The satellites of the Sentinel family are Europe's eye in space – managed by the European Space Agency (ESA). They observe the earth continuously and collect enormous amounts of data that provide valuable insights into environmental, climatic, and geospatial changes. These data are used for various applications, including Land Use and Land Cover (LULC) mapping, environmental monitoring, disaster response, climate change analysis, and agricultural monitoring. The Copernicus Data Space Ecosystem makes these data freely available to users, along with tools for processing and analysis. It encourages researchers, developers, and organizations to use these products for various applications, from scientific studies to practical environmental monitoring solutions. These products include but are not limited to, Sentinel data, Digital Elevation Models (DEMs), mosaics, and service products like biophysical parameters such as FAPAR (Fraction of Absorbed Photosynthetically Active Radiation). In addition to these products, the ecosystem also provides a range of tools, including cloud-computing environments and APIs, to simplify and enhance the usability of Earth Observation data. In this session, we will explore how, in addition to freely available data, the Copernicus Data Space Ecosystem provides several open-source capabilities to simplify and enhance EO data usability. These include a cloud-computing environment like JupyterLab, a user-friendly Copernicus Browser for easy data exploration, and APIs like STAC and openEO for streamlined data access and integration. By offering these resources openly, the Copernicus Data Space Ecosystem supports a growing community of users, helping them turn satellite data into actionable knowledge to address global challenges.

LibreOffice Technology provides great engine for processing the documents with LibreOfficeKit. For more advanced usage in a user-friendly fashion the good UI is needed. JSDialog API provides way to interact with existing dialogs and build bespoke widgets for different platforms in the browser.

The Coconut community is actively developing the Secure VM Service Module (SVSM) to provide secure services and trusted device emulation for guest operating systems running in Confidential Virtual Machines (CVMs). Originally designed for AMD SEV-SNP, Coconut SVSM is evolving into a multi-platform solution, with ongoing efforts to integrate support for Intel TDX Partitioning.

This talk will dive into the current progress of Coconut SVSM, focusing on the emulation of devices such as the virtual Trusted Platform Module (vTPM), based on the reference implementation from the Trusted Computing Group (TCG). At this stage, the vTPM in Coconut SVSM is ephemeral, being re-manufactured with each boot. To unlock broader use cases, the community is working on introducing a persistent state for SVSM, enabling the vTPM to preserve its state across reboots. This enhancement will also allows us to support UEFI variable store to support Secure Boot.

Achieving this persistence requires storing encrypted state securely on the untrusted host, with early boot-time attestation to decrypt and validate the state. This process raises several technical challenges that we are actively tackling.

Join us to explore the latest progress in Coconut SVSM, the challenges we’ve overcome, and the exciting opportunities still ahead.

There are many ways to get container runtimes and Kubernetes on a node, all with their benefits and drawbacks. This talk will present shipping Kubernetes as a system extension with systemd-sysext – a self-contained, immutable, verifiable, distribution independent disk image. We’ll also look into automated in-place updates, both from the OS as well as the Kubernetes side.

The talk includes multiple live demos, from a single node deployment to cover sysext basics to a full-blown Kubernetes cluster deployed with ClusterAPI which we’ll then update live. While all demos will use Flatcar Container Linux - an immutable special purpose OS optimised for container workloads – the mechanisms demonstrated are distro independent and cloud be used on any Linux distribution.

The Torch-MLIR project [1] builds a bridge between the world of machine learning and the LLVM project by providing compiler support from the PyTorch ecosystem to the MLIR ecosystem. This short tutorial covers:

• The projects structure and how to build it
• The TorchOnnxToTorch conversion
• Decomposing complex ONNX
• Lowering from Torch to LinAlg and other lower level dialects

Furthermore, it is discussed how you can get involved and what opportunities especially exist for first time contributors to contribute (code) to the project.

[1] https://github.com/llvm/torch-mlir/

In this talk, I will present how to integrate the Nix package manager with Buck2, an open-source build system developed by Meta, to achieve highly granular and reproducible builds across different platforms.

By integrating Nix and Buck2, developers can benefit from Nix's robust package management and reproducible build environments, while also taking advantage of Buck2's scalable and efficient build system.

I will dive into the details of using remote execution services that support the Bazel remote execution protocol with Buck2 in conjunction with Nix's remote build capabilities and showcasing that using a sample project.

Everyone loves the terminal! It's simple, efficient, and fast — almost everything the web is not.

What if I told you it is possible to build terminal-like web applications with Rust and vice versa?

Join me in this talk, where we explore the future of the terminal and the web and how the Ratatui ecosystem is bringing these two worlds together. We will take a look at example Rust projects that achieved this, their implementation, and the challenges that we are facing.

