

And be sure: your data does NOT leave your server. Not even when you're translating text or using the AI to help answer your emails. Because we DO take privacy serious. Seriously.

See you in Brussels!

augurs is a new library for time series analysis (think forecasting, outlier detection, clustering, and more) written in Rust, with bindings available for Javascript and Python. It includes functionality borrowed from both Python and R libraries, plus some more novel ideas. Come and learn about what it can do, as well as:

• choices made when porting algorithms from different languages
• techniques used for profiling and optimizing ML code in Rust
• tradeoffs when creating Javascript/WebAssembly bindings
• what kind of performance and usability gains to expect

Apache Iceberg™ made great advancements going from Table Format V1 to Table Format V2, introducing features like position deletes, advanced metrics, and cleaner metadata abstractions. But with Table Format V3 on the horizon, Iceberg users have even more to look forward to.

In this session, we’ll explore some of the exciting new user-facing features that V3 Iceberg is about to introduce and see how they’ll make working with Open Data Formats easier than ever! We’ll go through the high-level details of the new functionality that will be available in V3. Then we’ll dive deep into some of the most impactful features. You’ll learn what Variant types have to offer your semi-structured data, how Row Lineage can enhance CDC capabilities, and more.

The community has come together to build yet another great release of the Iceberg spec, so attend and learn about all of the changes coming and how you can take advantage of them in your teams.

This talk outlines our journey in building a reproducible Ceph object storage setup that can be deployed across multiple regions with a single click, using an Configuration-as-Code approach with Rook. Our primary goal was to replace OpenStack Swift with Ceph RGW to achieve strictly consistent object storage while maintaining backward compatibility with existing OpenStack components such as Keystone and Barbican.

The good news? Many of these capabilities already existed in Ceph, albeit in varying states of readiness. However, not all of them were natively configurable in a declarative manner using Rook. This presentation will dive into the challenges we encountered while integrating Ceph, OpenStack, and Rook. We'll explore the gaps we identified, the features we developed or refined, and the current state of the ecosystem for those considering a similar path today.

Attendees will gain practical insights into building resilient object storage solutions and learn how to navigate the complexities of integrating Ceph into modern cloud-native and OpenStack environments.

The ability to pull container images quickly and reliably is critical for workload deployment and scaling. Pulling images from external registries can be slow, inefficient, and prone to failure due to network issues or downtime. In this session, we will explore different strategies for speeding up container image pulling in Kubernetes. We will compare the benefits and trade-offs of different image caching approaches, such as leveraging Harbor, preloading images on machine images, or adopting Spegel.

We will uncover how Spegel works seamlessly with Kubernetes to provide automatic local caching of images without explicit configuration, reducing the impact of external registry downtime and avoiding rate-limiting issues. Then, demonstrate how Harbor can be used as a pull through mirror. Attendees will learn to deploy these solutions to optimize their Kubernetes workloads, decrease pod startup times, and improve the performance of edge node deployments.

In this hands on workshop, you will use MIT App Inventor to build two applications for your Android or iOS device. Those new to MIT App Inventor can have a simple first app up and running in less than 30 minutes. And what's more, our blocks-based tool facilitates the creation of complex, high-impact apps in significantly less time than traditional programming environments. The first app you create will be a cat you can pet to make meow. The second app will allow you to draw your own pictures via touch. Participants must bring both a laptop and a mobile device (phones and tablets are both good, running Android 4.0+ or iOS 12+).

Activities during FOSDEM Junior follow the Code Club policies and health and safety standards.

• All attendees must have an adult with them
• Remember to bring your laptop with you
• Remember to bring an Android phone
• You must book a place to attend
• Please don’t come if you are feeling unwell

Participants are required to sign up for this activity via the registration form.

Modern embedded and autonomous systems are pushing the boundaries of software complexity, especially in critical applications. Traditional testing methods often struggle to meet the demands of these systems, particularly when operating on resource-sharing architectures running complex operating systems like Linux. To address this challenge, we introduce Statistical Path Coverage (SPC), a novel statistical approach designed to enhance test effectiveness by statistically focusing on the execution paths exercised by target applications.

This presentation will discuss how SPC can quantify execution path coverage, estimate the risk of untested paths, and support assurance. We will also introduce DB4SIL, a tool leveraging FTrace to collect and analyze execution traces, enabling actionable insights into the kernel’s behavior during testing campaigns. Through examples, we will demonstrate how SPC and DB4SIL can guide developers in prioritizing testing efforts, improving test coverage, enabling continuous monitoring, and reducing risk in complex, software-driven systems.

Since joining Spritely as technical administrator, I've made a number of improvements to our public documents that some people have described as Org mode 'witchcraft'. This form of witchcraft is not just magical though, it's necessary in an age of increasingly-centralized and proprietary note-taking software. I hope this presentation demystifies some of the tooling we use and inspires others to think bigger about how to write documents and how to improve accessibility.

I will talk about our Org export process, working with multiple src-block languages, and integrating Emacs with GNU Make. I'll also discuss the built-in features of Org mode that we rely most heavily on, and how to get started in your organization.

MicroCode is a new tile based programming language that makes it possible to program the micro:bit without the need for an extra computer or Internet connection. All the programming takes place on a handheld shield. Come along and try out this new way of coding! All equipment is provided. With no written words, on the tiles children as young as 6 can join in.

MicroCode

Activities during FOSDEM Junior follow the Code Club policies and health and safety standards.

• All attendees must have an adult with them
• Remember to bring your laptop with you
• You must book a place to attend
• Please don’t come if you are feeling unwell

Participants are required to sign up for this activity via the registration form.

A review of the past year in the life of the OpenJDK Community, and a look at what’s ahead.

What is new since Go 1.23. In this talk we'll bring you up to date with all upcoming changes to the Go language and the community! Go 1.24 will be released in February 2024, we will be taking a look to all upcoming features as well as give an update on important changes in Go 1.23. This includes traditionally updates about the language, tooling, libraries, ports and most importantly the Go Community.

The GNOME project has some end-to-end tests running with openQA and os-autoinst. So far these test GNOME OS integration, the Shell and core applications, accessibility features and more. However, all these tests assume a desktop form factor.

To help GNOME work well on mobile, we also have a gnome_mobile test suite, but there are currently some missing features in QEMU and os-autoinst which limits how useful these tests are.

This lightning talk will cover:

• Why mobile devices are different from desktops and laptops, and why the current gnome_mobile tests are not good enough
• How QEMU can better support mobile form factors
• What we might need in os-autoinst to start simulating multi-touch inputs to a mobile device.

LibreOffice 25.2 will be released just after FOSDEM, but it will be pre-announced at FOSDEM to the open source community. During the talk, development numbers will be provided, and the most important new features will be described.

Bots and spam are challenges for online platforms. Traditional CAPTCHAs help block bots, but often involve improving proprietary maps and software, while exposing user information to third-party CAPTCHA providers. OpenStreetMap (OSM) has many objects remaining to be mapped, but the quality of AI-generated objects is not high enough for direct inclusion. We introduce “MapTCHA”, a CAPTCHA that leverages the uncertainty of interpreting imagery with computer vision, and provides human verification for AI predictions: users are asked to identify images containing correctly interpreted objects, e.g. building outlines.

We separate known positive cases, where both the AI prediction and OSM contain an object, from unknown cases, where objects are only in the prediction. We also generate known negatives from areas where objects are neither in OSM nor in the prediction. We show a mix of these images without telling the user which are which. Humans are validated by confirming the known positives and negatives, and we determine the truth of the unknown images by aggregating users’ responses through voting. When the voting indicates high confidence that an object exists, we suggest the location for OSM mapping.

Our prototype identifies buildings using aerial imagery with high enough resolution to visualise individual buildings and medium-sized objects. Image recognition is provided by fAIr, an open-source AI-assisted mapping system developed by the Humanitarian OpenStreetMap Team (HOT). It allows the training and fine-tuning of pre-trained machine learning models to segment building footprints.

Future plans include expanding to more objects and types of imagery; refining AI models; integrating MapTCHA into various login systems; and enhancing the user interface.

In this session we will talk about how we are building this solution, how it might enhance mapping efforts in OSM that will support projects on the ground, and some of the challenges of working with AI derived data.

semanticClimate is a global hybrid community where interns from colleges (mainly in India) create climate knowledge to help the world make informed decisions. We work with trustable material such as the UN/IPCC reports (over 15,000 pages of important, but dense text). The resulting knowledge products include:

• term-based dictionaries (ontologies) enhanced with Wikipedia and Wikidata
• a Corpus tool for scraping and analysing the current Open scholarly literature
• a knowledge graph created from the above with navigation tools

and F/OSS software to make this easy and automatic.

semanticClimate interns come from high-school up and need have no knowledge of software. They learn-by-doing, and in some weeks have 2-hour online sessions daily - these are recorded and transcribed to text for all to see. Interns are encouraged to give public talks (e.g. OKFN, Wikipedia, CODATA) and to make 5 min videos. All software is modular, Git-branched, versioned and unit-tested. Where possible we publish it in J. Open Source Software.

The session image is part of our Climate Knowledge Graph (my email is peter.murray.rust@googlemail.com. I can't change it in the form!)

SatNOGS-COMMS is an open-source, open-hardware communications subsystem for CubeSats, developed by the Libre Space Foundation in collaboration with the European Space Agency (ESA). This innovative system combines advanced hardware and software to meet the challenges of CubeSat missions while promoting accessibility and flexibility through an open ecosystem.

The subsystem features an STM32H743 microcontroller as its main processor, complemented by a ZYNQ-7020 FPGA accelerator for computationally intensive tasks. SATNOGS-COMMS is built on Zephyr RTOS, with the firmware written entirely in C++17. Notably, its hardware control interfaces follow a platform-agnostic architecture, enabling users to adapt the firmware to their preferred RTOS with minimal effort.

This presentation will delve into the software engineering decisions, challenges encountered, and the advantages of an open-source approach for CubeSat missions and space exploration. Key topics include: * The benefits of using C++ in embedded systems, particularly in the context of resource constraints. * How the use of exceptions improves firmware safety and reliability. * Fault-tolerant mechanisms designed to ensure reliable operation in the harsh environment of space. Additionally, we will highlight our approach to enabling user-defined code integration without modifying the original codebase, comparing it with other commercial and non-commercial solutions.

The complete project, including hardware designs, software, simulations, and documentation, is freely available at the project’s GitLab repository: https://gitlab.com/librespacefoundation/satnogs-comms.

Over many years I have observed that developers working with the Android platform do not talk to each other nearly enough. One reason is that there is no obvious place where AOSP developers can come together. Following on from a discussion at a conference, a group of us set out to create a community led resource to fulfill that role. https://aosp-devs.org aims to:

• Reduce the fragmentation in the AOSP ecosystem by sharing code, tooling, and knowledge
• Provide a repository for documentation, tutorials, and best practices
• Provide a neutral place to host open source code outside of AOSP. A good example would be board support packages and other common patches
• Provide communication channels where developers can ask questions and collaborate
• Organise meetings on-line and in-person
• Provide education
• Provide a conduit between Google, the AOSP community, and OEMs A community is more than the sum of its parts

Welcome session.

5-10 minutes talk with devroom co-owner to introduce devroom.

Welcome to the Legal and Policy Issues DevRoom

Welcome to the 6th iteration of the confidential computing devroom! In this welcome session, we will give a very brief introduction to confidential computing and the devroom, and we will give an honorable mention to all the folks that contributed to this devroom, whether they are presenting or not.

A short introduction, history of devroom, and agenda.

Introduction to the DevRoom

A word of welcome by the LLVM Dev room organizers.

aerc is a modern email client for your terminal written in Go. aerc supports IMAP, SMTP, JMAP, Maildir, notmuch, mbox and has been designed with patch review and management in mind.

aerc is easy to setup with a new account wizard and has first class support for git+email based workflows.

In this talk, I will be making an introduction to aerc and its capabilities. I will also demonstrate some of the ways you can tweak it and configure it to suit your needs.

More information is available at https://git.sr.ht/~rjarry/aerc

After electronic B2G-invoices became mandatory in 2020 (for guideline 2014/55/EU the CEN standard EN16931 was issued) now the EU is planning in their Vat in the Digital Age (ViDA) draft guideline to also request machine readable copies of all Business-to-Business (B2B) cross border invoices.

Anticipating this change, some countries, like Italy, France and Germany, introduced or are introducing domestic continuous transaction control (CTC) systems requiring short term XML copies of all domestic B2B invoices, replacing paper invoices and PDF invoices without additional XML in the foreseeable future.

This speech will briefly summarize aspects of Italy, cover what is happening in France and focus on the situation in Germany with it's formats Factur-X and XRechnung and dive into open standards (like UBL and UN/CEFACT Cross Industry Invoice=CII as well as Factur-X) as well as open source to view, create, parse, validate and convert electronic invoices.

systemd-stub/ukify/systemd-measure recently acquire support for "multi-profile" UKIs (i.e. a UKI that can synthesize multiple boot menu entries instead of one, each with sligh varations in kernel command line and similar). It already gained support for carrying multiple DeviceTrees with automatic matching against local hardware. There is working in include multiple system firmwares inside UKIs for confidential computing bring-your-own-firmware cases. All this elevates UKIs to a new level, and in this talk I'd like to provide an overview of what's going on and where we are going.

We mitigate "bus-factor", proclaim "accountability", enhance "productivity", champion "transparency". We lament the financial failings of "donations", and worry about people "silently quitting". The underlying problems however, are maintainer burn-out, imposter syndrome, entitled users, and social alienation.

In my talk I want to reframe the discussion of sustaining the maintainers to be one of primarily seeking to support mental health and well being instead of focussing on fixing abstract problems with money. In my talk I will introduce open-source leadership techniques that are person-focussed instead of outcome oriented, leveraging examples from the Tauri community.

Currently LLVM saves and restores callee-saved registers during prologue-epilogue insertion pass. I would like to present a new approach where we expose callee-saved register constraints early in the backend pipeline. This creates more opportunities for the optimizers and gives good performance gains. Interestingly, we achieve per-register shrink-wrapping for free. However, this makes emission of CFI directives much more complicated. I am currently in the process of upstreaming this work. The proof-of-concept branch is publicly available here: https://github.com/llvm/llvm-project/pull/90819 I have only tried this approach on RISCV, but it could be applied to other targets as well.

Quick intro & update on the ODF standard. Afterwards, explain the design ideas behind TDF's ODF Toolkit and its usefulness for ODF automation.

As Confidential Computing (CC) continues to gain traction as a cornerstone of modern cybersecurity, understanding its trajectory—past, present, and future—is critical to its adoption and impact. This talk explores the evolution of CC, from its origins in securing sensitive workloads with Trusted Execution Environments (TEEs), to its growing intersection with broader cybersecurity disciplines such as supply chain security and threat modeling.

The session will highlight the need to effectively communicate CC's value across these disciplines, bridging technical advancements with practical applications. With the latest EU DORA directive mandating runtime data security, and the increasing need for mathematical unicity in sensitive data comparisons, the relevance of CC is more pressing than ever.

Attendees will learn:

A concise history of CC and its early drivers. Current challenges and successes in embedding CC within complex cybersecurity frameworks. Strategies for fostering adoption across diverse industries and regulatory landscapes. A forward-looking vision for CC’s role in addressing the evolving threat landscape, particularly in areas demanding high assurance of data integrity and confidentiality. Join us for a compelling narrative that positions Confidential Computing as a key enabler of secure and trustworthy systems in a rapidly changing world. Whether you’re a seasoned practitioner or new to CC, this session will provide actionable insights to integrate and advocate for CC in your security workflows.

I'll talk about the current landscape of available RISC-V hardware powerful enough to run Linux and hopefully give a better overview of what to buy if you want to get into developing software for RISC-V. I'll talk about the difference between cores, SoCs and boards, who makes them, their performance and how well they're supported under Linux.

We present a real-world use-case of NixOS to manage an highly distributed fleet of servers & VMs in low-resource settings used for mission critical applications. After a brief overview of who MSF is and what we do, we'll dive into the technical details of how we manage our fleet with NixOS and the unique strengths that NixOS brings to the table.

While we presented last year what could be achieved using NVIDIA GPU, the hardware market has seen a lot of new comers following the need to have AI running locally on devices. Google has the Coral, Rockchip is adding a AI coprocessor on their ARM CPU, and now we have the Copilot PC coming with additional power focused on running Deep Learning models.

In this talk I will present how these accelerators can also be useful for SDR realtime processing, showing some results and presenting the first beta of a new open source library.

Display is a core requirement for AOSP. In the absence of a display/rendering interface, AOSP won't boot to completion. This short 10 min talk will talk about AOSP bring-up on pre-silicon/ emulated models or the devices which do not have a display/GPU support enabled yet. The author will talk about booting AOSP with software rendering libraries (SwiftShader + ANGLE) on a virtual display driver (VKMS).

Together with Jakob Krantz I´m working on an Open Source Smartwatch, called ZSWatch.

https://github.com/jakkra/ZSWatch

The talk should introduce the project to the community to find additional contributors. I would like to give a rough overview (or a more detailed overview if I can present the project in a different track than the selected) about the past and current development, new ideas and probably open questions.

As an application that supports multiple operating systems (including GNU/Linux, Windows, macOS), LibreOffice needs to implement multiple platform-specific accessibility APIs in order to be accessible for everyone. This talk gives an overview of accessibility APIs on the different systems, which of them LibreOffice currently supports, how it does that, and related aspects and challenges.

The Model for Economic Tipping point Analysis (META) is one of a new generation of climate-economy integrated assessment models used to study the economic impacts of climate change. A typical output of such models is an estimate of the social cost of greenhouse gas emissions, a measure of the economic damage caused over its lifetime by a ton of greenhouse gas such as CO2 or CH4.

META, however, computes many other economic as well as geophysical indicators. As its name suggests, META was built specifically to estimate the economic impact of tipping points in the climate system. To do so, META incorporates different tipping points modules, each of which replicate a geophysically realistic tipping point module from a study in the climate economics research literature.

META was originally introduced in Dietz, Rising, Stoerk and Wagner (2021, Proceedings of the National Academy of Sciences, https://www.pnas.org/doi/full/10.1073/pnas.2103081118), and has since been updated and ported to Julia using the Mimi Framework. Follow-up research has improved several components of META. Similarly, META estimates have been used to inform conversations with authorities in the EU and the US.

In this talk, I will give a short overview of META's structure, its capabilities, and ideas for the community on how to further improve and use META for open research in the future.

META is freely available on Github under a GPL-3.0 copyleft licence: https://github.com/openmodels/META

A visual retrospective of recent language support improvements in LibreOffice. Examples will be contextualized, used to explore some of the unique challenges of supporting all of the languages of the world, and show how improving support for one language can benefit all.

Things to do in order to sleep well while having your C code in twenty billion installations. A talk about what the curl project does to minimize security risks: Security, Safety, Reproducibility, Vulnerability handling and the processes and tooling around it.

As BDFL of the curl project, Daniel talks about what this project does to avoid it causing the world to burn. From code style, reviews and tests to signings, reproducibility, running a bug-bounty and becoming a CNA to filter bogus CVEs. curl aims to be top of the class in (Open Source) software security. Here's your chance to point finger and tell us what we should do better.

Developing features in the Android Open Source Project (AOSP) often involves modifying multiple files across various locations within the codebase. This fragmentation can make the process of building, debugging, flashing, and testing changes time-consuming and complex. To address this challenge, Google introduced the concept of vendor APEX (Android Pony EXpress) modules, which aim to simplify and streamline the development process. Vendor APEX: Bundling Feature Areas Vendor APEX modules provide a solution by allowing developers to package entire feature implementations, such as the WiFi HAL, into a single, self-contained unit. This approach offers several advantages: Faster Iteration: Developers can build and push individual vendor APEX modules to test changes, eliminating the need to rebuild the entire vendor image. Simplified Testing: The bundling of a feature area into an APEX simplifies the process of building, pushing, and testing changes for that specific functionality. Easier Debugging: When issues arise, developers can more easily debug or revert changes by working with a single APEX module rather than navigating through multiple system components. Modular Updates: Device manufacturers can easily select and combine independently-built vendor APEXes, facilitating the creation of customized vendor images. Benefits for Developers By adopting the vendor APEX approach, developers can experience significant improvements in their workflow: Focused Development: Developers can concentrate on a specific feature area without worrying about the complexities of the entire system. Reduced Build Times: Building and pushing a single APEX module is much faster than rebuilding and flashing the whole vendor image. Streamlined Debugging: Isolating features in APEX modules makes it easier to identify and resolve issues. Flexible Testing: Developers can easily install older versions of an APEX to compare behavior and isolate problems. In conclusion, vendor APEX modules address the challenges of fragmented AOSP development by providing a more efficient, modular approach. This solution not only simplifies the development process but also enhances productivity by allowing developers to focus on specific feature areas without the overhead of managing the entire system

Have you ever gotten lost in a building and wished they had some sort of navigation system or at least a floor plan? I have, unfortunately, and it was only later that I realised that not only they had a floor plan online - but they had a navigation app for that building. The reality is that a user who is not familiar with a building will not find such an app until it's too late. Indoor environments sometimes have public floorplans available via some service. Similarly, more and more indoor positioning systems are being deployed in buildings to provide navigation services or asset tracking. However, as a person visiting a building, you are often not aware that these services exist or where to find them. Even if some global registry exists to discover this data, it is often proprietary, discouraging developers from interfacing with such systems. I want to bring a shift into the landscape of indoor positioning systems and services and solve this! In this presentation, I will talk about discovering indoor environments and positioning systems through local and global discovery methods, linked data and personal data vaults. How nice would it be, that instead of downloading the FOSDEM app, you simply use Google Maps or any open-source navigation application to find the location of this talk?

