In this presentation we will review recent security audits of the Bhyve and Capsicum subsystems, lessons learned, how this work was funded, and how it's having a lasting impact on the security culture of FreeBSD.

Open Source thrives on the diversity of its global contributors, which has driven the creation of some of the most inclusive practices in the industry. Yet, nearly 80% of the global tech community remains underrepresented and faces numerous inclusivity barriers beyond just language. In this session, we'll see how open-source organizations have harnessed their diverse voices to craft a community that includes all identities, gender representations, and multilingual accessibility. By the end of this session, attendees will gain practical insights to implement these inclusive standards in their work, ensuring their community is welcoming and accessible to all.

This session highlights a critical issue in the tech industry - THE LACK OF INCLUSIVITY. While this problem spans multiple sectors, we will focus specifically on community practices. We'll explore how language barriers, gender biases, and accessibility gaps have historically excluded many from fully engaging with Community. We'll also look at how some of the most successful open-source communities, such as Kubernetes, and Django have faced inclusivity challenges before, how they have tackled them head-on, and what we can learn from their experiences.

This session is also to hear the voices of those who have faced issues and could share their experiences. So We can get more ideas and as an Open Source, be more inclusive.

The Digital Markets Act mandates that mobile gatekeepers open their device operating systems to competing app stores. This affects the landscape of app distribution on iOS and Android and has brought about a variety of different compliance efforts, most of which have been found lacking by regulators thus far. The law is important for Free Software, as its obligations grant smaller Free Software projects the rights to demand access to gatekeepers' infrastructure like enabling alternative app store, sideloading and un-installation of software and interoperability with operating systems.

This talk will outline the current state of compliance efforts on the part of Apple and iOS, the primary areas where they are deemed insufficient, and how they effectively block any marketplace from emerging as a viable source of FOSS software distribution for the iPhone and iPad. Financial preconditions, ongoing fees, enforced DRM, centralized notarization app review, and other factors all conspire together to maintain the status quo of monopolistic control over the app marketplace on these devices.

The App Fair Project (appfair.org) is a non-profit charity with the mission of creating an app marketplace for the distribution of digital public goods in the form of free and open-source mobile applications. We have been active in the various workshops and working groups that have examined the DMA compliance efforts on the part of the mobile OS gatekeepers, and have provided technical advice and expertise to groups such as the Free Software Foundation Europe (FSFE) and the NGI TALER project.

The GPIO sysfs interface for user space has been deprecated for many years. Its alternative, the GPIO character device and the associated libgpiod project, has been available since 2017. The library, along with its numerous bindings, has become the de facto standard tool for interacting with GPIOs from user space. Recently, it was supplemented by a D-Bus API and a reference implementation, addressing the long-standing issue of maintaining GPIO state persistence across different processes.

The sysfs interface is the primary user of the global GPIO number space in the kernel. Unlike other legacy components of the GPIO codebase, we cannot remove it without user space agreeing to stop using it. However, there remains a group of users who, for various reasons, refuse to migrate to the new uAPI. It has become evident that, without providing them with a 100% compatible experience, we will be stuck with the old interface indefinitely.

To address this, the latest addition to the family of user-space GPIO utilities is gpiod-sysfs-proxy[1] - a libfuse-based user-space compatibility layer for the GPIO sysfs interface under /sys/class/gpio, using libgpiod to talk to the kernel.

This talk will cover why we aim to remove /sys/class/gpio (along with the in-kernel legacy APIs), progress made so far, an introduction to gpiod-sysfs-proxy and the libgpiod D-Bus API, and a discussion of future plans.

[1] https://github.com/brgl/gpiod-sysfs-proxy

Join us for a comprehensive review of the newest features and innovations in OpenProject, developed over the past year. This session will explore key updates, including enhancements to project portfolio management, deeper integration with the openDesk application bundle, and the exciting progress of a mobile app spike. Discover how these developments empower teams to collaborate more effectively, manage projects with greater precision, and streamline workflows. Whether you’re a long-time user or new to OpenProject, this talk will offer valuable insights into how the platform continues to evolve and create value.

Historically, Firefox has relied on the getaddrinfo API for DNS resolution on most platforms. However, due to inherent limitations — such as the missing Time-To-Live (TTL) information — we sometimes had to resort to alternative APIs like DNSQuery_A on Windows. When implementing DNS over HTTPS (DoH), we developed our own DNS parser, which allowed Firefox to also resolve TXT and HTTPS records. But DoH isn't available to all our users. With HTTPS records becoming increasingly important, we decided to resolve HTTPS queries using system APIs like DNSQuery_A, res_query, res_nquery, and android_res_query, with the expectation that this would cover all supported platforms. This talk will delve into the lessons learned from this journey and explain why these platform specific APIs often fall short of expectations.

The AT Protocol aka @proto is a protocol designed for decentralized social applications, the inaugural example being Bluesky - a social network application.

If you're developing with @proto or for Bluesky, join to meet others doing the same.

