FOSDEM welcome and opening talk.

In 2012, Thunderbird was pronounced dead. What happened next unfolded like a fairytale, as the Thunderbird project roared back to life on the shoulders of an incredibly generous community. Fast-forward to the end of 2022, and Thunderbird raised an astounding $6.4 million in donations. Within the last 3 years, it experienced a 326% revenue increase, quadrupled its core team, visually overhauled the desktop application, and announced plans to expand to Android and iOS. But how did this happen? More importantly, can your open source project use Thunderbird's experience as a template for success and sustainability? You absolutely can. Join us to find out how!

Ada Lovelace, Hedy Lamarr, the 'ENIAC Girls,' Grace Hopper, Joan Clarke... Stemming from the role of a calculator, the profession of a developer was initially considered a women's job, while hardware design was seen as a man's job. However, who are these women who have shaped the world of tech? Why don't we hear more about them? With Laura Durieux, you'll attempt to set the record straight bit by bit and provide role models in tech that you've always needed.

What is new since Go 1.20. In this talk we'll bring you up to date with all upcoming changes to the Go language and the community! What is new since Go 1.20. In this talk we'll bring you up to date with all upcoming changes to the Go language and the community! Go 1.22 will be released in February 2024, we will be taking a look to all upcoming features as well as give an update on important changes in Go 1.21. This includes traditionally updates about the language, tooling, libraries, ports and most importantly the Go Community.

PayProp chose Perl over twenty years ago when they bootstrapped their business. Today the backend is still Perl, but has changed. This is a short talk about how we are modernising the stack and contributing back to open source software.

A short talk about some of the tools and techniques PayProp are using to modernise their Perl stack, including some of the issues and challenges. The areas covered will include:

• Moving from a CGI.pm based framework to Mojolicious
• Adding an ORM and business objects, via DBIx::Class and Moose
• Refactoring existing functionality with help from regression tests
• Contributing and maintaining distributions on CPAN
• Hiring developers and introducing them to Perl

Link to my github profile: https://github.com/leejo Link to my CPAN profile: https://metacpan.org/author/LEEJO

Turtlestitch is based on a browser-based educational programming language (Snap!) to generate patterns for embroidery machines. It is easy to use, requiring no prior knowledge in programming, yet powerful in creating nowels patterns for embroidery. It is useful for designers to experiment with generative aesthetics and precision embroidery as well as a tool for innovative workshops combining an introduction to programming with a haptic output.

Introducing HopFS Mount, a FUSE file system designed to enhance user experience and simplify interactions with distributed file systems, specifically tailored for HopsFS. Leveraging the Filesystem in Userspace (FUSE) framework, our solution establishes a seamless interface, shielding users from the inherent complexities associated with distributed file operations.

HopsFS, a derivative of HDFS, renowned for its scalability and performance, is now easily accessible with the familiarity of a local file system through our FUSE-based innovation. By abstracting the intricacies of distributed file systems, our implementation ensures that users engage with HopsFS in a manner similar to traditional file systems. This abstraction not only reduces the entry barriers for users unfamiliar with distributed systems but also enhances the overall usability and accessibility of HopsFS.

This presentation explores Tansu, an open-source library that revolutionizes widget state management through signal implementation. We also introduce AgnosUI, our open-source, framework-agnostic, headless, and Bootstrap libraries created using Tansu. We will delve into the specifics of how Tansu facilitates widget creation and the unique features of AgnosUI.

A unique feature of the GateMate FPGA architecture is its provision for [partial] self-reconfiguration, i.e. the possibility to change the running configuration of the chip from inside, without affecting the operation of the other parts of the chip.

Presentation of GMM-7550 -- the open hardware module, based on the CologneChip GateMate FPGA.

The hardware part of the project consists of: * the FPGA module * a small adapter board to host the module on Raspberry-Pi 40-pin GPIO header * an RP2040 USB adapter board * a memory extension module (SRAM and SPI)

All the hardware was designed with KiCAD and released under CERN-OHL-P license.

The project also provides control software and design examples. GateMate FPGA designs are synthesized using the Yosys framework, optionally with the GHDL plugin. Control software and design examples are released under MIT license.

The increasing adoption of containerization and container orchestration has highlighted the need for secure and controlled distribution of container images. This talk will delve into the methods of distributing private container images and OCI artifacts, analyzing the strengths and weaknesses of various solutions, especially in contexts like software sales and custom builds for clients.

We will begin our discussion with hosted registries, highlighting their cost-effectiveness, ease of implementation, and low maintenance needs. Next, we will explore self-hosted solutions, which offer greater flexibility. Finally, we will examine the integration of an OCI-compatible registry with a custom authorization server. This setup allows the incorporation of complex business logic into authorization decisions, such as custom IAM and product subscriptions. While this adaptable and cost-efficient approach may involve custom development, we will provide a thorough analysis of its implications.

An exploration from the chips on the PCB to how Linux makes the phone work. We'll go into how the hardware and the Linux device tree files are connected, how the different chips communicate, etc. Things I wish I had learned years ago!

Confidential instance types (or CVMs) are the newest addition to public clouds like Microsoft Azure, Google Cloud Platform (GCP) and Amazon Web Services (AWS), some are already generally available and some are still in development/preview. Can we just bring existing general purpose Linux distributions to these environments and get the advertised confidentiality guarantees? Do we need to develop something or maybe we just need to have a specific OS image configuration to enjoy the benefits? The talk will try to answer these questions and explain the differences in the design of the various CVM instance types and discuss the current state of development of various important component upstream as well as their integration in general purpose Linux distributions (Fedora, CentOS Stream, RHEL). Focusing on providing confidentiality of the data at rest, existing technologies providing boot time integrity (SecureBoot, Measured boot, vTPMs,...) will be discussed. Finally, some of the remaining gaps in various components (Linux kernel, systemd, cloud-init,...) will be highlighted.

OpenAPI Specification is a machine and human readable way to describe APIs, from endpoints to examples. From these descriptions we can generate documentation, create libraries, and ensure that our users know exactly what to expect from our APIs. This talk introduces you to the OpenAPI standard, showing how to describe APIs and looking at some popular API examples. Good tools are essential so we'll look at some of the open source tools available to working with OpenAPI easier. We'll cover the benefits of using an open standard to describe your APIs and discuss what you can do next, like publishing documentation, generating code, and teaching LLMs new tricks. Learn about what's coming up in the world of OpenAPI, and how to get involved with this open standard and its community.

Setting the stage for the Railways and Open Transport developer room and guiding through the programme.

For a long time, scientific publications focused only on experimental results, ignoring how, concretely, the results were obtained, making difficult for readers, but also for the author, to reproduce the experiments. Things are slowly changing: publication of so-called "artifacts" are encouraged by journals and conferences. However, releasing scripts and programs used for experiments can be challenging: how to organize the material? how to clearly document the instructions? how to ensure reproducibility of the experiments? how to ensure long-term availability? Several answers are possible to all these questions. In this talk, I will try to summarize how and why my methodology to build reproducible artifacts evolved over several years in the research area.

In theory, semantic versioning (SemVer) is simple: breaking changes require major versions. SemVer rules do not change over time. Crates always adhere to SemVer. Careful coding is enough to avoid accidental breaking changes.

None of those statements are true!

In practice, SemVer is complex and accidental breakage is common: 1 in 6 of the top 1000 Rust crates has violated semantic versioning at least once, frustrating both users and maintainers alike.

If you write Rust but don't have the time for a PhD in SemVer, this talk is for you. We'll take a practical look at SemVer in Rust: what it buys us, how Rust's features lead to strange SemVer edge cases, and how we can prevent accidental breakage using a SemVer linter called cargo-semver-checks.

Traceroute has been helping troubleshoot network issues since the late 80s. In that time, it has become one of the most used tools in Internet measurement and topology discovery. Here at Catchpoint we leverage Linux traceroute to perform measurements from nodes distributed all over the world. In order to do what we do, we've enhanced the Linux traceroute to add some useful and interesting capabilities, and made those changes publicly available. In this presentation we are going to have an overview of the enhancements we made to traceroute. These Improvements include support for QUIC, a new style of TCP traceroute called "InSession" aimed at bypassing firewalls, ECN bleaching detection, path MTU discovery speedup and many more. The presented enhancements are made open source with the hope that they can be helpful to the networking community.

Packet losses are common in real-time communications, due to the nature of transmissions. Forward Error Correction (FEC) is a well-known technique for controlling errors in data transmission. The goal is to recreate a lost packet, based on other transmitted packets and redundant information included in specific FEC packets.

Packet losses are well handled for audio streams thanks to Packet Loss Concealment (PLC), which makes them almost un-noticeable to the end users. However, they are far more complicated to handle for video data. FEC offers a solution to compensate the loss rates typically observed over the Internet. At the expense of a relatively low overhead and small latency, the redundancy information transmitted by the sender lets the receiver re-create the missing packets.

There are currently various FEC standard techniques and approaches documented at IETF. The Linphone project has selected the Flexible Forward Error Correction scheme (flexfec) documented in RFC8627.

This talk will talk about: - the principles of Forward Error Correction - why the Linphone team chose the Flexible Forward Error Correction scheme - what were the implementation challenges - what are the observable results at the Linphone app level

In 2023, embedded Linux developers received eagerly awaited news: the release of Raspberry Pi 5 and the integration of VNC backend into Weston, the reference compositor for the Wayland display server protocol.

During this talk we will explore VNC backend integration in Weston 12 and newer versions as well as its build and runtime dependencies such as NeatVNC and AML. We will compare VNC (Virtual Network Computing) to RDP (Remote Desktop Protocol). Using the Yocto Project and OpenEmbedded, we are going to build core-image-weston for Raspberry Pi 5 and configure VNC with TLS security and user authentication. Step-by-step tutorial will be provided to demonstrate the configuration of a remote connection to Raspberry Pi 5 from another computer through Vinagre, an open-source VNC client designed for the GNOME Desktop.

The presentation is appropriate for anyone interested in remote access to embedded Linux devices. It will expand upon Leon’s lightning talk about RDP from FOSDEM 2023 and address frequently asked questions about remote screen sharing on embedded Linux devices. Previous experience is not required.

Gephi Lite, developed by OuestWare, is a web-based, streamlined version of the renowned graph visualization tool, Gephi. Aimed at porting its features into a web application while simplifying common use cases, this project was published in 2022 (github.com/gephi/gephi-lite).

The genesis of Gephi Lite is routed into academia. Over the last decade, a succession of graph visualisation and manipulation prototypes emerged, each addressing specific research requirements. These academic prototypes, funded by various research projects, paved the way for the development of increasingly powerful low-level tools (sigma.js, graphology).

Gephi Lite emerges as the culmination of these efforts. This presentation explores the concise journey of how diverse research needs over the past 10 years converged into the development of Gephi Lite.

A review of the past four years in the life of the OpenJDK Community, and a look at what’s ahead.

Calendars are a building block of our work tools. Unfortunately, managing calendars is often a nightmare. The reason for this is simple: the big companies hosting most of the calendar services are not trying very hard to provide interroperability between their services, or facilitate the use of calendars not hosted by themselves. One particular setting that is very painful when using calendars is the case of public-calendars. While a lot of organizations have a public-calendar available to stay informed about the events they organize, it is actually very complicated to leverage these calendars in a natural way: First of all, not all caldav clients support public-calendars, or at least not as well as “account” calendars. Often, they allow to “bulk import” multiples ical events inside your calendar client but not suscribe to the underlying calendar. This means that new events will not be added to your calendar automatically; Public-calendars are not easily composable: it is not possible to merge multiple public-calendars together in order for example to share a collection of calendars; It is not possible to filter events in public-calendars. We may be interested only in a subset of events in a calendar (events occuring on mondays for example, or taking place in Paris, or any other criterion).

Linkal is a software developped to solve the above problems. It is a public-calendar aggregator server. It acts as a man-in-the-middle between a caldav client and some public-calendars. Given a list of public-calendar, it emulates a calendar collection containing all these calendars. The user can then use its usual caldav client and add the collection as an “account” calendar (specifying the url of the Linkal instance instead of the caldav server). This allows the collection to be shared easily to multiple users and seamlessly updated.

The talk will present the challenges to collaborations using calendars and the solutions that Linkal provides.

An introduction to the BEAM virtual machine and its languages.

NLnet is inviting (prospect) NGI Zero projects to meet & greet, and have a discussion about the Next Generation Internet.

Opening a day of great talks.

For the past years, everyone has been talking about standards but how many of us can define what are standards, how they are governed and why they chose their own approach?

A lot of us work with some standards or specifications but can lack of a global perspective. Taking advantage of a conference time, let’s explore how different standards and open specifications can work together to support Public Transport Authorities, Public Transport Operators, and their third parties’ daily workload.

In this session, experts working on MMTIS EU-standards (e.g., NeTEx, SIRI) and other open specifications (e.g., ITxPT) will reflect on:

• How open standards and specifications are defined in each case
• Their governance and its impact
• How open-source tools accelerate their uptake

They will also discuss the state of their current work and share some crucial lessons learnt on:

• Communication and dissemination about standards
• Promoting open data for National Access Points or other international repositories
• Engaging an open-source community
• Funding the common goods that are standards / open specifications
• How to make sure different standardisation approaches benefit to the end-users and the multimodal mobility ecosystem

With the format of an interactive session and open discussion, this session will feature:

• The Transmodel family (NeTEx, SIRI, OJP, OpRa, etc.), led by the CEN standardisation body
• ITxPT Specifications, led by the non-profit organisation ITxPT
• Open Trip Planner by Entur, the one open-source tool that combines different standards and specifications, led by a National Body (Norway)

The main goal of EVerest is to develop and maintain an open source software stack for EV chargers with implementations of various communication protocols, robust hardware support and the ability to simulate the complete charging process.

In this talk we will give a short update on the exciting progress EVerest has seen over the last year.

We will also show you a selection of the different kinds of hardware EVerest is already capable of running on, like AC and DC chargers (for which open hardware designs are available). Additionally we will present how EVerest can be used to implement different kinds of devices like a portable, handheld DC "charger" that can be used for protocol testing various EVs.

We will also briefly discuss our plans for EV-side simulation and some of the exciting things we're working on to make our dream of providing a fully open source EV charging solution with extensive protocol support a reality!

https://github.com/EVerest/ https://lfenergy.org/projects/everest/

Everyone uses curl, the swiss army knife of Internet transfers. Earlier this year we celebrated curl's 25th birthday, and while this tool has provided a solid set of command line options for decades, new ones are added over time This talk is a look at some of the most powerful and interesting additions to curl done in recent years. The perhaps lesser known curl tricks that might enrich your command lines, extend your "tool belt" and make you more productive. Also trurl, the recently created companion tool for URL manipulations you maybe did not realize you want.

Gleam has come a long way over the last few years! Let's take a look at what's happened, where we are, and what's next for the language and the community. 💫

FlexMeasures is the intelligent & developer-friendly EMS to support real-time energy flexibility apps, rapidly and scalable.

In this talk, we want to focus on the "developer-friendly" part, and demonstrate the steps it takes to turn FlexMeasures into a smart backend, for instance to power the intelligent scheduling in your new climate tech startup! (you can also tinker with this at home, of course)

In this highly relevant example, we assume you control the heating for your customers' buildings. There is a heat pump and solar panels. You promise your customers to heat their home with their own solar power if possible. You even promise to use the cheapest grid power when the sun isn't shining. Green building, low energy bill!

Our tutorial will turn this promise into reality ― in any case, the data-driven optimal computations you'd need (measuring and on/off control of hardware not included).

FlexMeasures is a Flask web server, so this tutorial will use Python. We will use the FlexMeasures API, but also its CLI and the Python client ― the possibilities are rich. We also show how to add custom logic in a FlexMeasures plugin.

In short, we will:

• create a new customer account with the relevant asset models for this use case (via a new API endpoint, e.g. called from your CRM)
• feed local measurements (e.g. solar, temperature) regularly into your FlexMeasures server, using the FlexMeasures Python client
• get the latest price and weather forecast data from third-party-APIs (regularly via cron jobs), using existing FlexMeasures plugins
• create forecasts for solar data and prices (regularly via cron jobs)
• call the FlexMeasures scheduler to compute when to draw green & cheap electricity for heating (via the FlexMeasures API) which you can out to use in the building
• define a cost reporter and let it run (regularly via cron jobs)
• configure a FlexMeasures dashboard to show the relevant data in one place

We hope to see you there, and that some of you get inspired to put some climate tech into the field!

Using Perl, and through open source and open data, Open Food Facts is transforming our food system! In this talk, we'll dive into how Open Food Facts is helping reshape the food system to reduce its impacts on health and the environment. We'll go through how Open Food Facts helps create a treasure trove of information, and turn it into actionable data for consumers, researchers and policy makers.

We'll explore how citizens and consumers are using this database to make smarter, healthier food choices, steering the food industry towards a more transparent and sustainable future.

We'll show how we are mobilising technology (mobile crowdsourcing, artificial intelligence and more classic tech) in the pursuit of food enlightenment.

We will tell the story of Nutri-Score, and how the Open Food Facts community helped shape food policy, going from a digital deployment to real-life impact. We will also touch on the on-going projects with Eco-Score and Open Products Facts.

We'll go through the inspiring journeys of people who learned Perl in 2023 to contribute to Open Food Facts, the challenges of expanding and refactoring a Perl stack with very high impact, and what’s ahead

Snapshot functionality stands as a cornerstone in virtualization across key platforms such as Openshift Virtualization/CNV, OSP (OpenStack Platform), and RHEL employing KVM virtualization. Its pivotal role in practical customer environments underscores the significance of understanding its nuances in our virtualization production.

