Abstract

The Borgman's conundrum challenges [1] have been initially formulated concerning the difficulties to share Research Data: which Research Data might be shared, by whom, with whom, under what conditions, why, and to what effects.

In our previous work, we have proposed a Research Software Definition [2] with a formulation that we have adapted in order to propose a Research Data definition [3,4]. We have thus constructed a framework to understand and to explain Research Software and Research Data in the Open Science context [5].

This framework is constructed in three stages: definition, dissemination, and evaluation of these research outputs [2,3,4], and it is now completed with answers to the Borgman's conundrum challenges for Research Data [3] and for Research Software [6].

In this talk we will present our answers to the Borgman's conundrum challenges, and we will explain the comparison methodologies that we have developed in order to construct and to complete this Open Science framework.

It is our understanding that to provide correct and clear answers to the conundrum questions will have, as a consequence, the improvement of Research Software and Research Data sharing and dissemination practices, which, in turn, will enhance trustworthiness, correctness, rigor, reproducibility, reusability and transparency in the research endeavor.

This is a joint work with Prof. Tomas Recio, Universidad Antonio de Nebrija, Madrid.

This FOSDEM'25 presentation follows and extends our previous talks at FOSDEM:

• [FOSDEM'21] Free/Open source Research Software production at the Gaspard-Monge Computer Science laboratory. Lessons learnt. https://archive.fosdem.org/2021/schedule/event/open_research_gaspard_monge/

• [FOSDEM'22] On the dissemination/evaluation loop for Research Software. https://archive.fosdem.org/2022/schedule/event/open_research_cdur/

References

[1] Borgman, C.L. The conundrum of sharing research data. J Am Soc Inf Sci Tec 2012, 63, 1059–1078. https://doi.org/10.1002/asi.22634

[2] Gomez-Diaz, T.; Recio, T. On the evaluation of research software: the CDUR procedure [version 2; peer review: 2 approved]. F1000Research 2019, 8 1353. https://doi.org/10.12688/f1000research.19994.2

[3] Gomez-Diaz, T.; Recio, T. Research Software vs. Research Data I: Towards a Research Data definition in the Open Science context. [version 2; peer review: 3 approved]. F1000Research 2022, 11 118. https://doi.org/10.12688/f1000research.78195.2

[4] Gomez-Diaz, T.; Recio, T. Research Software vs. Research Data II: Protocols for Research Data dissemination and evaluation in the Open Science context. [version 2; peer review: 2 approved]. F1000Research 2022, 11 117. https://doi.org/10.12688/f1000research.78459.2

[5] Gomez-Diaz, T.; Recio, T. Towards an Open Science definition as a political and legal framework: on the sharing and dissemination of research outputs.

• POLIS 2020, N. 19. https://doi.org/10.58944/yuro5734
• Version 3, 2021, available at https://zenodo.org/doi/10.5281/zenodo.4577065

[6] Gomez-Diaz, T.; Recio, T. The conundrum challenges for Research Software in Open Science, Computers, 2024, 13(11), 302. https://doi.org/10.3390/computers13110302

RISC-V's instruction set architecture (ISA) has enabled seasoned embedded software engineers to experiment with FPGAs since numerous open-source RISC-V cores can be flashed onto an FPGA.

The Zephyr Project is rapidly emerging as a leading real-time operating system (RTOS). Zephyr integrates open-source and security best practices to ensure a vendor-neutral, secure, and reliable platform.

One of the exciting features of the RISCV ISA is the Custom Function Unit (CFU), which enables a framework to support custom operations in hardware, which is accessible from software. In this talk, Mohammed will provide an in-depth demonstration on how to add a CFU into a RISCV core on an FPGA, how to make the appropriate calls from Zephyr, and the possibilities that the CFU enables for hardware acceleration in embedded systems.

During compilation, GCC breaks down switch statements into simpler statements. If a switch has a specific structure, GCC may use techniques that result in faster code. We call these techniques "switch optimizations".

In this talk we'll overview switch optimizations in GCC. Then we'll go into more detail on turning switches into array lookups. In GCC this is called "switch conversion". I'll introduce a new method called "exponential transformation" that I recently contributed to switch conversion. If time permits, we will also discuss potential future work on switch optimizations.

I plan to make this talk beginner-friendly. I myself have started working on GCC just 2 years ago. The talk should however give the audience a good idea about what switch optimizations are available and what they do.

Expected prior knowledge: What is a C switch statement. What is an intermediate representation (or intermediate language).

The eBPF verifier has repeatedly suffered from bugs in its verification algorithm which enable malicious applications to perform container escapes and privilege escalation. To improve upon this, existing work applies fuzzing (Chaignon'24) and formal methods (Agni) to the verifier in order to find and fix bugs. However, in the mid-term, these approaches are unlikely to result in a verifier that is fully bug-free. While academic works have proposed the use of hardware-based isolation (MOAT, Hive, SafeBPF) and software-fault isolation (BeeBox) to mitigate verifier bugs, these approaches suffer from portability issues, require significant design-changes with unclear consequences, or have runtime overheads.

