What's Guix? GNU Guix is a software deployment tool that supports reproducible software deployment. As research results are increasingly the outcome of computational processes, software plays a central role. The ability to verify research results and to experiment with methodologies, core tenets of the scientific methods, requires reproducible software deployment.

What's Software Heritage? Software Heritage is a long term, non-profit, multistakeholder initiative with the ambitious goal to collect, preserve and share all source code publicly available. To our knowledge, Software Heritage is the largest publicly available archive of software source code.

Could we connect Guix with Software Heritage? Yes! It makes Guix the first free software distribution and tool backed by Software Heritage, to our knowledge.

This presentation describes design and implementation we came up and reports on the archival coverage for package source code with data collected over five years. It opens to some remaining challenges toward a better open and reproducible research.

Putting the pixels of LibreOffice into a browser window. With or without Qt. Asking for interaction.

Talk Summary This talk introduces a groundbreaking project aimed at creating a universal solution for scanner drivers across various Linux distributions. By leveraging Snaps and OCI containers, the ScaniVerse project enables the distribution-independent packaging of scanner drivers and applications. This approach enhances flexibility, reduces dependencies, and supports immutable operating systems. Attendees will gain insights into advanced techniques for integrating scanner and printer drivers, including the use of the PAPPL library for retrofitting legacy devices.

Project Description The ScaniVerse project is a pioneering initiative designed to streamline the installation and management of scanner drivers across different Linux distributions. By utilizing Snaps, the project enables the creation of distribution-independent packages, allowing scanner drivers to be easily installed on any system that supports snapd. Additionally, scanner applications can be containerized using OCI containers, facilitating their deployment on immutable operating systems. Key components of the project include the integration of scanner support into the PAPPL library, originally developed for printer applications. This integration supports multi-function devices and provides a unified driver format for both printers and scanners. The project also focuses on retrofitting legacy scanners to ensure continued support for older hardware.

Learning Outcomes for the Community Learning basics of how to package printer/scanner drivers in Snaps for easy installation on any distro supporting snapd. Gaining insights into separating scanning frontends from drivers, enhancing modularity and reducing dependencies. Explore how to package and deploy scanner applications in OCI containers for enhanced manageability and deployment on immutable systems. Understand the potential of eSCL and IPP scanning as standardised infrastructures, moving beyond the limitations of SANE. Discover methods to support legacy scanners using SANE and PAPPL-retrofit for a seamless transition to modern systems. Learn about establishing a common scanning infrastructure that simplifies development and maintenance, benefiting the entire ecosystem.

Traditional package updates using tools like RPM or Zypper can introduce risks, such as incomplete updates or accidentally breaking the running system. To overcome these challenges, we developed container-snap, a prototype plugin designed to deliver atomic OS updates—updates that are fully applied or rolled back without compromising the system's state.

container-snap leverages OCI images as the source for updates and integrates seamlessly with openSUSE’s tukit to enable transactional OS updates. By utilizing Podman’s btrfs storage driver, it creates btrfs subvolumes directly from OCI images, allowing systems to boot from the OCI image. This approach empowers users to construct their own OS images using familiar container image-building tools, like Docker or Buildah.

In this session, we’ll dive into: - The architecture and technical implementation of container-snap - Challenges encountered during development and how we resolved them - Key lessons learned along the way - A live demo showcasing container-snap in action

Come and join this session to learn more about how to boot from an OCI image without bricking your system!

CryptPad is an open-source and end-to-end encrypted collaborative office suite. Since its inception 10 years ago, it has been actively developed at XWiki to offer a unique combination of privacy and collaboration. In this talk I will summarise CryptPad's development to date, from a single-page prototype to a full-blown office suite. I will then give an overview of the progress made in the last year including: accessibility and mobile, performance improvements, cloud instances, and work on the OnlyOffice integration to name a few. Finally I will give a glimpse of things to expect in 2025.

While metrics provide valuable insights into system behavior, they often lack the detail to really understand the system. In this talk, we will explore how tracing techniques can complement metrics to provide a more detailed view of Ceph operations, enabling deeper analysis and troubleshooting.