Last year, we explored the extraordinary contributions of women to the history of computer science. But did you know that was just the tip of the iceberg? After diving deeper into this fascinating subject, I’ve uncovered even more incredible stories to share.

What about the pioneer behind assembly language? Or the creator of the STP, without which the World Wide Web might never have existed? And what about the brilliant mind behind the ARM architecture?

Join me as we journey once again into the history of computer science to uncover the remarkable achievements of even more amazing women.

Parula is a new email application, calendar and chat app, for everybody - business use and private. It is Open Source, implemented in TypeScript, and runs on Linux, Mac, Windows and soon Android. This talk is presenting the app, and showing where we need help for implementation and testing.

We would like to bring fresh air into the email ecosystem and not leave it entirely to Microsoft Office365 and GMail. Let's make email enjoyable for everybody.

https://parula.beonex.com

wolfBoot is an open source secure bootloader developed by wolfSSL Inc. and ported across many architectures. This talk will describe real-life scenarios of deploying quantum resistant and hybrid secure boot mechanisms on embedded systems.

Initially designed in 2018 to implement secure boot on small microcontrollers (ARMv7 Cortex-M), wolfBoot has been then ported to several architectures including ARM Cortex-A, RISC-V, PowerPC, Renesas RX, and more recently it has been deployed in x86_64 as complete bios replacement with Intel FSP. On new ARMv8-M microcontrollers, it can supervise the secure domain and expose an interface to access cryptography from non-secure world.

Based on RFC9019, wolfBoot only uses static memory and has a predictable execution flow at compile time, which makes it suitable to use in safety-critical environments. It relies on wolfCrypt for public key authentication. It offers protection against rollbacks and has some advanced unique features such as delta updates and mitigations against fault injections.

After briefly introducing the project, the talk will focus on the urge to migrate new systems towards securing boot with quantum resistant algorithms in the next decade. We will explore the mechanisms currently provided by wolfBoot to pair PQC (ML-DSA, LMS, XMSS) with classic cryptography (ECC, RSA, ED) to authenticate the signature of the firmware at boot and upon updates.

Repository on github

Why should coders have all the fun? The command line isn't just for programming wizards—it’s a magic box of tools that can supercharge how you tackle large documentation projects. In this talk, we’ll demystify the command line and share how to use it for wrangling text and images with ease. You’ll learn about regular expressions, how to chain single-purpose commands into clever pipelines, and tricks to manage complex project structures. From handling vast text files in various formats to taming sprawling docs projects, this session is packed with practical tricks to make your work a little easier and more magical. Recommended for anyone managing the written word at a scale that’s outgrown a single file, and who has a readiness to unleash your inner CLI magician!

Generics have long been a hot topic in the Go community, with years of debate, research, and anticipation surrounding their introduction. In this talk, we'll trace the journey of generics in Go—from the early days of design discussions to their eventual implementation in Go 1.18. We'll cover the challenges that led to Go's unique approach to generics, the technical design decisions involved, and how they were implemented to balance simplicity with powerful functionality. Attendees will gain a deeper understanding of the compiler magic that makes Go generics possible and explore practical examples of how generics enhance type safety and flexibility without sacrificing Go's performance and readability principles. This talk is ideal for anyone curious about how generics work under the hood and what they mean for the future of Go.

Progress in both hardware and software ( such as dora-rs ) makes using Humanoids easier than ever!

Yet, one of the key feature required for humanoids to be truly useful is to be able to be able to behave in full autonomy!

A lot of company such as Tesla, 1X, Figure, are working on just this at the moment. But, it seems that most of this work is not going to be Open Source.

This is where dora-rs comes to the rescue!

We have a plan for 2025 to make General Purpose Humanoids accessible to anyone.

Please come to the talk and we'll share how!

Website: https://dora-rs.ai Github; https://github.com/dora-rs/dora

An extension adds features and functions to a browser. It's created using familiar web-based technologies — HTML, CSS, and JavaScript.

We’ll be meeting here to discuss the current state of WebExtensions (new APIs, toolings, and more). Whether you’ve authored several web extensions or a newbie working on your first extension, all are welcome to join and share about your experiences of building web extensions!

This session will be hosted by Danny Colin, with representatives from Mozilla Firefox’s add-ons team (Rob Wu & Simeon Vincent), from Google Chrome's extensions team (Oliver Dunk), and other extension community members ready to answer your questions.

A consistent mantra of the Software Bill Of Materials (SBOM) ballyhoo is that various government entities around the world have mandated SBOMs in various different places. From USA POTUS Executive Orders, to EU Directives, to USA NIST whitepapers — it's often been repeated that these various sources mandate SBOMs as a mandatory requirement.

Let's do a deep dive into the source material and find out what these various orders and directives actually say, and figure out what's really mandated.

Many of the international standards for software in critical systems (e.g. IEC 61508, ISO 26262) are published under restrictive licences, at high prices. They broadly discourage the use of FOSS, by imposition of processes that do not align with modern open source best practices such as continuous delivery and automated testing. As a result some industries such as automotive, medical and aerospace, are locked in to proprietary software.

This talk will introduce the Trustable Software Framework (TSF), a new free and open source project which establishes an evidence-based method for measuring the actual risks involved in continuous delivery of software in critical systems.

TSF is applicable over the entire software supply chain, including CICD tools and infrastructure, build dependencies, operating systems, target applications and test environments, and is intended to measure risk on projects delivering critical systems which demand reliability, availability, security and safety.

This lightning talk discusses an ongoing effort to add a new cpu.max.concurrency interface file to the Linux cgroup CPU controller to facilitate expressing constraints on the number of CPUs which can be used concurrently by threads belonging to the cgroup.

This new interface file will define the maximum number of concurrently running threads for the cgroup. Extend the scheduler to track the number of CPUs concurrently used by the cgroup, and prevent migration when the number of concurrently used CPUs is above the maximum threshold.

The purpose of this new interface is to limit the amount of resident memory needed for userspace per-CPU data, and tune the number of worker threads to the cgroup constraints.

Mozilla has been experimenting with the usage of machine learning (in particular, large language models) to aid Firefox developers with code review.

This talk will explain the architecture of the software, and the path that led there, including iterative improvements to the prompts, retrieval augmented generation, integration of pre-existing tools such as code search.

In addition, we will delve into the results of the initial experiments, our plans for the future of the tool, and the potential for its adoption in other open source projects.

The project source code is part of the bugbug repository, which is a platform for Machine Learning projects on Software Engineering used by Mozilla for various tasks (for example, bug triage and test selection).

ZGC is a powerful garbage collector. This talk showcases what we are doing to reduce the amount of configuration needed to use it well, so that power can be unleashed with a minimum effort for the user.

Making a living as a FOSS contractor or entrepreneur, or want to try? Come!

In the FOSDEM Job Corner and elsewhere there are opportunities to work on FOSS and get paid.

Unless you get employed by a company, there are some other things to deal with besides writing code. Let's share experience and get better at it!

Organizing conferences is a challenging but rewarding experience, and keeping them free from conflicts of interest makes it even more meaningful. At NixCon 2024, we took the bold step of going completely sponsor-free—and it turned out to be a great success, with 400 attendees, making it the largest NixCon to date.

In this BOF session, I’ll share my experiences as a core organizer, including the challenges, lessons learned, and tips for anyone looking to organize their own sponsor-free events without breaking the bank. Let’s discuss how to prioritize community and make it work without sponsorship.

https://2024.nixcon.org/

Ceph can currently provide Tiering(Storage Classes) using different pools in the Ceph on-prem cluster and can also do cloud transitions(AWS, s3 compatible endpoints). The movement of data through different storage classes can be achieved using S3 lifecycle rules based on the age of the files. Intelligent tiering for RGW (Rados Gateway) is a feature in Ceph storage that automatically moves data between storage tiers based on policies. This feature optimises storage costs and performance by moving frequently accessed data to faster storage tiers and less frequently accessed data to lower-cost, higher-capacity tiers. The intelligent tiering policy is customizable, allowing users to define criteria for data migration, such as access frequency, time, and size. This feature is particularly useful for large-scale object storage deployments, where optimizing storage costs and performance is crucial. The first step is to extend the existing cloud transition to include features like read-through, restore API(like glacier in s3 protocol)

Open source is more than just code—it is a philosophy, a movement, and a framework that touches every aspect of society. However, as open source grows, there is a risk of it becoming another siloed institution, disconnected from the very communities it seeks to serve, much like academia and corporate America. To ensure open source remains inclusive and impactful, we must actively involve local communities in the process of technological development.

This talk explores how regional OSPO (Open Source Program Office) networks can serve as catalysts for inclusive innovation by connecting local communities, tech meetups, academic institutions, and civic organizations. These networks create a framework to:
- Study problems affecting local communities.
- Develop open technologies tailored to address these issues.
- Implement solutions through open governance, ensuring transparency, equity, and sustainability.

By dedicating resources to both regional collaboration and local focus, regional OSPO networks strike a balance that drives large-scale innovation while staying grounded in the needs of diverse communities.

Key themes include:
- Open Source as a Societal Institution: Why open source must go beyond code and actively integrate with local communities to avoid becoming siloed.
- Regional Networks for Connection: How regional OSPO networks foster collaboration among civic institutions, academia, local communities, and the tech industry.
- Inclusive Technology Development: How to engage local voices to study problems, co-develop solutions, and ensure equitable implementation.
- The 20/80 Framework: A practical model for balancing local focus with regional collaboration to create resilient and impactful networks.

This session offers a vision for a new kind of open source ecosystem—one that connects society’s diverse sectors, tackles real-world problems, and builds a foundation for sustainable, community-driven innovation. Whether you’re a community leader, OSPO practitioner, or open source advocate, join us to explore how we can bridge the gap between open source ideals and societal impact.

Key Takeaways:
- The importance of integrating local communities into open source development processes.
- How regional OSPO networks can address local challenges through collaborative innovation.
- Strategies for fostering open governance and inclusive technology development.

This talk is a call to action: let’s ensure open source remains a force for collective good, bringing all of society into the fold. Together, we can prevent open source from becoming another siloed institution and instead position it as a true bridge to a better future.

In an era where data breaches make headlines daily and cyber threats continue to evolve, Confidential Computing emerges as a game-changing paradigm for protecting sensitive workloads in the cloud. With the upcoming Digital Operational Resilience Act (DORA) in Europe mandating data protection in use, understanding Confidential Computing solutions is crucial for regulatory compliance. This talk explores the cornerstone of this technology: Confidential Virtual Machines (VMs), focusing on the two leading hardware technologies: AMD SEV-SNP and Intel TDX.

We delve into the intricacies of enlightening Linux guest OS images to work with these platforms, examining the architectural differences and specific requirements for each technology. Key technical aspects covered include secure boot implementation, measured boot processes, attestation mechanisms, and memory encryption strategies within Linux guest OS images. The discussion encompasses essential modifications needed for compatibility, current industry support, implementation challenges, and emerging trends. This comprehensive overview provides insights into the state-of-the-art of enlightened guest OS images for various Linux distros like Azure Linux, RHEL, Ubuntu, etc. and explores future directions in this rapidly evolving field of confidential computing.

This talk is designed for everyone - from developers, cloud architects and platform vendors to confidential computing enthusiasts.

The IR passes of LLVM are a happy place. Easy to reason about, easy to test, easy to debug. SSA form is a really great idea.

This talk sketches the (positive!) experience of writing a couple of classically back end tasks in the middle end instead of their proper place. One is a variant on register allocation - assigning variables to offsets in some buffer. The other is the ABI themed challenge of eliminating variadic functions. Maybe time will allow for an example of pulling work out of clang.

More speculatively, what else could be lifted to IR?

Bitwise reproducibility is recognized as a promising way to increase trust in the distribution phase of binary artifact and hence increase trust in the software supply chain. But how reproducible is Nixpkgs? We know that the NixOS ISO image is very close to be perfectly reproducible thanks to reproducible.nixos.org, but there doesn't exist any monitoring of Nixpkgs as a whole. In this talk I'll present the findings of a project that evaluated the reproducibility of Nixpkgs as a whole by mass rebuilding packages from revisions between 2017 and 2023 and comparing the results with the NixOS cache.

In this talk I will introducing the new uniform glow effect for texts in shapes. This glow effect only can be applied for texts in different text object. We already had Blur effect for text objects, but we also need to be able to apply GLOW effects, as can be done on Shapes. This is useful for adding extra highlighting to text.

Neo4j had its first stable release in 2010 and soon became one of the defining NoSQL systems, establishing "graph databases" as a new category. These systems represent data as nodes and edges, allowing for intuitive querying and visualization, as well as performance benefits on certain types of queries (e.g. path finding).

In this talk, I give a brief overview of the past, present, and future of graph databases. I first summarize the history of graph database systems, focusing on their main categories and use cases. Then, I discuss the key challenges that continue to hinder the adoption of graph databases, including a fragmented landscape and performance limitations.

I end the talk with recent positive developments: (1) Advances in standardization that led to the ISO GQL and SQL/PGQ languages, (2) Performance increases driven by competition on the LDBC benchmark suite, (3) A new generation of open-source graph database systems such as Kùzu and DuckPGQ, (4) Opportunities in machine learning use cases such as GraphRAG.

At last year's FOSDEM, I introduced the Incus project, what it was and what it would become over the following year. One of the main highlights and that which gathered the most interest was the support for OCI application containers.

It's now been a few months since Incus first gained support for running application containers, alongside its existing system container and virtual machine support. The work needed to get this done was actually pretty simple thanks to other projects like skopeo and umoci which Incus leverages to handle the OCI images.

In this presentation, we'll be looking at why we wanted to add OCI containers to Incus in the first place, how it was implemented, some of the differences from other implementations and what's planned next to make this even more useful.

Homebrew, the popular package manager, thrives on macOS and x86_64 Linux, but a small group of hobbyists has also been leveraging it on ARM64-based Linux devices like Raspberry Pis to install up-to-date software. While Homebrew is not officially supported on ARM64 Linux, this talk explores the technical hurdles for adapting the package manager to this platform. We'll examine the work done so far and the ongoing work needed to make Homebrew more accessible and reliable for ARM64 Linux users.

Personal cloud servers like Nextcloud, ownCloud, SeaFile and CERNBox have for several years now supported the Open Cloud Mesh protocol for inviting collaborators to a document or folder.

Open Cloud Mesh is an authorisation flow, rather than a data access protocol. In this sense it's similar to the role OAuth plays for establishing API access.

Open Cloud Mesh can be used to establish collaboration, after which the actual read/write traffic would for instance be handled via server-to-server WebDAV connections.

This means that Open Cloud Mesh can be used in combination with many other protocols, in many different scenarios, depending on document type and mode of collaboration. The protocol is agnostic about whether the collaboration that is being established concerns for instance a text file or a real-time video conference.

We recently published this protocol as an Internet Draft, we run automated tests between implementers and we recently held a technical workshop about the protocol, where implementers came together to compare notes and discuss possible features to add.

This talk will give an overview of how Open Cloud Mesh works and hopefully we can get into a discussion of how Open Cloud Mesh can be useful to others.

I wanted to have a watt-meter that I could plug into my electrical supply to ensure I didn't trip the max rating at my granparents' when charging an EV. I could have bought a "smart-balancing charger" to handle this for me, but I wanted to keep costs low and learn embedded Rust.

On this talk I'll go over how to manage side-projects, keep objectives reasonable and the technical details and how easy it is to build an API backend using Rocket, handling serialization and parallelism, as well as using Rust on the embedded device, including flashing, demonstrated how this is all integrated into cargo as a build tool.

Wattmeter code: https://github.com/ssaavedra/esp32-amp-sensor Backend: https://github.com/ssaavedra/amp-sensor-backend

This talk will delve into how DeepComputing and Fedora have strategically collaborated to address the chicken-and-egg challenges in the RISC-V ecosystem, and to achieve Fedora official running on DeepComputing's DC-ROMA series laptops and pads, as well as upcoming workstation and server products. Overcoming the complex barriers involved in this process required seamless collaboration among multiple partners. DeepComputing has played a pivotal role—not only in mass-producing RISC-V-powered devices but also in driving the implementation of proposed solutions. This includes close coordination with SoC partners, product solution providers, and active engagement with the Fedora team to ensure the best outcomes.

Recent improvements in Collabora's online suit based on Libreoffice technology related to comments and the possibility of mentioning other users.

repository: https://github.com/CollaboraOnline/online

The Journal of Open Source Software (JOSS) bridges the worlds of open source and open research. To amplify this mission, we recently completed the first season of JOSSCast, an experimental podcast designed to test how storytelling can connect researchers, developers, and contributors across disciplines. In this session, I’ll share what we learned from the experience—what worked, what didn’t, and how we can use podcasts to strengthen open research.

You’ll get insights on:

• The challenges and rewards of using podcasts to support open research.
• How storytelling can engage both technical and non-technical audiences.
• Practical tips for creating content that builds community.

Come hear about how we’re using experiments like JOSSCast to innovate and grow the open research ecosystem.

At 9elements we do firmware, which is rather niche and complicated. As developing firmware is already difficult enough, we think that building / compiling it should not be. Which is the reason why we made firmware-action -- an automation tool to build firmware, powered by Dagger that can be used on your local machine as well as in CI/CD pipelines.

firmware-action is an open-source tool under MIT license available at https://github.com/9elements/firmware-action

Kubernetes API server provides a standardized extension layer, called CustomResourceDefinitions (CRDs). This is a go-to contract, used to implement a controller with added functionality. There are some standard libraries, like controller-runtime and kubebuilder, written in Go, built to integrate with it natively. But what about other languages, like Rust?

How would a controller look like written in Rust? Why would you want to consider writing one? What benefits or downsides this approach might have? And how can a Rust controller still benefit from an established Go ecosystem?

We will explore these topics, compare implementations and share experience over other projects using Rust within kubernetes.

Projects: - https://github.com/kube-rs/kube - https://github.com/kube-rs/kopium - https://github.com/rancher-sandbox/cluster-api-addon-provider-fleet - https://github.com/crust-gather/crust-gather

By now everybody should know what a 15-minute city concept is. What amenities are accessible with a 15 minute walk? What parts of a city do not do well in this regard? Much has been talked about, but how would you get this information about your own city? Uhm... Find some maps online? They are outdated and use buckets that are a bit too big for local usage. Calculate those yourself? With what? There has been nothing on Github.

Until now. Here I will demonstrate how 15-minute maps are done, which open source tools help with calculations, and what further opportunities do this new tool provide.

In this talk, we introduce ManaTEE, an open-source framework designed to enable private data analytics for public research. Private data holds immense value not only for businesses but also for critical research domains like public health, economics, social sciences, and civic engagement. However, leveraging such data for analytics comes with significant privacy risks. ManaTEE aims to address these challenges by integrating a set of Privacy Enhancing Techniques (PETs), including confidential computing, to safeguard data privacy without compromising usability. The framework provides an interactive interface through JupyterLab, ensuring an intuitive experience for researchers and data scientists. We will showcase how Trusted Execution Environments (TEEs) ensure both data confidentiality and execution integrity, fostering trust between data owners and analysts. Furthermore, we will highlight how confidential computing can offer additional properties such as proof of execution, enabling researchers to demonstrate the reproducibility and integrity of their results through attestation. Finally, we discuss how ManaTEE simplifies deployment across various confidential computing backends, making secure and private data analytics both accessible and scalable for diverse use cases.

The compiler intrinsic __builtin_object_size and the LLVM intrinsic llvm.objectsize are used to compute the amount of memory allocated given an address. They play an important role in several security-related passes. This talk describes their behavior, where they are used within LLVM and the recent improvements made to their evaluation.

Actually both _FORTIFY_SOURCE, -fsanitize=undefined and -fsanitize=address rely at some point on an efficient implementation of llvm.objectsize and how it is folded by the compiler. I once wrote a small testbed[0] to compare gcc and clang wrt. the folding of __builtin_object_size and they were mostly on par, until something changed and clang started to stop folding some expressions. Using that story as an Ariadne's thread, we'll dive into the folding of this intrinsic, how it's used by various sanitizer and how it has been improved over the past few months.

[0] https://github.com/serge-sans-paille/builtin_object_size-test-suite

Key recovery is the process of regaining access to end-to-end encrypted data after the user has lost their device, but still has their password. Existing E2EE key recovery methods, such as those deployed by Signal and WhatsApp, centralize trust by relying on servers administered by a single provider.