Get ready to be visually impressed!

For FSF-copyrighted GNU packages, FSF insists on executing copyright assignments and employer disclaimers. These are designed to ensure steady and continuing enforcement of the GPL, as well as to serve other important purposes related to licensing and copyright management. The maintainers of some GNU packages would like to use a simple mechanism called "Developer Certificate of Origin" (DCO). It is hard, and some lawyers think it's even impossible, for a DCO to allow FSF to enforce the GPL. However, we at the FSF have once promised to accept DCOs and to draft a DCO that would best serve the needs of the free software community. We want to fulfill this promise after a broad discussion about issues surrounding copyright assignments: their importance, best approaches, and challenges in managing copyrights in free software projects.

Panelists will elaborate on the following questions: 1) How to ensure swift enforcement of the GPL? 2) How to protect free software against third party claims, including employers' copyright or patent claims? 3) How to enable swift relicensing or adding additional permissions, while protecting software against appropriation? 4) How to remove any challenges a contributor might encounter with the process?

Various blobs like PSCI provider or TEE are currently started between BootROM and the U-Boot bootloader. This has multiple downsides, the blobs are difficult to update and the blobs may configure the platform in a way that prevents U-Boot from accessing all system resources, thus making it less useful as a debug tool. This talk explains how to start U-Boot before most of the blobs, thus giving it full unrestricted access to the platform, and how to start the blobs from U-Boot afterward, so Linux can still access the services like PSCI provided by the blobs. Finally, the talk hints at how to perform a safe A/B update of the blobs.

Project link: https://www.u-boot.org/

Come to see a first prototype of a CRDT-based real-time distributed collaboration implementation - for being able to collaboratively comment on a Writer document, from a number of distributed LibreOffice instances (desktop, browser or cloud).

If you want to use Android for your custom project, then you are almost inevitably going to have to modify the platform code. Typical reasons include supporting specialised hardware, running dedicated system services and pre-installing system apps. AOSP, and some parts of the Board Support Packages, are open source, so what's stopping you just changing the bits you need to? Indeed, this is the standard development model for Android platforms: fork; modify; repeat. Of course, we all know that forking is bad but there isn't any choice, especially when it is so difficult up merge changes upstream

Well, maybe there is a choice, In this talk we will examine the problems created by simply forking Android, and we will look at various ways to make the process more maintainable. In particular we will look at using local_manifests, and at maintaining out of tree patches for AOSP. In the latter case, we will talk about the tooling required to track patch sets ("layers") and the dependencies between them.

We hope that this will spark a conversation in the community through which we can establish best practice for maintaining custom Android systems without forking

Ladybird is a brand-new browser & web engine. Driven by a web standards first approach, Ladybird aims to render the modern web with good performance, stability and security. Currently in heavy development, we take a quick look at its progress, architecture and challenges.

Mgmt is a cutting-edge, real-time, automation tool designed to be fast, safe, and revolutionary. Our goal wasn't just to replicate legacy tools but to surpass them-- and we believe we've done exactly that. Mgmt is now powering real production workloads, showcasing its potential to redefine what's possible in automation.

Empowering our users starts with great documentation! To achieve this, we aimed to minimize the time spent maintaining our docs while ensuring they stay perfectly in sync with the code. So we developed custom AST parsing code that automatically converts code into a structured data format. We then use a GoHugo templating system to publish it in a polished and user-friendly way.

All of this code is open source, making it available for others to use and benefit from! We'll also show how even a small project could do this.

I'll deliver live demos throughout, ensuring the concepts come to life.

You'll also get a glimpse of how mgmt can revolutionize your workflows-- it might just become your go-to tool for managing documentation pipelines!

For those who want a head start, check out our blog posts. Reading a few before the talk will provide a great background of the topic!

Mox is a relatively young modern, all-in-one mail server. One of its goals it making it easy to setup a mail server, and keeping it up to date. In this talk, we'll look at how mox helps with setting up and running a mail server. From the original quickstart with its environment checks, setting up initial DNS records and modifying them later on, notifying about new mox releases and installing them, to a future easier guided setup process and automatic DNS management.

In February 2024, Red Hat released an update to insights-core, a package providing host data for Red Hat Insights. It slipped through our testing and caused all SELinux-enabled systems to crash the service, stopping the hosts from reporting. Even though the patch was released two days later, we couldn’t fix the hosts ourselves, and had to figure out which customers are affected and how to even contact them. It was a big lesson to both engineering and management. We’d like to share this story with the public.