The presentation will discuss current state of GRUB upstream development.

The satellites of the Sentinel family are Europe's eye in space – managed by the European Space Agency (ESA). They observe the earth continuously and collect enormous amounts of data that provide valuable insights into environmental, climatic, and geospatial changes. These data are used for various applications, including Land Use and Land Cover (LULC) mapping, environmental monitoring, disaster response, climate change analysis, and agricultural monitoring. The Copernicus Data Space Ecosystem makes these data freely available to users, along with tools for processing and analysis. It encourages researchers, developers, and organizations to use these products for various applications, from scientific studies to practical environmental monitoring solutions. These products include but are not limited to, Sentinel data, Digital Elevation Models (DEMs), mosaics, and service products like biophysical parameters such as FAPAR (Fraction of Absorbed Photosynthetically Active Radiation). In addition to these products, the ecosystem also provides a range of tools, including cloud-computing environments and APIs, to simplify and enhance the usability of Earth Observation data. In this session, we will explore how, in addition to freely available data, the Copernicus Data Space Ecosystem provides several open-source capabilities to simplify and enhance EO data usability. These include a cloud-computing environment like JupyterLab, a user-friendly Copernicus Browser for easy data exploration, and APIs like STAC and openEO for streamlined data access and integration. By offering these resources openly, the Copernicus Data Space Ecosystem supports a growing community of users, helping them turn satellite data into actionable knowledge to address global challenges.

LibreOffice Technology provides great engine for processing the documents with LibreOfficeKit. For more advanced usage in a user-friendly fashion the good UI is needed. JSDialog API provides way to interact with existing dialogs and build bespoke widgets for different platforms in the browser.

The Coconut community is actively developing the Secure VM Service Module (SVSM) to provide secure services and trusted device emulation for guest operating systems running in Confidential Virtual Machines (CVMs). Originally designed for AMD SEV-SNP, Coconut SVSM is evolving into a multi-platform solution, with ongoing efforts to integrate support for Intel TDX Partitioning.

This talk will dive into the current progress of Coconut SVSM, focusing on the emulation of devices such as the virtual Trusted Platform Module (vTPM), based on the reference implementation from the Trusted Computing Group (TCG). At this stage, the vTPM in Coconut SVSM is ephemeral, being re-manufactured with each boot. To unlock broader use cases, the community is working on introducing a persistent state for SVSM, enabling the vTPM to preserve its state across reboots. This enhancement will also allows us to support UEFI variable store to support Secure Boot.

Achieving this persistence requires storing encrypted state securely on the untrusted host, with early boot-time attestation to decrypt and validate the state. This process raises several technical challenges that we are actively tackling.

Join us to explore the latest progress in Coconut SVSM, the challenges we’ve overcome, and the exciting opportunities still ahead.

There are many ways to get container runtimes and Kubernetes on a node, all with their benefits and drawbacks. This talk will present shipping Kubernetes as a system extension with systemd-sysext – a self-contained, immutable, verifiable, distribution independent disk image. We’ll also look into automated in-place updates, both from the OS as well as the Kubernetes side.

The talk includes multiple live demos, from a single node deployment to cover sysext basics to a full-blown Kubernetes cluster deployed with ClusterAPI which we’ll then update live. While all demos will use Flatcar Container Linux - an immutable special purpose OS optimised for container workloads – the mechanisms demonstrated are distro independent and cloud be used on any Linux distribution.

The Torch-MLIR project [1] builds a bridge between the world of machine learning and the LLVM project by providing compiler support from the PyTorch ecosystem to the MLIR ecosystem. This short tutorial covers:

• The projects structure and how to build it
• The TorchOnnxToTorch conversion
• Decomposing complex ONNX
• Lowering from Torch to LinAlg and other lower level dialects

Furthermore, it is discussed how you can get involved and what opportunities especially exist for first time contributors to contribute (code) to the project.