Learn more at:

• https://atproto.com/
• https://bsky.app/
• https://bsky.social/
• https://atprotocol.dev/
• https://lexicon.community

You can sign up at https://lu.ma/7a0p68nw to be notified about this and other @proto events around FOSDEM.

In a previous FOSDEM I described the selfish contributor:

https://archive.fosdem.org/2020/schedule/event/selfish_contributor/

Which is the archetypal scratching your own itch contribution. The original talk mostly focussed on how to deal with corporations, which tend to act rationally and are usually persuadable. In this talk I'd like to look at individuals and their motivations and how their selfish motivations can be harnessed efficiently.

By now everyone has heard the phrase "toxic individualism" which simply means putting your rights and needs over that of the community. Many Codes of Conduct try to characterize this behaviour and that, in turn, can lead to a general fear because many actions of a selfish contributor could be classified as toxic behaviour because under this definition, every non-altruistic action (even scratching your own itch) could fit the definition. One would think therefore that successful and vibrant communities must be tolerant of some form toxic behaviour to avoid driving away potential contributions, but that isn't true either. What actually happens is that successful communities evolve strategies for harnessing what would otherwise become toxic behaviours to serve the community.

This talk will explore how conditions arise in a community for harnessing selfish impulses to the good of the community. Sometimes it can be community processes, but most often it is people who spot the issue and help mediate a solution which benefits both the contributor and the community at large. This talk will also explore what those skills are and how to develop them and also touch on how, even in the best communities, those mechanisms can fail and give some hints for recognizing when this has happened and what to do about it.

SBOMs are in the limelight now as the silver bullet for many things - open source license compliance, vulnerability management, copyright management and the path towards a healthy, secure and CRA-certified happy state of a binary life. But behind all this marketing and makeup is a fairly simple syntax and a lot of missing pieces in the puzzle. Let’s dive into the SBOM lifestyle together and look at the current status, the hopes and the vision for a toolset with less hype, but more real benefits for compliance, developers, product managers, with a chance of being a workhorse in risk management as well as the automatic vulnerability management toolchain. Help us make the SBOM dream come true, listen to the talk and then walk the SBOM walk!

Welcome to the GCC (GNU Toolchain) devroom from the organizers.

The OpenSIPS Community Editions are the community effort to produce real-life SIP solutions (as platforms) already configured to fulfill precise SIP scenarios. OpenSIPS based solutions – acting as SoftSwitch or SBC – that are ready to use and simple to deploy.

This presentation offers a detailed look at the OpenSIPS Community Edition projects, exploring their capabilities, current status, and development roadmaps. It delves into the innovative ideas driving these projects and emphasizes the critical role of the open-source community in their evolution. To conclude, a brief showcase using Docker Compose will effectively demonstrate the practical utility of the OpenSIPS Community Edition projects.

eBPF is a big and complicated topic. For years it was common that the people using and writing eBPF programs were also the people involved in the development of eBPF. Those days are somewhat behind us now, eBPF is more popular than ever, and the number of non-kernel experts wanting to use eBPF is growing rapidly.

A lot of new people means a lot of learning to be done. There is a small but strong community of people to talk to, if you know how to find them. The internet is full of outdated articles that have aged like milk. The kernel has docs for a handful of subjects and man pages that are correct for some kernel versions but not others.

I started the eBPF docs project about two years ago out of frustration for the lack of comprehensive documentation. These docs are now hosted at docs.ebpf.io. Lets take a look at the state of these docs, what it took to get here and where they are going next.

Swift isn’t just for Apple platforms; there is something for all in this great open source general purpose programming language.

In this community welcome message, Paris Pittman, a member of the Swift Core Team, will provide an ecosystem overview. We’ll touch on milestones that we’ve achieved together and some of the up and coming work on our plates. And the best part - you can join us in the journey! Paris will detail out how you can plug in, no matter your platform of choice.

In recent years DMARC has become one of the cornerstones of email deliverability. A large part of email is now protected by the combined efforts of SPF, DKIM and DMARC checks. However, the secret weapons of DMARC which are hardly used are its reports. Along with respecting the policy set by an email sender, the recipient also actively acknowledges how many emails have been sent, from which IP addresses and why some of them have been delivered and others not. This reporting is done by providing a xml file inside a zip attached to an email, which makes it rather hard to digest for humans. Imagine what happens if you get such a report every day for every internet domain you, all of your colleagues and anybody spoofing you send emails to...

Obviously this calls for a tool. Interestingly, even though DMARC is almost a decade old, no good FOSS tool was ever developed. This is why DMARCaroni was created: free and open source software (written in Haskell and Elm) to deliver all your DMARC monitoring needs. In this talk I will unveil this new tool which I wrote in the last 18 months, show off its features, and talk about the roadmap.

Welcome session for the Cloud Native Databases devroom

While much of the fediverse has historically focused on microblogging, we've built an open source, federated blogging platform called WriteFreely that enables publishing long-form content to the social web.

In this talk, I'll show how WriteFreely works, and discuss how we integrated ActivityPub into our existing software (written in Go) to give writers a new way to socialize on the open web. I'll share lessons learned from this process, and discuss some ideas for supporting new content forms (like long-form Articles) into the wider fediverse.