So in my presentation, I'll navigate through:

Introduction to Snapshots: Offering a concise overview of this fundamental feature in virtualization. Practical Use Cases and Benefits: Detailing how snapshots are utilized from customers's perspective, showcasing their immense benefits. Create & Restore Architecture in CNV, OSP, and KVM: Delving into the snapshot architecture in CNV, OSP, and KVM (Libvirt & Qemu), exploring how they enable the creation and restoration of snapshots. Snapshot Status in CNV and OSP: Analyzing the current scenario, primarily focusing on disk snapshots, highlighting the limitations and disadvantages perceived from the customers' standpoint. This will set the stage for discussing the need for VM snapshots. The Case for VM Snapshots and the develop status in KVM layer: Emphasizing the necessity for VM snapshots, understanding why they are essential and how they address the limitations of disk snapshots. And the investigating result of the developmental status of VM snapshots within the KVM layer. Conclusion: Reinforcing the critical role snapshots play in customers' environments, summarizing their significance in virtualization production.

Goroutines are an exciting part of the Go language, but what are they? How are they created? How are they paused? How are they resumed? There are a lot of questions that the regular go programmer doesn't need to know and usually doesn't know, but if you, like me, are a curious person, you probably want to know more about what is going on under the hood.

Come with me on this interesting trip through one of the most outstanding features of the Go language, the goroutines, and discover what makes your Go programs tick! In this talk we are going to explore how is the life of a goroutine.

We are going to start talking about the go runtime scheduler in general, and we are going to talk about the most important structures there, P, M, G and Sched.

Once we have that clear we are going to explore how a goroutine is created and after the creation, how it change states, exploring the different states like Waiting, Runnable or Running, but also others. We are going to talk about the transitions between them to finish talking about the death of a goroutine.

After this talk you should have an intuition about how your goroutines are scheduled and why they transit from one state to another.

Overview

Bootloaders are one of the biggest pain points when it comes to booting upstream Linux on Qualcomm devices, they require that distros support 5 versions of the Android boot image header, weird non-standard devicetree properties, and are generally a huge headache. As modifying the bootloader is out of the question, we can at least replace the environment it gives us with a more sensible one...

In this talk, I'll give a brief introduction to what an EFI bootloader actually is, how they work, and how U-Boot fits into the picture as a second-stage bootloader. I'll cover the work I've been doing to improve Qualcomm support in upstream U-Boot, and how we can drastically lower the barrier of entry for distro support on Qualcomm phones.

Lastly, I'll go over the new process for porting a Qualcomm SoC to U-Boot, and demo booting Linux with EFI runtime support on a Qualcomm phone.

I'll also give a sneak peak at what would be possible if we had greater ownership of our devices.

Why you should care

This talk is primarily aimed at the upstream community, if you work on upstream support for any Qualcomm devices - be it phone, tablet, Chromebook, or vehicle - then you can likely benefit from running U-Boot.

UEFI is now the lowest common denominator, and supporting it makes Qualcomm devices a viable target for more mainstream distros.

Jupyter notebooks play a crucial role in the development stage for data analytics, machine learning, and other data-driven applications. However, moving them into a production environment often leads to a complex set of challenges.  Challenges related to production readiness, version control, testing, reproducibility, and modularity are common.     In this talk, we will delve into the specifics of these challenges and demonstrate how our tool, Versatile Data Kit (VDK), effectively addresses them. From deploying production-relevant code to ensuring linear execution for reproducibility, we will provide insights into practical solutions that could enhance efficiency in your data analytics and machine learning workflows. This session is aimed at those looking to understand the complexities of productionizing notebooks and explore potential methods to overcome these challenges. Benefits to the Ecosystem - solutions to several specific pain points of Productionizing Jupyter notebooks. For this talk, some prior knowledge of Jupyter Notebooks is necessary.

This keynote celebrates an important milestone 13 years in the making: Outreachy surpassed 1000 interns with its current round of internships! For the first time ever, the full organizing team of Outreachy has gathered together in person here at FOSDEM. This celebratory keynote, will talk about the history of Outreachy, our lessons learned and our hopes for the future.

calculang is a language for calculations, pure-functional and compiles to Javascript.

In this talk I present intended separation of concerns, calculang properties, and some interactions and sharing of numbers and their workings that it facilitates.

I'll use some interactions and examples from a new and experimental calculang website. 🤞

calculang is free software and currently available on GitHub. Updates @calculang on Fosstodon. Matrix #calculang.party:matrix.org

For slides see calculang-at-fosdem.dev/slides

VIDEO below contains 2x short but noticeable drops due to technical issues.

Sound Open Firmware is an open source audio DSP firmware and SDK that provides audio firmware infrastructure and development tools for developers who are interested in audio or signal processing on modern DSPs.

Sound Open Firmware is supported on platforms from Intel, NXP, Mediatek and AMD. It comes with Linux kernel ALSA driver and open source firmware. Past year saw a major effort on integrating Sound Open Firmware with Zephyr RTOS.

The goal of the presentation is to offer a gentle introduction to the project, building blocks, community and tools.

Project page: https://www.sofproject.org/ Project documentation page: https://thesofproject.github.io/latest/index.html

We will be presenting Indico, an event-management system born out of the collaborative spirit at CERN. Initially developed more than 20 years go, to meet the unique demands of the world's largest physics lab, Indico has since evolved and transcended its origins, becoming a globally adopted solution for the organization events of all scales, used in more than 300 organizations world wide, including the United Nations, and integrated in a lively user community. We will be focusing on the main features of the tool, its role at CERN and elsewhere, the work we have been doing regarding community building, as well as plans and ideas for the future.

As an open community grows the amount of external contributions increases with it. This is one of the primary benefits of open communities: the assimilation of progress from a wide and diverse pool of talent. However, care must be taken to ensure that the process of acceptance is free from social friction, lest arguments bring down and delay development of the project. This lightning talk covers the social issues open community maintainers and external contributors face during the submission of a patch or other change, why conflicts arise between parties, and how to handle difficult public disagreements to bring threads of discussions back on topic to focus on the benefit of the project and community. Synergy is when multiple parties come together to produce something greater than the sum of their parts, and it's what we will strive for in this talk.

Cosma is a visualization tool for knowledge workers. It helps create, use and share non-linear scientific documentation. It works by reading plain text files interconnected with [[wiki links]] and rendering them as an interactive network of index cards inside a standalone HTML file.

This talk will present the design choices of Cosma, which uses existing ideas but in a peculiar way:

• it includes graph visualization but primarily for network synthesis rather than analysis;
• it creates contextualized backlinks based on wiki links but also based on citations (bibliographic references);
• it is a command-line program but most of its features are located within the files it exports.

These choices reflect the core idea of the project (which is as much an ambition as it is a set of constraints): leveraging innovation from the “tools for thought” space (easy hypertext authoring, interactive publications) while addressing the needs of creative, investigative knowledge work (owning robust data, backing claims with sources).

Project website, examples, documentation: cosma.arthurperret.fr

Project repository: github.com/graphlab-fr/cosma

Read the blog post for this presentation : www.arthurperret.fr/blog/2024-02-03-cosma-at-fosdem-24.html

In 2023, the NetBSD project celebrated 30 years since its first release, 0.8. Now, four years after NetBSD 9, NetBSD 10 brings a huge number of changes and improvements. This talk will dive into the most important new features of NetBSD 10, such as performance and security improvements, expanded CPU and GPU support, improved virtualization and more!

Another strength of NetBSD is its package system, pkgsrc, which is portable to dozens of other OSes and can even be used like virtualenv for development and deployment environments.

But over all this, the question remains: how relevant is NetBSD these days? There is a small but friendly, and tight-knit community of users and developers. The focus on portability and cleanliness provides a good system for both beginners and tinkerers, but also a rock-solid server or workstation system. We will go over some cool use cases and show ways that you can get involved.

With the introduction of "Forensic Container Checkpointing" in Kubernetes 1.25 it is possible to checkpoint containers. The ability to checkpoint containers opens up many new use cases. Containers can be migrated without loosing the state of the container, fast startup from existing checkpoints, using spot instances more effective. The primary use case, based on the title of the Kubernetes enhancement proposal, is the forensic analysis of the checkpointed containers.

In this session I want to introduce the different possible use cases of "Forensic Container Checkpointing" with a focus on how to perform forensic analysis on the checkpointed containers. The presented use cases and especially the forensic analysis will be done as a live demo giving the audience a hands on experience.

To build nice tools with transit data, we need nice libraries to build upon.

We present a small collection of libraries hosted in the https://github.com/rust-transit/ organization to manipulate transit data.

The main library, gtfs-structures, is a performant and flexible rust crate that parses a large variety of GTFS files and is used in production in the validator of transport.data.gouv.fr, but also in other projects like https://catenarymaps.org/.

Other libraries allow to manipulate realtime data in the SIRI-Lite format or to parse OpenStreetMap for simple routing tasks.

Since Oracle began developing updates for the JDK with the JDK 7 Updates Project in 2011, a lot has happened in the OpenJDK community. The development processes have been constantly adapted, so that today the changes to the updates begin their journey as pull requests on GitHub.

But what happens next with the changes? In this lecture we'll take a look at how it all began and how the development of JDK updates works in practice today.

You may have an existing Ceph cluster that you want to integrate with Kubernetes, or wanted centralized ceph management in a single cluster connected to multiple Kubernetes clusters what's the solution? External Rook-Ceph Cluster. An external cluster is a Ceph configuration that is managed outside of the local K8s cluster. In external mode, Rook will provide the configuration for the CSI driver and other basic resources that allow your applications to connect to Ceph in the external cluster. This talk will give a quick overview of the Rook external cluster, which includes its deployment, demo, and how the latest ceph features can be used with this like Multi-site, rados namespace, etc.

IPv6-only networks are slowly becoming reality and are very well supported by mobile operating systems as well as macOS. Linux is slightly falling behind. In this talk, I will cover how IPv6-only and IPv6-mostly networks work and what needs to be done to have first class support in Linux. Let's talk about IPv6-mostly networks - the kind of networks which run IPv6-only for devices supporting it while providing some IPv4 for devices dependent on it. This can be done by DHCPv4 option called IPv6-only Preferred. Using this option, a device can opt-out from IPv4 if it does not need it for proper functionality.

But even if a device opts out from IPv4, chances are it would need some IPv4-as-a-service for supporting legacy applications. Typically, 464XLAT concept is used. This relies on a client-side translator (CLAT) responsible for converting residual IPv4 into IPv6. If such a translator is missing, which is the case for the most Linux desktop distributions nowadays, most things would work normally, but chances are you will hit some corner case where your computer complains about no connectivity. There are solutions to set up CLAT on Linux but none of them is mature enough. Let's talk about what needs to be done to change this.

Resources:

• clatd: a CLAT daemon utilizing userspace translator TAYGA or nat46 kernel-space translator

• Jool: Open Source SIIT and NAT64 for Linux

• RFC 6877: 464XLAT: Combination of Stateful and Stateless Translation

• RFC 8925: IPv6-Only Preferred Option for DHCPv4

• RFC 8781: Discovering PREF64 in Router Advertisements

Embrace a security-first mindset in API development to proactively prevent malicious attacks. Learn how to integrate fundamental security building blocks, authenticate requests, validate access control, implement secure communication channels, identify potentially dangerous actors, and dynamically prevent attacks as they happen.

Here, I’ll walk through building resilient APIs and platforms that thwart attacks from the beginning, protecting your users and your data. Join me as I introduce how to make security an integral part of our development process.

RTC AMA since the original speakers couldn't make it.

This talk will show you how to write your own rust linter using the rustc_tools crate which allows you to have access to the rust compiler API. It can be quite useful if you need specific lints for a project and cannot add them to clippy.

It will explain how the compiler API works and give a small example at the end showing it in action.

The energy transition relies heavily on energy management technology such as power electronics devices. These devices allow the control of electricity flows such as battery charging, motor control and renewable energy usage. This critical technology is mostly proprietary blocking innovation and knowledge transfer. The OwnTech project has the objective of creating an open-source technology suite similar to Raspberry Pi or Arduino for energy management. Our goal is to provide our community with the tools to act and re-imagine their energy system from the bottom up.
In this talk we will introduce the OwnTech project, its mission and show a study case of a 1kW 24V micro-grid developed by Alyssia Dong, an assistant professor at the University of Angers, for educational purposes.

If you wish to know more about our work: Link to our website Link to our documentation Link to our Foundation on GitHub Link to our software Link to our control hardware - SPIN Board Link to our power hardware - TWIST Board

Scripts and softwares are indispensable components of contemporary research. While the study of scientific instruments has been extensively covered in science and technology studies (STS), as well as aspects related to digital data, software strangely remains absent. I will build on the success of Jupyter computational notebooks to sketch a social study of open source scientific softwares.

The Jupyter project, initiated in 2001 by a physics graduate student interested in scientific programming, has gradually evolved into a global data science infrastructure. I will demonstrate the importance of closely examining its trajectory by identifying the continually negotiated conditions for the transition from local usage to a role as a generic instrument, progressively leading to its integration into a diversity of services beyond scientific communities. The dissemination of computational notebooks has thus not only facilitated a convergence between open code and open science but also between the practices of researchers and those of computer developers, leading to the stabilization of a specific infrastructure for data analysis.

Years ago, we had to rewrite our old IRC bot in a hurry, converting it to the Slack messaging API. When we did that, we also converted it to IO::Async and began trying to keep it both async and easy to work on.

This talk will give a brief overview of the bot architecture and how we've kept working on the bot simple, most especially by adopting Future::AsyncAwait. We'll also look at how you can run your own instance of the bot.

Overte is a virtual environment comparable to the likes of VR Chat, Resonite or Second Life.

However, our architecture is highly distributed, and our approach to many things such as content hosting is significantly different to that of other platforms. We don't need accounts, servers can be anywhere, and content can be hosted on any HTTP server. Overte closely imitates the WWW, and this brings plenty benefits, but also creates problems other platforms don't have.

In this talk, I will explain what makes us different, what the benefits are to doing things our way, how do we solve problems other systems don't have, and why you might want to try Overte for its unique approach.

Formal verification, or formal correctness proofs, are powerful tools when designing your FPGA or ASIC "gateware". They help finding bugs sometimes missed in simulation, triggered by corner cases you didn't think to check. This talk will give a little background on how they work, the available ecosystem of tools, show some small examples on how to use them, and some practical results from real-life usage.

Discover the modern architecture of Waltti-APC, Finland's national Automatic Passenger Counting system. We have developed what we believe is the first application of differential privacy to anonymize real-time APC data, ensuring its safe use in trip planners and other passenger information systems. Additionally, we have crafted an API specification that allows new vendors to easily step into the market of onboard counting devices without prior knowledge of public transit. All open source, of course. Join us for an exploration of our data pipeline, powered by Apache Pulsar.

Yes, and we’re in pretty good shape!

For the last 10 years, Qualcomm’s engineers and Linaro’s Qualcomm Landing Team has been working hard to carefully implement Linux mainline support for Qualcomm platforms, and so far so good it’s pretty good now as you can judge with the very good Thinkpad X13S support.

Neil will do a tour of all supported platforms, describe the work the Linaro’s Qualcomm Landing Team has achieved so far and the key features engineers are working on. The Qualcomm SoCs are notoriously very complex and very powerful, and implementing clean, correct, maintainable and extensible support for mainline Linux is particularly hard. Key domains like Power or DSP management were particularly hard to support, with those in good shape multimedia, connectivity and network features getting enabled permitting Qualcomm based devices to offer excellent support while running vanilla (unmodified) Linux kernel !

The Thinkpad X13S is a great example of such support, because until recently it was limited to expensive and hard to buy Qualcomm Reference platforms.

Nevertheless the Qualcomm Reference platforms also get as early as possible mainline support, without any concessions on code quality, like the Snapdragon 8 Gen 3 mailing-list patches delivered on marketing announcement day.

The talk will propose a tour of supported platforms, current and possible future achievements, and integration examples with mobile distributions like PostmarketOS.

Go is widely considered simple language. But the proposal and contribution process can be intimidating to the uninitiated.

In this talk, I take the auduience on a quick tour of my experience from feature idea, to proposal, to eventually implementing the proposal myself in just a dozen lines of code, and getting it merged and included in Go 1.21.

The goal of this talk is to demystify the Go contribution and proposal process, and encourage others who may otherwise feel intimidated, to participate.

In this presentation, we'll take a detailed look at how Quarkus approaches native compilation, highlighting what sets it apart from other frameworks. We'll start with an overview of Quarkus and its native compilation, then dive into the specific decisions made during the compilation process, explaining the reasons behind each choice. Finally we will go through parts of the Quarkus code to show how these decisions are practically implemented and how they benefit users.

An UKI (Unified Kernel Image) is a single executable which can be booted directly from UEFI firmware, or automatically sourced by boot-loaders with little or no configuration. UKI technology is a main building block for Linux on Confidential Virtual Machines. However, UKIs are immutable, meaning that once created it won't be possible to safely change/extend kernel command line or initrd modules without creating a new UKI. This session will firstly review what an UKI is and why is it useful especially for Confidential Computing, then explain the current immutability challenges that it brings, the various approach that were proposed, and which solution is currently deployed. The topic covered are UKI addons, sysext extensions, and sbat rules.

OpenTalk is more than just another video conferencing solution. Designed with a special focus on data protection and security, OpenTalk offers a completely reimagined solution ideally suited for public administration. With its modern IT architecture and strict data segregation, OpenTalk meets the highest standards of data protection and security, fully compliant with the GDPR.

In the public sector, data protection is not just a buzzword; it's a central requirement. OpenTalk provides specialized features and moderation tools specifically developed for such demanding scenarios. This includes features voting, recording, streaming, breakout rooms and a coffee break timer. Don't worry: thanks to its user-friendly design and simple operation, OpenTalk is also accessible to users who are not tech-savvy.

OpenTalk has been created as a comprehensive European — and therefore GDPR-compliant — alternative for collaboration and communication. It is a video conferencing solution well-suited for agencies, municipalities, administrations as well as personal and business use.