[1] https://github.com/llvm/torch-mlir/

In this talk, I will present how to integrate the Nix package manager with Buck2, an open-source build system developed by Meta, to achieve highly granular and reproducible builds across different platforms.

By integrating Nix and Buck2, developers can benefit from Nix's robust package management and reproducible build environments, while also taking advantage of Buck2's scalable and efficient build system.

I will dive into the details of using remote execution services that support the Bazel remote execution protocol with Buck2 in conjunction with Nix's remote build capabilities and showcasing that using a sample project.

Everyone loves the terminal! It's simple, efficient, and fast — almost everything the web is not.

What if I told you it is possible to build terminal-like web applications with Rust and vice versa?

Join me in this talk, where we explore the future of the terminal and the web and how the Ratatui ecosystem is bringing these two worlds together. We will take a look at example Rust projects that achieved this, their implementation, and the challenges that we are facing.

Get ready to be visually impressed!

For FSF-copyrighted GNU packages, FSF insists on executing copyright assignments and employer disclaimers. These are designed to ensure steady and continuing enforcement of the GPL, as well as to serve other important purposes related to licensing and copyright management. The maintainers of some GNU packages would like to use a simple mechanism called "Developer Certificate of Origin" (DCO). It is hard, and some lawyers think it's even impossible, for a DCO to allow FSF to enforce the GPL. However, we at the FSF have once promised to accept DCOs and to draft a DCO that would best serve the needs of the free software community. We want to fulfill this promise after a broad discussion about issues surrounding copyright assignments: their importance, best approaches, and challenges in managing copyrights in free software projects.

Panelists will elaborate on the following questions: 1) How to ensure swift enforcement of the GPL? 2) How to protect free software against third party claims, including employers' copyright or patent claims? 3) How to enable swift relicensing or adding additional permissions, while protecting software against appropriation? 4) How to remove any challenges a contributor might encounter with the process?

Various blobs like PSCI provider or TEE are currently started between BootROM and the U-Boot bootloader. This has multiple downsides, the blobs are difficult to update and the blobs may configure the platform in a way that prevents U-Boot from accessing all system resources, thus making it less useful as a debug tool. This talk explains how to start U-Boot before most of the blobs, thus giving it full unrestricted access to the platform, and how to start the blobs from U-Boot afterward, so Linux can still access the services like PSCI provided by the blobs. Finally, the talk hints at how to perform a safe A/B update of the blobs.

Project link: https://www.u-boot.org/

Come to see a first prototype of a CRDT-based real-time distributed collaboration implementation - for being able to collaboratively comment on a Writer document, from a number of distributed LibreOffice instances (desktop, browser or cloud).

If you want to use Android for your custom project, then you are almost inevitably going to have to modify the platform code. Typical reasons include supporting specialised hardware, running dedicated system services and pre-installing system apps. AOSP, and some parts of the Board Support Packages, are open source, so what's stopping you just changing the bits you need to? Indeed, this is the standard development model for Android platforms: fork; modify; repeat. Of course, we all know that forking is bad but there isn't any choice, especially when it is so difficult up merge changes upstream

Well, maybe there is a choice, In this talk we will examine the problems created by simply forking Android, and we will look at various ways to make the process more maintainable. In particular we will look at using local_manifests, and at maintaining out of tree patches for AOSP. In the latter case, we will talk about the tooling required to track patch sets ("layers") and the dependencies between them.

We hope that this will spark a conversation in the community through which we can establish best practice for maintaining custom Android systems without forking

Ladybird is a brand-new browser & web engine. Driven by a web standards first approach, Ladybird aims to render the modern web with good performance, stability and security. Currently in heavy development, we take a quick look at its progress, architecture and challenges.

Mgmt is a cutting-edge, real-time, automation tool designed to be fast, safe, and revolutionary. Our goal wasn't just to replicate legacy tools but to surpass them-- and we believe we've done exactly that. Mgmt is now powering real production workloads, showcasing its potential to redefine what's possible in automation.