A five minute introduction to the dev room.

SSH keys are an important part of system administration as they give access to remote systems. While openssh supports the PKCS11 interface, and yubikeys through the sk key types, they introduce challenges such as acquiring additional hardware, or introducing external code into sensitive processes. TPM are widely available hardware devices that allows key creating, signing and encryption operations on a separate hardware, however they do not have native supported by the openssh, and similar projects.

ssh-tpm-agent implements support for TPM wrapped SSH keys through the ssh agent interface. This allows a clear process separation for the keys, while ensuring no new support is required in the openssh project. The agent has support for RSA and ECDSA keys, while also having additional features like host keys, proxy support for additional agents, wrapping of existing keys and import of remotely created keys.

In this talk we will take a look at how the agent works, how the TPM is capable of preventing key extraction, and the other features available in the agent.

This talk will serve as a welcome and introduction to the Microkernel and Component-Based OS devroom. We will quickly go over the rules and expectations of the devroom, as well as introducing you to the devroom managers and answering general questions.

I will talk about implementing Elvish (https://elv.sh), a modern shell with Go. I will cover the following topics:

• An introduction to Elvish, including how to integrate it with Go-based tools for real-world scripting use cases
• How Go makes it easy to implement Elvish, such as pipeline semantics, standard library
• Testing strategy of Elvish as a case study of testing complex Go projects - Elvish has a test coverage of 92% and increasing, uses both unit tests, end-to-end tests and fuzzing

JRuby has been one of the largest consumers of invokeddynamic and method handles since they were introduced in Java 7. With the release of JRuby 10, we have upgraded our minimum Java to 21, and implemented many new optimizations. This talk will survey how JRuby uses invoke dynamic to compile and optimize Ruby code on the JVM.

Landlock is an unprivileged access control designed to create security sandboxes (i.e. Landlock domains). We are working on observability interfaces to identify the cause of denied requests, which require logging (audit) and a dedicated user space interface to get information about Landlock domains.

In this talk, we'll explain the challenges to tie log entries with running processes and their properties, considering the unprivileged approach of Landlock. This led us to create a new kind of ID to tie processes to Landlock domains. We are now working on a new user space interface to safely get information about these Landlock domains. Thanks to its flexibility, Landlock could be leveraged by container runtimes to better isolate processes and now also to cleanly identify them. We'll talk about the container labels/IDs challenges, how Landlock could help, and the potential limitations.

Modern, distributed systems are complex and present numerous challenges: concurrency, process crashes, message loss, duplication, or reordering.

How can developers confidently test distributed systems instead of continuously dreading the next hard-to-catch and hard-to-reproduce Heisenbug?

Deterministic Simulation Testing is a powerful testing technique that eliminates uncertainty－or rather non-determinism－and ensures that your system is tested exhaustively and every single test is reproducible.

Using a systems modeling approach, we will accurately and concisely discuss Deterministic Simulation Testing. In addition, we will explore real-world implementation of this technique in production in projects such as FoundationDB, TigerBeetle, and Resonate.

Gain actionable insights for crafting your own Deterministic Simulation Testing strategy. Confidently open Schrödinger's Box of testing in distributed systems.

This presentation introduces Active Tigger, an open-source research tool designed to accelerate collaborative text annotation in the social sciences.

The increasing use of text-as-data in social science research has created a pressing need for efficient annotation tools. While small datasets can be manually annotated, the exponential growth in available textual data (e.g., from newspapers and social media) demands solutions that enable collaborative annotation and automation. Moreover, the emergence of generative AI and large language models (LLMs) has highlighted the importance of robust corpus annotation practices, particularly for evaluating prompt-engineered outputs from LLM-as-a-service platforms like OpenAI or Hugging Face.

To address these challenges, we created an annotation platform, Active Tigger. A first version was developed in 2022 using R and RShiny (J. Boelaert, GitLab Repository). This tool embeds several annotation heuristics, including active learning—iteratively predicting and selecting annotations to maximize training quality—to help researchers build training datasets in order to fine-tuning encoder models. The tool quickly became integral to the research team's activities and beyond, which incited us to develop of a second, more robust version.

The current iteration of Active Tigger, built with a Python-based API and a React frontend, introduces enhanced flexibility and scalability. It supports collaborative workflows, accommodates a broader range of use cases, and is now in beta testing, with early adopters exploring its potential.

This presentation will cover three key aspects:

The journey of Active Tigger: From addressing specific social science needs to adapting to the evolving landscape of LLMs. Showcase: Demonstrating the annotation workflow using active learning and BERT fine-tuning. Future directions: Exploring the tool's evolution in the context of widespread LLM availability, discussing the trade-offs between focusing on specialized tasks and enabling broader applications.

Github repository of Active Tigger : https://github.com/emilienschultz/activetigger

GCC is the lifeblood which powers continued development for many legacy and niche processors, such as the Hitachi SH4, found in the Sega Dreamcast. See how far a group of retro game developers, reverse engineers, and language enthusiasts are able to push the console, armed with the latest version of the GNU Toolchain, taking a deep-dive through community-driven ports to the platform, such as Super Mario 64, Sonic Mania, Doom 64, and Grand Theft Auto 3.