Starting with the history of the OpenTalk project, this talk will provide insights into features that set it apart from other solutions, its service architecture and the current state of development. We will also discuss about the efforts of creating tooling for developers to build their own service and client integrations for the system. We have the vision of building and fostering a community around the project that helps creating an open ecosystem.

Links

• OpenTalk website
• OpenTalk documentation for users, admins and developers
• OpenTalk source code published to OpenCoDE (GitLab service for use in public administrations)

The Climate-Aware Task Scheduler is a lightweight Python package designed to schedule tasks based on the estimated carbon intensity of the electricity grid at any given moment. This tool uses real-time carbon intensity data from the UK's National Grid ESO via their API to estimate the carbon intensity of the electricity grid, and schedules tasks at times when the estimated carbon intensity is lowest. This helps to reduce the carbon emissions associated with running computationally intensive tasks, making it an ideal solution for environmentally conscious developers. Currently CATS is built to work with the simple "at" scheduler, but work is underway to port it to Slurm. The source code can be found at https://github.com/GreenScheduler/cats and more information at https://greenscheduler.github.io/cats/.

Debian is a commonly used distribution on embedded devices, however more often than not single-board computers available on the market just run some sort of Debian derivative that is provisioned as a binary image to be flashed to an SD card where the device will boot from. At the same time linux distributions for industrial embedded computer are often based on Yocto/OpenEmbedded or buildroot.

This talks will explore what is required to install and run a non modified Debian in an industrial arm/arm64 embedded device running the U-Boot bootloader.

We will investigate the various option to install Debian, either running debian-installer (from network or from an external storage media) or using debootstrap, we will look into how the bootloader is loading the OS (kernel, initrd and devicetree), looking at U-Boot distroboot/Standard Boot and UEFI and after that we will have a look at the required support from the Linux kernel.

During the talk we will also describe the steps needed to contribute support for a specific board to Debian.

We've all seen the memes about Google Chrome devouring all the available RAM in your laptop. Is that only due to how the browser works or is it also our fault as web apps developers? In fact, modern JS apps are becoming increasingly complicated, so their compute and memory requirement are rising as well, with some famous websites even taking up entire gigabytes of memory. This does not only fill up the memory of your users devices, but can also cause crashes and performance drops. How do we monitor if that's the case, and how can we fix it? This talk will shed some light on the dark art of memory allocations and profiling, showing how some data structures and some JS frameworks are less efficient than others. Also, what are the tools that are available to measure it, such as the Chrome Memory Profiler and MemLab, showcasing some custom tooling I've built around those two.

eBPF permits to run sandboxed programs in the OS kernel, mainly event-driven. It's used to extend the kernel without recompiling it or use modules. eXpress Data Path (XDP) provides a eBPF-based, high performance, programmable network data path in the Linux kernel. It provides bare metal packet processing at the lowest point in the software stack, which makes it ideal for speed. A XDP program returns an action code to tell the kernel what to do with the packet: XDP_PASS, XDP_DROP (and XDP_ABORTED), XDP_TX (and XDP_REDIRECT).

This talk, after a brief introduction of what XDP is, presents how redirecting packets, using the XDP_TX return code, can be used to implement a load balancer. It shows how using Direct Server Return can increase the throughput and how to use a consistent hashing algorithm to redirect all the packets of a specific connection to the same backend server. Finally, it explores how the load balancer can be deployed directly to backend servers without the need for a dedicated machine, leveraging the Equal-Cost Multi-Path routing. The presentation of a possible network topology to deploy this load balancer using BPG or static routes completes the seminar.

As researchers continue to explore the utility of platform-based large language models (LLMs) for tasks like data extraction, annotation, and classification, concerns about access, cost, scalability, volatility, and privacy arise. Even when using local or open-source LLMs in the social sciences and humanities, it is critical to address the inherent inconsistencies of LLM outputs, and to assess their suitability for specific tasks. 

How should LLMs be approached and evaluated for digital research projects? I propose a methodology for systematically exploring and evaluating above issues using Prompt Compass. The tool encapsulates research affordances for working with LLMs tailored to the social sciences and humanities. It provides easy access to various local and platformed LLMs, defines default (but modifiable) parameters that produce the most consistent results, offers a library of ready-made and customizable research prompts, allows for looping over rows in a CSV, and allows for testing and evaluating various LLM-prompt combinations. 

As technological advances reshape social science and humanities research, tools like Prompt Compass are critical in bridging the gap between LLM technologies and methodological robustness in both qualitative and quantitative research. Such tools allow for a hands-on approach to assess the stability of prompts, their accordance with specific LLMs, and the replicability of research.

Prompt Compass is available under an Apache 2.0 license at https://github.com/ErikBorra/PromptCompass

Ever found yourself lost in the complex world of Kubernetes, wondering what unfolds when a node throws a curveball? Fear not, for Rook's Network Fencing is the unsung hero in this tale of container chaos. Let's take a journey into the heart of this complexity, uncovering the superheroic qualities of Rook's Network Fencing, working tirelessly to prevent any data chaos.

Imagine this: when one node takes an unexpected turn, Rook elegantly guides the pods to a new, stable platform. Here's the twist – CephFS remains undisturbed, a calm leader in the face of potential turbulence and the container using this may happily continue, leading to data corruption!

Join us as we break down the details of this strategic performance. Discover how Rook's Network Fencing becomes the guardian of your data, ensuring a smooth transition from one node to another. It's not just about preventing chaos; it's about preserving the integrity of CephFS, the backbone of your containerized world.

So, get ready for an exploration into the art and science of Network Fencing, where Rook emerges as the quiet force that guarantees your data's safety, keeps your workloads running smoothly, and bids farewell to chaos in the Kubernetes story.

Welcome to the "revelation of Network Fencing in CephFS with Rook – your data's trustworthy guide in the container wilderness."

MicroBlocks is a blocks programming language for physical computing inspired by Scratch. MicroBlocks is a non-profit open-source project that makes physical computing fun and easy. Although it's goal is to enable and inspire youth (10+), curious makers of all ages are encouraged to embrace the joys of physical computing. Unlike other programming environments for microcontrollers, MicroBlocks is LIVE. That is, the MicroBlocks IDE (editor running on a computer) and the MicroBlocks code (running on a microcontroller) are constantly kept in sync. The blocks-based editor makes it easy to click any block or script of blocks to execute them immediately. Development and debugging occur at the same time. The project lives up to its tagline "small, fast, human friendly". :)

In the rapidly evolving landscape of electric vehicle charging, the Open Charge Point Protocol (OCPP) has emerged as a crucial industry standard for communication between charging stations and a central management system. In my presentation I will introduce groundbreaking extensions to OCPP, focusing on the integration of end-to-end digital signatures and binary data streams, a leap forward in efficiency and security within the EV charging ecosystem.

The integration of binary data streams via HTTP Web Sockets into OCPP marks a significant enhancement in data transmission efficiency. This approach not only reduces latency and bandwidth usage for large data transfers, but also paves the way for more secure, in-band data transmissions like firmware updates or log file transport. Traditionally, such data transfers required separate HTTP or FTP servers, introducing unnecessary complexity and potential network security risks. With these extensions firmware updates become seamless and more secure, directly within the OCPP framework.

Furthermore, the addition of digital signatures to OCPP commands and data structures, such as charging tariffs or grid related commands for controllable consumers according to the German §14a EnWG, introduce a new layer of security and integrity. These signatures ensure that data is not tampered with during transmission - even beyond the traditional scope of OCPP - providing a verifiable trust mechanism in end-to-end EV charging communications and might in the future lead to more cost-efficient intelligent measuring systems.

A notable advancement is the use of digital signatures for creating distinct user roles within OCPP. Until now, OCPP lacked the capability to differentiate between user access levels, such as "normal" users and "admin" users. The introduction of role-based access control, underpinned by digital signatures, allows for precise management of user permissions, enhancing both security and operational efficiency especially in more complex managed charging locations.

In my talk, I will delve into the technical implementation details of these extensions. Attendees will gain insights into the practical applications and benefits of these enhancements in the context of the Open Source energy ecosystem. The presentation will also explore the potential future implications and developments that these extensions could usher in, setting the stage for a more secure, efficient, and scalable EV charging infrastructure.

gccrs is an alternative implementation of a Rust compiler currently being developed. It aims to become a fully fledged Rust compiler, and hopes to share as much code as possible with the official Rust compiler in order to guarantee correctness and avoid damage on the Rust ecosystem. But how do we plan to integrate Rust components to the GCC codebase, and what sort of components will we reuse? This talk will explore the future of the project, as well as some of the challenges surrounding compilers, and the very silly sounding but real problems of bootstrapping and dogfooding. We will explore the stack of rustc crates that we leverage, how we use them together, and how they will play a part once the compiler has advanced further.

Incus is the latest project in the system containers and virtual-machine space. It came to life as a fork of Canonical's LXD project after Canonical decided to reclaim full ownership of LXD.

Incus is a fully fledged system container and virtual machine manager, capable of running either standalone on systems as small as single board computers, or scale up to hundreds of servers to run tens of thousands of instances. It supports advanced storage and networking options and can easily be managed through its command line, a variety of web UIs or its REST API.

In this presentation, we'll be going over a bit of the history of LXD and Incus, how it came to be, who's behind it, what state it's currently in and what to look forward to in the near future!

As developers, we write unit tests in a TDD-style workflow for validating the behavior of our applications and libraries. However, all possible situations need to be manually thought out when writing the tests for the code. Property based testing aims to solve this by allowing the developer to specify behavior of their programs in terms of properties (invariants) of their code and then automatically generating tests that check if the property is indeed valid. In this talk, the key concepts of property based testing will be explained, along with clarifying examples, ranging from introductory snippets to more complex ‘real life’ scenarios. The examples will be written in Elixir; a functional programming language that runs on the Erlang virtual machine. The high level, flexible and expressive nature of the language make it an ideal fit for declaring properties against which a program can be checked.

Through open source and open data, Open Food Facts is transforming our food system! In this talk, we'll dive into how Open Food Facts is helping reshape the food system to reduce its impacts on health and the environment. We'll go through how Open Food Facts helps create a treasure trove of information, and turn it into actionable data for consumers, researchers and policy makers.

We'll show how we are mobilizing technology (mobile crowdsourcing, artificial intelligence and more classic tech) in the pursuit of food enlightment.

We will tell the story of Nutri-Score, and how the Open Food Facts community helped shape food policy, going from a digital deployment to real-life impact. We will also touch on the on-going projects with Eco-Score and Open Products Facts.

We'll explore how citizens and consumers are using this database to make smarter, healthier food choices, steering the food industry towards a more transparent and sustainable future.

How might we innovate digital tools for citizen engagement with visual methods to ‘retool’ citizen science and invite more people to document their lived experiences as inputs to urban planning and policy? And could we do so in a participatory process that uses principles of Data Feminism and Design Justice to diversify who has a seat at the table in the tool development, and whose interest are built into the tools we make? Forged in the fire of such burning questions, we present the UB App as an open-source photovoice application for smartphones, co-created during the Urban Belonging Project (2020-22) in a process that involved scholars from Copenhagen and Amsterdam, professional urban planners, citizen engagement experts, and seven marginalized communities in Copenhagen (deaf, lgbtq+, physically disabled, mentally vulnerable, houseless, internationals, and ethnic minorities). At the 2023 FOSDEM, we are excited introduce the UB App and the UB Toolkit, and use examples from our design process to discuss the potentials and challenges of involving a multitude of voices and perspectives in the development of digital citizen science tools. We touch upon; how inputs from different stakeholders shaped decisions about what data collection the app makes possible; how it mitigates issues of privacy and visual and spatial literacy to make the app as inclusive as possible; and how design criteria were translated into app features that open new empirical opportunities for community engagement.

Resources: The UB App, open-source photovoice app developed in the project (https://github.com/Urban-Belonging/UrbanBelonging), licensed as GPLv3.

The UB Toolkit; open-source scripts developed in the project to transform raw data from the app into structured data files and images ready for analysis (https://urban-belonging.github.io/UrbanBelongingToolkit/), licensed as GPLv3. Articles about (a) the development process and (b) its use in the Urban Belonging Project: a) Madsen, A. K., Burgos-Thorsen, S., De Gaetano, C., Ehn, D., Groen, M., Niederer, S., ... & Simonsen, T. (2023). The Urban Belonging Photo App: A toolkit for studying place attachments with digital and participatory methods. Methodological Innovations, 20597991231185351. https://journals.sagepub.com/doi/10.1177/20597991231185351 b) Burgos-Thorsen, S., Niederer, S., & Madsen, A. K. (2023). What is an inclusive city? Reconfiguring participation in planning with geospatial photovoice to unpack experiences of urban belonging among marginalised communities. Visual Studies, 1-20. https://www.tandfonline.com/doi/full/10.1080/1472586X.2023.2261897

Spearkers: Sofie Burgos-Thorsen (sofieburgosthorsen@gmail.com):

Libervia is an universal communication ecosystem that extends the use of XMPP far beyond instant messaging, incorporating features such as microblogging, direct messages, calendar events, A/V calls, and more.

A significant feature is its role as a server component, which has facilitated the implementation of a XMPP <=> ActivityPub gateway. This gateway enables seamless interaction between two key open protocols.

In this session, we'll explore the architecture of this gateway, detailing how it facilitates communication between XMPP and ActivityPub. We'll delve into the intricacies of protocol mapping and discuss how Libervia integrates features such as microblogging, reactions, likes/favorites, mentions, and calendar events across these platforms. The talk is aimed at providing a clear understanding of how Libervia contributes to the evolution of open communication technologies.

Open source has been highly democratized thanks to a clear OSI defintion. In a Digital infrastrcuture world, now it is the time for APIs to have such open and clear defintion. Inspired by Open Source, this talk will present the FACT framework, a way to create and publish easily Fair API Commitment Terms, making API Terms of Service that are easy to read and understand. Indeed, the biggest threat on trust in the digital infrastructure we know is the threat on APIs you consume for your software. What if the API provider breaks the API? What if the API provider change its licence? Its version abruptly making it a breaking version without notice? Its pricing making it unaffordable for all users? This is why we have worked to make a framework to make it easy to provide clear open commitment about your APIs to your community. It is like a Creative Commons for APIs, as it is also easy to read and understand for users about what they can expect about API provider commitments about trust for their API. This project has been supported by the Ford Foundation, Mozilla foundation and Open Society foundation.rThis talk will present the FACT framework, a way to create and publish easily Fair API Commitment Terms, making API Terms of Service that are easy to read and understand. Indeed, the biggest threat on trust in the digital infrastructure we know is the threat on APIs you consume for your software. What if the API provider breaks the API? What if the API provider change its licence? Its version abruptly making it a breaking version without notice? Its pricing making it unaffordable for all users? This is why we have worked to make a framework to make it easy to provide clear open commitment about your APIs to your community. It is like a Creative Commons for APIs, as it is also easy to read and understand for users about what they can expect about API provider commitments about trust for their API. This project has been supported by the Ford Foundation, Mozilla foundation and Open Society foundation.ired by open source. This talk will present the FACT framework, a way to create and publish easily Fair API Commitment Terms, making API Terms of Service that are easy to read and understand. Indeed, the biggest threat on trust in the digital infrastructure we know is the threat on APIs you consume for your software. What if the API provider breaks the API? What if the API provider change its licence? Its version abruptly making it a breaking version without notice? Its pricing making it unaffordable for all users? This is why we have worked to make a framework to make it easy to provide clear open commitment about your APIs to your community. It is like a Creative Commons for APIs, as it is also easy to read and understand for users about what they can expect about API provider commitments about trust for their API. This project has been supported by the Ford Foundation, Mozilla foundation and Open Society foundation. https://www.apitos.org/

Kubernetes has evolved far beyond container orchestration and is now playing a significant role in automating telco workloads in a cloud-native manner at a large scale. In this session, we will demonstrate the innovative ways we harness Kubernetes to streamline telco operations. Throughout the presentation, we will introduce you to cutting-edge concepts, including configuration as data, kpt (Kubernetes Package Manager), krm functions, and more. These powerful tools and concepts are instrumental in effectively orchestrating telco workloads within a Kubernetes environment. Join us for an insightful journey where we showcase the seamless integration of Kubernetes with telco workloads and illustrate how these advanced techniques transform the way we manage and operate telecom services in the cloud-native landscape.

Since 2017, the Passenger Division at the Swiss Federal Railways has used MATSim as the main framework for SIMBA MOBi - its activity and agent-based transport model. By now, SIMBA MOBi is a well-established model that helps the company’s decision-making process in passenger demand planning. Very early in the development stage of the model SBB has committed itself to contributing actively in the MATSim core libraries under GPL. In this talk, we briefly give an overview about the model itself, its applications and SBB’s long-standing contributions in MATSim. We also point out the advantages and limitations of using an academic open source software in our active production environment. MATSim is available under GPL and its code repository is https://github.com/matsim-org/

This presentation will discuss the OpenJDK project Lilliput, which aims to reduce object header sizes, and with it, memory and CPU consumption of the HotSpot JVM. We will start with a short overview of the status-quo in HotSpot, and explain the goals and motivations. We will then give an overview of what has been achieved so far - 64-bits-headers -, and look ahead at our plans for the future - 32-bits-headers - and our vision on how to achieve this, and which technical challenges we need to solve.

There isn’t one way to build your career in open source as there are a variety of roles beyond writing code and many different routes into those roles. It’s also important for individuals to chart their own path that aligns with their unique experience and interest.

In this panel discussion, panelists will share how they got started in their career and their journey over the past two decades. For people looking for jobs in open source, we’ll discuss what we look for in candidates and why it’s not necessary to check all the boxes in job descriptions. We’ll also discuss challenges in balancing your day jobs vs. open source activities during your career.

In addition, we’ll also delve into other challenges and opportunities of an open source career that range from dealing with the impostor syndrome, DEI (Diversity, Equity, and Inclusion) challenges, exploring open source communities for self growth, and more.