Empowering our users starts with great documentation! To achieve this, we aimed to minimize the time spent maintaining our docs while ensuring they stay perfectly in sync with the code. So we developed custom AST parsing code that automatically converts code into a structured data format. We then use a GoHugo templating system to publish it in a polished and user-friendly way.

All of this code is open source, making it available for others to use and benefit from! We'll also show how even a small project could do this.

I'll deliver live demos throughout, ensuring the concepts come to life.

You'll also get a glimpse of how mgmt can revolutionize your workflows-- it might just become your go-to tool for managing documentation pipelines!

For those who want a head start, check out our blog posts. Reading a few before the talk will provide a great background of the topic!

Mox is a relatively young modern, all-in-one mail server. One of its goals it making it easy to setup a mail server, and keeping it up to date. In this talk, we'll look at how mox helps with setting up and running a mail server. From the original quickstart with its environment checks, setting up initial DNS records and modifying them later on, notifying about new mox releases and installing them, to a future easier guided setup process and automatic DNS management.

In February 2024, Red Hat released an update to insights-core, a package providing host data for Red Hat Insights. It slipped through our testing and caused all SELinux-enabled systems to crash the service, stopping the hosts from reporting. Even though the patch was released two days later, we couldn’t fix the hosts ourselves, and had to figure out which customers are affected and how to even contact them. It was a big lesson to both engineering and management. We’d like to share this story with the public.

Achieving exactly-once semantics is a cornerstone of reliable event streaming systems, but the challenge magnifies when ensuring guarantees across the entire pipeline—from data ingestion in Apache Kafka to stateful processing in Apache Flink, and back to Kafka or another sink. In this talk, we’ll explore the intricacies of designing an end-to-end system that maintains data integrity and correctness without compromising on scalability.

We’ll dive into: * Kafka’s 2 phase commit transactional guarantees and how they align with Flink’s checkpointing mechanisms. * Flink 2 phase commit E2E protocol * Practical strategies to address challenges like fault tolerance, recovery, and latency trade-offs.

This session will explore the implementation of Flink and Kafka 2 phase commit(2PC), the magic files, coordinating it across two distributed systems and the challenges you will face in implementing exactly once event processing E2E in your systems.

Motivation

Computer Science curriculums often focus on theoretical lessons, such as how garbage collection (GC) works under the hood or the trade-offs between different GC designs. However, there is much less emphasis on how to write GC-aware code in languages like Go. This is surprising since most of these practices are language-agnostic.

This is a significant gap, especially given GC's impact on application performance. Profiling data from real-world applications consistently shows that a considerable amount of time is spent on memory allocation and GC-related activities.

This talk will be a practical session on writing memory-efficient code, supported by an understanding of Go's garbage collection and memory allocation internals.

The talk

Introduction

I will begin by discussing the motivation behind this talk and explaining why this topic is crucial, backed by empirical profiling data from real-world applications.

Essentials

Next, I’ll provide a high-level overview (a 10,000-foot view) of stack, heap, and GC concepts. This segment will be brief but necessary to establish a foundational understanding.

Main

• Walk through real code examples and demonstrate techniques for writing memory-efficient Go code, such as avoiding pointers, preventing overallocation of slices, minimizing the overuse of interfaces and generics and many more, clarify misconceptions about sync.Pool and leverage it effectively.

• Short Overview of Go's standard tooling for observing memory usage and GC behavior: memory profiler, benchmarking tools, escape analysis, GC configuration, execution tracer. Shed more light on less known/used tools like execution tracer.

Finish

Finish the talk by emphasizing that writing allocation-friendly code is crucial for maintaining application performance and should not be overlooked and a wrap-up.

Much of the advice given to Java programmers seeking efficiency is misleading or out of date.

This talk is a result of the author's experience trying making the Java Virtual Machine more efficient, but it isn't just for JVM engineers, it is also relevant to Java programmers. We will cover wide-issue processors, branch and memory-access prediction, and the way Java programmers can use tools to illuminate what is really going on inside a computer when it runs their programs.