In this talk, we share our recent work on Kintsugi, a decentralized recovery protocol that distributes trust over multiple recovery nodes, which could be servers run by independent parties, or end users in a peer-to-peer setting. This talk will cover how we developed Kintsugi and its unique security properties, as well as compare it to prior E2EE key recovery work.

See the WIP implementation here.

We at Ubuntu/Canonical/Mir are working on enabling Flutter to use multiple windows across Desktop platforms.

The (not very well hidden) aim is to bring the abundant Flutter developers and apps to FOSS Desktops. Which is why we actually started on Windows, where most of the Flutter community lives.

I'll show our approach and FOSS inspirations, how and where it's going, and ask you to try it out!

Design document Merge proposals and demos

Generational mode of Shenandoah is a new experimental feature that has been added to JDK24. The generational mode preserves pause-less operation of traditional Shenandoah, while decreasing CPU time consumed by GC and allowing higher allocation rates without degenerated cycles in the same heap sizes. For many workloads, this allows robust deployment in smaller heap sizes.

This talk provides selected performance comparisons with traditional Shenandoah, Generational ZGC, and G1 GC. It provides selection criteria for helping to determine whether Generational mode of Shenandoah is a good match for your service needs. It also provides best-practice recommendations for how to tune Generational Shenandoah to extract the greatest value for your particular service.

I will present some first person experiences learned while handholding a relative newcomer to LibreOffice QA, about how easy (or not) is it to pick up speed with bug triaging, bibisecting and more, based on the Wiki instructions.

Users and developers demand more and better documentation but, as a FOSS maintainer, you’re an expert in making software, not documentation. Technical writers are docs experts, but it can be hard to collaborate across that gap of expertise. It’s especially challenging to define and scope the work to be done, leading to misunderstandings and disappointing outcomes, for maintainers and writers alike.

Wouldn’t it be nice to have clear expectations of what your next documentation project would look like and to pull together as a team from the start? In this talk, you’ll get a preview of a new open-source resource for maintainers to help recognize archetypal documentation projects, the skills you’ll need to successfully complete them, and common pitfalls to avoid. And across documentation projects—whether you’re adopting new docs tools, rewriting tutorials, or deleting out-of-date materials—you’ll learn some important themes that will lead maintainers and tech writers to make the docs that users and developers want.

Daniel D. Beck is a documentation consultant who helps software engineering teams make tools, processes, and content that reach developer audiences. His talk draws from experience as a longtime contributor and maintainer of open source software and documentation, including as a current maintainer of Baseline, a browser compatibility tool, and a past role as technical content lead for MDN Web Docs.

Did you know that the 'map' type has a whole new implementation as of Go 1.24? Known as "Swiss Maps", they run as much as 60% faster and 25% smaller.

Originally created in 2016 as a C++ library, Swiss Map uses ingenious bit-manipulation techniques to get more throughput from your CPU.

We'll cover:

• How does it work?
• How do benchmarks look for the new maps?
• New SIMD (single-instruction, multiple-data) support in the compiler.
• Performance results from real-world applications.
• Gotchas and caveats.

Keeping up with the AOSP/main branch is hard. In this session the authors will talk about the realities of AOSP development and maintenance from the developer's perspective. They will share their struggles and stories of AOSP development. They will also talk about what is being brewed in AOSP lately: be it the Trunk Stable/Staging development branch model or Generic Bootloader (GBL) initiative or Page-Agnostic AOSP builds to support 16K page-size in GKI or the long-term (7 yrs) software support cycle everyone is talking about.

Regular software updates are essential for fixing common vulnerabilities and exposures (CVEs), addressing bugs, and adding new features, all while maintaining security and increasing the lifespan of embedded Linux devices. Over the past decade, the landscape has changed significantly, with many high-quality and reliable open source solutions now available, making the development of in-house update solutions unnecessary. During this time, several SOTA solutions using different strategies have come and gone. Open source options based on the dual A/B redundant update scheme have become widely adopted in the industry. This session will focus on three such solutions: Mender, RAUC, and swupdate. We will analyze their strengths and weaknesses, offering guidance on selecting the best solution for different use cases and industries. Additionally, we will explore advanced features such as HTTP streaming, which allows direct installation of updates without the need to download and store the update file locally. We will also discuss the potential of adaptive and delta updates, which are additional features built on top of A/B update schemes. These features minimize data transfer by sending only the changes, rather than the full update files.

The hands-on examples will demonstrate the integration of three different open source solutions: Mender, RAUC, and swupdate - on two different devices: Raspberry Pi 5 and the open source hardware Olimex I.MX8MP SoM, using the Yocto Project and OpenEmbedded. The demonstrations will highlight the differences in setup, configuration, and update management for each solution. Additionally, we will explore support for other build systems such as Buildroot, PTX dist, and distributions like Debian, Ubuntu, ArchLinux, and NixOS, emphasizing how each solution integrates with these environments.

This talk is suitable for engineers and developers looking to implement an open source update solution for embedded Linux devices. It will provide a deeper understanding of the technical challenges and available open source solutions, empowering attendees to address these challenges more effectively and focus on enhancing the unique features of their products.

Structured Email allows to extend common email messages with a machine readable representation. The talk describes available libraries and implementation experience with the Structured Email Plugin for Roundcube Webmail. The talk also explains ongoing work within the IETF Structured Email working group.

KernelCI has come a long way. It started as a simple tool that was only building and boot testing ARM devices, but its story didn't end there. KernelCI evolved to actively participate in the workflow of Linux developers and maintainers and is committed to provide a CI system that alleviates their workload.

In this talk Paweł will present how various CI workflow challenges were approached and resolved. He will show how KernelCI integrates with existing tools and highlight recently introduced improvements. Join Paweł to see how it enhances Linux kernel development process and discuss the next chapter of the KernelCI story!

The software industry traditionally used the right to exclude granted by copyright as the means for generating revenue. Free software came along and flipped the script, giving away for free what traditionally was the primary mechanism for extracting payment. But free software has struggled ever since, trying to figure out how to create value that customers are willing to pay for when they can’t use the copyright that way.

More and more, companies are recognizing and leveraging the truly unique asset in free software – the brand. Ketchup is a commodity market, but Heinz has captured 80% of it by convincing U.S. consumers that Heinz ketchup is better than all the rest. Open source software is similar to a commodity market because the original software may be competing with the identical product. Open source software companies are learning how to develop business models around the brand, convincing customers that the customer will be better served by remaining loyal to the branded product instead of their competitors who are simply copying and distributing the software.

But it’s also possible for companies to overextend their trademark rights to subvert the promise given in the copyright license. Frustrated at free-riding or the perception of it, companies are now also trying to extract revenue through questionable trademark infringement theories.

This session will review the current state of trademark thinking in free software as a revenue strategy, both the appropriate and inappropriate ways to manage the customer relationship through the brand.

*Robert Young, How Red Hat Software Stumbled Across a New Economic Model and Helped Improve and Industry, Open Sources, Voices from the Revolution p. 116 (1999).

A profitable business is one of the best protections for commercial open source projects and communities that depend on them. Our talk draws on the experience of companies that pulled it off to explain how to do it for your own projects. We’ll discuss commercial models that actually work, giving back to the community, and gracefully collecting money for free software. We'll also discuss topics for larger projects like foundations and taking VC funding. It is possible to balance a strong belief in open source communities with making payroll every two weeks. We've done it and will share our secrets.

On this talk I present my experience introducing Nix, home-manager, darwin-nix and devenv in a project where most team members use a macbook but we spend quite some time on Linux too.

A declarative configuration - that does not interfere with OSX and company provided tooling - that can be shared with team members to be used with minimum changes - that keeps a working environment on every iteration - that really boosts productivity

adding devenv to the mix - so people with no exposure to nix feel comfortable - so developers have an almost identical setup - so complexity is hiden using processes and services instead of customised containers and scripts

Unfortunately some pain points too - as it was impossible to replicate workflows Linux users were used to - not all available packages can be installed

After this six months experience, this combination is highly recommendable for all projects aiming to enjoy the good parts and some to polish edges I have seen.

Huge graphs, from billions to trillions of nodes and arcs, are more and more common in modern data-intensive applications. Graph compression techniques allow loading and manipulating such graphs into main memory of either high-end workstations or commercial-grade servers, depending on graph size. In this talk, we report about webgraph-rs, a recent clean-slate Rust re-implementation of WebGraph, a state-of-the-art graph compression framework, formerly implemented in Java. webgraph-rs comes as a series of interconnected Rust crates of general interest, including high-performance bit streams, zero-copy (de)serialization, constant-time measurement of heap size for large data structures, and high-performance implementation of succinct data structures . Using webgraph-rs one can load graphs such as the Software Heritage Merkle DAG (about 0.6 trillion edges ) in less than 200 GiB of RAM and visit it in a few hours with a single core.

With multi-threaded LibreOffice spreadsheet calculations atomic reference counting can become a surprisingly dominant bottleneck. Some profiling data and case studies on implemented improvements in this area.

Following the FOSDEM 2024 presentations about M17 and OpenRTX, this talk will provide an insight into the developments carried out by both projects throughout the past year: the first commercial device supporting M17, the support of OpenRTX by the trx-control software, and M17Netd, a Linux daemon that enables the creation of IP links over RF.

NooBaa is a software-defined storage platform that enables seamless management of object storage across diverse environments. In NooBaa, the database plays a vital role, it stores information related to the object buckets, object indexing, configuration data etc, — but what happens if that database fails or becomes slow? It can bring your entire storage system to a halt, impacting availability and performance.

In this session, we'll discuss the current noobaa architecture, the challenges of NooBaa’s database dependency , along with some real-world examples of outages caused by this. We’ll explore how to safeguard your storage environment and ensure consistent access to your object buckets, even during database failures using different database handling strategies.

links: https://github.com/noobaa

How many times have you built a taxonomy for open source software analysis? Whether you’re writing a survey for open source contributors or categorizing thousands of repositories, you’ve most likely had to create some kind of organizational structure to make sense of the data. Over the course of researching and analyzing open source projects, I’ve searched for and created many bespoke taxonomies to meet my analytical needs. In this talk, I’d like to share key learnings and pitfalls in my pursuit to answer “how do project characteristics influence behavior?”, as well as propose a solution for open source researchers to share and collaborate on open source taxonomies. No one should have build a new OSS taxonomy in a vacuum!

An average Linux distro has about half a dozen file syncing libs. The source code we sync with git and other SCMs. But how can we sync some structured data? JSON, for example. Two-way, maybe in real time, for collaboration, revision control, and simply device syncing. As it turns out, there are challenges.

I will outline the history of the question and the ongoing efforts. Then, we will delve into the Replicated Data eXchange format (RDX) and the progress of librdx.

In this presentation, we introduce DuckPGQ, an open-source community extension for DuckDB, an in-process analytical database system with a relational data model. DuckPGQ extends DuckDB’s capabilities to support graph processing, leveraging the property graph data model and implementing the SQL/PGQ standard. This enables users to query and analyze graph data within the familiar SQL environment. By harnessing DuckDB’s efficient in-memory architecture, DuckPGQ facilitates fast and seamless graph operations on tabular data and has been shown to outperform traditional graph databases like Neo4j on certain pattern matching queries. Additionally, DuckPGQ supports efficient execution of graph algorithms, enabling complex analytics such as PageRank and clustering operations. We’ll explore how DuckPGQ bridges the gap between relational and graph data, empowering users to perform pattern matching, path-finding, and more—all without needing specialized graph databases and from the convenience of your own laptop.

In 2015 a ticket was opened asking for container migration support in Kubernetes. In 2022 the first minimal support to checkpoint and restore containers was added to Kubernetes 1.25 as an Alpha feature. In Kubernetes 1.30 (2024 ) the checkpoint/restore support graduated to the Beta phase.

In this session I want to give an overview what is currently possible in regards to checkpointing and restoring containers in Kubernetes. I want to give details in what way the containerd and CRI-O implementations differ and I want to describe the future plans for checkpoint/restore in Kubernetes.

Panoramax is a FLOSS project initiated 2 years ago in France by OpenStreetMap France and the national geographic institute (IGN).

Its goal is to provide a decentralized way to share and publish street level imagery.

This session will present the current status of the project, the software stack and the standards on which we built Panoramax like STAC and EXIF.

Fortran => Scientific Computing => Performance Wasm => In Browser => Portability

Why would someone want to have both? Can Flang actually do that?

Learn about Poppler, the PDF rendering library used by the main Linux desktop applications. Where it came from? What about the name? Which features does it have?

We will cover into that talk a new proposal to design and distribute open source firmware in the datacenter world by relying on secure boot from a single component (the BMC) and extensive attestation from the remaining part of a server. The BMC will starts from a network boot and load all required firmware (from PCIe end points, to microcontroller) from a trusted source before starting target. This approach is currently implemented on HPE Gen11 servers which supports Open Source Firmware. Our goal is to enhance security by decoupling the firmware and hardware supply chain, and allowing easier update process.

LibreOffice's Python API is among the more user-friendly options. It provides extensive functionality in a Pythonic manner right out of the box. However, for aspects of the UNO API that aren't straightforwardly supported, alternative methods may be necessary.

Join me as I demonstrate a few problems on this topic, along with some handy tips and tricks!

This session will present an end-to-end scenario to support confidential computing on Arm (CCA). The first part will focus on a reference implementation stack that integrates firmware, operating system, virtual machine monitor and container environment on QEMU's SBSA platform. From there we will present the verifier that runs in the cloud to attest security claims generated by the reference stack. We will conclude by going over the tooling needed to compute initial Realm measurements and give an overview of a key broker proof-of-concept that works with the stack and verifier to deliver a secret payload.

Consider you want to have a concurrency bug that requires threads to run in a specific order. Wouldn't it be great if you could stop and start threads at random? Prevent them from being scheduled onto the CPU? And the best part: Without the application being able to prevent this, like it could do with POSIX STOP and START signals? In come the scheduler extensions for the Linux Kernel. Introduced in version 6.12, they allow you to quickly write your own schedulers with eBPF, and can be the base for simple libraries that enable you to start and stop threads directly in the Linux kernel. This opens the possibility of creating complex scheduler scenarios at a whim.

In this talk, we'll show you a prototypical sched_ext-based library for concurrency testing that we used to reproduce bugs when working on the OpenJDK.

Self-hosting an e-mail server is notoriously challenging. While privacy is a top concern for many individuals and businesses, the complexities of self-hosting a mail server often outweigh the benefits, leading many to choose to sacrifice some privacy and pay a third-party provider to manage their email instead. One of the key challenges of self-hosting an email server is the outdated and complex nature of most available open-source mail server software.

Stalwart Mail Server seeks to change this by providing a modern, open-source mail server built in Rust that prioritizes ease of use, security, and privacy. Designed to simplify self-hosting, Stalwart Mail Server enables individuals and businesses to reclaim their email autonomy with confidence. This talk will explore how Stalwart Mail Server democratizes email, promoting decentralization by making self-hosted email accessible, secure, and efficient. Join us to learn how Stalwart can empower you to take back control of your email in today’s digital landscape.

How to ensure that object files from two compilers are ABI (Application Binary Interface) compatible?

This talk presents a tool capable of extracting ABI properties for a RISC-V compiler. This human readable summary can be compared to another version, be it a reference version or one created for a different compiler or with different options, exposing where compatibility problems can pop up.

While the topic may not receive extensive attention, certain methods for ABI validation do exist, most of which focus on libraries. This tool, however, adopts a unique approach by focusing on extracting ABI properties to ensure compatibility between object files produced by different compilers. It covers aspects from data type sizes/alignment to the organization of data in registers and on the stack. For example, it identifies which registers or stack locations are used for variable/struct argument passing and distinguishes caller-saved from callee-saved registers.

Most computer programs run with far more privileges than necessary. Many techniques have been developed to drop privileges and split applications into multiple components, each of which can run with the least amount of privileges necessary to do its job. This can greatly reduce the impact of security bugs, as the affected component will hopefully no longer have the rights to spawn other processes or even access files. Relatively small architectural changes can result in huge security gains.

Most privilege separated daemons out there are written in C. However, it is also possible to do this in Go, as this talk will show with almost copy-pasteable examples targeting POSIX-like operating systems.

The Yocto Project offers the cve-check class to allow users to check for known vulnerabilities in the packages they include in their distribution. However, the CRA (Cyber Resilience Act) and changes around vulnerability databases require a different approach. The move to multiple databases and more dynamic vulnerability checking is in progress.

In this talk, we will explain the ongoing move to external checking for vulnerabilities in the Yocto Project. This will allow users to verify their distribution years after the release without the original build directory.

As the future of the NVD (National Vulnerability Database) is unknown, we are also considering using other databases, starting with raw data from the CVE (Common Vulnerability Enumeration) program.

The audience will also discover VEX (Vulnerability Exchange), allowing per-product annotations of vulnerabilities: you can finally say, "Not affected, we disabled the vulnerable configuration option!"

This talk is 25 minutes; if we have 50, we can add more content and examples.

After 3 years of development, Project Lilliput, also known as 'Compact Object Headers' is going to ship JEP 450 in JDK24. We want to celebrate that by looking back at how we got here and talk about what Java users can expect from it. We also talk about why we are not done, yet, how all Java users are going to benefit from 'Lilliput 2' and what it takes to get there.

With just five years remaining to achieve the Sustainable Development Goals (SDGs), the window for action is rapidly closing. This session explores how the United Nations and other stakeholders are accelerating efforts toward meeting these goals and how open source solutions are critical. The Digital Public Goods Alliance in collaboration with the UN Envoy on Technology will dive into the role of digital public goods in supporting SDG progress, highlighting innovative initiatives, partnerships, and technologies that can scale impact in areas like health, education, climate action, and more. Join us for a conversation about how the open-source community can unite with governments, NGOs, and the private sector to build the digital infrastructure needed to meet these ambitious goals.

The Digital Public Goods Alliance is a multi-stakeholder UN-endorsed initiative that facilitates the discovery and deployment of open-source technologies, bringing together countries and organisations to create a thriving global ecosystem for digital public goods and helping to achieve the sustainable development goals.

The Office of the UN Secretary-General’s Envoy on Technology is dedicated to advancing the United Nations’ digital cooperation agenda, ensuring that technological advancements benefit all of humanity while mitigating associated risks.

Keynote Presentation:

1. Brief introduction to the UN’s Sustainable Development Goals and the urgency of achieving them within the next five years.
2. The unique role of open source solutions in bridging critical gaps and delivering scalable, impactful innovations in health, education, climate action, and beyond.
3. The Power of Digital Public Goods (DPGs):
4. Introduction to Digital Public Goods, their role in achieving the SDGs, and how the DPG Standard ensures openness, scalability, and ethical implementation with the latest updates made in it to assess open AI systems.
5. Case studies of impactful DPGs, showcasing their real-world benefits in addressing systemic global challenges.

Collaboration with the UN Envoy on Technology:

The Global Digital Compact (GDC): 1. The UN Envoy on Technology will present highlights of the GDC, emphasizing its relevance to open source communities and sustainable development. 2. Key areas of focus: - Digital Inclusion: Bridging digital divides through open collaboration and equitable access. - Open-Source as a Foundation: Recognizing open technologies as a cornerstone of global cooperation and innovation.

Special Announcement by the Digital Public Goods Alliance (DPGA):

Formal Recognition of New Flagship DPGs and insights from some other notable DPGs and their alignment with open source principles and the impact of their inclusion as DPGs on advancing global digital equity.

Call to Action:

Engaging the FOSDEM Community: A compelling closing appeal to developers, contributors, and organizations in the open-source ecosystem to: 1. Actively participate in scaling DPGs. 2. Leverage their expertise to support SDG-aligned open initiatives. 3. Join global efforts like ours to create inclusive, ethical, and open digital infrastructure.

Let's take look at how much of the LibreOffice internal and external API is marked as deprecated and since when. Maybe also ask ourselves whether we are doing fine or we forgot something important we wanted to do.

Lots of open-source projects use documentation as code to collaborate on web sites and documentation. But how do you integrate the different parts of a documentation pipeline to provide a great contributor and user experience? AsciiDoc is a popular plain text markup language for writing technical content, and lots of open-source projects use it. It’s loved for its rich features and its ability to modularize and reuse content. The AsciiDoc Working Group at the Eclipse Foundation has recently published the AsciiDoc Language documentation, and it is continuing to work on the AsciiDoc Language Specification that is the foundation to define standard parsing rules for the language. This talk showcases different AsciiDoc tools in real-world project documentation pipelines to show what is possible today when you author, verify, convert, and publish content. It also highlights what challenges will be solved with the evolving AsciiDoc Language Specification.

In May 2023, the a decloaking method called tunnelvision raised awareness about security implications about supporting the DHCP option 121. This talk with show practical mitigation methods against this technique and also similar issues that deserve similar attention. This will be from the perspective of the team developing NetworkManager that makes mitigation against this easily available.

We invite open-source maintainers, testers, designers, developers, human rights defenders, researchers, activists, community organizers, digital security experts working, and others currently working within FOSS communities in the Global Majority, to join our gathering.