The goal of this session is to help attendees feel more comfortable exploring opportunities in open source and be confident in charting their own path. Our panel members will share what contributed to their success and the lessons learned throughout their extensive experience in open source. This session is meant to be interactive, and we’ll encourage attendees to ask questions and engage in the conversation.

Scientific applications rely on third-party libraries, which may have multiple implementations with many of these implementations not sharing the application binary interface (ABI) and require recompiling depending on the target system. Recompiling can be a long and complex process, (1) impeding application execution across different HPC and Cloud systems; (2) adding developer hours rebuilding an application; and (3) not taking advantage of host-optimized libraries.

The Wi4MPI library, developed at CEA, addresses this ABI incompatibility in MPI. Wi4MPI translates the ABI dynamically from the MPI library used to build the application to a different MPI library available at run time. With Wi4MPI, HPC practitioners can break the portability barrier imposed by ABI incompatibility, potentially increase performance, and increase user productivity. This presentation is broken down in three components: (1) Understanding ABI compatibility in MPI; (2) Translating MPI libraries dynamically; and (3) Applying dynamic translation to key use cases in HPC, including Containers.

In April 2023, during the Perl Toolchain Summit in Lyon, France, the CPAN Security Working Group was set up. This presentation is a short introduction to the group, sharing some of the ambitions and thoughts behind it, and a call for participation to all stakeholders.

If you care about the security landscape around CPAN, then this presentation is for you!

The open source OCPP 2.0.1 CSMS project CitrineOS was initiated by S44. By leveraging over a decade of experience in EV charging software, at S44 we are actively working towards making EV charging more attainable and equitable. In our quest for a greener future, we face a pivotal challenge: by 2030 50% of new U.S. cars will be EVs, but today 28% of chargers in leading cities don't work. Developers must build innovative software to improve and grow the charging network so EV owners can travel with confidence. By creating an open source charge station management system, CitrineOS's goal is to provide the fuel for this change. The project is NEVI compliant, globally available and open to all. CitrineOS is meant to offer a community driven, reliable CSMS that builds a foundation for market participants to innovate on top of a protocol implementation instead of re-inventing the same wheel. The project drives forward the adoption of the OCPP 2.0.1 protocol resulting in more reliable charging networks worldwide. Our hope is that anyone looking to bootstrap a modern charging network, or upgrade an existing one from OCPP 1.6 to OCPP 2.0.1, will consider CitrineOS as their starting point, and that increased community involvement will continue to improve the charging experience delivered by this open source project. Our main code repository can be found here on GitHub: https://github.com/citrineos/citrineos-core take a look at our GitHub pages site that you can find here: https://citrineos.github.io/

Mgmt is a real-time automation tool that is written in go(lang).

It implements a DSL (domain specific language) that allows you to build fancy automation solutions. With this tool and DSL, I'll demo how I built a full, single-binary provisioning solution so that you can use your own laptop to bootstrap an entire infrastructure. Thanks to the go(lang) static compilation, it makes it very easy to have a single binary that includes tftp, dhcp and http servers, it can run a pxe boot and OS kickstart, and it can even rsync a local mirror to run an offline installation from.

We'll take you through a tour of all the plumbing that needed to be changed to support this. We'll show lots of real-time demos to keep everyone entertained.

I'll talk about the long journey it took to get us here, and how you can get involved.

As organizations increasingly shift towards hybrid cloud, many are expected to face the following challenge: how to migrate virtual workloads from traditional virtualization platforms, like vSphere, oVirt or OpenStack, to a hybrid cloud solution, like OKD? There are a variety of strategies and tools available for such a transition to choose from. In this session, we will see one of these strategies, in which workloads keep running in virtual machines alongside containers on top of OKD, based on our recent experience in migrating real-world virtual machines from oVirt to KubeVirt using Forklift.

In mid-2023, our engineering team at Red Hat took the task of migrating all the virtual machines from an internal oVirt environment to a new OKD deployment. Our oVirt environment was in use for more than a decade, running hundreds of production VMs as well as VMs for development purposes. Given the nature of the workloads, it was impractical, and in some cases not even possible, to containerize the workloads. Therefore, we decided to go ahead and take Forklift for a spin, and move the VMs to run on OKD using KubeVirt, with minimal changes to the workloads that run inside them.

At first glance, this kind of migration appears fairly straightforward, doesn't it? Especially considering we now have access to mature tools for VM migrations, like virt-v2v and ovirt-imageio, that are orchestrated by the Forklift operator. And specifically, when migrating from oVirt to KubeVirt, the same virtualization stack is used on both ends. However, in reality, the migration process was more complex than anticipated, with quite a few factors to consider and operations that were needed to complement the functionality in Forklift.

This session presents tips and insights for migrations from legacy virtualization platforms to OKD, through our test case of transitioning from oVirt to OKD using Forklift. Without assuming prior knowledge of the platforms and tools discussed, we will cover the entire migration process using Forklift, and explain scripts we implemented and strategies we used for a smooth transition to OKD. Join us to learn from our journey, so by the end of this session you will have a clear understanding of the necessary steps to successfully execute your organization's transition projects.

The linux-yocto kernel is widely known as a default OpenEmbedded / Yocto kernel, used for QEMU machines and several default Yocto BSPs. For other platforms it is use quite rarely. Nevertheless it is a kernel recommended by the Yocto Project Compatible Layer program. This talk is dedicated to the meta-qcom (Qualcomm Yocto BSP layer) swich from the Linaro-backed kernel to linux-yocto. It provides step-by-step guide and lists the positive sides and drawbacks of such conversion. Also it covers the peculiarities of the linux-yocto itself, it's config system based on the features files and config snippets.

CryptPad is a full-fledged collaborative office suite that supports End-to-End-Encryption to ensure the privacy of its users. It manages to conciliate both by using the server only for the synchronisation of encrypted communications between collaborating editors of a document. CryptPad aims at providing an user-friendly interface, hiding the technicalities from end users, letting them focus on the document content instead.

However, the nowaday use of cryptography in CryptPad sometimes clashes with simplicity of use. Fortunately, the NLnet foundation helped us prepare the future by sponsoring the Blueprints project. This project allowed us to pinpoint different ways of improvement, some of which will be presented during this talk.

In this talk Holger "h01ger" Levsen will give an overview about Reproducible Builds: How it started with a small BoF at DebConf13 (and before), then grew from being a Debian effort to something many projects work on together, until in 2021 it was mentioned in an executive order of the president of the United States. And of course, the talk will not end there, but rather outline where we are today and where we still need to be going, until Debian stable (and other distros!) will be 100% reproducible, verified by many.

h01ger has been involved in reproducible builds since 2014 and so far has set up automated reproducibility testing for Debian, Fedora, Arch Linux, FreeBSD, NetBSD and coreboot.

Marius has been playing around with VoLTE with Qualcomm Mediatek devices. He has got to the point of being able to make and receive calls and send and receive SMSs on Ubuntu Touch ported devices. It is still very hacky. Without any knowledge of the modem stack it seemed impossibly difficult, but now we are getting some insights into how it works it is possible to see how the binary blobs are doing stuff. The way forward was to run Android and capture all the calls made to the drivers. Sailfish have some of it working, so their solution provided tools too.

The fixes so far are very specific, every proprietary system has its own unique way of doing things. It is a horrible standard, and no carrier even follows the standard. The modem is a black box with no outputs. To be honest, when it works, we don’t know why it works. It works perfectly well, though, so result. He would like to share his results, to discuss with the wider community how we can roll this out to get more devices supported.

In the recent and coming years 2G and 3G are being phased out by network operators, especially on a lot of Mobile Foss OSes that are Halium based. This means that they will be useless because you can't make calls any more. It has been extremely difficult to enable VoLTE service due to all the proprietary components.

VoLTE stands for Voice over LTE, and LTE (Long Term Evolution) is better known as 4G. So essentially, VoLTE amounts to mobile calls over a 4G network.

This BoF is for modern email developers/enthousiasts to meet each other and have discussions on email protocols/implementations. Join to say hi, and optionally bring ideas/topics to discuss.

Here's already one idea to discuss: The creation of "email-compat-data" (somewhat like browser-compat-data): asupport matrix of email protocol features vs clients and servers. "Email" consists of many protocols and extensions. The many clients and servers need to interoperate with each other. A database of implementations and supported features will make testing easier. A little coordination between clients and servers, to reach critical mass, can be helpful at times as well.

On tuesday 30 january, a few days before FOSDEM, people noticed that Web sites under .ru (Russia) were all down. Because of the war, many people speculated this was an attack. But, actually, the problem came from a DNSSEC error in the top-level domain .ru and, as of today, nothing indicates it was an attack. We will describe the problem, the technical observations, possible causes and a few lessons.

We explore the security model exposed by Rook with Ceph, the leading software-defined storage platform of the Open Source world. Digging increasingly deeper in the stack, we examine options for hardening Ceph storage that are appropriate for a variety of threat profiles.

Discussions about types often begin and end with the assertion that they make our programs safer, but how to get the most out of types can be a bit of a mystery. With the development of a type system for Elixir, multiple explorations for Erlang, and the steady growth of Gleam there is increasing demand for practical discussions on how types can be used to write better programs.

This talk explores one such technique, known as "phantom types". We will learn what phantom types are, why they can be useful, and see some examples of Gleam packages employing them in the wild to achieve safer APIs.

In early 2023, having just started as Director of Engineering at a US startup, I was immediately faced with a fascinating challenge: a legacy technology landscape resembling a Rube Goldberg machine—a diverse mix of tools and systems. Join me in 'Recycle, Reuse, Rebuild: Transformative Tactics for Turning Your Brownfields Green' as we navigate the intricacies of transforming this intricate system. I'll share experiences, guide you through my decision-making process, and impart valuable lessons learned.

Unlocking Transformation

Explore the challenges of leveraging open source tools, particularly those resistant to customization. We'll address the common temptation to 'burn it all down' and start anew, emphasizing the strategic middle path of transformation.

Navigating Solution Evolution

Discover how to plan for loosely coupled systems, decide when to repair or rebuild, and strike the right balance between open source and custom solutions.

Empower Your Development

This isn't just about strategies; it's a dynamic conversation aimed at empowering you to transform your brownfields into greener, more sustainable JavaScript landscapes.

This session will be informative and fun for anyone who's ever confronted the joys of working with legacy code.

Feel like you’re not quite sure you know about all the devices in your network? This is when network topology discovery function comes in very handy. Although, applying it might not be that straightforward if you don’t know what it consists of and how to do it.
This presentation outlines the network topology discovery in detail, told by the monitoring platform’s NetXMS (netxms.com) developers team with decades of experience. They will cover such topics as - what is LLDP and CDP and how they can be used as sources of info for the topology discovery - how Spanning Tree can be such a source too (or not at all!) - what is FDB and how it can be used to get information about the end nodes in your network - automatic device discovery

Finally, the NetXMS team will guide you through the network preparation guidelines, using the NetXMS use case and their hands-on experience to show you the A to Z setup process. There are many ways where you can go wrong in this process, so the team will cover also most popular pitfalls. Please, do come if your areas of interest are network monitoring, administration and architecture, if you’d like to be more efficient in your network audit — and, generally, if you are up for a great 40 minutes spent! Network topology discovery process in focus — a detailed presentation for sysadmins, network engineers, telecom integrators, and everyone interested in networks.

Verilog-AMS is a standardised modelling language widely used in analog and mixed-signal design, but without an open reference implementation. Gnucap is a modular mixed-signal circuit simulator that partially implements Verilog-AMS, that aspires to eventually implement the complete language. In 2023, with NLnet support, we made significant progress in support for Verilog-AMS, the "analog" part, also known as Verilog-A, both on the simulator side and in the model compiler. For 2024, we will extend the work, concentrating on three tasks. The first is extensions to modelgen, the model compiler, essentially completing the analog part of Verilog-AMS, with some digital. The second task is enhancements to the simulator, mostly related to fast simulation of large mixed circuits, with both analog and digital parts. The first and second tasks are related to the "mixed-signal" aspect of Verilog-AMS. The third task addresses interoperability with other software, including schematic entry and layout, ability for Gnucap to use device models from other simulators, for modelgen to generate code to be used with other simulators, and porting some analysis commands.

Kubernetes Operators have emerged as a pivotal force in container orchestration. In this talk, I will explain the core concepts of Kubernetes Operators and their significant impact on the field. I will illustrate why Kubernetes Operators are essential, explore practical use cases, and demonstrate how they increase the capabilities of containerized applications.

I will offer an introduction to Kubernetes Operators, highlighting their importance. We will explore the dynamic Kubernetes Operator ecosystem and its crucial role in optimizing application operations. To conclude, I will present compelling case studies of organizations that have effectively utilized Operators to improve application scalability, reliability, and efficiency.

This Talk is tailor-made for those who want to cut through the complexity and understand how Kubernetes Operators simplify application management. Whether you're a newcomer to Kubernetes or a seasoned pro, this presentation offers valuable insights.

Wikirate is an open source crowdsourcing platform powered by a global community that collects, analyzes and shares data on company commitments, actions and impacts on people and the planet. Wikirate aims to lead the way in advancing corporate accountability through the utilization of open research and open data. Wikirate has been instrumental in democratizing information, fostering collaboration, and driving positive change across industries. In our talk, we will focus on the specifics of the platform, spotlighting strategies to empower users to add, verify, analyze, and share accessible, reliable data.

The electricity grid faces challenges such as rising electricity demand and the integration of solar panels, wind turbines, electric vehicles (EVs), heat pumps, etc. Moreover, smart technologies are being added, providing a wealth of data. The industries associated with these challenges must perform complex calculations to assess the present and future state of the grid. The vast scale and diverse applications demand faster calculations that are cross-platform compatible.

Power Grid Model is an open-source library with a C++ core and a well-defined Python API. It conducts state estimation, power flow, and short-circuit calculations for symmetric/asymmetric grids. The library is actively employed in 10+ applications within Alliander. Other major grid operators in the Netherlands, as well as researchers and stakeholders throughout the grid technology chain, use the library to conduct academic, technical, and feasibility studies.

In this presentation, we will explore the power-grid-model library, its capabilities, active and future use cases.

To know more about the power-grid-model project, visit: https://lfenergy.org/projects/power-grid-model/

Kisscache is a simple caching service developed by Linaro for the LKFT (Linux Kernel Functional Testing project at Linaro) project to cache test artefacts like kernel, dtb and root filesystem. While pretty simple, KissCache can cahe https urls without any hacks that proxies like squid will require.

Kisscache is intensively used at Linaro to reduced the amount of data downloaded by the CI system while improving reliability with automatic retries. Since it's introduction, two years ago, KissCache was able to save 1TB of data transfer and decrease the amount of network failures.

In this short introduction, I will show you the features that make this service so efficient for LKFT.

Space-Time diagrams are crucial schematics for organizing railway traffic. However, their symbolic representation hides the reality of the railway infrastructure that supports the traffic. In Open Source Railway Designer, we found it necessary to enhance the context related to the 'space' component of this diagram.

We developed a custom projection, bending a map to position the origin at the bottom, the destination at the top, and the path relatively straight in between. The outcomes reveal a vertically aligned map following the Space-Time diagram, but with precise infrastructure details alongside geographic context using Open Street Map data.

This presentation will delve into the technique, discussing the calculations, implementation methods, as well as my experience navigating this challenge as a graphics developer without domain knowledge.

openQA is a software for automated testing of installing and running distributions, written in Perl with a bit of C++.

In this talk I want to give you a short introduction of what you can test with openQA. In the second part I want to show how our team develops this software, how we test and deploy it and how we got to over 95% code coverage.

Shig is a federated live stream broadcasting service designed to distribute live streams among cross-domain Fediverse instances on the backend side via WebRTC. The service has an ActivityPub implementation and clones the stream on the backend side. Shig is designed using the WHIP/WHEP approach for both incoming and outgoing streams, eliminating the necessity for an additional Signal Server. The "cloning" of live streams across domain boundaries enables different kinds of live video content distribution, as well as interactions with live streams, such as multi-guest streaming.

Links: https://github.com/shigde/ https://shig.de https://mastodon.social/@shig

Docu: https://github.com/shigde/sfu/blob/main/docs/README.md https://github.com/shigde/sfu/blob/main/docs/use-cases.md

In automotive, Android guests are currently used for deploying infotainment systems. To support Android as a guest, the Virtual Machine Monitor (VMM) requires a set of virtual hardware like sound, video and networking. In this context, VirtIO has spreaded as a standard interface for virtual devices. Having VirtIO for hardware allows Android to be deployed in different VMMs that support VirtIO like Crosvm or QEMU. This talk presents the current efforts to implement virtio-sound for infotainment systems in automotive. The implementation of virtio-sound can be split into two: the device or backend and the driver or the frontend. Generally speaking, the driver runs in the guest OS and it is not different from other sound drivers. The sound driver exposes an API to the user-application in guest and then communicates to the device to serve those requests like playing a sound or recording audio. The device usually runs in the host and processes the requests that come from the driver. There are different ways to implement the device, e.g., as a built-in device in QEMU, using vhost or vhost-user. In this talk, we talk about our decision to implement virtio-sound as an vhost-user device. In this case, the device runs in the host machine as a separate process independent of the QEMU process. This deployment has benefits like reducing the attack surface of QEMU and also enables more granularity in setting up rights for the device process. Our implementation is able to handle different audio backends by relying on a generic interface. Currently, we support the pipewire and Alsa as audio backends. During this presentation, we propose to share our journey in building the virtio-sound device, including improving its specification, fixing bugs in the virtio-sound driver, and building it as a rust-vmm project. We also plan to outline a roadmap for the future like adding support for other audio backends like Gstreamer.

