A presentation about the challenges of tracking and analysis COOL UI / UX commands.

Rust's type system can feel complicated and overwhelming. However, crates like Bevy and Divan take advantage of the advanced features to deliver simpler developer experiences. This talk will demonstrate how to create these easy-to-use APIs by covering advanced techniques like polymorphism, type states, and conditional typing.

The Server Base Boot Requirements (SBBR) by ARM requires UEFI and ACPI support on AArch64 platforms.

While UEFI is already natively supported by U-Boot, ACPI support on ARM64 was only recently added. A first patch series added basic support for booting Linux on QEMU's sbsa-ref machine, which doesn't provide a device-tree to the OS, but ACPI tables only. This is opening the path for U-Boot booting recent ARM server platforms using the SBBR specification.

The session gives an overview how ACPI tables are generated by U-Boot drivers. The challenges of integrating the ACPI subsystem with U-Boot's infrastructure on ARM64 are described and an outlook is provided.

Questions this talk should answer: - How does the ACPI driver model work? - How does this integrate with U-Boot? - What to expect next in U-Boot's ACPI implementation?

Zynq 7000 SoCs are popular devices widely used in embedded scenarios when both CPU power and flexible logic are required. However, the ARM (processing system, PS) + FPGA (programmable logic, PL) combo makes developments reply on an even heavier set of propriety toolchains.

In this talk, I'll introduce the recently developed GenZ, a free software BSP generator for the Zynq 7000 PS register configuration. Together with OpenXC7, the free and open source FPGA toolchain for Xilinx 7-series chips, and a enlarging amount of open-source IP cores, development on Zynq 7000 SoCs can be done without a single piece of propriety tool.

The speed and ease of GenZ + OpenXC7 will be demonstrated on site with an ARM laptop and Zynq boards.

Have you ever wondered why certain Python packages fail to install on riscv64 devices? Why, instead of pleasing "Successfully installed" messages, riscv64 users are often presented with bleak screens full of errors? How, in the face of all of these errors, are those users supposed to run Python based AI or data analytic workloads? To the curious who have briefly pondered such things as the package names and errors go scrolling by, this talk is aimed at you! It will explain how Python packages are built and why upstream projects do not provide versions of their packages for riscv64 devices. It will discuss the progress being made in adding riscv64 support to the Python packaging ecosystem. Finally, it will explain how RISE is mitigating the current lamentable situation by building and distributing riscv64 wheels for a select set of popular Python packages.

Murena team developed a new launcher for /e/OS, based on Launcher3. In this talk, we will introduce this AOSP key component, and how it is possible to use it as a base for your own Android Launcher project.

https://gitlab.e.foundation/e/os/BlissLauncher3

The Linux ecosystem depends on core utilities written decades ago in C, but modern needs demand safer, more maintainable tools. Over the past four years, the Uutils (Coreutils, findutils, diff,) project has reimagined these utilities in Rust, offering secure, performant replacements. To the point that it is now shipped by default in some Linux distributions and used in production.

In this talk, we’ll explore a bold vision for the future of Linux: one where Rust becomes the backbone of its essential tools, ensuring long-term security, maintainability, and performance for generations to come.

Wireshark offers powerful exploration, drill-down, and analysis capabilities for network packets, but what if those features could be applied to other types of data? Enter Stratoshark, a brand-new sibling application to Wireshark.

Stratoshark leverages the rich data sources provided by Falco’s libraries to enable deep analysis and troubleshooting across Linux servers, Kubernetes clusters, and any system that generates Linux system calls or real-time log events.

In this talk, we’ll showcase a live demo of Stratoshark, including how it extends the familiar Wireshark user experience to AWS audit events via the Falco plugin for CloudTrail. Learn how Stratoshark builds on open-source innovation to bring Wireshark’s intuitive interface to a broader range of use cases in cloud-native computing.

One of the reasons why Go is easy to learn is due to the interactive examples all through the documentation, we wanted to emulate this success. Six months later, we now manage 26 sandbox tutorials and totalled over 9,800 unique instances. They transformed our documentation by letting users run commands, deploy sample projects, and see real-world use cases come alive.

Scaling the concept to support over 10 products brought unique challenges for us. How could we streamline the creation of new sandbox tutorials? How could we maintain a single source of truth between our sandboxes and evolving documentation?