This gathering focuses on exchanging perspectives, sharing insights, and identifying both challenges and opportunities in designing usable and accessible open source internet circumvention technologies for underrepresented and historically marginalized communities. Through open and collaborative dialogue, we’ll share best practices and collectively strategize inclusive and contextually relevant approaches. In doing so, we hope to foster a practice of mutual support and care, sustaining our effort in contributing to a safer, more equitable, and resilient digital space for those at risk.

We'll facilitate our session like a circle where each participant will get to contribute and share their stories. The outline will roughly be like this:

• Goal of the session
• Individual Introduction
• Questions for group discussion
• Note-taking and sharing

SFC funded and supported Sebastian Steck's lawsuit against wireless router manufacturer AVM. That lawsuit has recently concluded. AVM has provided the complete source code for all LGPL works, which means everything needed to reinstall changes, for the FRITZ!Box 4020. This marks the first time to our knowledge in Germany that an individual purchaser has successfully sued a manufacturer and received complete source code as a result. This talk will describe what the case was about, what the compliance issues were before the lawsuit, and how "the scripts used to control compilation and installation" that AVM provided over the course of the lawsuit brought them into compliance with LGPLv2.1.

In recent years, it has been repeatedly shown that memory safety problems account for the vast majority of security vulnerabilities in software systems. In response, security researchers and government agencies alike have urged software developers to replace their use of C and C++ with memory-safe programming languages. Fortunately, there are several native programming languages to choose from, but there is a catch: you must rewrite your code to get these memory-safety benefits. In today's established software systems, that could mean rewriting hundreds of millions of lines of existing C and C++ code, which is beyond impractical.

To move memory safety forward in an established software system, we propose an incremental approach comprised of three parts. First, use of a memory-safe language (in our case, Swift) for new code or for targeted rewrites. Second, memory-safety improvements to C and C++ that can be applied to large swathes of existing code. Finally, deep interoperability between the memory-safe language and existing C and C++ without sacrificing memory safety. This talk will explore all three aspects of this approach in the context of Swift, and will reflect on lessons learned for both programming language design and rollout in an established software system.

Want to stay in sync with Android’s latest features and bring them into your own projects? Join a former Googler and Android team member as we dive into Trunk Stable – Android’s new quarterly release model.

We’ll explore why this change is much needed for improving quality, releasing more frequently, and meeting upcoming regulatory compliance.

You’ll learn how to define features, A/B test them, and make sense of next, trunk_food, and trunk_staging. We’ll discuss strategies for rebasing your changes onto the latest code, managing feature flags with tools like aconfig, and keeping your projects aligned with the newest Android updates.

With zero experience with NixOS, I grabbed an unused $60 LTE-enabled laptop bought in a fire sale during the pandemic and an LTE SIM card to build a router for my newly purchased home so I could have the minimal Internet necessary for its security system and home automation without having to record what I did in case the laptop died.

I did this in a few hours with less than 100 lines of Nix. I did not think that it would be this easy. It served my Internet needs for several months without failure.

This talk will cover some hijinks of NixOS, using LTE for home internet somewhere you don't yet live, and the joy of things that Just Work... when they work.

We are planning to kick off this BoF by discussing the Continuous Performance Testing (CPT) methodology. At Red Hat, We are implementing this approach to ensure that our projects and products consistently meet the minimum performance and scalability standards with each update.

After that, participants will have the opportunity to discuss the performance and scalability challenges they are encountering, as well as the strategies they are employing to address these issues prior to the final release of their projects or products.

Following these discussions, We intend to arrange dedicated talks later with attendees that will concentrate on the specific performance and scalability challenges they are facing.

At the Scientific Computing Institute at TU Darmstadt, we have experience with developing LLVM-based tools. In the past, however, we usually focused on C/C++ codes via the Clang compiler [1,2]. With the change to flang-new [3] as the default LLVM Fortran frontend, we were interested in developing tooling for Fortran codes. In this talk we want to take you through our journey towards flang‑new based Fortran tooling. After building ~legacy~ established Fortran codes [4,5] with flang-new we wrangled with OpenMPI, employed static analysis tools inside the compile pipeline, and measured performance with the Score‑P [6] profiling library.

We will conclude our talk by presenting first results and describing our first impressions working with the evolving flang-new infrastructure.

This talks is intended for people with an interest in Fortran applications, tooling, or a general curiosity in the possibilities given by the LLVM infrastructure.

Open source projects can promise the moon in their READMEs, but have you ever wondered what causes end users to actually adopt a project? Bill has interviewed over 20 companies in industries ranging from media to financial services about why they picked Cilium for their cloud native platform.

In this talk, he will reveal what end users truly want when adopting open source projects and what the forcing function was for each of them. You’ll hear firsthand accounts of why companies like DigitalOcean, Rabobank, and The New York Times chose to deploy a project to production, the specific benefits these organizations are reaping, from enhanced security and observability to improved performance and cost savings, and all the triumphs and tribulations along the way.

The talk will also teach other open source projects a process for creating impactful case studies to grow their community. By the end, the audience will how to grow their project with a case study program and why end users actually pick a project.

Putting the pixels of LibreOffice into a browser window. With or without Qt. Asking for interaction.

What's Guix? GNU Guix is a software deployment tool that supports reproducible software deployment. As research results are increasingly the outcome of computational processes, software plays a central role. The ability to verify research results and to experiment with methodologies, core tenets of the scientific methods, requires reproducible software deployment.

What's Software Heritage? Software Heritage is a long term, non-profit, multistakeholder initiative with the ambitious goal to collect, preserve and share all source code publicly available. To our knowledge, Software Heritage is the largest publicly available archive of software source code.

Could we connect Guix with Software Heritage? Yes! It makes Guix the first free software distribution and tool backed by Software Heritage, to our knowledge.

This presentation describes design and implementation we came up and reports on the archival coverage for package source code with data collected over five years. It opens to some remaining challenges toward a better open and reproducible research.

Talk Summary This talk introduces a groundbreaking project aimed at creating a universal solution for scanner drivers across various Linux distributions. By leveraging Snaps and OCI containers, the ScaniVerse project enables the distribution-independent packaging of scanner drivers and applications. This approach enhances flexibility, reduces dependencies, and supports immutable operating systems. Attendees will gain insights into advanced techniques for integrating scanner and printer drivers, including the use of the PAPPL library for retrofitting legacy devices.

Project Description The ScaniVerse project is a pioneering initiative designed to streamline the installation and management of scanner drivers across different Linux distributions. By utilizing Snaps, the project enables the creation of distribution-independent packages, allowing scanner drivers to be easily installed on any system that supports snapd. Additionally, scanner applications can be containerized using OCI containers, facilitating their deployment on immutable operating systems. Key components of the project include the integration of scanner support into the PAPPL library, originally developed for printer applications. This integration supports multi-function devices and provides a unified driver format for both printers and scanners. The project also focuses on retrofitting legacy scanners to ensure continued support for older hardware.

Learning Outcomes for the Community Learning basics of how to package printer/scanner drivers in Snaps for easy installation on any distro supporting snapd. Gaining insights into separating scanning frontends from drivers, enhancing modularity and reducing dependencies. Explore how to package and deploy scanner applications in OCI containers for enhanced manageability and deployment on immutable systems. Understand the potential of eSCL and IPP scanning as standardised infrastructures, moving beyond the limitations of SANE. Discover methods to support legacy scanners using SANE and PAPPL-retrofit for a seamless transition to modern systems. Learn about establishing a common scanning infrastructure that simplifies development and maintenance, benefiting the entire ecosystem.

Traditional package updates using tools like RPM or Zypper can introduce risks, such as incomplete updates or accidentally breaking the running system. To overcome these challenges, we developed container-snap, a prototype plugin designed to deliver atomic OS updates—updates that are fully applied or rolled back without compromising the system's state.

container-snap leverages OCI images as the source for updates and integrates seamlessly with openSUSE’s tukit to enable transactional OS updates. By utilizing Podman’s btrfs storage driver, it creates btrfs subvolumes directly from OCI images, allowing systems to boot from the OCI image. This approach empowers users to construct their own OS images using familiar container image-building tools, like Docker or Buildah.

In this session, we’ll dive into: - The architecture and technical implementation of container-snap - Challenges encountered during development and how we resolved them - Key lessons learned along the way - A live demo showcasing container-snap in action

Come and join this session to learn more about how to boot from an OCI image without bricking your system!

In this introductory, hands-on workshop you will learn how to program an inexpensive, battery-powered, pocket-size computer (micro:bit or Calliope mini) to respond to buttons, tilts, shakes, light, and more. Display icons or short animations or the LED display or play tunes through the built-in speaker.

This workshop will use MicroBlocks, a blocks language similar to Scratch. It is suitable for beginners aged 10 and up working independently or younger children working with a parent.

To participate, you will need a laptop computer (not a mobile device).

Activities during FOSDEM Junior follow the Code Club policies and health and safety standards.

• All attendees must have an adult with them
• Remember to bring your laptop with you
• You must book a place to attend
• Please don’t come if you are feeling unwell

Participants are required to sign up for this activity via the registration form.

CryptPad is an open-source and end-to-end encrypted collaborative office suite. Since its inception 10 years ago, it has been actively developed at XWiki to offer a unique combination of privacy and collaboration. In this talk I will summarise CryptPad's development to date, from a single-page prototype to a full-blown office suite. I will then give an overview of the progress made in the last year including: accessibility and mobile, performance improvements, cloud instances, and work on the OnlyOffice integration to name a few. Finally I will give a glimpse of things to expect in 2025.

Hedy is a programming language that aims to teach textual programming to kids. Hedy's unique approach involves gradual changes in the syntax of the programming language, so students are not overloaded with information right away. This devroom is aimed at students from 9 to 12 years old, but anyone with a desire to start learning programming (or teaching) with text based language is welcome. You'll need your own laptop (no installs needed, Hedy is webbased) and reading- and basic typing skills (or someone to help you read and type). No prior programming experience is needed. When you have finished all 18 levels of Hedy, you know the basics of Python.

Activities during FOSDEM Junior follow the Code Club policies and health and safety standards.

• All attendees must have an adult with them
• Remember to bring your laptop with you
• You must book a place to attend
• Please don’t come if you are feeling unwell

Participants are required to sign up for this activity via the registration form.

The presentation will discuss current state of GRUB upstream development.

While metrics provide valuable insights into system behavior, they often lack the detail to really understand the system. In this talk, we will explore how tracing techniques can complement metrics to provide a more detailed view of Ceph operations, enabling deeper analysis and troubleshooting.

There are many ways to get container runtimes and Kubernetes on a node, all with their benefits and drawbacks. This talk will present shipping Kubernetes as a system extension with systemd-sysext – a self-contained, immutable, verifiable, distribution independent disk image. We’ll also look into automated in-place updates, both from the OS as well as the Kubernetes side.

The talk includes multiple live demos, from a single node deployment to cover sysext basics to a full-blown Kubernetes cluster deployed with ClusterAPI which we’ll then update live. While all demos will use Flatcar Container Linux - an immutable special purpose OS optimised for container workloads – the mechanisms demonstrated are distro independent and cloud be used on any Linux distribution.

The satellites of the Sentinel family are Europe's eye in space – managed by the European Space Agency (ESA). They observe the earth continuously and collect enormous amounts of data that provide valuable insights into environmental, climatic, and geospatial changes. These data are used for various applications, including Land Use and Land Cover (LULC) mapping, environmental monitoring, disaster response, climate change analysis, and agricultural monitoring. The Copernicus Data Space Ecosystem makes these data freely available to users, along with tools for processing and analysis. It encourages researchers, developers, and organizations to use these products for various applications, from scientific studies to practical environmental monitoring solutions. These products include but are not limited to, Sentinel data, Digital Elevation Models (DEMs), mosaics, and service products like biophysical parameters such as FAPAR (Fraction of Absorbed Photosynthetically Active Radiation). In addition to these products, the ecosystem also provides a range of tools, including cloud-computing environments and APIs, to simplify and enhance the usability of Earth Observation data. In this session, we will explore how, in addition to freely available data, the Copernicus Data Space Ecosystem provides several open-source capabilities to simplify and enhance EO data usability. These include a cloud-computing environment like JupyterLab, a user-friendly Copernicus Browser for easy data exploration, and APIs like STAC and openEO for streamlined data access and integration. By offering these resources openly, the Copernicus Data Space Ecosystem supports a growing community of users, helping them turn satellite data into actionable knowledge to address global challenges.

The Coconut community is actively developing the Secure VM Service Module (SVSM) to provide secure services and trusted device emulation for guest operating systems running in Confidential Virtual Machines (CVMs). Originally designed for AMD SEV-SNP, Coconut SVSM is evolving into a multi-platform solution, with ongoing efforts to integrate support for Intel TDX Partitioning.

This talk will dive into the current progress of Coconut SVSM, focusing on the emulation of devices such as the virtual Trusted Platform Module (vTPM), based on the reference implementation from the Trusted Computing Group (TCG). At this stage, the vTPM in Coconut SVSM is ephemeral, being re-manufactured with each boot. To unlock broader use cases, the community is working on introducing a persistent state for SVSM, enabling the vTPM to preserve its state across reboots. This enhancement will also allows us to support UEFI variable store to support Secure Boot.

Achieving this persistence requires storing encrypted state securely on the untrusted host, with early boot-time attestation to decrypt and validate the state. This process raises several technical challenges that we are actively tackling.

Join us to explore the latest progress in Coconut SVSM, the challenges we’ve overcome, and the exciting opportunities still ahead.

LibreOffice Technology provides great engine for processing the documents with LibreOfficeKit. For more advanced usage in a user-friendly fashion the good UI is needed. JSDialog API provides way to interact with existing dialogs and build bespoke widgets for different platforms in the browser.

Everyone loves the terminal! It's simple, efficient, and fast — almost everything the web is not.

What if I told you it is possible to build terminal-like web applications with Rust and vice versa?

Join me in this talk, where we explore the future of the terminal and the web and how the Ratatui ecosystem is bringing these two worlds together. We will take a look at example Rust projects that achieved this, their implementation, and the challenges that we are facing.

Get ready to be visually impressed!

In this talk, I will present how to integrate the Nix package manager with Buck2, an open-source build system developed by Meta, to achieve highly granular and reproducible builds across different platforms.

By integrating Nix and Buck2, developers can benefit from Nix's robust package management and reproducible build environments, while also taking advantage of Buck2's scalable and efficient build system.

I will dive into the details of using remote execution services that support the Bazel remote execution protocol with Buck2 in conjunction with Nix's remote build capabilities and showcasing that using a sample project.

The Torch-MLIR project [1] builds a bridge between the world of machine learning and the LLVM project by providing compiler support from the PyTorch ecosystem to the MLIR ecosystem. This short tutorial covers:

• The projects structure and how to build it
• The TorchOnnxToTorch conversion
• Decomposing complex ONNX
• Lowering from Torch to LinAlg and other lower level dialects

Furthermore, it is discussed how you can get involved and what opportunities especially exist for first time contributors to contribute (code) to the project.

[1] https://github.com/llvm/torch-mlir/

Ladybird is a brand-new browser & web engine. Driven by a web standards first approach, Ladybird aims to render the modern web with good performance, stability and security. Currently in heavy development, we take a quick look at its progress, architecture and challenges.

In February 2024, Red Hat released an update to insights-core, a package providing host data for Red Hat Insights. It slipped through our testing and caused all SELinux-enabled systems to crash the service, stopping the hosts from reporting. Even though the patch was released two days later, we couldn’t fix the hosts ourselves, and had to figure out which customers are affected and how to even contact them. It was a big lesson to both engineering and management. We’d like to share this story with the public.

Much of the advice given to Java programmers seeking efficiency is misleading or out of date.

This talk is a result of the author's experience trying making the Java Virtual Machine more efficient, but it isn't just for JVM engineers, it is also relevant to Java programmers. We will cover wide-issue processors, branch and memory-access prediction, and the way Java programmers can use tools to illuminate what is really going on inside a computer when it runs their programs.

If you're looking for a talk about huge memories or millions of threads, this isn't it. Rather, it's about how small details can have surprising effects.

Mechanical Sympathy is when you use a tool or system with an understanding of how it operates best. "You don't have to be an engineer to be be a racing driver, but you do have to have Mechanical Sympathy."

Project: https://github.com/openjdk/jdk

Motivation

Computer Science curriculums often focus on theoretical lessons, such as how garbage collection (GC) works under the hood or the trade-offs between different GC designs. However, there is much less emphasis on how to write GC-aware code in languages like Go. This is surprising since most of these practices are language-agnostic.

This is a significant gap, especially given GC's impact on application performance. Profiling data from real-world applications consistently shows that a considerable amount of time is spent on memory allocation and GC-related activities.

This talk will be a practical session on writing memory-efficient code, supported by an understanding of Go's garbage collection and memory allocation internals.

The talk

Introduction

I will begin by discussing the motivation behind this talk and explaining why this topic is crucial, backed by empirical profiling data from real-world applications.

Essentials

Next, I’ll provide a high-level overview (a 10,000-foot view) of stack, heap, and GC concepts. This segment will be brief but necessary to establish a foundational understanding.

Main

• Walk through real code examples and demonstrate techniques for writing memory-efficient Go code, such as avoiding pointers, preventing overallocation of slices, minimizing the overuse of interfaces and generics and many more, clarify misconceptions about sync.Pool and leverage it effectively.

• Short Overview of Go's standard tooling for observing memory usage and GC behavior: memory profiler, benchmarking tools, escape analysis, GC configuration, execution tracer. Shed more light on less known/used tools like execution tracer.

Finish

Finish the talk by emphasizing that writing allocation-friendly code is crucial for maintaining application performance and should not be overlooked and a wrap-up.

Mox is a relatively young modern, all-in-one mail server. One of its goals it making it easy to setup a mail server, and keeping it up to date. In this talk, we'll look at how mox helps with setting up and running a mail server. From the original quickstart with its environment checks, setting up initial DNS records and modifying them later on, notifying about new mox releases and installing them, to a future easier guided setup process and automatic DNS management.

For FSF-copyrighted GNU packages, FSF insists on executing copyright assignments and employer disclaimers. These are designed to ensure steady and continuing enforcement of the GPL, as well as to serve other important purposes related to licensing and copyright management. The maintainers of some GNU packages would like to use a simple mechanism called "Developer Certificate of Origin" (DCO). It is hard, and some lawyers think it's even impossible, for a DCO to allow FSF to enforce the GPL. However, we at the FSF have once promised to accept DCOs and to draft a DCO that would best serve the needs of the free software community. We want to fulfill this promise after a broad discussion about issues surrounding copyright assignments: their importance, best approaches, and challenges in managing copyrights in free software projects.

Panelists will elaborate on the following questions: 1) How to ensure swift enforcement of the GPL? 2) How to protect free software against third party claims, including employers' copyright or patent claims? 3) How to enable swift relicensing or adding additional permissions, while protecting software against appropriation? 4) How to remove any challenges a contributor might encounter with the process?

In a continuously changing IT world, not being able to adapt is the difference between yesterday's and tomorrow’s projects. Everybody wants the benefits of changes, but nobody wants to endorse its associated risk. From dev to ops, I’ll share why we created Updatecli, an open-source declarative dependency manager. How automation helps us to anticipate, and fix early, our day-to-day challenges, and where the traps lie.

Various blobs like PSCI provider or TEE are currently started between BootROM and the U-Boot bootloader. This has multiple downsides, the blobs are difficult to update and the blobs may configure the platform in a way that prevents U-Boot from accessing all system resources, thus making it less useful as a debug tool. This talk explains how to start U-Boot before most of the blobs, thus giving it full unrestricted access to the platform, and how to start the blobs from U-Boot afterward, so Linux can still access the services like PSCI provided by the blobs. Finally, the talk hints at how to perform a safe A/B update of the blobs.

Project link: https://www.u-boot.org/

Mgmt is a cutting-edge, real-time, automation tool designed to be fast, safe, and revolutionary. Our goal wasn't just to replicate legacy tools but to surpass them-- and we believe we've done exactly that. Mgmt is now powering real production workloads, showcasing its potential to redefine what's possible in automation.

Empowering our users starts with great documentation! To achieve this, we aimed to minimize the time spent maintaining our docs while ensuring they stay perfectly in sync with the code. So we developed custom AST parsing code that automatically converts code into a structured data format. We then use a GoHugo templating system to publish it in a polished and user-friendly way.

All of this code is open source, making it available for others to use and benefit from! We'll also show how even a small project could do this.

I'll deliver live demos throughout, ensuring the concepts come to life.

You'll also get a glimpse of how mgmt can revolutionize your workflows-- it might just become your go-to tool for managing documentation pipelines!

For those who want a head start, check out our blog posts. Reading a few before the talk will provide a great background of the topic!