Achieving exactly-once semantics is a cornerstone of reliable event streaming systems, but the challenge magnifies when ensuring guarantees across the entire pipeline—from data ingestion in Apache Kafka to stateful processing in Apache Flink, and back to Kafka or another sink. In this talk, we’ll explore the intricacies of designing an end-to-end system that maintains data integrity and correctness without compromising on scalability.

We’ll dive into: * Kafka’s 2 phase commit transactional guarantees and how they align with Flink’s checkpointing mechanisms. * Flink 2 phase commit E2E protocol * Practical strategies to address challenges like fault tolerance, recovery, and latency trade-offs.

This session will explore the implementation of Flink and Kafka 2 phase commit(2PC), the magic files, coordinating it across two distributed systems and the challenges you will face in implementing exactly once event processing E2E in your systems.

Motivation

Computer Science curriculums often focus on theoretical lessons, such as how garbage collection (GC) works under the hood or the trade-offs between different GC designs. However, there is much less emphasis on how to write GC-aware code in languages like Go. This is surprising since most of these practices are language-agnostic.

This is a significant gap, especially given GC's impact on application performance. Profiling data from real-world applications consistently shows that a considerable amount of time is spent on memory allocation and GC-related activities.

This talk will be a practical session on writing memory-efficient code, supported by an understanding of Go's garbage collection and memory allocation internals.

The talk

Introduction

I will begin by discussing the motivation behind this talk and explaining why this topic is crucial, backed by empirical profiling data from real-world applications.

Essentials

Next, I’ll provide a high-level overview (a 10,000-foot view) of stack, heap, and GC concepts. This segment will be brief but necessary to establish a foundational understanding.

Main

• Walk through real code examples and demonstrate techniques for writing memory-efficient Go code, such as avoiding pointers, preventing overallocation of slices, minimizing the overuse of interfaces and generics and many more, clarify misconceptions about sync.Pool and leverage it effectively.

• Short Overview of Go's standard tooling for observing memory usage and GC behavior: memory profiler, benchmarking tools, escape analysis, GC configuration, execution tracer. Shed more light on less known/used tools like execution tracer.

Finish

Finish the talk by emphasizing that writing allocation-friendly code is crucial for maintaining application performance and should not be overlooked and a wrap-up.

Much of the advice given to Java programmers seeking efficiency is misleading or out of date.

This talk is a result of the author's experience trying making the Java Virtual Machine more efficient, but it isn't just for JVM engineers, it is also relevant to Java programmers. We will cover wide-issue processors, branch and memory-access prediction, and the way Java programmers can use tools to illuminate what is really going on inside a computer when it runs their programs.

If you're looking for a talk about huge memories or millions of threads, this isn't it. Rather, it's about how small details can have surprising effects.

Mechanical Sympathy is when you use a tool or system with an understanding of how it operates best. "You don't have to be an engineer to be be a racing driver, but you do have to have Mechanical Sympathy."

Project: https://github.com/openjdk/jdk

In a continuously changing IT world, not being able to adapt is the difference between yesterday's and tomorrow’s projects. Everybody wants the benefits of changes, but nobody wants to endorse its associated risk. From dev to ops, I’ll share why we created Updatecli, an open-source declarative dependency manager. How automation helps us to anticipate, and fix early, our day-to-day challenges, and where the traps lie.

This presentation aims at presenting a fully open-source pipeline to extract, curate, and explore web archives, a captive data source whose access is restricted. Its purpose is to detail both the technical pipeline and the socio-institutional setting that made it possible to emerge, highlighting the challenges of developing open tools for closed sources.

The French web archives is an institutional repository of data maintained by the French National Library (BnF). It contains more than 2 petabytes of data spanning over close to 30 years, which accounts to more than 50 billion web pages. Access to this data is restricted under the heritage and legal deposit law: academic researchers willing to work on web archives as data are expected to submit research projects that, upon a formal or informal agreement, will enable them to access this data. But what then? Building the methodological means to pursue epistemological goals in that context is particularly challenging. Web archivists do provide toolkits for exploration. Recent initiatives have scaled up the effort to make these sources more accessible. The RESPADON project has successfully managed to build a “captive web archive” capacity into the Hyphe software, and in doing so has opened a new way into developing tools for such data.

In this presentation, we will present a new solution to extensively study, at the qualitative level, specific topics in the full-text indexed collections of the French web archives. Built around the PANDORÆ software, this pipeline has been designed to interrogate the captive data source on site, but also extract relevant metadata in a compliant manner to enable its exploration off-site, while ensuring reproducibility by publishing the code. In doing so, this pipeline provides an up-to-date example of the “one-way mirror” situation of building open tools that are fit to operate on closed data sources.