In this session, we’ll dive into: *What an interactive sandbox is and how it enhances developer experiences * How we created an open-source tool to automatically synchronize our documentation and sandboxes via CI/CD pipelines

This talk will help you get started integrating interactive sandboxes into your documentation and arm you with the tools you need to scale them effectively!

Mushroom is a project for securely running Linux workloads in attestable, integrity-protected environments with a minimalistic TCB. Mushroom depends on TEEs to provide integrity guarantees for data in use. It was initially developed for AMD SEV-SNP, but it recently gained support for running on Intel TDX as well. This talk will explore some of the required changes and discuss how the differences between AMD SEV-SNP and Intel TDX informed some of the design decisions.

From out daily experience as Linux Mail Security Consultants, we see different groups of infrastructures like universities and government authorities getting similar spam and threats. We have implemented automated ways to share this information among these clusters. We will introduce the techniques used in our Rspamd implementations and we will point at some pitfalls that should be avoided. We also like to talk about our experience with pre-queue deep threat second stage security analysis like sandboxing.

In a world where security training often feels like a mundane chore, discover the refreshing impact of gamification and turn learning into an enjoyable experience. Embark on an insightful journey as we unveil the success story of gh.io/secure-code-game, an open-source game hosted on GitHub Skills, that attracted over 5,000 developers within its first year.

This session will provide you with an exclusive behind-the-scenes perspective, offering valuable insights and practical strategies to revolutionize various aspects of security training for your benefit. We’ll explore a case study from a tech startup that observed, among the developers who played the game, an increased sense of ownership for code security, improved communication with security teams, and a strong willingness to embrace further security training.

gRPC is a popular RPC framework and go has a quite performant gRPC implementation. However, the performance can still be significantly increased by changing the default setup and by using the library in a way that reduces memory allocations.

This talk will also show how to use the excellent go tooling to profile and benchmark some code.

Native Memory Tracking (NMT) has supported diagnosing memory issues in Hotspot for over a decade. Yet, much of the native memory allocated cannot be accounted for using NMT, as it is not only Hotspot but core libraries, JNI and FFM which may perform native allocations. Clearly, NMT must extend itself if it intends to remain a useful tool.

In this talk, I will present a design for extending NMT to core libraries and a possible future extension to FFM. External APIs will be shown in the context of porting small portions of the core libraries. Internal design details, including data structure design, will likewise be presented and its trade offs discussed. Finally, possible ways of bringing NMT and the new Foreign Function & Memory API will be presented.

Incus is a next-generation manager for system containers, application containers, and virtual machines, forked from Canonical's LXD in August 2023.

This presentation explores the evolution of LXD/Incus, with a focus on clustering and its capabilities for natively managing both stateless and stateful workloads.

Drawing on real-world experience as a system architect at a cloud provider using LXD/Incus since 2016, we will examine the technologies underpinning Incus, including OVN-based networking and flexible storage configurations. The session will also showcase the key commands and workflows for building and managing an Incus cluster, with practical examples to highlight best practices.

This session is intended for system administrators, DevOps engineers, and container enthusiasts seeking to enhance their understanding of Incus and its role within the modern container ecosystem.

After fuzzing databases for the last 3 years, I learned that simple design decisions on a fuzzer impact on the issues it can ever find. In this talk I would to address some of those decisions. As an example, I would to discuss about the design of BuzzHouse, a new database fuzzer to test ClickHouse.

You, Eleanor Shellstrop, are dead. You are in cardiac arrest. Your heart has stopped beating, you have stopped breathing, and medically speaking you have died. Not a great start to your day! But worry not: someone has called emergency services. This is the story of that call — and how open geospatial information just might help save your life.

This talk, presented by the CAD & Technical Lead at the London Ambulance Service, will discuss how we use open data to locate patients, how your phone sends live geospatial information to our control room, and the other open (and some not-open) data that our emergency medical service uses to save lives across London every day.

Expect high-level conversations about medical emergencies, but this talk is suitable for all ages.

Collabora Online is an online document editor based on LibreOffice, but there's also both an Android and an iOS Collabora Office app based on the same technology - LibreOffice Kit. Have you ever wondered how it works?