No one really loves testing, however it becomes the most critical part of any software project as the size and complexity grows. Discover the strategies behind creating a low-touch developer friendly framework for integration testing through our work on Dapr. This talk highlights the design philosophy and practical steps taken to build a framework that not only speeds up test scenario creation but also makes ad hoc testing for new features and bug reproduction a breeze. The framework’s user-friendly design encourages wide participation from developers, fostering a collaborative testing culture on a project. Attendees will gain insights into efficient testing practices, learning how to apply these strategies to enhance their own Go projects.

github.com/dapr/dapr

Come with me on a journey through the realms of state machines, with the practical brilliance of Erlang’s gen_statem behaviour as our light beam. Building on state machines as a model to reimplement technical debt, we will traverse the intersection of gen_statem practical implementation and the theoretical foundations of state machines. Using real-world application examples, we will go over from the industry beast to the theoretical abyss, revealing the mathematical elegance inherent in state machines and its more powerful automata siblings. Bridging this gap, we will empower Erlang developers to architect solutions that go beyond conventional patterns, with concrete examples and plenty of code to read, providing the attendees with a comprehensive vision to harness the full potential of gen_statem.

This talk presents a case study in taking a security-focused application to the next level by modifying the Rust compiler to target a capability-based architecture.

We will discuss CHERI, a system that enables hardware enforcement of safety constraints at runtime using capabilities, and how we have added support for CHERI to the Rust compiler in order to improve the security of CyberHive Connect, an application that implements an end-to-end encrypted mesh network.

Connect can already boast a very high level of security when we consider the protocols it uses, and we can argue that the application itself has many potential vulnerabilities eliminated by being written in Rust. However, just like most real world applications, Connect needs to make use of unsafe code in areas such as the interface with the underlying operating system. This exposes an attack surface in the form of code that the compiler can't guarantee will be safe at runtime.

If, however, we make modifications to the Rust compiler to support transferring knowledge about pointer provenance, bounds and other access restrictions to CHERI's capability-based runtime enforcement, then in many cases we should be able to eliminate the potential for unsafe situations to occur.

This talk will demonstrate what we have managed to achieve in terms of producing a modified Rust compiler that can target CHERI architectures. We will give an overview of what problems were solved by doing this and how we worked towards getting our real world Rust application running on CHERI.

GraalVM Native Image is a technology that allows users to transform their Java programs into ahead-of-time compiled executables. However, until recently, Native Image was missing a key tool that Java developers use to gain insight into what an application is doing: JDK Flight Recorder. JFR has been re-implemented in Native Image so that it can be included with executables and behave with a similar experience to JFR in OpenJDK. In this presentation, we'll peel back the layers and give you a tour of some of the most vital parts of JFR's inner workings in Native Image. At various points, we'll stop and draw comparisons to how JFR is implemented in OpenJDK.

From this presentation, listeners will get exposure to some of the unique challenges to developing low-level implementations for Java-on-Java and ahead-of-time compiled applications. They will also gain a better understanding of how key JFR components work under-the-hood.

The world’s largest supercomputers get most of their potential from their GPU accelerators. As such, it is essential to target GPUs when running on such powerful machines. Given the desire for portability of applications, OpenMP offloading is a popular way to accelerate applications on GPUs.

This talk presents the ROCm OpenMP offloading compiler from two perspectives: compiler flags and compiler/runtime implementation. Given that it may be critical to use the right compiler flags, the talk presents some of the tuning knobs that the ROCm OpenMP compiler exposes to users. It will go into more detail of what optimization, feature, and parameter the specific compiler flags enable. For each of the compiler flags listed, the talk will present information on what occurs in the compiler and the runtime library. For several of these switches, the talk presents performance results.

In particular, the talk covers the high-level flag -fopenmp-target-fast and what optimizations are enabled by that switch. It will then go into more detail about the specific flags for the selected underlying optimizations and their user-facing parameter options that allow for fine-tuning in certain scenarios. Specifically, the talk covers the following flags:

• -fopenmp-gpu-threads-per-team: This switch controls kernel launch parameters considered during the compiler’s code generation phase, which can impact things like register allocation.
• -fopenmp-target-big-jump-loop: This switch enables a more optimized form of loops for running on the GPU that is closer to traditional block-languages like CUDA or HIP.
• -fopenmp-target-no-loop: This switch enables the generation of CUDA-like code without any loop executed on the device. The talk outlines which conditions must be met to allow the compiler to generate such GPU code.
• -fopenmp-target-xteam-reductions: A special form of reduction kernels that can greatly benefit the performance of reductions. One of its main tuning knobs is the blocksize.
• -fopenmp-target-xteam-reduction-blocksize: The xteam reductions blocksize and what are the implications.
• -fopenmp-force-usm: This flag is a convenient switch that enables the compiler to emit code as if the user specified #pragma omp unified_shared_memory.

In addition to the compiler flags, the runtime offers additional configurability via environment variables. Some of these variables influence the very same mechanisms, whereas other provide separate mechanisms. The talk gives an overview of some of these variables and how they influence execution.

The repositories can be found at https://github.com/ROCm. The AOMP development compiler (with build recipes etc) can be found at https://github.com/ROCm/aomp

Collabora Online is an online collaborative Office suite which you can integrate into your own infrastructure. Typically comprised of a JavaScript browser side client communicating with a remote server side instance. Here we demonstrate Collabora Online serving a WASM solution to enable the JavaScript client to communicate with a WebAssembly server instance executing within the browser to allow editing of a document while disconnected from the network. Providing Collabora Online, off-line.

Since 2017, I monitor all API Developer tools and companies on https://apilandscape.apiscene.io/ and in this talk I would like to present latest trends and updates to the DevRoom audience. Especially, we will talk about how Async/Real time, OpenAPI Spec API Security and Privacy, API Regulations, AI and APIs, GraphQL are consolidating the landscape.

Much has happened in the embedded security field in 2023: the raise of SBOM, discussions on the Cyber Resiliance Act (CRA), important vulnerabilities and updates in major projects.

In this talk Marta is going to present her subjective overview of embedded security in 2023 and a list of items to watch in 2024.

Case-study on how we (re)discovered and worked around a bug in USB 2.0 specification that leads to race conditions when resuming from USB suspend, which affected the cellular modem module used in the Librem 5 phone.

Join us for a journey through the inception, growth, and eventual challenges faced by the Reproducibility Society at the University of Surrey, a grassroots initiative that sparked a movement in open and reproducible science collaboration. Established in June 2019, the society brought together research students from diverse disciplines to foster discussions on transparent and rigorous research methods. Drawing inspiration from the UK Reproducibility Network and various postgraduate-led initiatives nationwide, the society successfully influenced university policy, creating a supportive community for skill-sharing, motivation, and resource exchange. An initially successful project central to the society was the Monthly Mini Hacks. These were workshops that addressed the coding learning curve and promoted collaboration among students and research staff. Using Open Science Framework and open access publishing platforms, we facilitated hands-on coding experiences where information was freely available to everyone.

This talk delves into the story of student collaboration, the highs and lows of open science advocacy, and the valuable lessons learned from the challenges encountered. The Surrey Reproducibility Society experienced triumph, such as university-wide implementation of policies championed by the society, and failures, including the societies eventual dissolution. This talk reflects on the society’s journey, sharing tools for attendees to implement in their own initiatives, and learn from the success and struggle of our grassroots initiative. We explore the potential for future endeavours, emphasising the importance of adaptability, community engagement, and resilience in advancing the cause of open and reproducible science within the academic landscape. We intend for attendees to leave our talk wiser than we were, inspired to make positive change, and equipped with the tools to do so.

Join Antoine Pairet, CTO of Rosa, as he leads a deep dive into the core of JavaScript performance: the event loop. This session will demystify how JavaScript handles asynchronous operations, offering insights into optimizing your code for maximum efficiency. Discover the secrets behind event-driven programming, learn best practices for avoiding common pitfalls, and explore advanced techniques to enhance your applications' responsiveness and speed.

Cybersecurity attacks are constantly increasing and simple IP/port-based policies are no longer enough. GeoIP is a popular technique used to limit access to selected resources from specific locations, and IP blocklists contain lists of IP addresses that have a low reputation and for which communications (from/to) should be forbidden on healthy networks. In addition to this, IP addresses that have shown malicious behaviour (e.g. multiple service failures or WordPress attack attempts) should also be blocked.

This talk introduces ipt_geofence, an open-source tool for Linux and FreeBSD that combines in one tool IP geofencing, service (e.g. SSH, Web and mail) analysis, and blocklists. It allows malicious hosts to be blocked and hence protect services in a simple way without having to use multiple tools and complex administration practices to implement what ipt_geofence offers out of the box.

During these last two decades, transmission system operators (TSOs) have been facing profound changes such as penetration of renewables, DC networks, redefinition of European market mechanisms leading to major evolutions in the way to operate the electrical transmission grids. The goal of carbon neutrality implies that most of the challenges for TSOs are still to come. All those changes imply drastic changes in the way to perform grid analysis and have appropriate computation modules to perform efficient security assessment. Legacy tools are evolving slowly with low information about used approximations. RTE, the French TSO, believes that Open Source is the perfect answer to build power system tools in an efficient, flexible, transparent, and collaborative way. RTE has significantly invested in these Open Source tools and would like to share his experience with demo of tools currently in operation based on PowSyBl framework.

Crash-consistent snapshots of storage volumes are a required feature in today’s storage systems. In Kubernetes, the CSI protocol introduced the VolumeGroupSnapshot concept which requires crash-consistent snapshots be guaranteed within the context of volumes, which may be block devices or mounts on a distributed POSIX file system such as CephFS. This talk will cover the challenges and mechanisms to achieve this design goal. In particular, we will show how CephFS provides consistency by exposing a new API to pause write IOs to a set of volumes for the duration of the snapshot process. We will explore the new API, the mechanisms used to achieve this IO pause and discuss broadly the software changes made to Ceph.

Struggling with databases? Me too. Well, that was before.
As developers, we often interact with databases, whether to understand the data model or debug our application.
After more than 50 years of existence and thousands of tools, we still rely on our basic SQL client: query file and a results table.
No advanced tool has really gained widespread adoption.

This is the challenge I set for myself: create the daily tool for developers to interact, explore, and collaborate with their databases 🤯
I've checked all the boxes: a beautiful and modern SaaS, fully open-source, with a generous free plan, but most importantly:

• a blend of schema and data exploration and documentation
• an ultra-simple DSL to design and evolve your schema
• made for complex databases
• analysis of best practices

In this talk, I'm discussing the needs I've identified, how Azimutt addresses them, including a demo, as well as my process of creation, past and future.

The semiconductor industry has been evolving and innovating for the past 75 years, ever since the first semiconductor transistor was invented. This rapid growth is driven by the direct and proactive contribution of the FOSS CAD/EDA to the entire technology flow: from state-of-the-art semiconductor technologies, device level compact/SPICE modeling, its Verilog-A standardization to advanced IC designs for various HiTech applications. However, the semiconductor industry also faces many challenges in maintaining the growth of its workforce with skilled technicians and engineers. To address the increasing need for well-trained workers worldwide, we need to find innovative ways to attract skilled talent and strengthen the local semiconductor workforce ecosystem. The FOSS CAD/EDA tools with the recently available open access PDKs provide a new platform to connect IC design beginners, enthusiasts and experienced mentors to benefit from the collaboration opportunities enabled by the fast-growing open-source IC design movement. FOSS IC design collaboration is increasingly possible due to the rapid growth of open access PDKs recently offered by SkyWater, GF and IHP. This paper demonstrates the FOSS CAD/EDA contribution to the SPICE/Verilog-A modeling/standardization, compete IC design flow (Xschem, Qucs-S, ngspice, Xyce, OpenVAF, OpenEMS, Magic, kLayout, OpenRoad) as well as selected open source analog/RF and digital IC design examples.

Trains are planned with margins compared to their fastest possible drive. Without them, they would not be able to catch up in case of a delay. A train departing 5 minutes late would arrive at least 5 minutes late. A driver accelerating or braking a bit slower than planned would inevitably be late. The entire transportation plan would fail.

Those margins/allowances consist of adding extra time to the total running time. This implies planning trains with a lower speed than the maximum they could physically drive.

There are many ways to lower the speed of a train along its trip, but one of them is particularely efficient in terms of energy savings. The algorithm MARECO, developped by SNCF, details an entire strategy for this purpose: how to plan a train that would intelligently drives slower in a way that consume the least amount of energy ?

In this talk we will go though the main ideas of the algorithm, then we will compare its efficiency to other margin distribution stratgies on a few relevant examples, and finally we will discuss the impact of this algorithm on train planning and operation.

The Turing Way is a handbook for reproducible, ethical and collaborative data science. The book is a collaborative effort; over 470 contributors from many, diverse backgrounds share their wisdom in its pages. The size of the community means that not everyone will share the same technical skills, preferred tools, or ways of working. The book is built from Markdown source files using JupyterBook and work is largely coordinated on GitHub. We want to maintain and promote the benefits of version control, plain text and open working. However, this can clash with the experience and expectations of collaborators, raising the barrier to contribution and potentially making people feel unwelcome. I will talk from my perspective as an RSE and co-lead of The Turing Way's infrastructure working group about lessons in bridging the knowledge of our community and the technology of how the book is produced.

In 2018, I started designing a new object system for Perl, codenamed Corinna. Eventually, a team grew up around the design and with the release of Perl v5.38.0, the first bits of the new system are in place.

This is a new talk giving a quick walkthrough of the features of Corinna and why it's so powerful.

Composefs is new filesystem that supportsvalidating, content-sharing readonly images. It has recently had an 1.0 release, and has started to be used for image-based operating system. However, composefs is also a great fit for container image.

This talk will explain what composefs is and how it works, and then talk about what advantages composefs brings to containers. It will also talk about the current level of support for composefs in the podman image store, and show some demos of it.

MicroBlocks is a blocks programming language for physical computing inspired by Scratch. It runs on microcontrollers such as the micro:bit, Calliope mini, AdaFruit Circuit Playground Express, and many others.

Anyone aged 7 to 17 can visit the workshop and learn how to program microcontrollers with MicroBlocks.

Registration will be required for this session. Use the following link to register.

Software engineers choose Rust for its safety and performance baseline. Wizards use Rust's dark arts to improve performance by chanting cursed unsafe-yet-sound expressions. Whether you’re an engineer or a wizard, this talk will give you the tools and best practices to correctly measure and explore Rust’s performance claims against your projects. And wizards will learn when the performance benefits are worth risking nasal demons with unsafe code.

It is tough to figure why Erlang or Elixir code is failing, or how unknown software is working. When confronted with an unusual error, we might search for it in the code, which often gives multiple results, so we resort to guessing. We might also decide to trace with tools like dbg or recon, but here we need to guess, which functions to trace. I would like to show you a different approach, where the first step is to trace multiple modules or even whole apps. Then you can query, analyse, process and even execute the collected traces. The tool itself is so simple, that you will be able to use it instantly. It is also battle-proven, as I have used it numerous times to debug the MongooseIM project, which I am leading. Limit unnecessary guesswork and have more time for creative work.

Software-defined networking workloads are deployed higher and higher up the stack, in virtual machines, now containers, to leverage all the perks of these abstractions. But this comes at a cost, as being further away from the silicon makes reaching high throughputs more difficult.

In this talk, we will cover CPU resources management, including challenges related to CPU affinity and cgroups, and strategies to obtain better performance in network workloads at different levels of abstraction.

For demonstration purposes, we will discuss network workloads deployed on Calico-VPP powered Kubernetes clusters, and the performance gains observed using CPU placement strategies.

JNI is, to date, the only way to access native libraries from Java code, but JNI's brittle and convoluted programming model makes it tedious to use at scale. But no more: JDK's 22 Foreign Function & Memory API provides a safe, modern and efficient way to access foreign memory and code from Java.

OCI (OpenStack Cluster Installer) is a software to provision an OpenStack clusters automatically. This package installs a provisioning machine, which uses the below components:

• DHCP server (isc-dhcp-server)
• PXE boot server (tftp-hpa)
• web server (apache2)
• puppet-master

Once computers in the cluster boot for the first time, a Debian live system is served by OCI over PXE, to act as a discovery image. This live system then reports the hardware features back to OCI. Computers can then be installed with Debian from that live system, configured with a puppet-agent that will connect to the puppet-master of OCI. After Debian is installed, the server reboots, and OpenStack services are provisioned, depending on the server role in the cluster.

OCI is fully packaged in Debian, including all of the Puppet modules. After installing the OCI package and its dependencies, no other artificat needs to be installed on your provisioning server, meaning that if a local debian mirror is available, the OpenStack cluster installation can be done completely offline. This presentation will introduce OpenStack Cluster Installer, and explain how it works, its general principle, and why it's a very good solution to manage your OpenStack deployment on Debian.

See details of the project here: https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer

Differential fuzzing is a powerful fuzzing technique for uncovering hidden bugs and vulnerabilities in code. Learn how to integrate this tool into your development process, enhancing your software's reliability and security.

When procuring new hardware for an HPC system, the hardware vendors can be provided with targets to hit. This can either be performance per dollar but more recently also includes metrics like performance per watt. Industry standard benchmarks like Linpack, Stream, or Spec are not necessarily representative for the jobs that will actually run on the system and their predicted performance per dollar or watt might not be accurate when users run their tasks on the system. At the association for national high performance computing (NHR) we are developing a pipeline to generate a representative benchmark collection from an observed job mix to provide to hardware vendors. One essential step is the so called mini-app extraction. A mini-app is a standalone kernel of a given HPC application, making it significantly smaller in terms of lines of code but retaining the computational characteristic of the original application. Based on these mini-apps vendors can better suite there hardware offerings to the expected use. As mini-apps usually need to be crafted manually by domain experts, we are developing Mini-Apex. Mini-Apex is an open source compiler tool based on Clang, able to help extract mini-apps from C and C++ applications. It uses a MetaCG to generate a call-graph with attached analysis results, and PIRA to identify the kernel. It then extract the kernel-function, as well as all necessary sub-routines, variables, classes, structs, and definitions into a mini-app, reusing most of the build system of the original application.

Passbolt is an open source password manager designed for collaboration. In this presentation we will dig into the new product functionalities developed in the course of 2023, as well as the results of the latest security audits. Finally we will touch base on the roadmap for 2024 and beyond.