Cloud Native databases architecture has evolved to leverage the elasticity, reliability and scalability available in the cloud. There is a growing trend to leverage object storage systems such as AWS S3 for architecting cost-effective, performant and scalable systems. S3 is a large-scale, high throughput key-value storage system, which it trades for a slightly higher latency. In this session we will present techniques used to leverage S3 for a low latency scalable distributed SQL database, in particular how to get around S3’s high latency by leveraging a novel new LSM Cloud Storage Engine that uses EBS as a cache to lower latency.

The basic foundations of the HelenOS project as we know it today have been laid in late 2004 and early 2005. This 20th anniversary is an opportunity not only for the usual status update talk about the recent developments and near future plans, but also a great opportunity to look at the bigger picture.

While the first 5 years of HelenOS were exploratory and the next 10 years were defined by dynamic expansion on all fronts by more than 80 individual contributors, the last 5 years could be fairly described as maintenance with much less activity.

HelenOS is alive and well, but there are no longer any low-hanging fruits in terms of major subsystems or frameworks missing. There is obviously still a sheer amount of individual hardware devices, file systems, standard APIs and polished features that could be supported or implemented, but that is clearly a less rewarding endeavor for potential contributors than working on the major building blocks like before.

Are there generic lessons to be learned from the story of HelenOS? Is every community-driven non-mainstream OS destined to end up in this "serene valley"? How do we plan to get out of it? The goal of this talk is to discuss these questions.

Ever wondered what it's like to maintain open source projects full-time?

In this talk, I'll share my journey from hobbyist to full-time open source maintainer, offering insight into the challenges and rewards of turning passion projects into a career.

Join me as I walk you through my journey, motivation, challenges, and tips for:

• Building a community around your open source project
• Increasing visibility and attracting contributors
• Navigating social media and livestreaming to grow your audience

And more! Along the way, I'll share insights from other maintainers, highlighting what works and what doesn't.

Blood, sweat, and code — it's all here, for the love of open source!

You can run anything on open source software, even a big conference. But have you ever tried running a theatre show with free and open software? Turns out you can. For the last five years, I have been running the technical side of a local theatre company with only free and open source software. Come to my talk to hear how we did it, what software we use(d) (and why), and what kind of bumps we hit.

We use open source software for the entire process, from preparation (writing the script, holding meetings), to ticket sales, our website, seat planning, audio mixing and broadcasting, video broadcasting and programming the lights. No closed source software is used in the process. An added challenge is that neither the theatre group, nor the public, are a technical audience or are aware what open source software is.

If you ever want to assist your local theatre group (do, they really can use technical people who don’t want to be on stage), come and listen!

Internet of Things (IoT) connects everyday devices, from sensors to smart home gadgets, with apps that control and monitor them. Building these systems requires programming languages that can work seamlessly across both embedded devices and applications. Swift has been great with C and C++ interoperability, but the introduction of Embedded Swift has brought this to a new level.

With Swift, we can now program embedded systems with low-power sensors and small memory footprints, while also taking advantage of Swift’s simplicity and safety to create interfaces that integrate seamlessly with high-level UI code.

This talk explores why Swift is the next big thing for IoT, demonstrating how it bridges the gap between embedded systems and user-interfacing Swift apps. You’ll learn why Swift’s expressive syntax, interoperability, and cross-platform capabilities simplify development for IoT.

When browsers load a Web page and its subresources, A LOT happens under the hood. They need to take into account render/parsing blocking resources, use a preload scanner, listen to resource hints (like preload/preconnect), loading modifiers (async/defer/module), fetchpriority, responsive images, and much more. Based on all those signals, they then need to somehow decide when to load which resources, to make optimal use of the modern HTTP/2 and HTTP/3 connections. And, as you might have guessed, none of the browsers do this in quite the same way (understatement alert!). Several even intentionally delay requesting some resources until others have been downloaded (shocked face emoji here).

This talk is a deep dive into how browsers decide when to load a specific resource, and some ways in which you can influence them to modify their behaviour (so you can make sure that important LCP image is definitely one of the first things to come in!). We will look at A LOT of different waterfalls and discuss why each looks the way it does, why browsers often make different decisions, and how to solve common problems (no, don’t just preload everything with fetchpriority=high, you monster!).

You will walk away with a deeper understanding of what happens under the hood, which will allow you to better deal with the various gotchas and quirks present in today’s browsers and resource loading features.

User authentication in real-time communication systems using SIP (Session Initiation Protocol) is evolving with the adoption of OAuth 2.0, as outlined in RFC 8898, published by the IETF in 2020. This protocol secures user access through authentication tokens (instead of traditional methods like Digest). This "Single Sign-On" approach allows for the use of a unified identity verification source across the entire information system, and is now being extended to VoIP. In this conference, we will explore how OAuth 2.0 and OpenID Connect are integrated into a modern SIP environment, with a focus on managing and validating access tokens. To illustrate this, we will use our Flexisip server solution.