In this talk, I'll give a high-level overview of the architecture of the Collabora Office mobile app. Along the way, I'll discuss how it's similar but different to the Collabora Online server, and what limitations on the mobile platform (for example a lack of availability of clipboard web APIs) pushed us to write in the way that we have.

We explore the security model exposed by Rook with Ceph, the leading software-defined storage platform of the Open Source world. We discuss major updates within the past year to our threat model, dashboard, call home, and encryption, including work on TCMs, NVMe and exploration of open source post quantum encryption algorithms, within a major project. We discuss the challenges and benefits of promoting open source, and how to ensure we adhere to Executive Order 14028, and the challenges and rewards of dependency tracking and updating.

NixOps used to be the only Nix-native deployment and provisioning tool, but it failed. NixOps4 is a complete redesign of the tool, taking lessons from NixOps, taking inspiration from Terraform, and borrowing its providers. In doing so, it creates a unified deployment platform, architecturally similar to how Nix is a platform for unified builds. It allows you to combine configurations freely with the Nix language and build system, and it makes it easy to "extend" the tool.

In this presentation, we'll have a look at the concepts that make up NixOps4, as well as its integration into the Fediversity project, which aims to enable hosting providers to let their customers deploy applications such as Mastodon, PeerTube and Pixelfed, fully automatically - running NixOps4 "unattended" in production.

My name is David Berman. I am an electrician by trade, not a programmer by profession, but I have ventured into the world of programming out of necessity and conviction. My journey into this realm has been fueled by a desire to challenge the prevailing norms of an industry heavily skewed toward proprietary, enterprise-oriented solutions. Specifically, I have worked to advocate for open-source, cost-effective methods to control city streetlights and other industrial control systems traditionally dominated by expensive and exclusive technologies.

During my talk I would like to share my newest project, Gungnir: https://github.com/davidjrb/gungnir

This journey has been far from easy. The resistance to change in this space is significant, and the challenges are both technical and cultural. One of the key barriers is the entrenched power of profit-driven opponents, including corporate lobbyists and those with vested interests in maintaining the status quo. These forces often stifle innovation and prevent the adoption of solutions that could benefit society as a whole by reducing costs and fostering collaboration.

Another challenge comes from within the very community I advocate for. Despite the immense potential of open-source solutions, there is a tendency among many non-programmers—particularly those in traditional trades or management roles—to dismiss these solutions out of hand. This is often due to a lack of familiarity with the technology or misconceptions about its reliability and scalability. Bridging this gap requires not only technical expertise but also the ability to communicate the value and viability of open-source approaches in terms that resonate with a broader audience.

In my talk, I aim to explore these challenges in depth, sharing insights from my own experience as a non-programmer navigating a highly technical field. I will discuss the hurdles faced by the open-source community when advocating for transparency, collaboration, and cost-efficiency in an industry often resistant to such ideals. I will also highlight strategies to foster greater acceptance and collaboration between open-source advocates and those unfamiliar with or skeptical of these technologies.

Ultimately, my goal is to spark a dialogue about how we, as a community, can better advocate for open-source solutions in industrial and civic systems, ensuring that they are not only adopted but also embraced as a viable and beneficial alternative to proprietary models. By sharing stories, challenges, and strategies, I hope to inspire others—whether programmers, non-programmers, or industry professionals—to join this important movement.

Thank you for having me.

I look forward to seeing you all 14:00, Saturday, 1. February in Baudoux - UB5.230

Most software build systems, following the tradition of make, refer to artifacts by an assigned location on the file system. However, when developing software, one is usually more interested in the contents of the file than its location. So why not take the definition itself as key? Similarly, when building typical complex targets, like libraries, additional information has to be considered when using them, e.g., transitive dependencies when linking. So why not make that part of the data of the analyzed library? In this way, we obtain definitions that are independent of their origin and hence can meaningfully be cached. This high-level caching allows a seamless transition between fine-granular building and traditional package building (obtaining all artifacts by a single lookup). As an additional benefit, when using remote build execution, it is enough to have the sources of the project you're working on, while still having the benefits of a bootstrapped build.

All those concepts are implemented in the open-source build system justbuild, available, at https://github.com/just-buildsystem/justbuild

Profile-Guided Optimization (PGO) is a well-known compiler optimization technique that brings runtime statistics about how an application is executed to the Ahead-of-Time (AoT) compilation model. However, this technique is not widely used nowadays.