Managing electrical substations poses significant challenges. The high costs associated with hardware and equipment, as well as the high level of knowledge necessary in electrical engineering, make the work and research in this field accessible only to a select few major electrical companies. The LFEnergy SEAPATH project introduces a paradigm shift in this sector. By aggregating third-party FOSS components, it brings virtualization to electrical grid substations and provides a robust solution for critical infrastructures, enhancing their adaptability and increasing their interconnections.

The primary objective of SEAPATH is to transition from a hardware-centric to a software-centric model within substations, leading to reduced costs, improved adaptability, and simplified maintenance and updates. Moreover, the project aims to democratize participation in the field. SEAPATH eliminates the need for specialized equipment in both the construction and testing phases of a substation system. The project further emphasizes an open-source philosophy, incorporating meaningful documentation and a transparent strategy.

This presentation will delve into Savoir-faire Linux's experience in replicating a SEAPATH infrastructure in their laboratory. It will provide insights into the architecture of SEAPATH and the essential tools employed for conducting functionnal tests. The tools showcased encompass Precision Time Protocol (PTP) at software level, IEC 61850 Sample Value simulation as well as latency measurements . Crucially, this talk aims to communicate the inclusivity of SEAPATH, making it accessible to a broader audience. By eliminating the need for specialized expertise in electrical engineering, SEAPATH opens the door for researchers, mathematicians, and professionals from diverse backgrounds to contribute meaningfully to the project. The presentation will highlight the collaborative potential of SEAPATH, fostering a community where individuals with various skill sets can actively participate in shaping the future of electrical substation virtualization.

Support for hardware video codecs has been around in V4L2 since the memory-to-memory (M2M) framework was merged in 2010. While it initially allowed support for firmware-driven stateful implementations, it did not cover the case of stateless hardware codecs where the kernel has to configure hardware blocks directly instead of relying on a (proprietary) firmware.

Stateless video decoding became supported in 2018 after Bootlin's successful crowdfunding campaign targeting Allwinner platforms. The only remaining piece missing after this work was support for stateless video encoders.

This talk will present the current effort to bring support for stateless video encoders in mainline V4L2. This includes an overview of the current preliminary work on selected hardware platforms and video codecs as well as a brief summary of today's out-of-tree support. It will be followed by an introduction to the difficult process of creating a new userspace API to support them in mainline Linux, the inherent trade-offs that need arbitration and why this is taking time to converge.

The Carpentries teaches foundational coding and data science skills to researchers worldwide using open source training materials. A typical workshop uses several online components: a website with course notes, an etherpad for shared notes, data downloads, Github repositories and frequently a Jupyter notebook or Rstudio server. One of the popular lessons is HPC Carpentry which covers an introduction to the Unix command line and using shared High Performance Computing systems.

CarpentriesOffline (https://carpentriesoffline.org) is an out of the box solution for running a Carpentries workshop from a single device such as a Raspberry Pi, old laptop or even a dedicated server. It is intended for use in environments where there is limited or no internet access. Everything needed to run the workshop including course notes, data files, software downloads, a Git server, etherpad and a Jupyter Hub server are provided by the CarpentriesOffline system. It can also provide a backup environment for those with better connectivity in the event of the Carpentries website, etherpad, GitHub etc suffering an outage.

We have also developed a miniature high performance computing system based around the Raspberry Pi and RockPi single board computers to allow participants to experience using a high performance computing system without having remote access to one.

This talk will describe:

The architecture of the CarpentriesOffline system
The build process that automates the creation of OS images in GitHub Actions
Ways to download and deploy it yourself
How to get involved with the project

The Linux Kernel lies at the heart of many high profile services and applications. And since the kernel code executes at the highest privilege level it is very important to keep up with kernel updates to ensure the production systems are patched in a timely manner for numerous security vulnerabilities discovered almost every day.

Yet, because the kernel code executes at the highest privilege level and a kernel bug usually crashes the whole system, many SREs, production engineers and system administrators try to avoid upgrading the kernel too often just for the sake of stability. In many companies we have seen a tendency to create more obstacles to Linux kernel releases (requiring more approvals, harder update justifications, requiring more time in canary testing etc). But introducing all these obstacles and not treating kernel updates like any other software updates usually significantly increases the risk for the company and their service of being exploited.

One of the reasons SREs and production engineers are too afraid of ANY kernel upgrade is that they don’t actually know the details about Linux kernel release process and policy. This talk tries to demystify Linux Kernel releases and provides a guide on how to distinguish a kernel bugfix release from a feature release. We also try to explore why commonly established perceptions and patterns around production kernel releases are wrong and how you actually risk the stability of your systems by not releasing the kernel regularly. In the end we describe how kernel releases are implemented in our company and propose possible approaches to deploy kernel upgrades regularly with minimal risk.

Come and hear about some of the work we have done to optimize the collaborative performance of Collabora Online recently. See how an improved mix of tils compression algorithms and AVX acceleration improves both time and bandwidth. See the impact of profiling, tons of flamegraphs, and catch the excitement of making code simpler, faster and better for users simultaneously.

See too some of our recent usability optimizations: the easy little features around the UX that cumulatively make life more pleasant - and the people that have implemented them.

Finally see how you can get involved with the fun.

At FOSDEM 2023 we heard directly from the authors of The Cyber Resilience Act (CRA) and the Product Liability Directive (PLD) about the care they were taking to avoid harm to free and open source software developers. During the year, these legislators received a great deal of help from experts across the communities to make that (even more) true! Now both instruments are in their final state, we can learn lessons how to engage over the next wave.

In this session we will hear an update from the authors of the legislation on how they see the last year with CRA and PLD, and insights from the open source community members who engaged to change it. We will explore how easy it is to engage with legislators over policy that will affect open source projects, and hopefully have an opportunity for audience feedback. If this session leaves you with questions, or you want to contribute yourself, come to the unique "policy hackfest" Devroom on Sunday, "Open Source In The European Legislative Landscape".

Outreachy provides internships in free software and open science. Outreachy interns work remotely with FOSS mentors for 3 months. Outreachy is a great way to increase diversity in your FOSS community, since Outreachy provides internships to people subject to systemic bias and impacted by underrepresentation in the technical industry where they are living.

Come learn about Outreachy and network with Outreachy organizers, mentors, past interns, and new friends! Whether you are considering mentoring Outreachy interns or you want to connect to other Outreachy participants, come by to say hi.

We want to know more about you, your projects, and how you are working on enhancing the FOSS ecosystem.

OSRD is a railway toolbox designed for multiple use cases. These tools have in common a reliance on railway infrastructure simulation and results analysis. In order to perform short-term digital capacity management (STDCM) or operational studies, a fine grained simulation of railway signaling systems is necessary. Every country has different signaling rules, and often multiple active signaling systems, sometimes even overlapping. This raises a challenge: how do we decouple the complexity of railway signaling and the rest of the application code, while retaining acceptable performance? In this presentation, we will present our modeling of signaling systems and how we use it to automatically detect scheduling conflicts.

Official OSRD website: https://osrd.fr/en/ Github repository: https://github.com/osrd-project/osrd/

For developers building distributed applications, few things are more frustrating than having an API break unexpectedly. When an API changes in a backwards-incompatible way, it can disrupt downstream consumers. Suddenly, applications start failing, integrations break, and developers are left scrambling to fix the issues.

How can developers deploy changes fast without breaking APIs and maintain stability for consumers? By adding modern observability techniques to their APIOps pipeline.

In this talk, we will start together from a traditional APIOps pipeline in ArgoCD and explore how incorporating modern observability techniques can help developers deploy changes quickly and efficiently while maintaining stability for API consumers.

In this presentation, Sonja (Group Product Manager in the API space) and Adnan (5 years in the observability space) are combining their expertise to present best practices for detecting and resolving API issues in production.

This talk will be helpful for developers working with APIs, helping them extend their GitOps practices by using distributed tracing in pre-production to identify and fix issues before they reach production.

But it will also be helpful for any users of OpenTelemetry, Jaeger and/or ArgoCD.

Biome provides fast error-resilient IDE-ready formatters and linters for JavaScript, TypeScript, JSX, and JSON. It scores 97% compatibility with the Prettier test suite and implements more than 200 linter rules from ESLint, TypeScript ESLint, and others. In this talk I will introduce the unique features of Biome and how I improved the Biome's semantic model to support TypeScript. This will lead us to understand:

• What is a semantic model and how TypeScript types coexist and interact with JavaScript values?
• How to achieve top-notch IDE support using an error-resilient parsers and Concrete Syntax Trees?

AV1 is an open and royalty free codec, recently designed within the context of the Alliance for Open Media (AOMedia). It was specifically designed for use over the Internet, and was built with Scalable Video Coding (SVC) functionality built in the specification. This makes it a particularly interesting codec to use in WebRTC applications of different kinds, from web conferencing to streaming and more.

This presentation will cover how AV1 is used on top of RTP, how SVC is signalled and used within the context of an ad-hoc (and pretty convoluted) RTP extension, and the efforts I had to make to get all that to work in the Janus WebRTC Server. If time permits, I'll show a brief demo of how it works too.

"Okay, this Linux on Phones thing ... but it has no apps, right?" It has apps - Sailfish OS and Ubuntu Touch have dedicated app stores, and the newer projects also have many well working apps.

This talk attempts to cover it all - from frameworks to metadata, stengths, weaknesses, highlights, difficulties and gaps.

This talk presents Kùzu: a new open-sourced graph database management system (GDBMS) that is designed for graph data science (GDS) eco-system, specifically in Python. GDS applications require a series of data processing steps, such as extracting data from tabular sources into a graph of nodes and relationships, cleaning and transforming the graph, extracting node features, and finally moving data into a GDS package, such as NetworkX and PyTorch Geometric for graph analytics. These steps can be performed easily and efficiently by GDBMSs, which provide high-level graph-based data models and query languages to developers. Kùzu is a GDBMS designed to serve as an essential storage system for GDS developers.

Kùzu's embedded architecture makes it very easy to import as a library without a server setup and also provides performance advantages. Specifically users can: (i) ingest and model their application records in various raw file formats, such as Parquet or in-memory Pandas DataFrames, as a graph; (ii) query and transform these graphs using Cypher query language; and (iii) export graphs into popular Python GDS packages like NetworkX and PyTorch Geometric with no copy cost.

The talk is tailored for data scientists and engineers. We will briefly provide the necessary background on graph analytics. We'll briefly walk through code examples showcasing how Kùzu makes developing GDS pipelines easier, via its integrations with the PyData ecosystem.

The energy transition poses new challenges to all parties in the energy sector. For grid operators, the rise in renewable energy and electrification of energy consumption leads to the capacity of the grid to near its physical constraints. Forecasting the load on the grid in the next hours to days is essential for anticipating on local congestion and making the most of existing assets. OpenSTEF provides a complete software stack which forecasts the load on the electricity grid for the next hours to days. Given a timeseries of measured (net) load or generation, a fully automated machine learning pipeline is executed which delivers a probabilistic forecast of future load. During this presentation, the implementation of OpenSTEF to fully automatically forecast the load on the grid at the Dutch Distributed System Operator will be shown. Furthermore, the community built around OpenSTEF will be discussed. Take a look at the OpenSTEF website and Github.

I've always believed that the best way of learning a language is doing low level stuff with it. It will show you how well the language is thought through, and will help you understand some inner workings. Let alone the cool factor of having to say you implemented a random protocol. In this demo/talk I'm going to show you how I've implemented the NTP (network time protocol) using Elixir. I'll also talk about reading RFCs, how I got into a fight with an LLM, and much more.

The challenge we were facing was to verify a firewall based on iptables according to a set of defined requirements. Included in the challenge were finding a tool to craft custom network packets, integrating the tool into the test environment and defining test cases based on the expected communication behaviors and the given firewall rules. For this it is important to know how the packet filtering in the Linux kernel is working in general. This talk will highlight how the scapy python framework works in general and how it can be used to empower developers for testing to achieve this challenge.

This talk will start with an overview about the existing network packet tools and why scapy was chosen. Next it is important to understand the basics of the netfiler in the Linux kernel and how scapy is attached to it. Once a functional overview of scapy is given, we are able to write proper test cases. We will explain detailed examples how to create ICMP, UDP and TCP packets, how to manipulate the protocol header and how to choose fitting methods for sending in specific test scenarios. To wrap this up we will provide advanced real world examples based on specific iptables firewall rules.

IoT (Internet of Things) is playing an increasingly important role for Deutsche Bahn. Be it to monitor existing infrastructure systems and make them fit for the future with pedictive maintenance or to obtain information in order to be able to make better decisions based on it. It is essential for Deutsche Bahn, that prototypes can be built and tested very quickly and cost-effectively. The talk provides an insight into the open source software ThingsBoard and the IoT construction kit Tinkerforge. After this, we will make a live demo and build a IoT system to monitor the air quality in the conference room. This gives you a very easy entry into the world of IoT. Finally, we would like to share our experience in conducting IoT hackathons to find solutions or recruit young talent and present three unusual IoT use cases at Deutsche Bahn.

A common question language runtimes have is: how many resources do I have access to? They want to know e.g. how many threads they can run in parallel for their threadpool size, or the number of thread-local memory arenas, etc.

The kernel offers many endpoints to query this information. There is /proc/cpuinfo, /proc/stat, sched_getaffinity(), sysinfo(), the cpuset cgroup hierarchy's cpuset.cpus.effective, the isolcpus kernel command line parameter, /sys/devices/system/cpu/online. Further, libcs offer divergent implementations of sysconf(_SC_NPROCESORS_ONLIN). As a bonus, the kernel scheduler may be configured to limit resources using cpu "shares" or cpu quotas, so a task may be able to run on all cores, but have some kind of rate limit that is not reflected in the physical cores the system is allowed to run on.

In this talk, we propose a new library "libamicontained" to offer one place to consolidate the logic for the answer to this question. We propose a:

• C ABI exporting
• statically linked
• zero dependency

library which is aware of all of these different runtime configurations and answers questions about cpu counts etc. in accordingly reasonable ways.

Of course, the real challenge here is adoption. Ideally we can pitch such a library as "from the container people", so it's an easier pitch to language runtimes. We are here seeking feedback on all points (heuristics to reason about CPU counts, design goals, etc.) from container people as a first step.

[2]: as of this writing, the jvm still uses cpuset.cpus instead of cpuset.cpus.effective on cgroupv2: https://github.com/openjdk/jdk/blob/7fbfb3b74a283261027e6c293e1a5dbc354cf0af/src/hotspot/os/linux/cgroupV2Subsystem_linux.cpp#L92-L96 [3]: https://github.com/libuv/libuv/issues/2297 , https://github.com/nodejs/node/issues/6252

When teams need to collaborate on documents on a regular basis, chaos can quickly break out: the necessary editing rights are missing, or important files cannot be found. This scenario can cause problems, especially when it comes to sensitive docs.

Moving all the activities related to handling paperwork to the digital rooms of open-source ONLYOFFICE DocSpace can eliminate such difficulties. In our session, we will:

• present ONLYOFFICE DocSpace which we launched in 2023;
• describe its tech stack;
• explain how rooms work and what are the benefits of such collaboration mechanism;
• present new tools for working with different types of office files such as digital forms and PDF;
• show available integration options, including plugins, connectors, open API for developers;
• tell you what security features ensure data protection in DocSpace;
• share our plans on further enhancements for DocSpace.

In 2022 I left the Go team at Google to carry on in approximately the same role, but as an independent professional maintainer. The idea was not to rely on donations, nor to do support contracts, but to sell retainers to companies interested in funding my work and having access to my expertise.

At the time, it was an experiment, trying to prove a new model by putting my money where my mouth was. Today, I am still a maintainer of the Go cryptography standard library, and I successfully fund the work of myself—as well as that of other people!—through half a dozen contracts.

This talk is an update on last year's announcement, including lessons learned and planned next steps to popularize this model and make it more accessible.

Raku brings modern concurrency techniques to every day scripts by making it easy to implement common tasks like timeouts, parallel execution, and event-driven actions initiated by watching the filesystem or observing data streams.

This will be an example-driven tour of practical ways to introduce concurrency to your scripts by using Raku's asynchronous capabilities for every day situations.

We will cover built-in language features like promises, supplies, channels, threads, atomic variables, reactive event loops, and asynchronous processes. We'll also touch on advanced concurrent techniques using modules from the Raku ecosystem.

Biosbits is a software written by Josh Triplett that executes the bios components such as acpi/smbios tables directly from grub without an operating system involved in between. In QEMU, we never had the ability to directly execute and test ACPI/SMBIOS tables from within a running guest. This work adds the ability to test QEMU generated acpi tables using biosbits. We can add new tests incrementally. For QEMU, we maintain a fork of bios bits in gitlab containing numerous fixes along with all the dependent submodules. Within the QEMU repo, we add new python based avocado tests for bits. Care has been taken so that an ACPI contributor can add new tests for bits without having to know too much about biosbits itself or even touching the biosbits repository. This test framework is available from QEMU v7.2. The talk will give some details on the bios bits avocado tests, how to execute them, how to add new tests etc. It will discuss some of the challenges and limitations of this framework.

The talk will outline the technical lessons learned in development of the PyPartMC project. The key goal of PyPartMC is to provide a maintainable multi-platform pip-installable package enabling interoperability between the Python ecosystem and the internal components of PartMC – an open-source aerosol dynamics simulation package. The wrapped PartMC package has been in active development for almost two decades and is used in computational research ranging from process studies on ice formation in clouds to large-scale simulations of air pollution evolution coupled with weather forecasting models. PartMC has a modular, test-covered, pseudo-OOP, Fortran 90 codebase; several C and Fortran dependencies (SUNDIALS, MPI, netCDF, SuiteSparse, ...); and a bespoke config-file subsystem supporting nested files for variable-size input.