If you want to use Android for your custom project, then you are almost inevitably going to have to modify the platform code. Typical reasons include supporting specialised hardware, running dedicated system services and pre-installing system apps. AOSP, and some parts of the Board Support Packages, are open source, so what's stopping you just changing the bits you need to? Indeed, this is the standard development model for Android platforms: fork; modify; repeat. Of course, we all know that forking is bad but there isn't any choice, especially when it is so difficult up merge changes upstream

Well, maybe there is a choice, In this talk we will examine the problems created by simply forking Android, and we will look at various ways to make the process more maintainable. In particular we will look at using local_manifests, and at maintaining out of tree patches for AOSP. In the latter case, we will talk about the tooling required to track patch sets ("layers") and the dependencies between them.

We hope that this will spark a conversation in the community through which we can establish best practice for maintaining custom Android systems without forking

Achieving exactly-once semantics is a cornerstone of reliable event streaming systems, but the challenge magnifies when ensuring guarantees across the entire pipeline—from data ingestion in Apache Kafka to stateful processing in Apache Flink, and back to Kafka or another sink. In this talk, we’ll explore the intricacies of designing an end-to-end system that maintains data integrity and correctness without compromising on scalability.

We’ll dive into: * Kafka’s 2 phase commit transactional guarantees and how they align with Flink’s checkpointing mechanisms. * Flink 2 phase commit E2E protocol * Practical strategies to address challenges like fault tolerance, recovery, and latency trade-offs.

This session will explore the implementation of Flink and Kafka 2 phase commit(2PC), the magic files, coordinating it across two distributed systems and the challenges you will face in implementing exactly once event processing E2E in your systems.

Come to see a first prototype of a CRDT-based real-time distributed collaboration implementation - for being able to collaboratively comment on a Writer document, from a number of distributed LibreOffice instances (desktop, browser or cloud).

Have you ever wondered why people get involved in community work? If you think it's just about networking, think again! Let's talk about the deeper motivations rooted in our brains: from fast and slow thinking to the role of the amygdala, our basic human needs, and the impact of collective loneliness on society.

The AFF3CT framework (https://aff3ct.github.io/) is a free and open-source environment under MIT license for building numerical communication chains in the context of software-defined radio applications. It has been developed over about a decade by Inria and the IMS and LIP6 research labs to enable the design, simulation, validation and production-oriented exploitation of building blocks, such as error correction code modules, in chains such as satellite DVB-S2 video transmission or 5G communications. AFF3CT has been designed with a focus on efficiently using the hardware parallelism available in modern multicore processors. This talk will present a brief overview of AFF3CT's capabilities and architecture.

The AFF3CT open source repositories are available at the following links: - AFF3CT GitHub repo: - https://github.com/aff3ct/aff3ct.git - AFF3CT's task-based runtime system StreamPU repo: - https://github.com/aff3ct/streampu.git - AFF3CT's SIMD intrinsics wrapper library MIPP repo: - https://github.com/aff3ct/MIPP.git - AFF3CT's DVB-S2 SDR example repo: - https://github.com/aff3ct/dvbs2

This presentation aims at presenting a fully open-source pipeline to extract, curate, and explore web archives, a captive data source whose access is restricted. Its purpose is to detail both the technical pipeline and the socio-institutional setting that made it possible to emerge, highlighting the challenges of developing open tools for closed sources.

The French web archives is an institutional repository of data maintained by the French National Library (BnF). It contains more than 2 petabytes of data spanning over close to 30 years, which accounts to more than 50 billion web pages. Access to this data is restricted under the heritage and legal deposit law: academic researchers willing to work on web archives as data are expected to submit research projects that, upon a formal or informal agreement, will enable them to access this data. But what then? Building the methodological means to pursue epistemological goals in that context is particularly challenging. Web archivists do provide toolkits for exploration. Recent initiatives have scaled up the effort to make these sources more accessible. The RESPADON project has successfully managed to build a “captive web archive” capacity into the Hyphe software, and in doing so has opened a new way into developing tools for such data.

In this presentation, we will present a new solution to extensively study, at the qualitative level, specific topics in the full-text indexed collections of the French web archives. Built around the PANDORÆ software, this pipeline has been designed to interrogate the captive data source on site, but also extract relevant metadata in a compliant manner to enable its exploration off-site, while ensuring reproducibility by publishing the code. In doing so, this pipeline provides an up-to-date example of the “one-way mirror” situation of building open tools that are fit to operate on closed data sources.

As confidential computing continues to gain importance, AMD SEV-SNP has matured within the open-source community. This session will provide an overview, from the OVMF perspective, of how it integrates with QEMU and the Linux Kernel to encrypt memory and safeguard memory security in a virtualized environment. The session is open to UEFI developers as well as virtualization, kernel, and security developers. Attendees will gain insights into how AMD SEV-SNP in confidential computing protects systems in virtualized environments, the latest upstream development progress, and an analysis of the protections it offers. The session will also address whether these protections are adequate and if there is a need to adopt this technology.

This presentation focuses on the perspective of an Operating System maintainer - how easy it is to add RISC-V support to a Linux based operating system nowadays.

The case study is done on a FOSS Operating System - Flatcar Container Linux. Flatcar Container Linux (https://flatcar.org) is a Container-optimized Linux distribution, CNCF incubated project, which has Gentoo as an upstream distribution.

We will go through the steps required to add RISC-V support, from the Linux Kernel quirks, the bootloader paradigms, and to the generic software support from the wider community: systemd, Docker, Kubernetes.

An important part that will be thoroughly presented is the current state of the art hardware availability combined with virtualization support, very much needed for testing and faster iteration.

If you are processing and storing sensitive data in the cloud, can you really trust anyone (including the cloud)? The answer is no. Confidential Containers (CoCo) is a CNCF project that leverages Trusted Execution Environments (TEEs) to tackle this challenge. A critical aspect in this effort is providing secure and confidential storage solutions that can be seamlessly deployed across cloud providers.

This session explores the implementation of trusted storage in CoCo, highlighting key aspects such as Kubernetes storage drivers, device virtualization, and the role of attestation in secure key release and data encryption. We also demonstrate how we prevent attackers from injecting data into the TEE using the CNCF Rego policy language.

Overall, we aim to show how cloud providers and end users can securely store and protect sensitive data, enabling the adoption of confidential computing across numerous use cases.

Many processes are packed with document generation, and forms of various types, from applications to contracts. Come and hear how new APIs built on LibreOffice Technoloy provided by Collabora Online can make building complex documents easier. From populating fields, to making richer templates, to tweaking chart data, our new Automatic Document REST APIs here enable powerful document interaction - both creation and extraction of data with a simple JSON based API.

Whether you want to extract data from docx files, generate richer templates for subsequent editing, or enable powerful electronic signature functionality - have we got an API for you!?

Come and hear how to use and improve it.

Validating low-level firmware presents unique technical challenges, from automating hardware control operations to testing interactive UEFI firmware menus. In this presentation, we delve into how the Dasharo Open Source Firmware Validation (OSFV) project uses Robot Framework, an open-source automation tool, to address these complexities.

Drawing from years of firmware development experience across diverse hardware platforms ranging from network appliances to workstations we will showcase how OSFV tackles: - automating hardware interactions such as GPIO toggling, UART communication, power control, video output capture, USB devices simluation, and more, on a wide variety of hardware platforms, - testing dynamic and interactive firmware interfaces, including menu navigation and switching configuration options, - managing the variability of real-world hardware environments to ensure repeatable and reliable test execution.

Dealing with web mapping can be complicated, and when tasked with the requirement of drawing on one, things can quickly become a challenging, especially when dealing with complex requirements. Enter Terra Draw: an open source JavaScript library designed to simplify and standardise drawing functionality across popular web mapping libraries such as Leaflet, OpenLayers, Google Maps, MapboxGL JS, and MapLibreGL JS.

Terra Draw offers a versatile set of built-in drawing modes, enabling seamless creation of geometries. The library supports simpler geometry types like points lines and polygons, but also more complex modes like rectangles, circles and sectors. There is also advanced functionalities like snapping, rotation, and scaling, which often require significant effort to implement from scratch. These functionalities are designed to "just work" across the different mapping ecosystems.

The library’s modular design promotes extensibility, allowing developers to create custom drawing modes and adapters for new mapping libraries that may come along. Thanks to its decoupled architecture, any mode can work with any adapter, creating a multiplier effect. This flexibility also ensures that swapping out one mapping library should be much simpler, as the drawing logic is abstracted away from the mapping library.

In this talk, we’ll explore the origins of Terra Draw, demonstrate how to get started, and provide a glimpse of what's possible with it. Whether you're a seasoned developer or just starting with web maps, you'll walk away with practical insights on how Terra Draw can be used in your project.

The SMB service in Ceph uses a Samba container to export the Cephfs volume using the vfs_ceph_new plugin. We hit a problem when scaling the number of client connection which results in resource exhaustion on the server host. This was determined to be caused by Samba's forking model and the way data is cached by libcephfs. This presentation delves deeper into the cause of this problem and the proposed solution - the multiplexing proxy.

Accessing a Kubernetes cluster for the first time can be daunting. But that’s the price for testing Deployments, Volumes, and other Kubernetes objects, right? Nope. There is an easier way that doesn’t entail learning how to deploy a Kubernetes cluster.

One of the least-known commands of Podman is kube play, and it’s fantastic. It works as kubectl apply and supports the same objects but doesn’t need a Kubernetes cluster. It supports Pods, Deployments, Volumes, ConfigMaps, and many other Kubernetes resources and runs on Linux, macOS, and Windows. It has some additional features compared to kubectl, such as using local images.

This talk will discuss using kube play and its alter-ego kube generate to simplify Kubernetes’ first experiences.

Nix offers an alternative to the well-known container-based deployment flow, and can offer several benefits compared to those container-based deployments. However, it's not immediately obvious how you would use nix to deploy services on machines running Linux distributions other than the nix-native NixOS. To address this, we developed a tool called system-manager, which allows you to manage certain aspects of the system configuration of a Linux system using nix, while leaving others to be managed using the usual tools of the underlying distribution.

Not everything needs to become a string! At least not so fast. Don't lose your typing information when building templates for Django, Flask, FastAPI or even without any framework.

With htpy you can write templates just like you write Python, including full support for mypy or pyright checks.

I will show you how to get started with htpy and show you some patterns that make your components reusable and typesafe.

The Ryzen AI NPUs consist of an array of vector processors and programmable interconnect to allow granular control of compute and data movement to achieve high performance and power efficiency. This talk presents a MLIR-based data tiling and packing design for these NPUs that leads to optimized machine instructions. Specifically, it shows how we can derive and optimize how data flows through the array from high-level tiling decisions and how we can efficiently utilize a high degree of data packing by leveraging low-level DMA control and capabilities.

Overview of a feature implementation in Collabora Online, building on LibreOffice Technology, where autotext and other presets and configuration data can be supplied both at an individual user level and at an organization level, via their wopi server, to a Collabora Online instance serving multiple organization tenants.

AOSP is a great start - but increasingly doesn't deliver all the functionality you'd expect in a phone OS. Even the mail client that was present in early AOSP is no longer there: You're expected to use the closed-source GMail app.

This talk explains shows how to get most Android functionality on AOSP without having to use closed source applications.

It covers integrating GMS-like services through microG and Open Source alternatives to applications typically preinstalled on Android phones, as well as tricks for better integration of alternatives.

go build . is a very common way to build and release binaries for go projects. But there are many settings one can pass to go to build better release binaries. This talk will give overview of compile time optimizations, give guidance on re-releasing, apply CGO hardening as recommended by OpenSSF, upgrading dependencies, ensuring binaries can be scanned for vulnerabilities, ensure codebase is compatible with popular go forks for FIPS compliance, and are easier to reproduce.

Relevant projects: - https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies - https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html - https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck - https://github.com/chainguard-dev/gobump - https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/build.yaml - https://github.com/wolfi-dev/os

How can you efficiently allocate tiny (kilo to megabyte sized) objects on petabytes of storage? Write a memory allocator from scratch which uses less than two bits per 4KB. This talk focusses on an interesting aspect of the SLASH/ storage engines for Varnish-Cache which uses a simple yet super efficient buddy memory allocator, a very well known algorithm from the 1960s. The primary novelty of this implementation is that it uses a fixed amount of metadata at about two bits per minimum page size. It also supports prioritized fair waiting allocations and an interactive live view.

For the training of generative AI models, developers usually have to gather large amounts of mostly copyrighted data (texts, images, code, music etc.). Datasets are provided online for download or can be assembled individually via crawling & scraping.

In both cases, copies and sometimes further adjustments of data are necessary in preparation for AI training - acts relevant to copyright law, usually requiring a license. Since June 2021, the "text and data mining exception", introduced via the DSM directive, is a part of national copyright laws in the member states of the EU, allowing for license-free copies for the purposes of text and data mining (TDM). It is since being discussed whether the TDM exception can be applied to the training of (generative) AI models, and how respective reservations can be made in a "machine-readable format".

The talk will present the first German court decision (09/2024) on the application of the TDM exception to AI analysis and provide an overview of the discussion regarding the applicability of the TDM exception to AI training in Germany. Participants are also invited to join a constructive discussion regarding the feasibility of a machine-readable reservation and the importance of international / EU-wide (copyright) rules on AI training.

In high-energy physics, ensuring that analyses remain reproducible and interpretable over time is a significant challenge. As the Large Hadron Collider (LHC) produces vast datasets and as analyses evolve, reproducibility becomes crucial for both current and future research efforts. Rivet (Robust Independent Validation of Experiment and Theory) addresses this challenge by providing a framework for the preservation and reinterpretation of LHC analyses. This talk will discuss how Rivet facilitates analysis preservation, enabling researchers to reproduce, validate, and reuse complex particle collision studies long after initial publication. We’ll explore specific use cases, including how Rivet supports reinterpretation for new physics searches, and the technical underpinnings that make Rivet an indispensable tool for long-term data analysis preservation. This presentation will emphasise Rivet’s role within the broader landscape of open science and data preservation, with insights into its integration with other high-energy physics frameworks. Attendees will gain a clear understanding of Rivet’s contributions to sustainable research practices and reproducibility within the scientific community.

We'll introduce you to our project "Ethersync," a software and protocol for real-time collaboration. The goal is to make it feel like Etherpad, but for entire projects, on the local file system, and with Neovim, VS Code, or your other favorite text editors! We’ll talk about our vision, technical implementation, and the challenges we encountered along the way.

Collaborating with software like Etherpad or Hedgedoc feels a bit like magic: you can instantly see what others are typing. The downside is that you need to be online to access the content—since the document is on a server, it disappears as soon as you disconnect.

We’re working on an open-source software called "Ethersync" to bring real-time collaboration to the file system! We want to make it possible to write notes and documentation together, and we’re also considering use cases like pair programming—directly in Neovim, VS Code, or perhaps your favorite text editor soon. We’re following a "local-first" approach, ensuring you always have control over your data since it’s stored on your own hard drive.

In this talk, we’d like to explain our vision for this type of collaboration and show you our progress and current prototype. We’ll discuss some of the problems we’ve encountered and dive into the underlying technology (like Conflict-Free Replicating Data Types and Operational Transform).

Finally, we'll discuss how you can get involved: For example, we could use help developing plugins for more text editors! We'll go over the Ethersync protocol, and discuss how it could help interoperability between collaborative projects.

Documentation often struggles to keep up with development cycles. Your users become testers of inaccurate information, which leads to a poor experience. But what if you could test your documentation for accuracy and catch breaking changes before your users do?

This short talk shows how you can improve your docs-as-code workflows with automated testing. Attendees will hear an explanation of Doc Detective and its testing framework. We will also show off some implementation strategies and automation to help keep your docs current.

Java Flight Recorder (JFR) provides deep visibility into cryptographic operations offering developers unprecedented insights into their applications' security behavior. Learn how to leverage these JFR events to monitor and analyze cryptographic operations in production Java applications with minimal overhead.

Linux v6.12 adds usb9pfs as a new USB gadget function, which can be used to mount a filesystem provided over USB.

Booting from an external rootfs in the form of NFS is already a staple in embedded systems development, but multiple issues complicate its usage:

• network interface required , which may not always be available
• Interference with normal network setup, especially in existence of switches
• Requires setup of multiple services: DHCP, TFTP, NFS...

By using usb9pfs for the rootfs, these limitations can be avoided on all devices that feature a USB gadget port.

This talk will discuss the design of 9p and usb9pfs and showcase how streamlined development on a Yocto root file system can be with both barebox and Linux making use of usb9pfs.

Most developers approach unit testing by manually defining specific examples to verify the expected behaviour. With this approach, catching all the edge cases can be tricky – or tedious.

Property-based testing offers an alternative, by emphasizing general properties or rules that should hold true across a wide range of inputs. By automatically generating test cases, property-based testing provides broader coverage and can uncover issues that are difficult to find with conventional techniques.

In this talk, we'll explore property-based testing, breaking down how it works and when to use it. We'll cover:

• Core principles of property-based testing and how it differs from example-based approaches.
• Practical techniques for identifying useful properties in various domains, including algorithms, data structures and APIs.
• Tools and libraries that enable property-based testing in popular programming languages.
• Real-world examples of how this approach has uncovered critical bugs and improved test coverage.

This session is designed for developers curious about expanding their testing toolbox. Whether you're new to property-based testing or looking for ways to apply it in your work, this talk will provide practical guidance and resources to help you get started.

sq is Sequoia PGP's primary command line tool. After seven years of development, we've just released version 1.0.

In this talk, I'll present sq. I'll start by discussing sq's design philosophy. In particular, I'll explain how sq aims to firstly be a tool for end users, and not developers writing scripts, and what that means for users of the tool. I'll then present how sq is different from other tools in the ecosystem. In this regard, one of the most important differences is that sq explicitly does not support curated keyrings; users have to authenticate all of the certificates that they use. At first blush, this may sound like a usability nightmare, but I'll show how sq supports users by managing evidence, which simplifies these decisions. Finally, I'll demonstrate several workflows. These include how to verify files, how to create and manage a certificate, how to find a certificate and use it, and how to create and manage a CA for your organization.

In times of complexity and easy cloud computing - is it still value-able to maintain an on-prem mail cluster with open-source tools? We will showcase our approach to sizing and rolling out a complete and flexible mail infrastructures, highlight why we chose Ansible for IaC, our approach to template the configuration and automatic documentation generation. We continue to update and develop our roles to incorporate our best practices, develop new features and counter latest security threats. Our Ansible Playbooks and Roles to roll-out this full fledged E-Mail infrastructure are open-source and publicly available. The setups are maintained either by us, the customer with our support or also completely independent.

Rust for Linux is the project adding support for the Rust language to the Linux kernel.

This talk will give a high-level overview of the project and will walk its history from the beginning -- it sounds like it was yesterday when we started, but it has been more than 4 years now.

How did the endeavor start? What challenges have we faced? Who are the people behind it? Which projects do we collaborate with? How are we reconfiguring a large system with huge inertia while it keeps running? Can a similar approach be applied to other projects? What do kernel developers think about Rust?

Speaking about Rust, why did we go with Rust, and not something else? How stable is the Rust we use in the kernel? What does it mean to use unstable features in this context? How did we hedge against those? What is the situation with distribution toolchain support? What about GCC and Rust?

And most importantly, since this is open source: how can someone contribute?

NLnet is inviting (prospect) NGI Zero projects to meet & greet, and have a discussion about the Next Generation Internet.

This BoF is to bring together FOSDEMers involved in or interacting with others doing computational biology and bioinformatics, and anyone interested in learning more about how open source powers computational biology research around the world.

Open source and free software has long history in the computational biology community, forming the backbone of many high-quality tools. However, their adoption in research, industry, and healthcare settings is not yet universal. FOSDEM provides the ideal platform to bridge this gap by drawing upon best practices in computer science and applying them to the biological context.

Currently, bioinformatics is underrepresented at FOSDEM. This BoF seeks to change that by creating a space to share insights, demonstrate projects, and discuss the future of open-source bioinformatics.

Goals

1. Establish the foundation of a bioinformatics community at FOSDEM.
2. Explore effective and emerging practices for open-source software, systems, and infrastructure in computational biology across public, private, and academic sectors.
3. Showcase projects and spread the word about upcoming events.

Proposed Outline of the session

• Intros
• Open HPC infrastructure stack
  • Demo: Snakemake on the Dutch Tier 1 (SLURM powered) supercomputer Snellius (10min)
  • Discussion: schedulers (e., Slurm), HPC file systems (Gluster, SaunaFS), containers (Nix, docker...)
• Workflow systems and reproductibilty
  • Demo: Nextflow and the nf-core initiatve (10min)
  • Discussion: choosing a workflow language (snakemake, nextflow, common Workflow Language), ensuring reproducibility
• Open Web facing infrastructure and APIs
  • Demo: Slivka-Bio (https://compbio.dundee.ac.uk/slivka) and friends (10min)
  • Discussion: Galaxy, Jupyter, and local, national, and international platforms for computational biology
• Closing Discussion
  • Keep in contact at https://matrix.to/#/#fosdembioinformatics:matrix.org

The open source community can be siloed at times. People tend to ‘stay in their lane’ and don’t realize what they may be missing out on by not expanding their network. I know time is limited and it’s impossible to participate in every community so how do you become like Kevin Bacon? How do you set yourself up to be connected to people in various communities that you may be able to help or vice versa without being present at every meeting? I’m going to show you how you can channel your inner Kevin Bacon and learn how to expand your network like your funding counted on it!