Have you ever wondered why people get involved in community work? If you think it's just about networking, think again! Let's talk about the deeper motivations rooted in our brains: from fast and slow thinking to the role of the amygdala, our basic human needs, and the impact of collective loneliness on society.

This presentation focuses on the perspective of an Operating System maintainer - how easy it is to add RISC-V support to a Linux based operating system nowadays.

The case study is done on a FOSS Operating System - Flatcar Container Linux. Flatcar Container Linux (https://flatcar.org) is a Container-optimized Linux distribution, CNCF incubated project, which has Gentoo as an upstream distribution.

We will go through the steps required to add RISC-V support, from the Linux Kernel quirks, the bootloader paradigms, and to the generic software support from the wider community: systemd, Docker, Kubernetes.

An important part that will be thoroughly presented is the current state of the art hardware availability combined with virtualization support, very much needed for testing and faster iteration.

As confidential computing continues to gain importance, AMD SEV-SNP has matured within the open-source community. This session will provide an overview, from the OVMF perspective, of how it integrates with QEMU and the Linux Kernel to encrypt memory and safeguard memory security in a virtualized environment. The session is open to UEFI developers as well as virtualization, kernel, and security developers. Attendees will gain insights into how AMD SEV-SNP in confidential computing protects systems in virtualized environments, the latest upstream development progress, and an analysis of the protections it offers. The session will also address whether these protections are adequate and if there is a need to adopt this technology.

Many processes are packed with document generation, and forms of various types, from applications to contracts. Come and hear how new APIs built on LibreOffice Technoloy provided by Collabora Online can make building complex documents easier. From populating fields, to making richer templates, to tweaking chart data, our new Automatic Document REST APIs here enable powerful document interaction - both creation and extraction of data with a simple JSON based API.

Whether you want to extract data from docx files, generate richer templates for subsequent editing, or enable powerful electronic signature functionality - have we got an API for you!?

Come and hear how to use and improve it.

If you are processing and storing sensitive data in the cloud, can you really trust anyone (including the cloud)? The answer is no. Confidential Containers (CoCo) is a CNCF project that leverages Trusted Execution Environments (TEEs) to tackle this challenge. A critical aspect in this effort is providing secure and confidential storage solutions that can be seamlessly deployed across cloud providers.

This session explores the implementation of trusted storage in CoCo, highlighting key aspects such as Kubernetes storage drivers, device virtualization, and the role of attestation in secure key release and data encryption. We also demonstrate how we prevent attackers from injecting data into the TEE using the CNCF Rego policy language.

Overall, we aim to show how cloud providers and end users can securely store and protect sensitive data, enabling the adoption of confidential computing across numerous use cases.

Validating low-level firmware presents unique technical challenges, from automating hardware control operations to testing interactive UEFI firmware menus. In this presentation, we delve into how the Dasharo Open Source Firmware Validation (OSFV) project uses Robot Framework, an open-source automation tool, to address these complexities.

Drawing from years of firmware development experience across diverse hardware platforms ranging from network appliances to workstations we will showcase how OSFV tackles: - automating hardware interactions such as GPIO toggling, UART communication, power control, video output capture, USB devices simluation, and more, on a wide variety of hardware platforms, - testing dynamic and interactive firmware interfaces, including menu navigation and switching configuration options, - managing the variability of real-world hardware environments to ensure repeatable and reliable test execution.

Dealing with web mapping can be complicated, and when tasked with the requirement of drawing on one, things can quickly become a challenging, especially when dealing with complex requirements. Enter Terra Draw: an open source JavaScript library designed to simplify and standardise drawing functionality across popular web mapping libraries such as Leaflet, OpenLayers, Google Maps, MapboxGL JS, and MapLibreGL JS.

Terra Draw offers a versatile set of built-in drawing modes, enabling seamless creation of geometries. The library supports simpler geometry types like points lines and polygons, but also more complex modes like rectangles, circles and sectors. There is also advanced functionalities like snapping, rotation, and scaling, which often require significant effort to implement from scratch. These functionalities are designed to "just work" across the different mapping ecosystems.

The library’s modular design promotes extensibility, allowing developers to create custom drawing modes and adapters for new mapping libraries that may come along. Thanks to its decoupled architecture, any mode can work with any adapter, creating a multiplier effect. This flexibility also ensures that swapping out one mapping library should be much simpler, as the drawing logic is abstracted away from the mapping library.

In this talk, we’ll explore the origins of Terra Draw, demonstrate how to get started, and provide a glimpse of what's possible with it. Whether you're a seasoned developer or just starting with web maps, you'll walk away with practical insights on how Terra Draw can be used in your project.