In this talk, I want to discuss with a wider audience typical issues that I met with PGO implementation in LLVM-based compilers (like Clang and Rustc). During my work on the Awesome PGO project, I gathered a lot of interesting data points and insights about current PGO issues in the ecosystem (mostly with LLVM-based tools since I prefer using LLVM), and discussed many issues with different stakeholders like end-users, maintainers, and application developers. We will talk about:

• PGO documentation issues across compilers
• Different PGO integration states across LLVM-based compilers
• PGO awareness across the industry
• Strengths and weaknesses of different PGO modes for different use cases in real-world
• Top blockers for PGO adoption
• And many other things!

I believe that after the talk more people will be aware of PGO, aware of usual PGO blockers with LLVM, and know more about how to avoid these limitations in practice.

Target audience: LLVM users (especially LLVM-based compiler engineers and LLVM adopters)

Panoptic is a tool to explore locally and easily big images datasets: https://github.com/CERES-Sorbonne/Panoptic Images abound on the web and digital social networks. Their proliferation is one of the characteristics of digital culture. In particular, they are widely mobilized in contemporary controversies, with the aim of revealing and debating important social issues. Far beyond natively digital images, whether moving or still, images are first and foremost an object of study in their own in many disciplines (art history, film studies...), just as they can be a way of accessing a research field (photographs of animal and plant species, pages from digitized books...). A key challenge for the human and social sciences is to equip themselves with tools for exploring, sorting and annotating image corpora.

While a number of tools already exist for working with such corpora (XnView, Tropy, voxel51, Aikon, Arkindex, for example), a key issue to be resolved is the multiplication in the number of images we work with: how can we efficiently explore, sort and annotate a corpus of several tens of thousands of images? How can we provide researchers with a tool that facilitates such work?

Indeed, working with a large number of images means first of all having a synoptic view of them, in order to understand them as a whole, but also being able to manipulate them directly in the presentation interface (for both exploration and analysis).

Secondly, working with a large number of images also imposes time constraints on analysis, which can be resolved by using similar-image clustering tools (computer vision tools), to group together images that have formal similarities (reduces exploration time), but also by using batch annotation functionalities (reduces analysis time).

Finally, working with images is rarely just about working with images, but also with textual data associated with the images (texts of tweets, photographer's name, shooting date, etc.). Another challenge, then, is to adopt a plurisemiotic approach to the content of the corpus being worked on, in order to avoid having to move back and forth between different work spaces.

Created at CERES, by developers, researchers and designers, Panoptic is an open source tool for visualizing, exploring and annotating large images corpora. In particular, the tool integrates algorithms for grouping images by similarity (by using ml model CLIP), to help users with sorting and exploration. The tool also offers various filtering, search and annotation options, enabling the creation, analysis and export of sub-corpora.

Our talk will present the tool we have developed, and how its various functions are designed to meet the methodological needs of research using tools for working with large volumes of images.

We will close the devroom with lightning talks that will serve as a great conversation starter during the lunch break.

Windows-on-ARM devices (primarily laptops) provide a nice execution environment for running Linux or any other open-source OS. As the provisioned ACPI tables make heavy use of PEP, it is next to impossible to make use of the ACPI in a proper way, This talk focuses on the the possible ways to select and sideload corresponding device tree blob before passing control to the OS kernel.

The European regulations impose strict rules on the collection and use of data via cookies and other trackers on websites. Auditing the practices of these sites is crucial to ensure that the cookies placed, both before and after user consent, comply with current legal obligations. This includes the purpose of the cookies and the transparency of the information provided to users, such as cookie descriptions and an easily accessible refusal option.

Although various website analysis tools exist, their use often requires advanced technical expertise, as they typically operate via command-line interfaces. In this context, the EDPB, through the Support Pool of Experts (SPE), has developed a dedicated audit tool to assess websites' compliance with European regulatory requirements.

The tool is a Free and Open Source Software under the EUPL 1.2 Licence and is available for download on code.europa.eu. The source code is available here.

Dr. Jérôme Gorin, the creator of this tool, will present its functionality and its adoption by numerous auditors within data protection authorities across Europe. The presentation will conclude with a discussion on the tool's improvement prospects, aiming to foster knowledge sharing and the detection of the latest online tracking technologies.