LibreOfficeKit has new API to expose slideshow elements: content, animations, transitions and notes. Short story about composing the impressive 3D slideshows in WebGL directly in the browser.

We will introduce nmbl (no more boot loader), our fast, secure boot scheme based on the Linux kernel. GRUB is a powerful, flexible, fully-featured boot loader used by many distributions on multiple architectures, but its complexity is difficult to maintain, and it necessarily lags behind the Linux kernel exposing many security holes. The kernel itself, on the other hand, has a large developer base, fast feature development, quick responses to vulnerabilities, and much better overall scrutiny. Our approach is to use the Linux kernel as its own boot loader in the form of a unified kernel image (UKI). Loaded by the EFI stub on UEFI, an UKI is made up of all the components needed to reach the final boot target: the kernel, initramfs, and kernel command line, in one signed bundle. All necessary drivers, filesystem support, and networking are already built in and code duplication is avoided. We will describe the work and testing done so far and our approach to customization, as well as fallback, and hope for your feedback and use cases.

Rust's references adhere to a strict "one exclusive XOR many shared" model, which gives the language much of its greatest safety guarantees. Reborrowing is a feature that seems on surface to break this rule: An exclusive reference can be turned into shared references and those shared references can be used together with the exclusive reference as long as these are all used as if they were shared references. Only once the exclusive reference is used as exclusive, all the derived or "reborrowed" shared references are invalidated. The XOR rule is upheld, but in a way that breaks a literal reading of the rule.

Usually reborrowing is used temporarily but what if we make it our modus operandi? This talk explores using and slightly abusing reborrowing and comes out the other side with an awkward but functional safepoint garbage collector built upon reborrowing a ZST marker and a whole load of typed indexes. The garbage collector is part of the Nova JavaScript engine.

https://trynova.dev/

Data theft and leakage, caused by external adversaries and insiders, demonstrate the need for protecting user data. Trusted Execution Environments (TEEs) offer a promising solution by creating secure environments that protect data and code from such threats. The rise of confidential computing on cloud platforms facilitates the deployment of TEE-enabled server applications, which are expected to be widely adopted in web services such as privacy-preserving LLM inference and secure data logging. One key feature is Remote Attestation (RA), which enables integrity verification of a TEE. However, compatibility issues with RA verification arise as no browsers natively support this feature, making prior solutions cumbersome and risky.

To address these challenges, in this talk, we present RA-WEBs (Remote Attestation for Web services), a novel RA protocol designed for high compatibility with the current web ecosystem. RA-WEBs leverages established web mechanisms for immediate deployability, enabling RA verification on existing browsers. We will show preliminary evaluation results and highlight open challenges when introducing RA to the web.

In this talk, we share our journey in making QuestDB, an Apache 2.0-licensed open-source time-series database, a significantly faster analytical database. Over the course of just one year, we achieved query performance gains of up to 6x by implementing specialised data structures, SIMD-based optimisations, scalable aggregation algorithms, and parallel execution pipelines.

QuestDB is designed for high-performance ingestion—processing millions of rows per second—and efficient queries over billions of rows. While it excelled in time-based queries, we found that certain generic analytical queries were slower than expected. In this session, we’ll walk through how we identified opportunities for improvement, the key changes we implemented, and how those changes delivered dramatic performance improvements in a relatively short timeframe.

We’ll demonstrate before-and-after queries to showcase the impact of these optimisations. All the code is freely available in QuestDB's GitHub repository for anyone to explore or contribute to.

Fuchsia is a new (non-Linux) operating system from Google, and one of the key pieces of Fuchsia's design is the component framework. Components on Fuchsia have many similarities with some of the container solutions on Linux (such as Docker): they both fetch content addressed blobs from the network, assemble those blobs into an isolated filesystem structure that holds all the dependencies necessary to run some piece of software, and launch namespaced processes with that created directory as its root.

The most interesting details are where these two projects diverge. Both have different use cases and requirements, which leads to different strengths between the systems. This talk will largely be focusing on where and why these two similar technologies diverge.

Relevant links: - Fuchsia's source code - Fuchsia's code review - Getting started page

Self-hosting Web applications is a practice that is useful both in the personal and business context. Depending on the situation, we can enjoy better privacy, flexibility, performance and reduced costs. However, some "boring" aspects we need to think about are backups, authentication, security, scalability and management across servers.

In this lightning talk, I will present a new multi-server container-based solution that sets a solid foundation for self-hosting, while remaining simple to use and operate: NethServer 8.

• Project page: https://www.nethserver.org
• Source code repositories: https://github.com/nethserver
• Community:< https://community.nethserver.org>
• Apps (some are in "testing"): https://wiki.nethserver.org/doku.php?id=ns8:applications:applications

NextGraph is an open source ecosystem providing solutions for end-users (a platform) and software developers (a framework), wishing to use or create decentralized apps featuring: live collaboration on rich-text and JSON documents, peer to peer communication with end-to-end encryption, offline-first, local-first, portable and interoperable data, total ownership of data and software, security and privacy.

Centered on repositories containing semantic data (RDF), rich text, and structured data formats like JSON, synced between peers belonging to permissioned groups of users, it offers strong eventual consistency, thanks to the use of CRDTs. Documents can be linked together, signed, shared securely, queried using the SPARQL language and organized into sites and containers.

Flakes aka tests that don’t behave deterministically, i.e. they fail sometimes and pass sometimes, are an ever recurring problem in software development. This is especially the sad reality when running end-to-end tests where a lot of components are involved. There are various reasons why a test can be flaky, however the impact can be as fatal as CI being loaded beyond capacity causing overly long feedback cycles or even users losing trust in CI itself.

Ideally we want potential flakes to be flagged at the earliest stage of the development lifecycle, so that they do not even enter the end-to-end test suite. We want a gate that acts as a safeguard for developers, pointing out to them what kind of stability issues a test has. This reduces CI user frustration and improves trust in CI. At the same time it cuts down on unnecessary waste of CI system resources.

This talk will explore the CANNIER approach, which aims to reduce the time cost of rerunning tests. We will take a closer look at the feature set used to create training data from existing test code of the KubeVirt project, enabling us to predict probable flakiness of a certain test with an AI model.

We will cover how a subset of the CANNIER feature set is implemented, how it is used to generate training data for an AI model, and how the model is used to analyze flakiness probability, generating actionable feedback for test authors.

Attendees will gain insight on how the CANNIER approach can help them improve test reliability, ultimately enhancing overall software quality and team productivity.

LLVM libc has been steadily growing over the past few years. From its origins as an overlay to be used on top of an existing libc, LLVM libc is now complete enough and scalable enough to be used on embedded toolchains too.

This talk will contain: * LLVM libc's current status. * Why you might want to use LLVM libc. * How to build it for linux and an embedded system. * How to use a prebuilt example from LLVM Embedded Toolchain for Arm. * Other uses including the Google Pigweed SDK.

LLVM libc in llvm-project https://github.com/llvm/llvm-project/tree/main/libc

After looking at the current way Go code is packaged in nixpkgs using buildGoModule, disadvantages are pointed out with a focus on security (backed by data from govulncheck-nixpkgs project) and performance. Out-of-tree alternatives are presented with a focus on the new and promising approach of gobuild.nix, which implements a hook-based builder with module-level caching.

Collabora Online (COOL) delivers collaborative document editing based on LibreOffice Technology to any modern browser. Come and hear about how we've been improving usability, deploy-ability, performance, feature-set and georgeousness of Collabora Online. See how COOL can be deployed and catch the excitement of making code simpler, faster and better for users at pace.

Finally hear how you can get involved with the fun.

The RISC-V ecosystem currently relies on multiple disconnected repositories and specifications, including the assembly manual, opcode database, formal specifications like Sail and the non-machine readable ISA manual. This fragmentation of information is error prone and makes it hard for hardware designers, researchers, and tool developers to efficiently find, modify, and verify essential data. To address these challenges, we introduce the RISC-V Unified Database (UDB), a single, machine-readable source that consolidates and cross-validates RISC-V specifications against established resources like binutils and riscv-opcodes. Built through collaboration between engineers at industry-leading companies, the UDB already generates version-specific ISA manuals, instruction indexes, and standardized opcode definitions. Ongoing work extends to generating simulator configurations for QEMU and other instruction set simulators. The UDB's YAML-based format ensures broad compatibility and positions it as a foundation for next-generation RISC-V tools. This approach is starting to gain traction with official RISC-V working groups, including the Certification Steering Committee, which already uses the UDB for generating certification requirements. This talk explores UDB’s architecture, showcases its use cases, and invites you to contribute to this transformative project for the RISC-V community.

Geospatial programming often requires stitching together a variety of formats, interfaces, APIs, libraries, tools and languages. How can we fluidly download data from OpenStreetMap using the Overpass Query Language, run performant queries with GEOS, calculate projections with PROJ, store and manipulate GeoJSON or WKT-formatted data with duckdb's spatial extention, and then visualize things with a javascript library like Leaflet or Deck.gl?

This talk explores Raku's expressive and powerful style as we mesh together all of these things, creating new modules along the way, and leapfrogging ahead of other implementations with some of Raku's unique features such as NativeCall for native libraries, Grammars for parsing, multiple modes of interacting with command line tooling, and plentiful concurrency models. Also let's see how we can reign in large language models so that we can apply them judiciously to our data and our code.

Links:

raku-geos, Geo::Basic, WebService::Overpass, Geo::Geometry, Duckie, WebService::Nominatum

XWiki is a wiki engine, and, as with most wiki engines, it allows uploading attachments to wiki pages. In order to edit these attachments quickly, we recently released an extension allowing to link an XWiki instance with a COOL server, and thus enabling real-time collaboration office files attached to wiki pages.

This presentation will focus on the technical integration of COOL with XWiki, and will discuss use-cases that we identified over the years, as well as the roadmap for this extension. The application code can be found at https://github.com/xwikisas/application-collabora

There have been a lot of talks in the past years about how to present Linux/Posix semantics over the SMB3.11 protocol to provide an alternative to the NFS protocol for installations that already have existing SMB infrastructure and who could benefit from better semantics when sharing files to Linux and other Posix-based file server clients.

In the past few months there has been a great deal of progress in Samba towards the goal of better supporting Linux clients. Notable changes are improvements to present special files like sockets and FIFO files to clients. There has been improvements to better support operations like chmod and chown in the Linux client and the Samba server.

The biggest change on the Samba side has been an overhaul of handling native symlinks. Samba 4.22 will present symlinks for Posix clients in the same way Windows presents symlinks it finds on its local NTFS file system.

This talk will present the current status of the ongoing work to improve Linux file system semantics presented over the SMB protocol.

The talk will introduce CartABl https://igarun.univ-nantes.io/CartABl/ , a free (GPL) web-based authoring tool for creating interactive maps and figures, and discuss its impact on user workflows and design decisions. Designed primarily for geographers and cartographers, CartABl also serves broader communities seeking to produce interactive cartographic content. It addresses the technical barrier that coding poses to creating interactive cartographic content (using js) through a graphical interface for defining interactions. It integrates seamlessly with traditional workflows by enhancing maps created in vector graphics editors like Inkscape or Adobe Illustrator with interactivity, without requiring programming knowledge. CartABl leverages SVG (Scalable Vector Graphics) as its base format, embedding interactive rules as declarative elements interpreted by a lightweight JavaScript runtime. This results in standalone, browser-compatible interactive SVG files, preserving the scalability and versatility of the format.

The development of CartABl follows an instrumental genesis approach, where tool and user co-evolve through iterative feedback. Initial prototypes allowed basic interactivity like tooltips and layer toggling. Feedback from its application in projects such as L’Atlas Bleu, a journal focused on coastal and marine maps, guides its refinement. This iterative process not only improves the tool but also influences how cartographers structure and design their graphical maps and figures: the structure of the graphical objects must be adapted to facilitate the definition of interaction rules, and the interactive features proposed by the tool impact the design decisions of the users.

CartABl aims to democratize interactive cartography, making it accessible and intuitive for professionals and non-experts alike. By transforming workflows and expanding the possibilities of digital cartographic publishing, it stands out as a valuable resource for advancing geographic and graphic research and communication.

A disk full, a saturated or lossy network, too-few CPU cores, an unexpected IO error… how will your software handle such scenarios?

In this talk we present a collection of tools that can be used to systematically "break" things, so you can write test cases and make sure that these unexpected situations will be handled gracefully by your software: ToxiProxy, charybdefs, tc qdisc, strace --inject, taskset, numactl, cgroups and syscall overloading, all can be used to emulate a wide array of failures.

Pretty much every application has state, the bigger your application the more state you have. Things can get challenging when you are asking much of your state. You might need to maintain multiple indexes into your state, react to changes to the state, keep multiple pieces of state in sync and make sure that all of it is thread-safe for multiple readers and writers. Doing this for one piece of state is a challenge, but doing it for a few dozen is painful.

Presenting, StateDB (cilium/statedb) a non-persistant in-memory database of your application state. It was created to tackle state management challenges experienced by Cilium. It leverages Go features such as generics, iterators, channels and Go’s garbage in combination with immutable data structures to make complex state management easy.

StateDB provides Multi Version Concurrency Control (MVCC) through snapshots, indexing(multiple indexes per table, unique and non-unique indexes, composite keys), write transactions across multiple tables and the ability to watch for changes on a whole table or a subset of data. To name a few.

Let's explore StateDB together and take a little peek under the hood.

In open-source projects, contributors often wear many hats—developer, tester, writer—and resources are typically stretched thin. This multitasking environment can make it challenging to maintain comprehensive and accurate API documentation. Yet, high-quality documentation is vital for the usability and adoption of any open-source project.

This talk focuses on how AI can help simplify one aspect of documentation development: testing. By using AI to simulate user interactions, we can efficiently identify gaps and inconsistencies in API documentation that a contributor might miss due to exceptional knowledge of the topic.

By integrating AI-driven user simulations into your workflow, you can improve the quality of your documentation while managing multiple responsibilities more effectively. This approach not only benefits individual contributors but also strengthens the overall success and sustainability of open-source projects.

This talk explores the practical implementation of Large Language Models (LLMs) in email filtering, giving the example of the integration between Rspamd and various LLM services. We'll discuss how LLMs can complement traditional filtering methods, comparing supervised (Bayes) and unsupervised (LLM-based) approaches to spam detection.

We'll examine real-world results from different models (GPT-3.5, GPT-4, and alternatives via OpenRouter), analyzing their effectiveness, false positive rates, and cost implications. The presentation will cover advanced features such as content categorization, password extraction from archives, and message anonymization for privacy-preserving learning.

Special attention will be given to practical deployment considerations, including:

• Cost-effective strategies for different scales of operation
• Self-hosted models vs. cloud APIs
• Privacy considerations and message anonymization techniques
• Integration with existing email infrastructure
• Extended message analysis capabilities

The talk will conclude with insights into future developments and best practices for implementing LLM-based email filtering in both personal and enterprise environments.

Target Audience: Email administrators, spam filtering specialists, and developers interested in modern email security solutions.

This talk looks deeper at class metadata storage in the Hotspot JVM and the changes JEP 450 "Compact Object Headers" brought. We will examine the mechanics and CPU cache effects of oop iteration and propose a more cache-friendly solution. We will investigate the class storage limits and possible ways to circumvent them. Finally, we will examine an alternative to the current class space solution.

OAuth 2.0 uses access tokens to grant access to secured resources. When using Single Page Applications, they are passed from browsers to the servers as bearer tokens using HTTP headers.

While they are secured in transit using TLS, those tokens could be stolen from a browser, replayed, or mis-used by a malicious or vulnerable server. OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) takes this one step further by equipping the client like your Single Page Application with a key pair so that it can show a proof when passing the access token, so no-one else can use the access token. DPoP is part of the FAPI 2.0 Security Profile by the OpenID Foundation. It promotes best practices on how to protect APIs exposing high-value and sensitive (personal and other) data, for example, in finance, e-health and e-government applications.

This talk will explain the concepts and demos how this can be implemented using Keycloak and other open source components. We will also describe the current challenges, limitations and alternatives of the approach.

To ease the pain of testing container images, we’ve developed the pytest_container plugin for pytest. The plugin makes it possible to use pytest to perform tests on containers and software inside containers. You don’t have to take care of pulling images, building them, or picking ports on the host. You just describe your container setup and pass it to a test function. In return, the plugin gives you a connection to the container. Using the connection, you can verify the container’s state using the testinfra python framework. The plugin even cleans up after itself when you’re done.

In short, pytest_container makes it possible to write tests in Python: no need to build your own framework from scratch or worry about the boring container plumbing tasks.

Join this talk to see pytest_container in action and learn how it can make your life easier!

Progress in hardware development often leaves devices with outdated software versions behind. This primarily affects Android devices, especially as Google is currently accelerating its release schedule for Android versions. The rapid version change means that older devices are often left without software updates, which makes the devices vulnerable to security threats and compatibility problems. This presentation shows how this trend can be counteracted by upgrading a handheld device from Android 9 to Android 14 by using open-source components.

We will outline the entire upgrade process from migrating the kernel to UI and HAL customizations to match the original device’s look and feel. This includes discussing technical challenges developers face when dealing with outdated drivers, newer kernel versions, and hardware abstractions during OS upgrades of old devices.

Open Source is all about collaboration, but of course we don't all work in one big project. So projects have to work together - actively. How do collaboration and integration stack up with the competition between projects and even the forking into new ones? Should there be more distributions on distrowatch.org or should we abolish them? We can't speak for distributions, but certainly for the collaboration tools we built!

TrenchBoot is an open source project led by 3mdeb, Apertus Solutions, and Oracle. It aims at the security and integrity of the boot process by leveraging advanced silicon security features, like Intel Trusted Execution Technology (TXT) and AMD Secure Startup. It integrates with open source projects like GRUB2, Xen, and Linux, to perform a measured launch of the operating system software, also called Dynamic Root of Trust for Measurement (DRTM).

The presentation will provide an overview of the project's current status, emphasizing the key developments during the last year such as progress towards upstreaming patches in Linux and GRUB, as well as bringing UEFI support for Xen boot path.

In 2024, I worked with a small team to bring up BlueZ as the Bluetooth stack of a real-world automotive In-Vehicle Infotainment (IVI) system. In this talk, I am going to discuss the steps that we went through, the challenges that we faced, the caveats of BlueZ in contrast with closed-source alternatives and also present the contributions that we made to BlueZ and PipeWire as part of this process.

Over the last 15 years, HAMNET (Highspeed Amateur Radio Multimedia NETwork) has developed from an experiment into a stable infrastructure, particularly in German-speaking regions.

It generally connects unmanned amateur radio stations via microwave links using the IP- and BGP-protocol and provides a platform for networking amateur radio applications.

This talk will show how HAMNET has evolved and how it could evolve (challenges in deployment, expansion in Europe, densification of the backbone, higher speeds, access technologies for non-line-of-sight propagation).

This panel will explore what makes a machine learning model, or an “AI system”, Free Software / Open Source. Some topics we may address: - What, if anything, is the source code of a model? If the source code includes training data, what are the implications for LLMs and other large generative models? Can trained weights themselves be considered source code? - What does user freedom (and in particular, freedom to study and modify) mean in the context of AI models? How, if at all, does it differ from our traditional understanding of software freedom? - Are there any reasons to tolerate use restrictions in AI model licenses that we would reject for FOSS? - Proposed normative definitions of free/open AI and related efforts, including the OSI’s OSAID 1.0, FSF’s criteria for free machine learning applications, and the Model Openness Framework - Should we have different tiers of free-ness/openness when assessing AI models/systems? - Leaving aside the question of source code, are there other kinds of artifacts that should be released with a model for it to legitimately be considered free/open?

Open-source software thrives on diverse perspectives, yet women remain significantly underrepresented in FOSS communities.

While we celebrate women who've "made it"—and their visibility is vital—survivorship bias hides a crucial truth: up to half leave tech by age 35, women exit at a higher rate than men, and many never even join the field.

This talk delves into the concept of survivorship bias—the tendency to focus on successful individuals while ignoring those who faced barriers—and how it impacts women in open source. You’ll learn how this bias skews community perceptions, perpetuates systemic challenges, and limits opportunities.

By examining barriers like unwelcoming dynamics, recruitment biases, and a lack of mentorship, you'll understand why many are deterred before or during their FOSS journeys. You'll also learn how survivorship bias interacts with intersectionality, compounding challenges for women of color, LGBTQ+ individuals, and others.

We’ll also explore examples of communities and initiatives that successfully counter these trends, demonstrating allyship's role in building equitable environments. Finally, drawing on research and real-world examples, we’ll propose actionable steps to create a more inclusive and welcoming FOSS landscape for all.

Whether you’re a contributor, maintainer, or community leader, this session will give you a deeper understanding of the problem and tangible ways to drive change in your circles.