If you're looking for a talk about huge memories or millions of threads, this isn't it. Rather, it's about how small details can have surprising effects.

Mechanical Sympathy is when you use a tool or system with an understanding of how it operates best. "You don't have to be an engineer to be be a racing driver, but you do have to have Mechanical Sympathy."

Project: https://github.com/openjdk/jdk

In a continuously changing IT world, not being able to adapt is the difference between yesterday's and tomorrow’s projects. Everybody wants the benefits of changes, but nobody wants to endorse its associated risk. From dev to ops, I’ll share why we created Updatecli, an open-source declarative dependency manager. How automation helps us to anticipate, and fix early, our day-to-day challenges, and where the traps lie.

This presentation aims at presenting a fully open-source pipeline to extract, curate, and explore web archives, a captive data source whose access is restricted. Its purpose is to detail both the technical pipeline and the socio-institutional setting that made it possible to emerge, highlighting the challenges of developing open tools for closed sources.

The French web archives is an institutional repository of data maintained by the French National Library (BnF). It contains more than 2 petabytes of data spanning over close to 30 years, which accounts to more than 50 billion web pages. Access to this data is restricted under the heritage and legal deposit law: academic researchers willing to work on web archives as data are expected to submit research projects that, upon a formal or informal agreement, will enable them to access this data. But what then? Building the methodological means to pursue epistemological goals in that context is particularly challenging. Web archivists do provide toolkits for exploration. Recent initiatives have scaled up the effort to make these sources more accessible. The RESPADON project has successfully managed to build a “captive web archive” capacity into the Hyphe software, and in doing so has opened a new way into developing tools for such data.

In this presentation, we will present a new solution to extensively study, at the qualitative level, specific topics in the full-text indexed collections of the French web archives. Built around the PANDORÆ software, this pipeline has been designed to interrogate the captive data source on site, but also extract relevant metadata in a compliant manner to enable its exploration off-site, while ensuring reproducibility by publishing the code. In doing so, this pipeline provides an up-to-date example of the “one-way mirror” situation of building open tools that are fit to operate on closed data sources.

Have you ever wondered why people get involved in community work? If you think it's just about networking, think again! Let's talk about the deeper motivations rooted in our brains: from fast and slow thinking to the role of the amygdala, our basic human needs, and the impact of collective loneliness on society.

As confidential computing continues to gain importance, AMD SEV-SNP has matured within the open-source community. This session will provide an overview, from the OVMF perspective, of how it integrates with QEMU and the Linux Kernel to encrypt memory and safeguard memory security in a virtualized environment. The session is open to UEFI developers as well as virtualization, kernel, and security developers. Attendees will gain insights into how AMD SEV-SNP in confidential computing protects systems in virtualized environments, the latest upstream development progress, and an analysis of the protections it offers. The session will also address whether these protections are adequate and if there is a need to adopt this technology.

Many processes are packed with document generation, and forms of various types, from applications to contracts. Come and hear how new APIs built on LibreOffice Technoloy provided by Collabora Online can make building complex documents easier. From populating fields, to making richer templates, to tweaking chart data, our new Automatic Document REST APIs here enable powerful document interaction - both creation and extraction of data with a simple JSON based API.

Whether you want to extract data from docx files, generate richer templates for subsequent editing, or enable powerful electronic signature functionality - have we got an API for you!?

Come and hear how to use and improve it.

If you are processing and storing sensitive data in the cloud, can you really trust anyone (including the cloud)? The answer is no. Confidential Containers (CoCo) is a CNCF project that leverages Trusted Execution Environments (TEEs) to tackle this challenge. A critical aspect in this effort is providing secure and confidential storage solutions that can be seamlessly deployed across cloud providers.

This session explores the implementation of trusted storage in CoCo, highlighting key aspects such as Kubernetes storage drivers, device virtualization, and the role of attestation in secure key release and data encryption. We also demonstrate how we prevent attackers from injecting data into the TEE using the CNCF Rego policy language.