Unleashing the power of 3D graphics on the Raspberry Pi is an ongoing effort at Igalia. We are constantly exploring new opportunities to maximize the GPU's potential. The process of identifying applications that can be optimized is highly rewarding. Every so often, we uncover a breakthrough, enabling us to boost application performance up to ~70%.

The graphics stack for the Raspberry Pi 4 and 5 is built on the Mesa user-space drivers (V3D/V3DV) and the Linux kernel driver V3D. These drivers are fully mature, with the upstream Mesa Vulkan driver V3DV having already achieved Vulkan 1.3 conformance, and the OpenGL/ES driver V3D exposing desktop OpenGL 3.1.

However, just having working, conformant drivers isn't enough for us. In this talk, we will demonstrate how we go the extra mile to extract the maximum performance from the Raspberry Pi's GPU, proving that a more performant embedded GPU is possible.

In addition to explaining where we currently stand, we will showcase several cases where optimizations in the Mesa user-space drivers led to significant performance improvements. We will also review recent developments in the kernel driver, including support for Huge Pages in the GPU kernel driver and our experience using Transparent Huge Pages (THP) on an embedded device.

By the end of this talk, we hope the audience will have a better understanding of the graphics stack for embedded GPUs and how to start getting more juice out of an embedded board.

One of the interesting things about Collabora is the extremely powerful LibreOffice core it is built on. Come and hear how we've been working hard to expose even more powerful browser-based collaborative functionality from it.

Hear about our new WebGL transitions, Automatic Document generation from documents + JSON, as well as exposing much of the power of our core functionality from fonts and AutoText to more powerul configuration options.

Finally have a quick summary of UI wins and other recent improvements, as well as how to get involved.

ssh (secure shell) is a popular protocol used for remote command-line connections and file transfers.

sshproxy is more than a simple ssh proxy/load balancer. It can choose the destination node based on simple or complex rules, such as the user name/group, its previous connections, the number of total connections on the nodes, the total used bandwidth of the nodes… It can be distributed on multiple gateways, with shared states. It can track, log and monitor all the connections.

At CEA (French Alternative Energies and Atomic Energy Commission), sshproxy allows users to connect to 4 different supercomputers, with regularly more than 1,000 simultaneous connections.

This talk introduces Apache Arrow's tensor arrays as a tool for representing an array of tensors in memory, their storage and transportation. We'll introduce the tensor array memory layout specification, its implementation in Arrow C++ and Python, showcasing how it can help interoperate with PyData and database ecosystems.

We'll present the fixed and variable shape tensor array specifications, their implementations and how they can be used to interoperate with Arrow aware ecosystem such as DLPack, NumPy, and others. Further we'll discuss design decisions we made to make the two tensor arrays as generic and universal as possible.

When it comes to the on-disk-size of your OpenJDK installation it becomes apparent that certain files take up a large part of the entire Java Development Kit (JDK) installation. It can seem that certain files are monolithic and aren't possible to make smaller. Yet, they can be smaller if you know how.

In this talk we show how you can create a custom run-time image for your specific application without the need of the jmods folder otherwise being present in a standard JDK. Forget about JRE and go all-in on custom run-time images. The best thing about it is that - due to JEP 493 - this will no longer need JMOD files of the JDK to be present.

Tune in to hear more about using jlink from a JDK without a jmods directory and what new opportunities this allows.

Designed to cater to a wide range of peripheral devices and platforms, Analog Devices' Kuiper Linux distribution is built with more than 1000 Linux device drivers compatible with Xilinx and Intel FPGAs, Raspberry Pi boards, and several other platforms.

To ensure its quality, a test harness infrastructure must be in place to carry out continuous testing on actual hardware. This talk covers the design and implementation of such a fully automated test harness. The implemented architecture leverages the use of readily available components/technologies such as Jenkins, Docker, NetBox, and JFrog Artifactory and, at the same time, includes custom-built tools that can be tailored and extended to support existing or new devices and platform types.

By using an advanced resource locking mechanism, the hardware setups are also remotely available to others for development and debugging, when there are no automated tests running.

Closing notes and information about pPub (physical Pub) meetup.