Securing embedded devices, particularly those with minimal resources, presents a unique and pressing challenge. Conventional approaches to Trusted Execution Environments (TEEs) often require specialized hardware or substantial system resources, leaving low-end devices vulnerable to breaches. The need for a lightweight, efficient solution that bridges this gap is greater than ever in today’s interconnected world.

Introducing Spock

Through the development of Spock, we have created a versatile and efficient Trusted Execution Environment (TEE) tailored for RISC-V embedded devices. By relying solely on Physical Memory Protection (PMP) for isolation and requiring only machine and user modes as specified in the RISC-V privileged instruction set, Spock delivers robust security without relying on any specialized hardware.

At the core of Spock’s architecture is the Security Manager (SM), which plays a key role in managing enclave data and buffer permissions. The SM enables Spock to efficiently virtualize buffers and dynamically allocate PMP entries, providing a flexible and scalable approach to memory isolation. By leveraging this abstraction, Spock can create virtual enclaves that surpass hardware-imposed limitations, such as the number of PMP entries.

Core Features and Capabilities

Spock’s minimalist API design delivers essential security functions, including secure execution and attestation. This design supports:

• Virtualization of critical operations while maintaining a minimal Trusted Computing Base (TCB).
• Integration into very low resource embedded devices.
• Both relocatable and fixed enclaves, offering flexibility for diverse use cases.

Why Spock Matters

Spock’s design represents a modern, efficient solution for secure computing in low-resource embedded devices. Its ability to combine robust security with minimal hardware requirements makes it uniquely suited for the demands of today’s connected world, ensuring that even the smallest devices can operate securely.

Available at : https://github.com/jiphelsen/Spock

Interactive maps on the web have evolved a lot in the past years. OpenLayers is no exception: it has been around for more than a decade and has become a reference with its extensive feature set and excellent performance. As a landmark open-source project, it has received thousands of contributions over time while managing a very high level of quality.

In this talk we will look at the state of the library today, what it now allows and why, now more than ever, it is an essential part of every geospatial web application. From high-performance rendering of large datasets to on-the-fly satellite image processing, its list of features is so large that you will most likely discover things along the way. New formats, ever-improving WebGL rendering, a powerful new expression-based styling API, and more!

Whether you're a long-time user or just discovering OpenLayers, this session promises fresh insights and practical takeaways for leveraging its full potential.

Find the OpenLayers website here: https://openlayers.org/

And the GitHub repository here: https://github.com/openlayers/openlayers

Since the beginning of time, declarative APIs have been driving everything that can happen inside a Kubernetes cluster. Predefined CRDs, operators defining custom CRDs, everything is about declarative APIs. Write your YAML once, deploy it, forget it. That’s how you create a cluster, that’s how you deploy your workload.

But is it, for real, as simple as it sounds? How do you bring declarativeness to the imperative world? In the current state of things, host networking is one huge imperative nightmare. So how to happily marry an old-school Network Manager and brand new Kubernetes API?

Over the years we were working on the NMstate project to provide you with a Declarative Network API, allowing you to manage host networking in a declarative manner.

In 2025 we are coming back with brand new features. Based on the feedback, we focused on air-gapped and big clusters – think hundreds of nodes with hundreds of VLANs each. We also happily married K8s and KubeVirt – no matter what your workload is, containers or VMs, NMstate is there for you.

Not only a project update – we will also show you how the Kubernetes cluster with NMState Operator manages networking on the nodes it deploys. It may sound like a chicken and egg situation, but trust us, it is not. Last but not least, we show how it protects itself from applying destructive network changes potentially taking your cluster down.

Join us and discover what’s new in the world of complex network topologies.

For me, Nix-the-package manager has replaced homebrew, ASDF, and even docker. But its potential goes far beyond managing development environments. With its declarative, reproducible configurations, Nix is also an excellent choice for managing entire servers.

In this talk, I’ll share how I use NixOS and nixos-generators in order to create both stable and ephemeral VMs on my Proxmox hypervisor hosts, and how I run services like Grafana, Docker, Tailscale, and more.

We’ll explore how to deploy and update Proxmox VMs remotely using Nix, set up a WireGuard router with NixOS, and deploy services directly to NixOS declaratively. I’ll also show how to deploy Docker services to NixOS, using the same object tree and code files as all of your other configurations.

Whether you’re managing a homelab or building out larger infrastructure, this talk will showcase how Nix can transform your approach to system configuration and service deployment.

How we work together and bring Collabora Online integration in Nextcloud to the next level with file conversion, document transformation and AI.

The LLVM compiler infrastructure uses a range of resources for testing various project components, including Buildbots, Buildkite, and GitHub Actions. However, the diversity of these technologies can be confusing, particularly for new maintainers. I personally found it challenging to understand. The introduction of the new CI/CD admin role and the discussions in the RFC are promising developments that should help clarify these complexities.

AMD ROCm™ is based on the LLVM project, which is why AMD is deeply invested in supporting its development. This includes providing resources to test the AMDGPU code generation backend and various GPU offloading programming models. Consequently, AMD maintains a range of upstream buildbots for this purpose.

In this presentation, I discuss the motivation and objectives behind the AMD ROCm™ compiler buildbots and related initiatives. I share my two-year journey, which began with inheriting a single buildbot, then another, and eventually maintaining multiple machines and bot configurations. I delve into the technical challenges I encountered and the solutions I implemented. I also touch on non-technical issues from my perspective and how they were resolved by both me and the community. The presentation concludes with a forward-looking perspective on potential additions to the upstream test infrastructure to address existing blind spots from our point of view.

For decades, ODBC/JDBC have been the standard for row-oriented database access. However, modern OLAP systems tend instead to be column-oriented for performance - leading to significant conversion costs when requesting data from database systems. This is where Arrow Database Connectivity comes in!

ADBC is similar to ODBC/JDBC in that it defines a single API which is implemented by drivers to provide access to different databases. The difference being that ADBC's API is defined in terms of the Apache Arrow in-memory columnar format. Applications can code to this standard API much like they would for ODBC or JDBC, but fetch result sets in the Arrow format, avoiding transposition and conversion costs if possible..

This talk will cover goals, use-cases, and examples of using ADBC to communicate with different Data APIs (such as Snowflake, Flight SQL or postgres) with Arrow Native in-memory data.

Asfaload aims to secure internet downloads by ensuring the integrity and authenticity of downloaded files. With attacks on the software supply chain becoming more common and more sophisticated, an effective and simple to use solution has to be found for both the developers and their users. All our published software is under the AGPLv3 or MPLv2, and allows for a self-hosted deployment.

The first building block of our solution is a mirror of checksums files, which helps detect modification of released files but is of no help in case of account compromise. That's why we are also working on an upcoming blockchain-based multi-user multi-factor signature scheme, though users will not be directly exposed to the blockchain. For end users, we develop a CLI downloader tool with its accompanying library at asfald. As for software developers, publishing a checksum file (with sha256sum or sha512sum) is sufficient to integrate with Asfaload. In this talk we will present the problem we are addressing, why it is important, how we are addressing it and what simple steps project authors can take to increase the security of their users.

Necturus is a free and open-source tool for visualizing the connection between handwritten manuscript images and their machine-readable transcriptions. While platforms like Transkribus and eScriptorium excel at generating text from handwritten material, they leave visualization to the side—Transkribus hides its solution behind a paywall, and eScriptorium offers none at all. Yet, for many research endeavors, the line-by-line relationship between text and image remains critical, as seen in projects like the Beckett Digital Manuscript Project and the Joyce Letters Project.

Designed as a lightweight, embeddable React component, Necturus makes it easy for libraries, archives, and researchers to present manuscript images alongside their transcriptions in an interactive and accessible format. A plug-and-play template allows deployment via GitHub Pages with no coding required, while a full version supports scalable, customizable setups for larger projects. By emphasizing both transcription and the manuscript as objects of study, Necturus offers a practical solution for those who value visualization in the process of, as Transkribus puts it, “unlocking the past”.

Project Repositories: Necturus, Necturus Compact

A presentation about the challenges of tracking and analysis COOL UI / UX commands.

The Server Base Boot Requirements (SBBR) by ARM requires UEFI and ACPI support on AArch64 platforms.

While UEFI is already natively supported by U-Boot, ACPI support on ARM64 was only recently added. A first patch series added basic support for booting Linux on QEMU's sbsa-ref machine, which doesn't provide a device-tree to the OS, but ACPI tables only. This is opening the path for U-Boot booting recent ARM server platforms using the SBBR specification.

The session gives an overview how ACPI tables are generated by U-Boot drivers. The challenges of integrating the ACPI subsystem with U-Boot's infrastructure on ARM64 are described and an outlook is provided.

Questions this talk should answer: - How does the ACPI driver model work? - How does this integrate with U-Boot? - What to expect next in U-Boot's ACPI implementation?

Rust's type system can feel complicated and overwhelming. However, crates like Bevy and Divan take advantage of the advanced features to deliver simpler developer experiences. This talk will demonstrate how to create these easy-to-use APIs by covering advanced techniques like polymorphism, type states, and conditional typing.

gRPC is a popular RPC framework and go has a quite performant gRPC implementation. However, the performance can still be significantly increased by changing the default setup and by using the library in a way that reduces memory allocations.

This talk will also show how to use the excellent go tooling to profile and benchmark some code.

Nextclouders, unite!

We don't have a booth this year, so let's instead get together for an hour and talk about all the good stuff in one place and time. Come with your questions, ideas, feature requests, bugs and hugs and share them!

Next-what? Oh, you're in for a treat. Sick of Big Tech owning your data? We have the answer. You can share and work on documents, participate in video calls, have chats, automate stuff or even talk endlessly and uselessly to an artificial intelligence - WITHOUT having to hand over your data. Yes. it is possible. And fully open source too. You just have to host it yourself, as we only make software. No real clouds here!

Let's meet and talk about NetworkManager and Nmstate!

There is no fixed agenda or schedule. Everybody is welcome, and we will have an open discussion about problems, improvements, use cases and ideas for NetworkManager and Nmstate. Bring a topic you'd like to discuss, or just join to meet people.

See https://networkmanager.dev/community/ for how reach the community.

Wireshark offers powerful exploration, drill-down, and analysis capabilities for network packets, but what if those features could be applied to other types of data? Enter Stratoshark, a brand-new sibling application to Wireshark.

Stratoshark leverages the rich data sources provided by Falco’s libraries to enable deep analysis and troubleshooting across Linux servers, Kubernetes clusters, and any system that generates Linux system calls or real-time log events.

In this talk, we’ll showcase a live demo of Stratoshark, including how it extends the familiar Wireshark user experience to AWS audit events via the Falco plugin for CloudTrail. Learn how Stratoshark builds on open-source innovation to bring Wireshark’s intuitive interface to a broader range of use cases in cloud-native computing.

In a world where security training often feels like a mundane chore, discover the refreshing impact of gamification and turn learning into an enjoyable experience. Embark on an insightful journey as we unveil the success story of gh.io/secure-code-game, an open-source game hosted on GitHub Skills, that attracted over 5,000 developers within its first year.

This session will provide you with an exclusive behind-the-scenes perspective, offering valuable insights and practical strategies to revolutionize various aspects of security training for your benefit. We’ll explore a case study from a tech startup that observed, among the developers who played the game, an increased sense of ownership for code security, improved communication with security teams, and a strong willingness to embrace further security training.

Zynq 7000 SoCs are popular devices widely used in embedded scenarios when both CPU power and flexible logic are required. However, the ARM (processing system, PS) + FPGA (programmable logic, PL) combo makes developments reply on an even heavier set of propriety toolchains.

In this talk, I'll introduce the recently developed GenZ, a free software BSP generator for the Zynq 7000 PS register configuration. Together with OpenXC7, the free and open source FPGA toolchain for Xilinx 7-series chips, and a enlarging amount of open-source IP cores, development on Zynq 7000 SoCs can be done without a single piece of propriety tool.

The speed and ease of GenZ + OpenXC7 will be demonstrated on site with an ARM laptop and Zynq boards.

One of the reasons why Go is easy to learn is due to the interactive examples all through the documentation, we wanted to emulate this success. Six months later, we now manage 26 sandbox tutorials and totalled over 9,800 unique instances. They transformed our documentation by letting users run commands, deploy sample projects, and see real-world use cases come alive.

Scaling the concept to support over 10 products brought unique challenges for us. How could we streamline the creation of new sandbox tutorials? How could we maintain a single source of truth between our sandboxes and evolving documentation?

In this session, we’ll dive into: *What an interactive sandbox is and how it enhances developer experiences * How we created an open-source tool to automatically synchronize our documentation and sandboxes via CI/CD pipelines

This talk will help you get started integrating interactive sandboxes into your documentation and arm you with the tools you need to scale them effectively!

How do AI language models work and just how intelligent are they? Can generative AI be original? Let’s find out together! We’ll program an algorithm that invents stories all by itself just like ChatGPT based on texts we train it on. But what happens when we train it on other media such as songs or drawings? Will it also learn how to make music and doodle sketches? We’ll use the Snap! visual programming language. Please bring a laptop or tablet with a web browser.

Activities during FOSDEM Junior follow the Code Club policies and health and safety standards.

• All attendees must have an adult with them
• Remember to bring your laptop with you
• You must book a place to attend
• Please don’t come if you are feeling unwell

Participants are required to sign up for this activity via the registration form.

Native Memory Tracking (NMT) has supported diagnosing memory issues in Hotspot for over a decade. Yet, much of the native memory allocated cannot be accounted for using NMT, as it is not only Hotspot but core libraries, JNI and FFM which may perform native allocations. Clearly, NMT must extend itself if it intends to remain a useful tool.

In this talk, I will present a design for extending NMT to core libraries and a possible future extension to FFM. External APIs will be shown in the context of porting small portions of the core libraries. Internal design details, including data structure design, will likewise be presented and its trade offs discussed. Finally, possible ways of bringing NMT and the new Foreign Function & Memory API will be presented.

Have you ever wondered why certain Python packages fail to install on riscv64 devices? Why, instead of pleasing "Successfully installed" messages, riscv64 users are often presented with bleak screens full of errors? How, in the face of all of these errors, are those users supposed to run Python based AI or data analytic workloads? To the curious who have briefly pondered such things as the package names and errors go scrolling by, this talk is aimed at you! It will explain how Python packages are built and why upstream projects do not provide versions of their packages for riscv64 devices. It will discuss the progress being made in adding riscv64 support to the Python packaging ecosystem. Finally, it will explain how RISE is mitigating the current lamentable situation by building and distributing riscv64 wheels for a select set of popular Python packages.

Mushroom is a project for securely running Linux workloads in attestable, integrity-protected environments with a minimalistic TCB. Mushroom depends on TEEs to provide integrity guarantees for data in use. It was initially developed for AMD SEV-SNP, but it recently gained support for running on Intel TDX as well. This talk will explore some of the required changes and discuss how the differences between AMD SEV-SNP and Intel TDX informed some of the design decisions.

The Linux ecosystem depends on core utilities written decades ago in C, but modern needs demand safer, more maintainable tools. Over the past four years, the Uutils (Coreutils, findutils, diff,) project has reimagined these utilities in Rust, offering secure, performant replacements. To the point that it is now shipped by default in some Linux distributions and used in production.

In this talk, we’ll explore a bold vision for the future of Linux: one where Rust becomes the backbone of its essential tools, ensuring long-term security, maintainability, and performance for generations to come.

Participants will discover how to customize the game Minetest (Luanti Engine) to create their own gaming experiences from open source mods. (notions introduced: open source mods, dependencies, incompatibilities, debugging, …)

If we have the time and the public are up for it, we will briefly introduce modding in Lua, and leave the participants with the Luanti Modding Book link (https://rubenwardy.com/minetest_modding_book) if they want to go further. Participants will need a laptop, preferably with Luanti already installed (https://www.luanti.org/downloads/)

It’s better to play with a mouse! You can already explore available games and mods on https://content.luanti.org/

Activities during FOSDEM Junior follow the Code Club policies and health and safety standards.

• All attendees must have an adult with them
• Remember to bring your laptop with you
• You must book a place to attend
• Please don’t come if you are feeling unwell

Participants are required to sign up for this activity via the registration form.

From out daily experience as Linux Mail Security Consultants, we see different groups of infrastructures like universities and government authorities getting similar spam and threats. We have implemented automated ways to share this information among these clusters. We will introduce the techniques used in our Rspamd implementations and we will point at some pitfalls that should be avoided. We also like to talk about our experience with pre-queue deep threat second stage security analysis like sandboxing.

Murena team developed a new launcher for /e/OS, based on Launcher3. In this talk, we will introduce this AOSP key component, and how it is possible to use it as a base for your own Android Launcher project.

https://gitlab.e.foundation/e/os/BlissLauncher3

Incus is a next-generation manager for system containers, application containers, and virtual machines, forked from Canonical's LXD in August 2023.

This presentation explores the evolution of LXD/Incus, with a focus on clustering and its capabilities for natively managing both stateless and stateful workloads.

Drawing on real-world experience as a system architect at a cloud provider using LXD/Incus since 2016, we will examine the technologies underpinning Incus, including OVN-based networking and flexible storage configurations. The session will also showcase the key commands and workflows for building and managing an Incus cluster, with practical examples to highlight best practices.

This session is intended for system administrators, DevOps engineers, and container enthusiasts seeking to enhance their understanding of Incus and its role within the modern container ecosystem.

After fuzzing databases for the last 3 years, I learned that simple design decisions on a fuzzer impact on the issues it can ever find. In this talk I would to address some of those decisions. As an example, I would to discuss about the design of BuzzHouse, a new database fuzzer to test ClickHouse.

In this BOF session, we'll discuss the application of concurrent algorithms in system software (operating systems, system libraries, database systems, runtime systems, etc). Practical requirements, techniques and trends from the industry as well as research results and limitations are interesting areas of discussion. The goal is to connect with concurrency enthusiasts and to figure out whether a critical mass exists to form a "Multicore & Concurrency" devroom next year.

You, Eleanor Shellstrop, are dead. You are in cardiac arrest. Your heart has stopped beating, you have stopped breathing, and medically speaking you have died. Not a great start to your day! But worry not: someone has called emergency services. This is the story of that call — and how open geospatial information just might help save your life.

This talk, presented by the CAD & Technical Lead at the London Ambulance Service, will discuss how we use open data to locate patients, how your phone sends live geospatial information to our control room, and the other open (and some not-open) data that our emergency medical service uses to save lives across London every day.

Expect high-level conversations about medical emergencies, but this talk is suitable for all ages.

Collabora Online is an online document editor based on LibreOffice, but there's also both an Android and an iOS Collabora Office app based on the same technology - LibreOffice Kit. Have you ever wondered how it works?

In this talk, I'll give a high-level overview of the architecture of the Collabora Office mobile app. Along the way, I'll discuss how it's similar but different to the Collabora Online server, and what limitations on the mobile platform (for example a lack of availability of clipboard web APIs) pushed us to write in the way that we have.

NixOps used to be the only Nix-native deployment and provisioning tool, but it failed. NixOps4 is a complete redesign of the tool, taking lessons from NixOps, taking inspiration from Terraform, and borrowing its providers. In doing so, it creates a unified deployment platform, architecturally similar to how Nix is a platform for unified builds. It allows you to combine configurations freely with the Nix language and build system, and it makes it easy to "extend" the tool.

In this presentation, we'll have a look at the concepts that make up NixOps4, as well as its integration into the Fediversity project, which aims to enable hosting providers to let their customers deploy applications such as Mastodon, PeerTube and Pixelfed, fully automatically - running NixOps4 "unattended" in production.

We explore the security model exposed by Rook with Ceph, the leading software-defined storage platform of the Open Source world. We discuss major updates within the past year to our threat model, dashboard, call home, and encryption, including work on TCMs, NVMe and exploration of open source post quantum encryption algorithms, within a major project. We discuss the challenges and benefits of promoting open source, and how to ensure we adhere to Executive Order 14028, and the challenges and rewards of dependency tracking and updating.

My name is David Berman. I am an electrician by trade, not a programmer by profession, but I have ventured into the world of programming out of necessity and conviction. My journey into this realm has been fueled by a desire to challenge the prevailing norms of an industry heavily skewed toward proprietary, enterprise-oriented solutions. Specifically, I have worked to advocate for open-source, cost-effective methods to control city streetlights and other industrial control systems traditionally dominated by expensive and exclusive technologies.

During my talk I would like to share my newest project, Gungnir: https://github.com/davidjrb/gungnir

This journey has been far from easy. The resistance to change in this space is significant, and the challenges are both technical and cultural. One of the key barriers is the entrenched power of profit-driven opponents, including corporate lobbyists and those with vested interests in maintaining the status quo. These forces often stifle innovation and prevent the adoption of solutions that could benefit society as a whole by reducing costs and fostering collaboration.