Key Topics: - OAuth 2.0 and OpenID Connect: Introduction and benefits for authentication in modern SIP systems. - JWT for Authentication: Token signature validation and extracting user identity. - Integration in Flexisip: Demonstration of OAuth-based authentication with Flexisip, and token validation in a SIP environment. - Authorization Management: Controlling requests based on identity information extracted from access tokens.

This conference will provide an overview of how to implement and secure user authentication with OAuth 2.0 and JWT in a SIP server, using Flexisip as a concrete example.

Systematic literature reviews are essential for evidence-based research, but they are often slow and require a lot of effort. Motivated by the potential of Retrieval-Augmented Generation (RAG) technology, our team from Georgia Tech's Master in Computer Science program, with early guidance from researchers at Robert Gordon University, created PICO Scholar. This AI-powered platform helps researchers by turning their queries into embeddings, matching them with a semantic vector database, and pulling out important research details—Population, Intervention, Comparison, Outcome (PICO). It ranks relevant studies and offers a chatbot powered by RAG for exploring documents more deeply. Future updates aim to add features for real-time collaboration, making it easier for teams to work together on reviewing literature.

PICO Scholar uses a solid microservices setup with Red Hat OpenShift AI, boosted by Intel’s OpenVINO toolkit. It runs models like SciBERT for embeddings and TinyLlama for generating text, managed by ModelMesh. LlamaIndex organizes embeddings into a TiDB VectorStore for smarter searches, and fine-tuned adapters improve accuracy for specific fields. MinIO S3 supports smooth model storage, and the platform’s microservice design makes it scalable and resource-efficient.

What makes PICO Scholar stand out is not just its technology but its focus on community and collaboration. Built during two hackathons - including a 2nd place win at the Red Hat & Intel AI Hackathon - with changing team members and diverse skills, the project follows open-source principles, encouraging contributions from all backgrounds. Our goal is to make powerful research tools accessible to everyone, helping researchers worldwide speed up discoveries. By continuing to improve PICO Scholar, we hope to support the scientific community and build a platform that grows and evolves to meet its needs.

PICO Scholar GitHub repository

Our efforts to develop a complete Rust-based software stack for secure, cloud-native applications on the emerging RISC-V architecture. Despite the unavailability of current-generation hardware with H Extensions, Advanced Interrupt Architecture (AIA), and IOMMU support, we are proactively building and testing our stack in preparation for future hardware releases. Centered around the rust-vmm framework, we enable lightweight hypervisors like Dragonball, StratoVirt, Cloud-Hypervisor, and Firecracker—all designed to provide high performance, strong isolation, and virtualization-based security. Integrating these hypervisors with Kata Containers, we explore virtualization-based isolation of containerized workloads on RISC-V. By simulating hardware environments and leveraging forward-compatible software designs, we aim to be fully prepared for the introduction of real RISC-V hardware that meets RVA23 standard and RISC-V Server Platform specification, ensuring a seamless deployment path for confidential computing and secure cloud-native platforms.

Supporting modern smartphones on mainline Linux is getting easier by the year; it's now possible to get a lot of hardware working with fairly minimal effort or issues.

But what do we do for the parts which are not easy, the bits where you as a developer get stuck? Users of mobile phones expect everything to work, but the closer we get to that the more issues become apparent which are not just missing feature bringup.

We've managed to get 80% of the way, so let's talk about what's missing to get the remaining 20% to work and actually make phones mostly feature complete from a kernel perspective.

CERN (European Organization for Nuclear Research) is one of the world's largest and most respected centres for scientific research. It is home to the world's largest particle accelerator (Large Hadron Collider, LHC) and is the birthplace of the Web.

CERN's Storage and Data Management Group is responsible for enabling data storage and access for the CERN laboratory, in particular the long-term archival, preservation and distribution of LHC data to a worldwide scientific community (WLCG).

The CERN Tape Archive (CTA) Service manages more than 900 PBs of data distributes over about 50,000 high-capacity tapes in 6 tape libraries. The service ingests this exponentially growing amount of data at LHC data acquisition rates though its EOS based flash buffer and feeds up to 180 tape drives that write date on mounted tapes at over 90% write efficiency.

This high efficiency archival service runs on open-source software and is deployed on-premise on commodity hardware.

In this talk I would like to give you a high level view of the global CERN tape service performances and dive in the details of its real life deployment: from the flash buffer design principles to the tape servers connected to multiple tape drives via a dedicated network topology.

All of the presented software are open source and available for use and are deployed in other laboratories around the world.

We present bpftrace [1], a tracing tool for Linux based on eBPF which comes with a simple domain-specific language, "bpfscript". The language offers a convenient way to write eBPF tracing programs, without the need to dive deep into the complexities of eBPF. This makes bpftrace suitable as the entry point into the eBPF world. In addition, the terse nature of the language facilitates on-the-fly writing of very powerful short programs (so-called "one-liners") specifically tailored at the user's immediate tracing purposes.