Developing PyPartMC, we aim to provide added value to both the existing community of PartMC users, accustomed to the Fortran/HPC ecosystem, as well as to a wider community potentially daunted by the entry threshold pertinent to the multiple steps needed to obtain, compile, setup and run PartMC, and analyse its output. Steps which so far involved usage of diverse tools and languages, and which are meant to be achievable in a single computational research environment such as Python, Julia or Matlab.

To this end, PyPartMC is available at pypi.org in form of both source (with all 10+ dependencies in git submodules) as well as binary packages (Linux, Windows and macOS). Binary packages have all the dependencies statically linked, what is orchestrated using CMake via standard wheel-building logic. The design features: (i) employment of unmodified Fortran code of the wrapped PartMC package; (ii) binding logic implemented in C++ using pybind11; (iii) garbage collection of Fortran derived type instances; (iv) a drop-in i/o layer replacement matching the Fortran config-file subsystem API, which C++ sees as nlohmann::json objects, and which quacks like ordinary dicts from Python perspective. On top of that, a thorough test coverage including Github-Actions-hooked checks for interoperability with Matlab's built-in Python bridge and with Julia (using PyCall.jl).

For more information, see: D'Aquino et al. 2023

Many recent Windows (on ARM and x86) laptops have replaced the standard UVC USB camera module with a raw MIPI camera-sensor using a CSI receiver and ISP in the CPU to process the raw data into an image.

Both the hw interface of the ISP as well as the image processing algorithms used are often considered a trade secret by CPU vendors. This makes supporting these cameras under Linux a big challenge and so far these cameras are not supported.

Both Linaro and Red Hat have identified this as a problem. Linaro has started a project to add a SoftwareISP component to libcamera to allow these cameras to work without needing proprietary software and Red Hat has joined Linaro in working on this.

These exact same problems with MIPI cameras are also seen in embedded and automotive uses and the new SoftISP is also targeting these.

This talk will present and demo the current state of the SoftwareISP as well as present future plans.

We hope there will be plenty of community feedback, so we will leave ample time for questions and discussions at the end.

In 2018, the first National Plan for Open Science was launched. To be able to steer this public policy, we built the French Open Science Monitor. For sovereignty reasons, we wanted it to be based on open bibliographic databases exclusively. This talk will expose our methodology to build from scratch a national open science monitor and how to consolidate the worldwide open bibliographic databases and fill the gap of missing metadata.

CERN (European Organization for Nuclear Research) is one of the world's largest and most respected centres for scientific research. It is home to the world's largest particle accelerator (Large Hadron Collider, LHC) and is the birthplace of the Web.

CERN's Storage and Data Management Group is responsible for enabling data storage and access for the CERN laboratory, in particular the long-term archival, preservation and distribution of LHC data to a worldwide scientific community (WLCG). Today we operate heterogeneous disk and tape software defined storage systems, with several large EOS disk farms, the CERN Tape Archive (CTA) system and other storage solutions. In total the group manages more than one exabyte of storage across about 2,000 data servers (60,000 disks) and 50,000 high-capacity tapes and orchestrates more than 4 exabytes of data transfers every year. More than 30,000 users need to access these data from their computers in a user-friendly way, which has been made possible through the CERNBox project, CERN's open source cloud sync and share platform. The group also operates a large Ceph cluster (over 60 petabytes) mostly to support the CERN OpenStack Cloud Computing infrastructure.

All of these systems are open source and available for use and hosting on-premise.

In this talk we would like to give you a high level view of the following technologies and how they work together to satisfy the storage needs of the organisation: from the early phases of data taking, to its distribution and final end-user analysis.

EOS provides a service for storing large amounts of physics data and user files (accounting today for more than 1 exabyte), with a focus on interactive and batch analysis with multi-protocol support (WebDAV, HTTP, FUSE, CIFS). It supports different authentication protocols (KRB5, X509, OIDC).

CTA (CERN Tape Archive) is the archival storage system for the custodial copy of all physics data at CERN. The CTA software provides a free and open source platform for managing data on magnetic tapes at scale.

CERNBox is the CERN cloud storage platform that provides sync and share functionality on top of the EOS and Ceph storage systems. It is built on top of the ownCloud open source product and the Reva project.

All of these systems are open source and available for use and are deployed in other laboratories around the world.

JRuby continues to push the boundaries of the JVM, optimizing code with InvokeDynamic and now powering Ruby code with Project Loom fibers and Project Panama FFI. Come see how the rapidly evolving JVM is making JRuby better with every release!

The Libre-SOC project has been prototyped using an Lattice ECP5 FPGA before its first tapeout. Since then many things have changed. One big change is the use of a different controller for DDR3 called gram. To get DDR3 working on the OrangeCrab many changes are needed.

This talk will provide an overview on my work on Libre-SOC in the past two years, an overview of DDR SDRAM interfaces and the PHYs commonly found on FPGAs and some ways to debug the OrangeCrab using a BeagleWire.

Decentralized energy production is becoming more prevalent and electrification is increasing. While this is a positive development, it is creating new challenges for grid operators who must facilitate this rapid change on their existing electricity grids. Grid operators try to maximize the utility of the current grid, using flexibility of electricity production and consumption.

Shapeshifter is an open source protocol that enables the fastest, fairest, and lowest cost route to a smart energy future by delivering one common approach to efficiently connect smart energy projects and technologies.

Shapeshifter implements the Universal Smart Energy Framework for flexibility forecasting, offering, ordering, and settlement processes. Additionally, Shapeshifter enables trading via DSO/TSO coordination platforms that support the protocol. Shapeshifter focuses on the exchange of flexibility between aggregators and distribution and transmission system operators. It describes the corresponding market interactions between them to resolve grid constraints by applying congestion management or grid capacity management.

In the presentation, we will introduce Shapeshifter and show the most recent applications of the protocol.

Rust provides unsafe language features to interact with hardware or call into non-Rust libraries. However, this shifts responsibility for ensuring memory safety to the developer. Failing to do so may lead to memory-safety violations in unsafe code, which can violate the safety of the entire application. In this talk, we explore in-process isolation with Memory Protection Keys as a mechanism to shield safe program sections from safety violations that may happen in unsafe sections. Our approach is easy to use and comprehensive, as it prevents heap and stack-based violations. We further compare process-based and in-process isolation mechanisms and the necessary requirements for data serialization, communication, and context switching. We specifically explored various Rust serialization crates such as Abomonation and bincode. Our results show that in-process isolation can be effective and efficient, permits for a high degree of automation, and also enables a notion of application rewinding where the safe program section may detect and safely handle violations in unsafe code. However, even for modestly sized arguments, the context switch cost starts to get dominated by the cost of data transfer between domains. Here, the Rust data serialization method used can significantly impact performance and thus, it is crucial to optimize it for the use case at hand. We open-source our prototype and experimental evaluation data under a BSD license on GitHub: https://secure-rewind-and-discard.github.io/

In this talk, I will cover the fundamentals of JavaScript security and provide actionable insights and best practices for safeguarding web applications built with modern frameworks like React, Vue and Angular!

In addition to that, I will be sharing the methodology that we've applied to secure GitLab codebase, increasing our frontend security posture, and sharing the real-world experiences and lessons learned.

Attendees will leave with a better understanding of how to stay ahead of the game when it comes to JavaScript security, and with practical steps they can take to enhance their own security practices.

To ease the pain of testing container images, we’ve developed the pytest_container plugin for pytest. The plugin makes it possible to use pytest to perform tests on containers and software inside containers. You don’t have to take care of pulling images, building them, or picking ports on the host. You just describe your container setup and pass it to a test function. In return, the plugin gives you a connection to the container. Using the connection, you can verify the container’s state using the testinfra python framework. The plugin even cleans up after itself when you’re done.

In short, pytest_container makes it possible to write tests in Python: no need to build your own framework from scratch or worry about the boring container plumbing tasks.

Join this talk to see pytest_container in action and learn how it can make your life easier!

Introduction into the iputils project from the upstream maintainer. I would like to summarize shortly the project history, what is the current status and where we are heading for the future. I also compare it with similar tools from other projects.

The iputils project is set of small utilities for Linux networking. The most known part of it is ping, a tool for testing connectivity. Historically the project contained several tools. Some of the obsolete ones has been removed. I would like to outline possible improvements of the remaining tools and other project future plans.

From a model, we generate multiple running instances. When the model is updated, so are the instances. This allows immediate feedback from user-interaction, while still developing your model.

The model is a state-description and has to be well-defined, because of this we manage it with the type-safety of Gleam.

The instances each contain an independent state. We want to migrate this state when the state description changes. Because of this, we generate the code for the instances in Core Erlang, and use BEAM facilities to upgrade the instances while running.

Naturally, for the largest part, this presentation will be a live demo.

Infra Finder is a new tool for advocates, decision-makers, and creators in the open infrastructure space. It is open-source and free to use. In this first release in January 2024, Infra Finder contains a standard set of information about 56 open infrastructure tools and services enabling the sharing of research data and publications that audiences can use to identify services, increase adoption, and foster development and investment in open infrastructure.

At Invest in Open Infrastructure (IOI, https://investinopen.org/), we are committed to iteratively developing Infra Finder with the community. In the past months, through user interviews, focus groups, and testing, we acquired a better understanding of libraries’ and institutions’ infrastructure discovery and evaluation processes. We refined our interface design and data collection and validation workflows to be able to provide up-to-date, validated information in one place, and offer at-a-glance comparison views, with links to more granular information, thereby saving librarians time and effort in looking for scattered pieces of information to discover and evaluate what’s on offer. (More in our latest blog post: https://investinopen.org/blog/blog-introducing-infra-finder/)

With this first release, we are collecting feedback and use cases for this first set of services in Infra Finder in order to further develop the information resource and the set of services covered in the tool. In this session, we will demonstrate Infra Finder. We will also share information about expressing interest in adding your tool to Infra Finder, and invitations for audience feedback and suggestions on the current iteration as we develop our next steps for expansion of the tool.

When you publish your first HTTP API, you’re more focused on short-term issues than planning for the future. However, chances are you’ll be successful, and you’ll “hit the wall”. How do you evolve your API without breaking the contract with your existing users?

In this talk, I’ll first show you some tips and tricks to achieve that: moving your endpoints, deprecating them, monitoring who’s using them, and letting users know about the new endpoints. The talk is demo-based, and I’ll use the Apache APISIX project for it.

Everyone knows how to build up a GStreamer pipeline on the CLI - give gst-launch-1.0 a source and a sink and some steps in between and you've got yourself a pipeline doing something. But building an application with GStreamer is much more complex when it comes to building using bindings to the C level api for GStreamer.

Avi started building the Golang bindings back in 2020 but they'd started to become a little unloved with Pull Requests and issues becoming stale. Now the bindings have moved to their own github organisation and are getting some all important bug fixes and a new semver release of 1.0 coming soon.

Building a solution doesn't always fit into what's available with GStreamer's plugins - enter appsrc and appsink, your best friends in building custom solutions with GStreamer. In this session you'll hear about using appsrc and appsink to build custom real time applications, as well as the updates coming to GStreamer's Golang binding.

The vision of the free Android app Transportr is to provide easy access to accurate public transport data; without proprietary code, tracking, and ads. By simply switching the region, Transportr presents the same consistent user interface for daily commutes in Berlin as for holidays in Nicaragua. Thanks to shared code with its alternative Öffi, Transportr had support for official and third-party public transport APIs of more than 60 regions from Europe and other parts of the world at its peak. Apps such as Transportr have potential to ease the path into an ecological future with a seamless experience for public transport users regardless of their location.

This talk gives a recap of Transportr's history and some notes on its current state, but is mostly meant to be a starting point for discussion about the future of the app, the potential of combining efforts with similar projects, and a call for contributions to the community!

A few words from the PSC; we'll look at some recent changes in Perl and take a look forward at what to expect from the next releases.

What if you need to connect your Kubernetes workloads to a physical network, or more than one network? You can attach multiple network interfaces using Multus, but you'll need to specify every detail.

Virtualized workloads have extra requirements from the network, given their stateful nature. For instance, they require their IP addresses to be preserved during their life-cycle, and also during live migration. Currently, since the network does not provide these features, the network-admin must deploy and configure extra services in the network.

But, what if you had a SDN (software defined network) to take care of that, and while doing so abstract how to bridge hybrid infrastructure, from bare metal, to virtualized, to public cloud environments?

Join us to learn and understand how these features can be used to provide Kubernetes workloads access to physical networks (protected by network policies) through a live demo. The multi-network feature is paramount to delivering non-cloud deployments with enough flexibility for their use cases: connecting to the physical networks of their data-centers is extremely important, since some of their services are not deployed in Kubernetes. For security reasons, access to/from the workloads running in Kubernetes should be governed by network policies. OVN-K multi-networking also provides an opinionated network fabric that can automate what users previously had to specify in detail, simplifying configuration and cost of operation for cloud providers and admins.

While any pod will benefit from the above, KubeVirt workloads (VMs) will get more juice out of this SDN implementation. While the feature-set available today is good enough to allow users of traditional virtualization platforms to lift-and-shift their existing workloads into KubeVirt, the features in the pipeline are game changers: VM workloads requires things from the network a pod wouldn’t normally ask for, such as preserving the IP during its life cycle, and also during migration (so the established TCP connection can survive being moved to a different Kubernetes node). These features are a really good match for OVN-Kubernetes since OVN already provides some migration-centered improvements used on other platforms (i.e. Openstack) which can be re-used to provide seamless live-migration of the VM workloads.

Since its early days (Go 1.2 - 2013), Go has offered great support for code coverage. Recently, the community also introduced the same support for integration tests. This feature gives projects written in Go better visibility about test coverage, resulting in enhanced stability and more. ARMO's experiment consisted of providing the complete test coverage percentage as a metric for generated Seccomp profiles. During the automated tests we hooked the system calls, collecting them into a security profile, by using eBPF. This allowed us to measure the generated profile reliability that was created with the system calls used during this time. Unfortunately, not all the experiments succeed. This talk will give an introduction to the research we did and end what are the limitations that we encountered during our journey.

In this talk, Pim will demonstrate high performance routing using open-source VPP and its underlying Data Plane Development Kit. This talk highlights the authors work on integrating the Linux Control Plane which makes BGP, OSPF, etc available with VPP, including smart ways to automate configuration of the router's data- and controlplane layers.

In 2023, Pim helped Adrian vifino Pistol to implement MPLS support in VPP's Linux ControlPlane plugin, and now folks can deploy a fully MPLS capable P-/PE router in excess of 100Mpps on a cheap PC.

In the era of interconnected systems and the growing demand for seamless communication between not just devices but organizations too, the OpenSCD team aims to provide a solution for the whole community. OpenSCD is an open-source, browser-based substation communication designer platform for editing IEC 61850 compatible Substation Configuration Language (SCL) files. IEC 61850 is an international standard defining communication protocols, guidelines and data model for intelligent electronic devices (IEDs) in electrical substations. This talk explores the main challenges of the project and the capabilities of OpenSCD, an open-source tool designed to bring about a paradigm shift in the way we perceive and manage substation configuration and its technical and organizational challenges.

Key Topics:

• Interoperability: Delve into the mechanisms that OpenSCD employs to enable interoperability between teams.
• Scalability: Uncover the scalability features of OpenSCD that enable a growing community.
• International Collaboration: Explore OpenSCD's role in fostering collaboration among Transmission System Operators (TSOs) on a global scale, working together towards common goals, facilitated by the IEC 61850 standard.

Objective:

We aim to provide an easy-to-understand overview of the architecture, governance and practices surrounding the development of OpenSCD. Additionally, we will share our plans and vision for the project, highlighting opportunities for contribution.

Relevance:

Aligning with the conference theme, attendees can learn how to grow their projects in the energy sector without sacrificing development speed.

The barcode scanner market is a walled garden hostile to flexibility. Vendors enforce their proprietary SDKs or applications, documentation is often limited or missing, sometimes it is even required to sign a contract before getting software access to purchased devices. This locks the user inside a single ecosystem, as switching to a different option would mean rewriting software specific to the device.

enioka Scan is an open-source Android library enabling users to choose the device vendors that really fit their criteria at any given time. It exposes a single API compatible with all supported scanning devices, working on top of a vendor-specific SDKs made open-source whenever possible. The library handles per-device specifics, so the user can focus on the functional aspects of their application. It is also designed to be easily extended with more support for devices not yet compatible.

In this presentation, we will go over the causes of vendor lock-in in the context of barcode scanning devices. After a quick history of the project, we will have an overview of how the library works and how it manages to handle devices from different vendors. Finally, we will explain how you can contribute to this project, and why your help matters.

In today's fast-paced business environment, and especially with the advent of machine learning (ML), organizations are seeking ways to derive better insights from their data as quickly as possible. However, implementing a complete ML pipeline can be quite challenging. It’s even harder if you want to process newly arrived data immediately or you have a legacy system which is not easy to connect with your modern infrastructure . Change Data Capture (CDC) has emerged as a technology for delivering real-time data changes from various sources, especially from the databases. In this talk we will introduce Debezium, a leading open source framework for CDC. We will discuss how it can be leveraged for ingesting data from the various databases into ML frameworks like TensorFlow and what the pitfalls are if you go this route.

Attendees will gain an understanding of how Debezium CDC works, how it can help them to ingest data from the source database into the ML framework in real time and also what are the possible challenges with this approach.

In recent years, Flutter as a cross platform development kit gained huge popularity across mobile developers. One in public only barely noticed feature : Flutter supports native Linux builds. No JVM, no JavaScript, no Electron. Native binaries.