Another challenge comes from within the very community I advocate for. Despite the immense potential of open-source solutions, there is a tendency among many non-programmers—particularly those in traditional trades or management roles—to dismiss these solutions out of hand. This is often due to a lack of familiarity with the technology or misconceptions about its reliability and scalability. Bridging this gap requires not only technical expertise but also the ability to communicate the value and viability of open-source approaches in terms that resonate with a broader audience.

In my talk, I aim to explore these challenges in depth, sharing insights from my own experience as a non-programmer navigating a highly technical field. I will discuss the hurdles faced by the open-source community when advocating for transparency, collaboration, and cost-efficiency in an industry often resistant to such ideals. I will also highlight strategies to foster greater acceptance and collaboration between open-source advocates and those unfamiliar with or skeptical of these technologies.

Ultimately, my goal is to spark a dialogue about how we, as a community, can better advocate for open-source solutions in industrial and civic systems, ensuring that they are not only adopted but also embraced as a viable and beneficial alternative to proprietary models. By sharing stories, challenges, and strategies, I hope to inspire others—whether programmers, non-programmers, or industry professionals—to join this important movement.

Thank you for having me.

I look forward to seeing you all 14:00, Saturday, 1. February in Baudoux - UB5.230

Profile-Guided Optimization (PGO) is a well-known compiler optimization technique that brings runtime statistics about how an application is executed to the Ahead-of-Time (AoT) compilation model. However, this technique is not widely used nowadays.

In this talk, I want to discuss with a wider audience typical issues that I met with PGO implementation in LLVM-based compilers (like Clang and Rustc). During my work on the Awesome PGO project, I gathered a lot of interesting data points and insights about current PGO issues in the ecosystem (mostly with LLVM-based tools since I prefer using LLVM), and discussed many issues with different stakeholders like end-users, maintainers, and application developers. We will talk about:

• PGO documentation issues across compilers
• Different PGO integration states across LLVM-based compilers
• PGO awareness across the industry
• Strengths and weaknesses of different PGO modes for different use cases in real-world
• Top blockers for PGO adoption
• And many other things!

I believe that after the talk more people will be aware of PGO, aware of usual PGO blockers with LLVM, and know more about how to avoid these limitations in practice.

Target audience: LLVM users (especially LLVM-based compiler engineers and LLVM adopters)

Most software build systems, following the tradition of make, refer to artifacts by an assigned location on the file system. However, when developing software, one is usually more interested in the contents of the file than its location. So why not take the definition itself as key? Similarly, when building typical complex targets, like libraries, additional information has to be considered when using them, e.g., transitive dependencies when linking. So why not make that part of the data of the analyzed library? In this way, we obtain definitions that are independent of their origin and hence can meaningfully be cached. This high-level caching allows a seamless transition between fine-granular building and traditional package building (obtaining all artifacts by a single lookup). As an additional benefit, when using remote build execution, it is enough to have the sources of the project you're working on, while still having the benefits of a bootstrapped build.

All those concepts are implemented in the open-source build system justbuild, available, at https://github.com/just-buildsystem/justbuild

Panoptic is a tool to explore locally and easily big images datasets: https://github.com/CERES-Sorbonne/Panoptic Images abound on the web and digital social networks. Their proliferation is one of the characteristics of digital culture. In particular, they are widely mobilized in contemporary controversies, with the aim of revealing and debating important social issues. Far beyond natively digital images, whether moving or still, images are first and foremost an object of study in their own in many disciplines (art history, film studies...), just as they can be a way of accessing a research field (photographs of animal and plant species, pages from digitized books...). A key challenge for the human and social sciences is to equip themselves with tools for exploring, sorting and annotating image corpora.

While a number of tools already exist for working with such corpora (XnView, Tropy, voxel51, Aikon, Arkindex, for example), a key issue to be resolved is the multiplication in the number of images we work with: how can we efficiently explore, sort and annotate a corpus of several tens of thousands of images? How can we provide researchers with a tool that facilitates such work?

Indeed, working with a large number of images means first of all having a synoptic view of them, in order to understand them as a whole, but also being able to manipulate them directly in the presentation interface (for both exploration and analysis).

Secondly, working with a large number of images also imposes time constraints on analysis, which can be resolved by using similar-image clustering tools (computer vision tools), to group together images that have formal similarities (reduces exploration time), but also by using batch annotation functionalities (reduces analysis time).

Finally, working with images is rarely just about working with images, but also with textual data associated with the images (texts of tweets, photographer's name, shooting date, etc.). Another challenge, then, is to adopt a plurisemiotic approach to the content of the corpus being worked on, in order to avoid having to move back and forth between different work spaces.

Created at CERES, by developers, researchers and designers, Panoptic is an open source tool for visualizing, exploring and annotating large images corpora. In particular, the tool integrates algorithms for grouping images by similarity (by using ml model CLIP), to help users with sorting and exploration. The tool also offers various filtering, search and annotation options, enabling the creation, analysis and export of sub-corpora.

Our talk will present the tool we have developed, and how its various functions are designed to meet the methodological needs of research using tools for working with large volumes of images.

Windows-on-ARM devices (primarily laptops) provide a nice execution environment for running Linux or any other open-source OS. As the provisioned ACPI tables make heavy use of PEP, it is next to impossible to make use of the ACPI in a proper way, This talk focuses on the the possible ways to select and sideload corresponding device tree blob before passing control to the OS kernel.

We will close the devroom with lightning talks that will serve as a great conversation starter during the lunch break.

In an increasingly connected world, securing wireless communication is vital for protecting critical infrastructure and personal data. Traditional tools for Radio Frequency (RF) assessments, while effective, often lack flexibility, cross-platform compatibility, and adaptability for diverse environments and architectures. RF Swift addresses these limitations by providing a streamlined, modular toolbox tailored for RF Security assessments and HAM radio enthusiasts alike.

RF Swift is a multiplatform solution, seamlessly running on Windows, Linux, and a wide range of architectures. This versatility empowers users to conduct RF assessments in virtually any environment without hardware constraints. Designed with adaptability in mind, RF Swift enables security professionals and radio enthusiasts to deploy, manage, and analyze RF communications with unprecedented speed and efficiency.

Attendees will discover how RF Swift empowers both rapid assessments and deep analysis, simplifying complex tasks such as spectrum monitoring, signal detection, protocol analysis, and signal generation. Join us to explore how RF Swift redefines RF security assessment, offering a robust, scalable, and flexible approach to tackle modern wireless security challenges.

When it comes to the on-disk-size of your OpenJDK installation it becomes apparent that certain files take up a large part of the entire Java Development Kit (JDK) installation. It can seem that certain files are monolithic and aren't possible to make smaller. Yet, they can be smaller if you know how.

In this talk we show how you can create a custom run-time image for your specific application without the need of the jmods folder otherwise being present in a standard JDK. Forget about JRE and go all-in on custom run-time images. The best thing about it is that - due to JEP 493 - this will no longer need JMOD files of the JDK to be present.

Tune in to hear more about using jlink from a JDK without a jmods directory and what new opportunities this allows.

ssh (secure shell) is a popular protocol used for remote command-line connections and file transfers.

sshproxy is more than a simple ssh proxy/load balancer. It can choose the destination node based on simple or complex rules, such as the user name/group, its previous connections, the number of total connections on the nodes, the total used bandwidth of the nodes… It can be distributed on multiple gateways, with shared states. It can track, log and monitor all the connections.

At CEA (French Alternative Energies and Atomic Energy Commission), sshproxy allows users to connect to 4 different supercomputers, with regularly more than 1,000 simultaneous connections.

An introduction on the basic concepts underpinning a container manager: understanding what OCI images are, how they’re structured, and how to use them as rootfs. From there, we’ll dive into the core Linux primitives that make rootless containers possible: namespaces for isolation, UID/GID mappings and dropping privileges.

The talk will use my project Lilipod https://github.com/89luca89/lilipod as an example on what and how all of this has been implemented

The European regulations impose strict rules on the collection and use of data via cookies and other trackers on websites. Auditing the practices of these sites is crucial to ensure that the cookies placed, both before and after user consent, comply with current legal obligations. This includes the purpose of the cookies and the transparency of the information provided to users, such as cookie descriptions and an easily accessible refusal option.

Although various website analysis tools exist, their use often requires advanced technical expertise, as they typically operate via command-line interfaces. In this context, the EDPB, through the Support Pool of Experts (SPE), has developed a dedicated audit tool to assess websites' compliance with European regulatory requirements.

The tool is a Free and Open Source Software under the EUPL 1.2 Licence and is available for download on code.europa.eu. The source code is available here.

Dr. Jérôme Gorin, the creator of this tool, will present its functionality and its adoption by numerous auditors within data protection authorities across Europe. The presentation will conclude with a discussion on the tool's improvement prospects, aiming to foster knowledge sharing and the detection of the latest online tracking technologies.

Katzenpost is a robust privacy software project. It includes a mix network implementation with a powerful, realistic threat model, hybrid post-quantum cryptography libraries, messaging protocols and metadata-private networking - all implemented in Go and under an AGPLv3 license.

The purpose of this talk is to go over all of these elements and explain how they may be implemented in other software projects, rather than explain the high level design of the mix-net in detail. The Katzenpost code can be found at [the project's GitHub](https://github.com/katzenpost).

Unleashing the power of 3D graphics on the Raspberry Pi is an ongoing effort at Igalia. We are constantly exploring new opportunities to maximize the GPU's potential. The process of identifying applications that can be optimized is highly rewarding. Every so often, we uncover a breakthrough, enabling us to boost application performance up to ~70%.

The graphics stack for the Raspberry Pi 4 and 5 is built on the Mesa user-space drivers (V3D/V3DV) and the Linux kernel driver V3D. These drivers are fully mature, with the upstream Mesa Vulkan driver V3DV having already achieved Vulkan 1.3 conformance, and the OpenGL/ES driver V3D exposing desktop OpenGL 3.1.

However, just having working, conformant drivers isn't enough for us. In this talk, we will demonstrate how we go the extra mile to extract the maximum performance from the Raspberry Pi's GPU, proving that a more performant embedded GPU is possible.

In addition to explaining where we currently stand, we will showcase several cases where optimizations in the Mesa user-space drivers led to significant performance improvements. We will also review recent developments in the kernel driver, including support for Huge Pages in the GPU kernel driver and our experience using Transparent Huge Pages (THP) on an embedded device.

By the end of this talk, we hope the audience will have a better understanding of the graphics stack for embedded GPUs and how to start getting more juice out of an embedded board.

Designed to cater to a wide range of peripheral devices and platforms, Analog Devices' Kuiper Linux distribution is built with more than 1000 Linux device drivers compatible with Xilinx and Intel FPGAs, Raspberry Pi boards, and several other platforms.

To ensure its quality, a test harness infrastructure must be in place to carry out continuous testing on actual hardware. This talk covers the design and implementation of such a fully automated test harness. The implemented architecture leverages the use of readily available components/technologies such as Jenkins, Docker, NetBox, and JFrog Artifactory and, at the same time, includes custom-built tools that can be tailored and extended to support existing or new devices and platform types.

By using an advanced resource locking mechanism, the hardware setups are also remotely available to others for development and debugging, when there are no automated tests running.

My talk will introduce you to TLSRPT and it will show you how to configure Postfix to send TLSRPT datagrams to a TLSRPT report service. TLSRPT is to TLS security what DMARC is to anti-phishing: it allows you not only to establish standards like STARTTLS, MTA-STS or DANE for secure message transport, but to verify via reports those security levels are being uphold.

It allows a sender platform to inform receiving platforms how often a TLS connection from the sender to the recipient had been successful and if not why. It is a major improvement over self-monitoring your MTA service, because it creates - in contrast to self-monitoring - a world-wide view how others „see“ your platform. It allows e.g. to make areas in the network visible, where TLS fails, to investigate and ideally to fix the problem in order to keep communication secure.

Previously the capability to create and send TLSRPT reports had been limited to a few major platforms running their own or a commercial MTA. This will change early 2025. The Postfix MTA will be the first Open Source MTA to implement functionality that permits to send TLSRPT-relevant DATA to a TLSRPT report service. The service will collect the DATA, create a report and pass it on to an MTA for delivery or submit it directly via HTTP.

Postfix’ new feature is the result of a collaborative effort between Wietse Venema, the creator of Postfix, and my company sys4 as we want to foster TLSRPT (also because it hinders German providers to qualify to become BSI approved „Secure E-Mail Platforms“).

We created an Open Source low-level C-library that can be used by any MTA - not only Postfix - and the service required to create TLSRPT reports. Both can be downloaded at github. And we hope many other Open Source projects will use the library and the service to implement TLSRPT reporting in their MTA.

This talk introduces Apache Arrow's tensor arrays as a tool for representing an array of tensors in memory, their storage and transportation. We'll introduce the tensor array memory layout specification, its implementation in Arrow C++ and Python, showcasing how it can help interoperate with PyData and database ecosystems.

We'll present the fixed and variable shape tensor array specifications, their implementations and how they can be used to interoperate with Arrow aware ecosystem such as DLPack, NumPy, and others. Further we'll discuss design decisions we made to make the two tensor arrays as generic and universal as possible.

One of the interesting things about Collabora is the extremely powerful LibreOffice core it is built on. Come and hear how we've been working hard to expose even more powerful browser-based collaborative functionality from it.

Hear about our new WebGL transitions, Automatic Document generation from documents + JSON, as well as exposing much of the power of our core functionality from fonts and AutoText to more powerul configuration options.

Finally have a quick summary of UI wins and other recent improvements, as well as how to get involved.

The Tillitis TKey is a radical new open source and open hardware FPGA-based general computer in the form factor of a USB security token. Due to the mandatory measurement of apps it generates secret material on demand, with no persistance, based on the integrity of the app and provides a secure environment to do sensitive computing like, for instance, cryptographic signing, authentication, and similar uses.

In the talk I will present how the TKey works, especially with the killer app SSH, how it came about, and touch on how you develop apps for it, the tools available, and welcome you to join the open source projects behind it. With a small, dedicated team you can get a lot of things done, even with hardware designs using FPGAs and your own design of PCBs.

Picture this: an open source digital democracy platform, launched by a city government, that quickly outgrows its municipal roots and becomes a global movement. Decidim started in 2016 as a tool for participatory processes in Barcelona, but its community expanded worldwide, with users in diverse cultural and political contexts. How do you scale such a project while preserving its democratic integrity?

In this session, we’ll dive into Decidim’s evolution, focusing on the governance challenges and triumphs of managing a rapidly growing, decentralized community. We’ll explore how Metadecidim—our "eat your own dog food" instance—facilitated this transition, enabling collaborative decision-making through open assemblies and processes. We’ll also discuss how Decidim’s unique social contract ensures transparency and accountability in everything from feature development to project governance.

This session is for you if you’re interested in the nuts and bolts of scaling participatory governance of free software projects.

This is a story of how I used a few readily-available Open Source tools to achieve huge optimizations in zbus, a pure Rust D-Bus library. This was long journey but gains were worth the efforts. I will go through each single bottleneck found, how it was found and why it was a bottleneck and how it was optimized away.

While attending this talk will by no means make you an expert in optimizations, it is my hope that by you will be able to relate to some of bottlenecks or solutions I will present ("hey", I also do that in my code!") and learn from my experience. Maybe afterwards, you can suggest an even better solution? Moreover, if you don't already have any experience with profiling and optimizations, this talk should be a good introduction for that.

Open-source software has been a powerful catalyst for innovation in computer and software engineering, driving significant advancements in healthcare, particularly in medical and surgical technologies. Recently, the open-source movement has expanded beyond software, encompassing the release of code, data, and AI models, further accelerating progress across diverse fields. However, in healthcare, open-sourcing faces distinct challenges, including navigating regulatory hurdles to meet industry standards, ensuring robust patient data protection, managing the costs of specialised hardware and software maintenance, and addressing the limited availability of expert clinicians needed to annotate, test, and validate AI innovations. In this talk, Miguel will explore how open-source technologies are advancing healthcare, with a focus on medical and surgical innovations. He will highlight key advancements while exploring the complexities of clinical translation, using three of his projects as examples: Fetal Ultrasound Image Synthesis, endoscopy-based video analysis for surgery, and real-time AI diagnosis of eye movement disorders. The talk will examine the challenges of clinical translation and showcase examples of innovative technologies that leverage open-source software, models, and data to address some of the most complex problems in healthcare. Finally, to inspire and spark innovation among the next generation of engineers, researchers, and clinicians from academia and industry, this talk will showcase how the emerging open-source software community for surgical and medical technologies is striving to: (a) Foster Collaboration and Community Building, (b) Enhance Security and Transparency, (c) Promote Customisation and Flexibility, (d) Ensure Cost-Effectiveness, Sustainability, and Scalability, and (e) Drive Rapid Innovation and Future-Proofing.

Longhorn is an open-source, Cloud-native volume manager, which implements its own distributed block storage system. It is a complete and independent software defined storage solution, handling internally all aspects related to capacity management, performance, fault-tolerance, as well as interfacing with both Kubernetes and the end user. Longhorn is an actively-developed and mature software, however our installations have revealed that it currently lacks the ability to take advantage of the hardware performance available in local servers that feature high-speed solid state disks and high-bandwidth network connectivity. This presentation investigates a series of performance optimizations that have been engineered in the Longhorn's core that collectively allow the system to achieve an order of magnitude better IOPS and bandwidth.

AI is everywhere and especially open source is accelerating capabilities and delivering new breakthroughs in Models, making them smaller yet more powerful. While there is a big focus on the next big thing in Software, many overlook the goldrush in Hardware. You may have heard of companies like Nvidia, AMD or Axelera.AI, they are some of the ones selling the shovels to the diggers for a great profit margin. Have you ever wondered what it take to make your own chip?  So how to get started on your AI startup? The good news is: there is RISC-V, an open standard for CPUs, so everyone cam implement their own CPU and use common library software (in theory).  The even better news is there is an non profit open source organization called OpenHW Foundation offering high quality Apache 2.0 (or Solderpad) CPU Cores you can take as is, modify as needed and collaborate with a big community. Even better, the OpenHW Foundation is offering small platforms to debug on FPGA's but also has QEMU support and various other Models for example system Verilog cycle accurate SystemC Models. On top of this we also provide the Software eco system you need to brign your chip up and running quickly and sell it to one of the big Datacenter Companies, or just keep it running in your basement, heating your house and providing awesome AI edge capabilities for you and your family! In this talk Flo will highlight the current trends in chip development and how open source is accelerating this from the Cores to the EDA tools for designing but also open source tapeouts and then focus a little more on some of the Cores in OpenWH and how you can utilize it. Dr Jeremy Bennett world famous for his 45min overviews on "how to get GNU GCC ported on a totally new Architecture" is joining to deliver an overview which Software you need to run on your Chip, to develop your Chip and why it is easy with the OpenHW Group. Last but not least we will spill the beans on how the European Union is supportign our work as a non profit (and also for profits in that context) to guarantee sovereignty and enable academic but also research and industrial to build and innovate on a common platform via the Chips JU and programs like TRISTAN and how you can benefit, no matter if you quickly develop a MCU in your Master, need to do some measurements on real RISC-V Cores for your PhD and prove how to boost performance or if you join the real business selling shovels to all the diggers. Believe us, this talk will be a wild ride deep into the Hardware realm of RISC-V and OpenHW and make you start your own Chip while you are still listening!

Closing notes and information about pPub (physical Pub) meetup.

JSON has become the lingua franca for handling semi-structured and unstructured data in modern data systems. Whether it’s in logging and observability scenarios, real-time data streaming, mobile app storage, or machine learning pipelines, JSON’s flexible structure makes it the go-to format for capturing and transmitting data across distributed systems.

At ClickHouse, we’ve long recognized the importance of seamless JSON support. But as simple as JSON seems, leveraging it effectively at scale presents unique challenges. In this talk we will discuss how we built a new powerful JSON data type for ClickHouse with true column-oriented storage, support for dynamically changing data structure and ability to query individual JSON paths really fast.

ClickHouse open-source project: https://github.com/ClickHouse/ClickHouse Links related to the topic: https://github.com/ClickHouse/ClickHouse/issues/54864, https://github.com/ClickHouse/ClickHouse/pull/58047, https://github.com/ClickHouse/ClickHouse/pull/63058, https://github.com/ClickHouse/ClickHouse/pull/66444.

We present LoRaMesher, a communication library to build LoRa mesh networks. LoRaMesher interconnects geographically spread IoT devices through a LoRa mesh network. For the communication, the library implements a proactive distance vector routing protocol. Using LoRaMesher, an IoT application running on a node can send and receive data packets to and from other nodes in the LoRa mesh network. LoRaMesher has been tested on embedded boards featuring an ESP32 microcontroller and a LoRa radio. Using LoRaMesher, nodes do not connect to a LoRaWAN gateway, but among themselves. This allows new, distributed applications solely built upon tiny IoT nodes.

This is not on behalf of a specific community, only my direct experience with Ubuntu Touch, libhybris and Halium.

SailfishOS, Ubuntu Touch, Droidian. Many options exist for running a GNU/Linux environment on an off-the-shelf mobile phone. But what makes these different from an application developer’s perspective for a smartphone OS built with libhybris drivers?

Let’s find out.