Where bpftrace has struggled in the past, is writing complex tools which are intended to run and be maintained for a prolonged period of time. This has recently started to change with the introduction of many new bpfscript features such as variable and type declarations, user-defined functions, and more.

Ultimately, our goal is to make bpftrace the number one choice for most tracing tasks on Linux. In this talk, I will guide you through our way to achieve that - the current state of the project, the latest significant additions, and the planned future work.

No prior knowledge of eBPF or bpftrace is required for this talk. A basic understanding or a prior experience with Linux tracing is helpful.

[1] https://github.com/bpftrace/bpftrace/

I’ll show you exactly how I’ve secured my home network to protect my kids from inappropriate content using open-source tools: OPNsense and Pi-hole. By combining OPNsense's firewall features with Pi-hole’s DNS filtering, I’ve built a family-friendly setup that blocks explicit content at the network level. I’ll guide you through my configuration process, including the blocklists, DNS settings, and monitoring tools I use to keep an eye on network activity and ensure everything stays secure. You’ll get practical tips for creating a kid-safe environment without sacrificing privacy. If you want a DIY solution for content filtering and monitoring, this talk is for you.

Discover how the Rust programming language and the ROS 2 framework are transforming robotics development in this talk. Participants will dive into the fundamentals of the ROS2 Rust package https://github.com/ros2-rust/ros2_rust. The session will highlight Rust's performance and safety benefits, its integration with ROS 2 for robotic systems, and practical implementation techniques. Through guided exercises, attendees will learn how to program and control a quadruped robot using Rust within the ROS 2 framework, gaining insights into the challenges of robotic systems and how this powerful combination addresses them effectively. This talk is ideal for developers looking to enhance their robotics expertise using a modern programming language and a robust middleware. Whether you're new to Rust, ROS 2, or seeking to deepen your robotics knowledge, this session offers a unique opportunity to build robust and efficient systems for the robots of tomorrow.

Sampling from multidimensional distributions is a fundamental operation that plays a crucial role across sciences including modern machine learning and data science. An impressive number of important problems such as optimization and integration can be efficiently solved via sampling.

This talk is an introductory tutorial on open-source software volesti, a C++ package with R and Python interfaces. volesti offers efficient implementations of state-of-the-art algorithms for sampling as well as volume computation of convex sets in high dimensions. volesti provides the most efficient implementations for sampling and volume to date allowing users to solve problems that cannot be solved with alternative software packages.

The structure of the talk has two parts: first an introduction to volesti library and relevant background and second a tutorial that shows how volesti can be used with a focus on applications in artificial intelligence, finance and bioinformatics.

The EU Digital Markets Act is a law regulating the economic power of very large technology companies. The law includes several obligations to tackle unfair practices and improve market contestability addressed at companies considered "gatekeepers" of digital markets in the EU.

The DMA creates new opportunities impacting Free Software, like the obligations to allow alternative app stores, the prohibition of non-removable pre-installed software, the enabling of side-loading of software in devices, and interoperability rules regarding software and hardware.

The European Commission is the main authority responsible for implementing and oversight the DMA. The Commission has been investigating companies like Apple, Google and Meta due to their behaviour and practices.

This fireside chat will provide the audience the opportunity to interact with Commission's officers working directly with the DMA. The session will focus on the legal and technical challenges the Commission faces for DMA compliance, in particular: (a) Enabling alternative app stores in iPhones and iPads; (b) Enhancing interoperability in Apple devices; (c) Breaking lock-ins by leveling the playing field for smaller Free Software projects against gatekeeper commercial practices.

The format consists of: (1) a short presentation by the Commission's officers on the importance of DMA for Free Software contributors; (2) A longer Q&A session together with the audience moderated by Dr. Lucas Lasota about the technical and legal aspects of the DMA.

This fireside chat will provide valuable insights for the audience on the work of regulators in Europe, and how they implement key legislation for Free Software.

When tinkering with cars or other vehicles, being confronted with CAN communication or a similar bus is unavoidable. Throughout the past year, Thibault has been using CAN communication to build an Open Vehicle Control System and using it on a real car. In this talk, Thibault will explain how to get started with CAN reverse engineering, how he made different car parts from different brands talk together, and why Elixir and the Erlang Virtual Machine (the BEAM) is a good candidate for them to quickly prototype ECUs with cheap parts.

Cristal is an innovative, modular Wiki User Interface built entirely with TypeScript. It enables navigation and content creation across multiple knowledge sources, including XWiki, local folders, GitHub or NextCloud. Designed with a focus on modularity and extensibility, Cristal offers a modern, polished interface build with VueJS. Its features include offline capabilities, and real-time collaboration.

In this talk, we will showcase the progress made over the past year, including key features and the challenges we faced. We will also discuss how the project has evolved and outline the roadmap for the upcoming year.

An overview of Immich, and how it helps you backup, browse, search and organize your photos and videos with ease.

The Post Office Protocol is quite old and offers only very limited functionality. Every operation supported by POP is also supported by more modern email protocols like IMAP or JMAP. Yet POP3 is still supported by most email providers and email clients. In this talk we explore the questions "Why is that?" and "What can we do about it?"