Overall, we aim to show how cloud providers and end users can securely store and protect sensitive data, enabling the adoption of confidential computing across numerous use cases.

Validating low-level firmware presents unique technical challenges, from automating hardware control operations to testing interactive UEFI firmware menus. In this presentation, we delve into how the Dasharo Open Source Firmware Validation (OSFV) project uses Robot Framework, an open-source automation tool, to address these complexities.

Drawing from years of firmware development experience across diverse hardware platforms ranging from network appliances to workstations we will showcase how OSFV tackles: - automating hardware interactions such as GPIO toggling, UART communication, power control, video output capture, USB devices simluation, and more, on a wide variety of hardware platforms, - testing dynamic and interactive firmware interfaces, including menu navigation and switching configuration options, - managing the variability of real-world hardware environments to ensure repeatable and reliable test execution.

Not everything needs to become a string! At least not so fast. Don't lose your typing information when building templates for Django, Flask, FastAPI or even without any framework.

With htpy you can write templates just like you write Python, including full support for mypy or pyright checks.

I will show you how to get started with htpy and show you some patterns that make your components reusable and typesafe.

The Ryzen AI NPUs consist of an array of vector processors and programmable interconnect to allow granular control of compute and data movement to achieve high performance and power efficiency. This talk presents a MLIR-based data tiling and packing design for these NPUs that leads to optimized machine instructions. Specifically, it shows how we can derive and optimize how data flows through the array from high-level tiling decisions and how we can efficiently utilize a high degree of data packing by leveraging low-level DMA control and capabilities.

Nix offers an alternative to the well-known container-based deployment flow, and can offer several benefits compared to those container-based deployments. However, it's not immediately obvious how you would use nix to deploy services on machines running Linux distributions other than the nix-native NixOS. To address this, we developed a tool called system-manager, which allows you to manage certain aspects of the system configuration of a Linux system using nix, while leaving others to be managed using the usual tools of the underlying distribution.

Accessing a Kubernetes cluster for the first time can be daunting. But that’s the price for testing Deployments, Volumes, and other Kubernetes objects, right? Nope. There is an easier way that doesn’t entail learning how to deploy a Kubernetes cluster.

One of the least-known commands of Podman is kube play, and it’s fantastic. It works as kubectl apply and supports the same objects but doesn’t need a Kubernetes cluster. It supports Pods, Deployments, Volumes, ConfigMaps, and many other Kubernetes resources and runs on Linux, macOS, and Windows. It has some additional features compared to kubectl, such as using local images.

This talk will discuss using kube play and its alter-ego kube generate to simplify Kubernetes’ first experiences.

Overview of a feature implementation in Collabora Online, building on LibreOffice Technology, where autotext and other presets and configuration data can be supplied both at an individual user level and at an organization level, via their wopi server, to a Collabora Online instance serving multiple organization tenants.

We'll introduce you to our project "Ethersync," a software and protocol for real-time collaboration. The goal is to make it feel like Etherpad, but for entire projects, on the local file system, and with Neovim, VS Code, or your other favorite text editors! We’ll talk about our vision, technical implementation, and the challenges we encountered along the way.

Collaborating with software like Etherpad or Hedgedoc feels a bit like magic: you can instantly see what others are typing. The downside is that you need to be online to access the content—since the document is on a server, it disappears as soon as you disconnect.

We’re working on an open-source software called "Ethersync" to bring real-time collaboration to the file system! We want to make it possible to write notes and documentation together, and we’re also considering use cases like pair programming—directly in Neovim, VS Code, or perhaps your favorite text editor soon. We’re following a "local-first" approach, ensuring you always have control over your data since it’s stored on your own hard drive.

In this talk, we’d like to explain our vision for this type of collaboration and show you our progress and current prototype. We’ll discuss some of the problems we’ve encountered and dive into the underlying technology (like Conflict-Free Replicating Data Types and Operational Transform).

Finally, we'll discuss how you can get involved: For example, we could use help developing plugins for more text editors! We'll go over the Ethersync protocol, and discuss how it could help interoperability between collaborative projects.