Not everything needs to become a string! At least not so fast. Don't lose your typing information when building templates for Django, Flask, FastAPI or even without any framework.

With htpy you can write templates just like you write Python, including full support for mypy or pyright checks.

I will show you how to get started with htpy and show you some patterns that make your components reusable and typesafe.

The Ryzen AI NPUs consist of an array of vector processors and programmable interconnect to allow granular control of compute and data movement to achieve high performance and power efficiency. This talk presents a MLIR-based data tiling and packing design for these NPUs that leads to optimized machine instructions. Specifically, it shows how we can derive and optimize how data flows through the array from high-level tiling decisions and how we can efficiently utilize a high degree of data packing by leveraging low-level DMA control and capabilities.

The SMB service in Ceph uses a Samba container to export the Cephfs volume using the vfs_ceph_new plugin. We hit a problem when scaling the number of client connection which results in resource exhaustion on the server host. This was determined to be caused by Samba's forking model and the way data is cached by libcephfs. This presentation delves deeper into the cause of this problem and the proposed solution - the multiplexing proxy.

Nix offers an alternative to the well-known container-based deployment flow, and can offer several benefits compared to those container-based deployments. However, it's not immediately obvious how you would use nix to deploy services on machines running Linux distributions other than the nix-native NixOS. To address this, we developed a tool called system-manager, which allows you to manage certain aspects of the system configuration of a Linux system using nix, while leaving others to be managed using the usual tools of the underlying distribution.

Accessing a Kubernetes cluster for the first time can be daunting. But that’s the price for testing Deployments, Volumes, and other Kubernetes objects, right? Nope. There is an easier way that doesn’t entail learning how to deploy a Kubernetes cluster.

One of the least-known commands of Podman is kube play, and it’s fantastic. It works as kubectl apply and supports the same objects but doesn’t need a Kubernetes cluster. It supports Pods, Deployments, Volumes, ConfigMaps, and many other Kubernetes resources and runs on Linux, macOS, and Windows. It has some additional features compared to kubectl, such as using local images.

This talk will discuss using kube play and its alter-ego kube generate to simplify Kubernetes’ first experiences.

Overview of a feature implementation in Collabora Online, building on LibreOffice Technology, where autotext and other presets and configuration data can be supplied both at an individual user level and at an organization level, via their wopi server, to a Collabora Online instance serving multiple organization tenants.

We'll introduce you to our project "Ethersync," a software and protocol for real-time collaboration. The goal is to make it feel like Etherpad, but for entire projects, on the local file system, and with Neovim, VS Code, or your other favorite text editors! We’ll talk about our vision, technical implementation, and the challenges we encountered along the way.

Collaborating with software like Etherpad or Hedgedoc feels a bit like magic: you can instantly see what others are typing. The downside is that you need to be online to access the content—since the document is on a server, it disappears as soon as you disconnect.

We’re working on an open-source software called "Ethersync" to bring real-time collaboration to the file system! We want to make it possible to write notes and documentation together, and we’re also considering use cases like pair programming—directly in Neovim, VS Code, or perhaps your favorite text editor soon. We’re following a "local-first" approach, ensuring you always have control over your data since it’s stored on your own hard drive.

In this talk, we’d like to explain our vision for this type of collaboration and show you our progress and current prototype. We’ll discuss some of the problems we’ve encountered and dive into the underlying technology (like Conflict-Free Replicating Data Types and Operational Transform).

Finally, we'll discuss how you can get involved: For example, we could use help developing plugins for more text editors! We'll go over the Ethersync protocol, and discuss how it could help interoperability between collaborative projects.

Most developers approach unit testing by manually defining specific examples to verify the expected behaviour. With this approach, catching all the edge cases can be tricky – or tedious.

Property-based testing offers an alternative, by emphasizing general properties or rules that should hold true across a wide range of inputs. By automatically generating test cases, property-based testing provides broader coverage and can uncover issues that are difficult to find with conventional techniques.

In this talk, we'll explore property-based testing, breaking down how it works and when to use it. We'll cover:

• Core principles of property-based testing and how it differs from example-based approaches.
• Practical techniques for identifying useful properties in various domains, including algorithms, data structures and APIs.
• Tools and libraries that enable property-based testing in popular programming languages.
• Real-world examples of how this approach has uncovered critical bugs and improved test coverage.

This session is designed for developers curious about expanding their testing toolbox. Whether you're new to property-based testing or looking for ways to apply it in your work, this talk will provide practical guidance and resources to help you get started.

LibreOfficeKit has new API to expose slideshow elements: content, animations, transitions and notes. Short story about composing the impressive 3D slideshows in WebGL directly in the browser.