Friendica has been part of the Fediverse since 2010, building bridges between Laconica and Diaspora*, making it one of the oldest active projects of the Fediverse - yet Friendica has flown under the radar most of the time.

In this talk we will give a short introduction to Friendica, its unique features and how it differs from other systems.

The Friendica project homepage can be found at friendi.ca, the source code for the core is maintained on github and for the addons on git.friendi.ca.

When you install a properly signed software update, maybe the update you got is different from what everyone else get. Maybe the attacker was able to sign a malicious update due to key compromise, or coercion of the legitimate key holder. How would you, or anyone else, notice?

One way to enable detection (but not prevention) of this kind of attack is transparency. When installing updates, verify the signature as usual. In addition, require that the signature is visible in a public append-only transparency log, where entries can be added but never removed.

Sigsum is a minimalistic transparency log that can accept signed checksum submissions for a wide variety of applications and entities that are neither known, nor trusted, by the log operator. The log itself does not become a trusted third party for applications, instead, applications depend on m-of-n trusted witnesses attesting that the log behaves correctly. One of the many use-cases of Sigsum logging is transparency for signed software packages and updates.

This talk explains the "detection, not prevention" benefits one can get from Sigsum, and describes the different roles that make up the Sigsum system.

The Genode OS framework is an open-source tool kit for building component-based operating systems. It scales from rather static embedded appliances to highly dynamic general-purpose computing as showcased by Sculpt OS. Nowadays Sculpt OS is mature, in daily use, and supports PCs, ARM notebooks and the PinePhone.

Since its inception, the Genode framework supports various microkernels and Linux at the lowest layer. Even so Genode leveraged the characteristic features of the underlying kernels, each kernel called for different trade-offs. All the requirements and expectations by the Genode framework towards the kernel are institutional knowledge of Genode's core developers and implicitly documented in Genode's foundation book.

As I'm currently in the process to enable another kernel, let's take a look back, review our experiences, re-iterate challenges we had to surmount, and draw the connection to the ongoing endeavor of broadening Genode's kernel landscape even more.

It goes without saying that no Genode talk is without a demo!

https://www.genode.org https://www.genodians.org https://genode.discourse.group https://github.com/genodelabs

eBPF is revolutionizing how we secure, observe, and scale Kubernetes networking, but its complexity can be daunting. This session demystifies eBPF by exploring how Go makes it accessible, focusing on its integration with Kubernetes through the open-source project Cilium. Attendees will learn the basics of eBPF, how Go simplifies working with it, and practical use cases that demonstrate Cilium’s ability to enforce secure, scalable network policies. This talk is perfect for Kubernetes practitioners curious about eBPF and Go but unsure where to begin.

The Foreign Function & Memory API (JEP 454) introduced a new way of interacting with libraries written in other languages. It can be used as replacement for JNI. This talk examines the inner workings of the Foreign Function Interface (FFI) API. After having it implemented for PowerPC, I'd like to discuss how the JVM handles native function calls and Java callbacks, focusing on key concepts like stack layouts, calling conventions, and cross-platform challenges. The session is intended for developers curious about the technical foundations of free and open Java technologies and how JVM enhancements like the FFI API are realized. It will shed light on the low-level mechanisms that enable seamless integration of Java with native code while maintaining the performance and safety Java developers expect.

Containers are typically deployed in Kubernetes clusters. But at a smaller scale, on a single-node server, or for development purposes, Kubernetes will be overkill. What’s the recommended way to run a fully autonomous application with several interacting containers in these cases?

The answer is systemd. It can orchestrate containers as is an already running process manager, and containers are just child processes. It’s a perfect fit for running containerized workloads without human intervention.

The concept of Quadlet has been introduced in Podman v4.4.0. It’s a systemd-generator that writes and maintains systemd services using Podman. It can manage containers lifecycle (start, stop, restart), volumes, pods, deployments etc. via systemd. The name comes from the following: “What do you get if you squash a Kubernetes kubelet? A quadlet”. Both system and user systemd units are supported to deploy applications without root privileges.

In this presentation, we will discuss what are Podman Quadlets and demonstrate how Podman Kubernetes features can be associated with it to deploy a fully autonomous application.

In this talk, I’ll share how combinatorial testing and behavioral modeling helped uncover tricky edge cases while testing ClickHouse’s (open-source column-oriented DBMS) multiple authentication methods feature. I’ll demonstrate how these methodologies can systematically identify gaps in testing, validate complex features, and improve software quality. Attendees will learn practical steps for applying combinatorial testing to define comprehensive test scenarios, as well as how behavioral modeling can simplify result validation and solve the test oracle problem. This session is for QA engineers, testers, and developers looking to adopt smarter, more effective testing strategies.