This talk will be about the daily issues and the progress of using Flutter for targeting Linux mobile, featuring :

• (very) short overview of Flutter for Linux developers
• compiling Flutter projects for Linux aarch64
• Flutter as FOSS - a nightmare of BLOBs from Chromium CI - and how to hopefully workaround them
• distribution and packaging
• prospect on goals of freeing Flutter - might contain traces of BSD

Much of the existing research about open source elects to study software repositories instead of ecosystems. An open source repository most often refers to the artifacts recorded in a version control system and occasionally includes interactions around the repository itself. An open source ecosystem refers to a collection of repositories, the community, their interactions, incentives, behavioral norms, and culture. The decentralized nature of open source makes holistic analysis of the ecosystem an arduous task, with communities and identities intersecting in organic and evolving ways. Despite these complexities, the increased scrutiny on software security and supply chains makes it of the utmost importance to take an ecosystem-based approach when performing research about open source. This talk provides guidelines and best practices for research using data collected from open source ecosystems, encouraging research teams to work with communities in respectful ways.

The idea of using the comparatively new TPM2.0 as an infinite keystore was first proposed in 2016. Since then the base enabling work has been done inside the Linux Kernel and at the engine and provider layer of openssl and separately in gnupg (from 2.3). The main stumbling block in openssl, that of engine key enabling, has finally been mitigated by the openssl 3 move to providers. The big outlier is still openssh, which won't embrace either engines or providers, but the gpg-agent can be used to provide a TPM key based ssh-agent emulation. In this session, we'll review where we are and how to use a laptop TPM as a keystore (including a demonstration of ssh, gpg openssl and kernel based TPM keys), and where we're going including using TPM sealed keys with policy in the Linux Kernel to unlock disks under particular circumstances; the addition of localities to give keys which cannot be unsealed outside the kernel and the use of signed policies to try to counter the brittleness of PCR locking for measured boot (a signed policy key is a key that has a base policy, like locality, but which can have a set of signed policies that specify things like PCR values, which may be added to after the key was created).

StartOS has devised a new strategy for supporting multiple rootfs images for a single application (e.g. nextcloud + postgres). We have elected to do so by creating a single LXC container for the application, that contains each rootfs image, and running each process in a chroot, using bind mounts for special directories such as /proc, /dev, /sys, and /run. This reduces the overhead of multiple containers, but could have drawbacks with respect to compatibility between processes from different distributions, and security within the application. As of the time of this talk, we will have tested an implementation of this strategy, and we will report our findings regarding its advantages and disadvantages.

Since 1987, Copyleft licensing has been the primary strategy of the FOSS community to guarantee users' rights to copy, share, modify, redistribute, and reinstall modified versions of their software. In our earliest days, we naïvely thought that the GPL would work like magic pixie dust; we'd sprinkle it on our code, and our code would remain free as in freedom.

The reality check that we've received over the last 35 years has been painful on this issue. While this talk will cover the few huge successes in copyleft enforcement that have lead to real improvements to the rights and freedoms of users, we'll also face frankly the compromises made and false paths taken in the earliest days, that have now led to a simple but unfortunate fact: almost every Linux-based device for sale on the market today does not comply with Linux's license (the GPLv2).

This talk will not only discuss the primary past GPL enforcement efforts around the world, but also provide a whirlwind tour of how copyleft came to work in practice, how we wished it had worked, and discuss ideas, suggestions, and plans for the future strategies in copyleft that, informed by this history, are our best hope for software freedom and rights.

Have ever wondered how FOSS was actually was supposed stay FOSS for the long term? Have you ever been unsure or confused why — in a world where Linux is on nearly every device — most people cannot actually run an alternative OS build on their device? This talk will leave you informed on these questions and prepared to participate in the next policy steps our community must take to bring back software freedom and rights to the next generation of FOSS users, activists and developers.

GnuCOBOL: Industrial Maturity and Competition with Proprietary Offerings

The GnuCOBOL project, as an open-source solution, has recently achieved industrial maturity, positioning itself as a serious contender against proprietary offerings. This presentation will explore the advancements and significant developments that have propelled GnuCOBOL to a level of stability, performance, and features that rival existing proprietary solutions. We will delve into the characteristics that have contributed to this maturity, highlighting the flexibility, reliability, and accessibility of the COBOL language in an open-source context. By showcasing real-world use cases and examples of success, we will demonstrate how GnuCOBOL meets industrial needs while providing a free and ethical alternative. This session is aimed at developers, open-source project contributors, and professionals looking to optimize their software infrastructure with cost-effective and high-performance solutions. Join us to discover how GnuCOBOL, with its industrial maturity, is emerging as a competitive option in the programming language landscape.

Today, Open Source alternatives are missing when it comes to the search of complete suites integrating the most common use-cases of collaboration: email, chat, document & knowledge management, issue tracking, user management. IT departments looking for such suites are forced to turn towards proprietary solutions such as Microsoft 365 or Google Workplace.

However, alternatives are in the building. Among them, openDesk, an initiative lead by the German Ministry of Interior, stands out.

This project aims at building a complete Open Source alternative to Microsoft 365, where the software, the integrations, and the infrastructure required for project are to be released under Open Source licences. At the core of this project are several European Open Source software vendors, including Univention (user management), Open-Xchange (email), Nextcloud (file management), Nordeck / Jitsi (video conferencing), Element (chat), Collabora (document editing), OpenProject (project management) and XWiki (knowledge management). Operations on the project are also coordinated by Dataport, a service provider for the German administration.

This presentation will focus on describing the project, its governance, and describe how its different actors organize in order to foster integrations within Open Source products, and thus create a usable platform on top of them. The last part of the talk will show a demo of the current version of openDesk.

Snap! is a broadly inviting programming language for kids and adults that's also a platform for serious study of computer science.

Anyone aged 7 to 17 can visit the workshop and learn how to use Snap!.

Registration will be required for this session. Use the following link to register.

This discussion room will be a space for AI developers and enthusiasts to learn about and contribute to new open source networks and tools that provide cost-efficient and scalable AI + ML processing through decentralized physical infrastructure.

In the right hands, Rust is an exceptionally powerful language. Yet, I frequently observe similar mistakes in Rust programming: treating it like C or Java and not fully utilizing its unique features. I've concluded that poor Rust coding often falls into a few distinct categories, which I've termed the '4 Horsemen of Bad Rust Code': Overengineering, Simplistic Design, Premature Optimization, and Neglect of Documentation and Testing. This talk will delve into these antipatterns and offer strategies to avoid them, aiming to share practical tips for writing more ergonomic and effective Rust code. During the talk, we will gradually refactor a Rust code example, transforming it from a less optimal version to a more idiomatic and efficient one.

Heritage railways are often operated by volunteers who are not computer experts, but they need software and digital services to support various tasks from ticketing, support in day to tay operations to fundraising. There is a need for close contact between the open source world and the heritage railway world. Volunteer run heritage railways operate on a tight budget and with little computer expertise. They need support in ticketing, project planning, customer communication, enterprise management, networking, internal communication, archiving, ... In this talk I will briefly show some of what we are using at Dampfbahn Fränkische Schweiz e.V., which problems we face. I will present an initiative to connect the IT experts with museum railways. Goal of the talk is to raise awareness in the open source communicty on the needs and challenges in heritage railways, as well as starting a dialogue between the two communities.

Building a type-safe GraphQL server in Gleam, how it works and why gleam is the best option!

Warewulf is a simple, lightweight, stateless cluster provisioning tool. This talk will cover a high-level overview of Warewulf and its features. It will also provide a sneak peak into features coming in version 4.5 such as grub netboot and disk provisioning with Ignition. Finally, we will provide some organizational updates within the project such as formalization of community engagement, establishment of a technical steering group, and how you can get involved in the project today.

Virtual Threads graduated to a permanent feature in JDK 21 with huge interest and uptake in the Java ecosystem. There’s a lot more to do! This presentation will go through the current efforts on Java monitors, I/O, and other areas that will improve this feature in future JDK releases.

In this talk, I'll share my firsthand experience in leading the migration of Hasura's substantial React codebase to Nx, a journey marked by strategic decisions and innovative solutions. We'll explore why Nx emerged as the preferred choice over other tools, delving into its unique advantages for our project needs. I'll also walk you through our approach to executing this complex migration seamlessly, ensuring uninterrupted development workflow for our team. The session will highlight the tangible benefits we reaped from this transition, including drastic improvements in build times and overall development efficiency. Join me to learn about the challenges, decisions, and triumphs of transforming a large-scale React project with Nx, offering insights and inspiration for your own technology endeavors.

Join us for a dynamic lightning talk at FOSDEM, titled "Ensuring Longevity: Strategies for Sustainable FLOSS Projects." In this brief but impactful session, we'll tackle the critical issue of sustainability in Free/Libre and Open Source Software (FLOSS). Discover key strategies to overcome common challenges such as funding, contributor engagement, and community dynamics, essential for the enduring success of FLOSS projects. This talk is an essential snapshot for anyone involved in FLOSS, offering valuable insights into sustaining projects in a rapidly evolving open-source landscape.

In June 2023, GÉANT announced the successful procurement of a new IP/MPLS layer for a next-generation network and the plan to automate the entire migration process using WorkflowOrchestrator (https://workfloworchestrator.org/) and Ansible with the aim to make the process quicker and at the same time more reliable and predictable.

This means orchestrated service management with minimal interaction needed from the operator: no more CLI to configure network devices, all OSS and BSS systems synchronised and a flexible service modelling that accommodates the customizations and optimizations needed in a R&E environment. The adoption of a different vendor, NOKIA in our case, poses significant challenges both in terms of low-level mechanics as well as in terms of service modelling and decomposition.

Now, we are sharing the results of this effort that has involved all the levels and parts of the organisation, profoundly changing our way of working. We are sure that a view into our current progress - especially considering the multi-vendor environment that we manage - will be valuable for anyone involved in the implementation and maintenance of IP networks in the community.

Particular attention will be reserved to the differences between orchestration and automation, how these two topics intersect with each other in managing complex environments and how much the mindset changes in terms of design and implementation process.

GAP - GÉANT Automation Platform - which now manages the new GÉANT network, is entirely based on open-source software and more specifically on the Workflow Orchestrator (created by SURF and ESnet): high-quality software written within the R&E community that works as a framework to orchestrate networks of whatever complexity and scale. GÉANT is contributing to and sustaining it to lower the barrier to adoption so that other organisations can benefit from it and join the initiative.

The other cornerstone of the platform, Ansible, is an open source automation framework with a vibrant community. While not initially created for network devices, Ansible fulfils all our needs and keeps the curve of adoption low. We are eager to share how we used and misused it to achieve our needs in terms of separation between data, design and operations.

32- and 64-bit architectures are well supported by the popular compilers GCC and LLVM. The situation is different for 8-bit architectures. Here, the Small Device C Compiler (SDCC) is the FOSS compiler competing with a variety of non-free compilers. This talk shall present the current state of SDCC, recent improvements, current challenges, and plans for the future. https://sdcc.sourceforge.net/

Once a codebase gets large, refactoring for performance is difficult. Challenges include: the sheer time to carry out a possibly complicated transformation globally; the risk of introducing defects; poor acceptance by collaborators or code owners (if doing the HPC-oriented update for others); coping with diverging 'performance' paradigms (different parallelism models, APIs for GPU, etc). The Coccinelle code transformation system can express a vast range of refactorings for C/C++ codebases as so-called 'semantic patches', that is programs in a special 'transformation' language. While 'semantic patches' are typically very short, they can radically transform arbitrarily large codebases, thus coping with the above mentioned 'challenges'. This talk introduces the usage concept and shows sound, self-contained examples of HPC-oriented refactorings, including latest and upcoming features.

CERN operates multiple Ceph clusters for the provisioning of block, object, and file storage for the IT infrastructure of the Organization. CephFS at CERN (~11PB) serves the shared filesystems in HPC use cases and as well as a storage persistency layer in the Kubernetes and OpenShift offerings. In the past year we evaluated the usage of CephFS in the context of our Business Continuity and Disaster Recovery strategy. This talk looks at CephFS at CERN, the feature stability/perfomance impact observed when enabling features like snapshots, and the future outlook. We will also report on the increasing need for backups and on the development efforts of an OpenStack Manila driver to provide users with a self-service restic-based backup solution for CephFS

Closing the Railways and Open Transport developer room and reflecting the sessions.

Dependency injection is an established technique in a lot of areas of software development, however, it’s often overlooked in Go. Let’s explore the advantages of dependency injection and a modular architecture in Go.

ModemManager is the default mobile broadband management system in most Free and Open Source Software systems, including not only standard distributions like Debian, Ubuntu, Fedora or Arch Linux , but also in mobile devices running postmarketOS, PureOS or Mobian.

Basic 5G support is already available in current versions of ModemManager, although there are key differences with earlier technologies like 3G or 4G that should be considered, e.g. with respect to network attach settings or multiple/concurrent access technology support.

Advanced 5G features, like 5G network slicing support, are not yet supported in ModemManager. These are in the roadmap for future releases, and open for discussion with the community on how to best implement them.

This talk covers past, present and future of the 5G technology support in ModemManager. How we have reached its current state, what technical debt we carry, and how the future implementation may look like.

The world has made great progress in providing everyone with access to energy; however, recently, the number of unelectrified people on Earth has increased. Providing access to energy is a critical and complex challenge as most unelectrified people live in extremely remote and hard-to-reach areas, often having limited mobile network connectivity, unknown (future) demand patterns, and extreme weather conditions combined with very low purchasing power of the affected population. The power of Open Source is still completely underrepresented in technological innovations in this sector. We are working towards improving this situation and will showcase one of our flagship examples: An Open Source Battery Management System (BMS) specifically developed for off-grid energy application. Energy storage and its related technologies are key to any off-grid energy application and the Libre Solar BMS has been specially developed for this use case. We will deep dive into the design decisions and features, covering hardware, firmware and an app. The BMS was developed leveraging solely open source tools: The PCB is designed in KiCad, the firmware runs on Zephyr RTOS and the communication interfaces use the ThingSet protocol over various lower layers like Serial, CAN, WebSocket or MQTT. The hardware went through three design iterations and has been lab and field-tested by several organizations. We will conclude and show why this kind of Open Source technology is of such great importance to bring power to the people in both the sense of bringing electricity literally and also creating the grounds for local value creation in the affected geographies. We invite the whole Energy Open Source community to contribute with their efforts to where the contributions can be most impactful on various levels. The Open Source BMS is one great piece, but we need much more of those.

Cluster API is a Kubernetes sub-project that eases the deployment of a Kubernetes cluster from an existing cluster. After introducing the underlying concept, Mathieu will deep dive with an example showing the OpenStack Cluster API provider to demonstrate how to deploy and operate Kubernetes cluster with CAPI.

Open Source is a winning solution for many industries already - and now even safety critical applications want to make use of it. While “security” is a capability of open source since many years, a few years ago using open source in safety critical applications seemed to be impossible even to think about. Nowadays it has become a valid option for upcoming applications. This kind of application that should save lives, or at least not harm anyone. However, with advancements in technology and safety integrity standards, open source is becoming a valid option for upcoming safety critical applications. This talk will provide an overview of how open source projects approach their integration to safety critical applications. Depending on the expectations of these applications, there are different solutions to address their needs. The talk will introduce example projects such as ELISA, the Zephyr Project, and the Xen Project, which are currently addressing these expectations with various mechanisms and approaches.

Started by the University of Vienna Library Services in 2007, the PHAIDRA project builds on the popular FEDORA repository with a stack of additional open source tools and components aimed at delivering a more comprehensive toolset for building open, intuitive, self-service solutions for research data management, achieving FAIR data compliance, and promoting Open Access and Open Research. The simple objective was to make high quality data management easier for researchers.

This presentation will explore the real needs that researchers have from data management, before moving on to how the PHAIDRA project (https://phaidra.org/community/phaidra-partners/) has been built to address these needs. We will look at the challenges and lessons (still being) learned after 15 years of running a collaborative project in the space and end with a vision of how open source, open standards and, above all, community offer the only workable solution for both Open Research and the long-term preservation of research data and digital assets.

This talk is about our experience building LLM based telephone agents on top of open source telephony platforms. We will detail the issues and challenges in the real time media processing, STT, TTS and large language model handling that were discovered whilst developing the llm-agent server code base and playground, look at the results we were able to achieve and where development is likely to go next.

While containerization revolutionized the delivery and execution of software, it introduces new challenges as the usual practice with one big software file-system with a subsequent module load to rule all environments is not feasible with containers. This lighting talk introduces the 'HPC Container Conformance' Project which aims to provide guidance on how to build container images and how to annotate them so that end-users and system admins can integrate them in their workflows. In 2023 an OCI Working Group was formed to aim for changes to the image spec to allow for such information to be stored within the OCI standard.

systemd v254 added soft-reboot, a reboot type that keeps the same kernel running, but restarts the whole of userspace into a new rootfs, while serializing state across (e.g.: File Descriptor Store). In v255 the ability for select system services/portable services/containers to survive the reboot uninterrupted was added. On an image-based Linux system this allows atomically updating the rootfs without causing interruptions for workloads that run on discrete and separate filesystem images. This talk will briefly explore this new feature, listing new improvements from the latest version, and showing a demo of a soft-reboot being applied on an Azure Boost machine with two surviving critical portable services running without interruptions while the rest of the OS is restarted.

We will explore what container runtimes maintainers would need to do in order to support this feature. systemd-portabled already supports it for Portable Services.

Offload IP forwarding to a SmartNIC/DPU with tc-flower(8)

In order to conserve CPU cycles, it can be helpful to offload all or some of the Internet routing table, to the embedded switch within modern network cards. Linux have good support for doing this through the tc-flower(8) API, although it was originally aimed towards OVS-offloading, it's however also capable of IP forwarding.

In the first part of the talk we will go through how tc-flower(8) can be used to offload IP forwarding onto a compatible SmartNIC/DPU, by scripting some tc commands. In the second part of the talk we will introduce flower-route, a new daemon, which keeps a hardware-offloaded tc ruleset in sync, with routing changes from a routing daemon like BIRD (or FRR, ...). Thereby attaining BGP-based IP forwarding offload.

Our current focus is mlx5-based devices (aka. NVIDIA/Mellanox ConnectX 5+), but it will work on any other driver with support for the required offloads.