Modern laptops, such as the AMD Framework and newer Intel models, no longer support the traditional ACPI S3 sleep state. Instead, they rely on S0ix, a modern standby mechanism that enables low-power idle states. This is one of the only big features still missing for FreeBSD to be a first-class citizen on contemporary laptops, and this talk will explore the journey and current progress of supporting it. Attendees will learn about the nitty-gritty of the implementation including the relevant ACPI objects, tables, and DSMs, CPU and device power states, and future plans for device idleness determination to automatically put them to sleep.

Blog post tracking progress: https://obiw.ac/s0ix FreeBSD Project website: https://www.freebsd.org/ Working GitHub repo: https://github.com/obiwac/freebsd-s0ix

Human-Computer Counter-Choreographies is an artistic research project that combines critical design, choreography and embodied sense-making with data tracking. The project has evolved into various formats such as workshops, a live-coding performance piece, web-based tools and artworks. In this talk, Joana Chicau will introduce the motivations behind the project and how it has impacted audiences by raising awareness of data tracking. She will also demo a custom version of the open-source DuckDuckGo privacy extension which unveils online tracking algorithms through audio and visual feedback.

In a call center environment, this talk will explore how to leverage the power of Kamailio, FreeSwitch, and RTPEngine to enable AI-driven real-time conversations at scale.

We will dive deep into how to integrate AI copilots, providing real-time call transcriptions and conversational context, as well as AI autopilots, enabling call conversations with specialized bots.

By taking advantage of well-defined standards like SIPREC, and leveraging the capabilities of Kamailio, FreeSwitch, and RTPEngine, along with some additional custom code, we will demonstrate ingenious ways to enable these AI-powered capabilities for any VoIP environment, even legacy proprietary systems.

Attendees will learn practical techniques and best practices for building scalable, AI-enhanced call center solutions that can improve customer experience, increase agent productivity, and drive business outcomes.

Since 2022, the Open Culture Foundation (OCF) has been collaborating with Taiwan’s Ministry of Digital Affairs (MoDA) and STEPS (a local tech company) on government-funded localization projects. These initiatives aim to make civic tech and open-source tools more accessible in Taiwan while enabling international projects to take root and thrive locally.

As a coordinator, OCF has completely localized projects such as GOV.UK Notify, GOV.UK Forms, Matrix Client (Element Series), IRMA, Yivi, Standard for Public Code, Bitwarden, Nextcloud, FreeOTP, GIMP, and Mattermost. Some of these projects have been contributed back to their upstream repositories, while others have evolved into localized solutions tailored to Taiwan's needs. OCF’s efforts focus on three key areas to ensure government funding provides not only financial support but also a foundation for sustainable development.

This talk will explore these three main focus areas:

• Optimizing the Government Perspective on Open Source Educating government officials about the nature of open-source communities, their collaboration models, and the unique attributes of various international open-source projects. OCF also developed a collaborative glossary process to bridge communication gaps among stakeholders and ensure consistent terminology usage.

• Collaboration Among Taiwan’s Communities Partnering with Taiwan’s L10N community, OCF established structured review processes to meet the government’s high standards for quality and timeliness. Over three years, OCF conducted two major surveys during COSCUP. One survey identified critical open-source projects needed in Taiwan, while the other focused on addressing challenges that hinder contributions, aiming to encourage broader participation.

• Engagement with Local Industry and International Communities Although Taiwanese tech teams are highly skilled, many are unfamiliar with the culture of open-source contributions. OCF facilitated understanding of licensing, contribution practices, and engagement with upstream communities. For example, OCF helped Mattermost report and resolve a date display bug in Chinese (CJK) scripts and worked with upstream communities to address significant differences between Simplified and Traditional Chinese, including grammar and linguistic nuances.

Localization is not merely about technical translation; it is a strategic approach to connecting governments, communities, and international open-source projects. This talk will share OCF’s experiences in bridging these gaps and invite Community DevRoom participants to exchange ideas on how to effectively integrate open-source projects into their respective countries.

C++ has many features but sometimes we want more. We will briefly tell the story of why and how we wrote a GCC plugin, used it in production, and later contributed the feature in-tree - now part of GCC 14. The goal of the talk is to motivate users to try GCC development, highlighting that there can be a smooth transition from plugins to in-tree patches.

There will be a written tutorial to go with the talk available to anyone to follow in their own time. The tutorial goes over writing your first custom attribute, static analysis, and instrumentation passes. All packed in the exercise of writing a toy Aspect Oriented C++ via plugins.

Scuba, a real-time data ingestion system similar to Elasticsearch, is often experiencing memory pressure as part of normal operations. The pressure is sometimes overwhelming, leading to OOM (out-of-memory) issues. These are difficult to track in user space as the symptoms of such issues are only visible in kernel space (SIGKILL, kernel oom killer). This talk will highlight how we leveraged bpftrace to monitor our service and help bridge our observability gap.

age-plugin-se allows you to protect arbitrary files with your Apple Secure Enclave. This plugin for age (a simple, modern and secure file encryption tool) is written entirely in Swift, and works on macOS, Linux, and Windows.

In this talk, I will show age-plugin-se in action, and touch on the steps taken to make it robust, simple, and distributable on multiple platforms (including Alpine Linux), all while keeping the dependencies (including tools) to a minimum.