Motivated by the shortcomings of the existing approaches, this talk discusses an alternative approach to prevent verifier-bugs from being exploited. By requiring eBPF bytecode to be compiled from safe Rust source code by a trusted systems service, program-safety would effectively be checked twice by two very different static analyzers (i.e., rustc's compiler passes and the eBPF verifier). Therefore, a bug in one of the analyzers will no longer directly result in a kernel exploit as the other analyzer is unlikely to exhibit the same buggy behavior and therefore still catch malicious programs. This approach is appealing as it is unlikely to result in runtime overheads and does not require significant changes to the kernel.

We analyze whether this is a viable approach to mitigate bugs in the eBPF verifier, taking runtime-overheads, expressiveness, and security into consideration. Specifically, we analyze whether past bugs in rustc and the eBPF verifier could have been chained together in order to exploit the proposed design as a whole.

We find that the fundamental flexibility of the Rust-IR-to-eBPF mapping allows attackers to still exploit the system as a whole. We also investigate whether using the alternative PREVAIL eBPF verifier would prevent a similar attack, but find that there exists a simple construction that allows attackers to combine exploits for the individual verifiers into an exploit that works for the verifiers when chained together.

LIVE! Writing and deploying your first AWS Lambda function using Swift. We'll write a simple lambda function and deploy it within 20 minutes using the VSCode extension for AWS Lambda.

In the realm of operating systems, the heart of performance lies in the CPU scheduler: a critical component responsible for managing the execution of tasks on a system.

Exploring and customizing CPU scheduling policies has long been the realm of few highly specialized kernel developers, leaving most developers and researchers without the tools to tailor system performance to their unique needs.

What if we could unlock this potential and make it accessible to a wider audience, from game developers, cloud service providers to AI researchers and performance engineers?

With sched-ext [1], eBPF and Rust, this vision can become a reality, enabling the development of multiple dynamic specialized schedulers, tailored to specific system workloads and architectural topologies, that can be loaded and managed as regular user-space programs [2].

[1] https://sched-ext.com/ [2] https://github.com/sched-ext/scx/tree/main/rust/scx_rustland_core

We present a formal specification of NOVA that captures its complex concurrent and architectural behavior. Our specification combines an operational specification for unprivileged user code with a separation logic specification of privileged state and operations. The specification precisely captures the subtle behaviors of NOVA such as address translation and user faults. Separation logic’s small footprint and open world nature makes the specification highly modular and reasonably high level, allowing us to abstract architectural details that are encapsulated by NOVA and evolve the formal specification as NOVA evolves. Using the specification, we have carried out proofs of the NOVA source code as well as of applications running on top of NOVA.

Containers have become the preferred solution for cloud-native applications due to their lightweight nature and scalability. However, their security limitations, particularly from shared kernel access, have led to a renewed interest in traditional VMs for stronger isolation. Technologies like kata-containers enhance security by running containers inside microVMs, offering better isolation, but they introduce complexity and overhead. Specifically, the container runtimes spawn additional processes to manage the container within the VM, adding extra layers of complexity and resource consumption.

This talk examines the pros and cons of sandboxed container runtimes, focusing on the added complexity of auxiliary processes. It then proposes a more efficient and streamlined approach based on the unikernel paradigm, where only the application and its dependencies are running. Rather than using strict unikernels, it explores how containers can run inside specialized, stripped-down Linux VMs, containing only the components required by the application and without additional services. This is achieved through urunc, a CRI-compatible container runtime that treats unikernels like standard containers, managing the user application via the VM process.

Arguably the single most important piece of software on any mobile phone is its Web browser. This is especially true on alternative mobile platforms where Web apps are often the best or only way to access essential services and functionality.

While mobile apps are increasingly targeted at just the dominant platforms, they are also increasingly built using Web technologies, making them accessible to any platform with a decent browser. The result is that Linux-based mobile platforms beyond Android and iOS have the potential to be more viable than ever before.

But the embedded browser landscape is in continual flux, with multiple offerings built on different technologies, including Blink, V8, WebKit, JavaScriptCore, Gecko, SpiderMonkey and Servo Layout. On top of these are frameworks intended to make their use more accessible to embedded systems. These include the Chromium Embedded Framework, Web Platform for Embedded, Qt WebEngine and Gecko WebView.

In this talk I'll look at the different offerings available and consider their appropriateness for mobile Linux. What features do they offer, how practical is their use and why should you choose one over another? In particular I'll look at the minimal API needed for any practical implementation, how the APIs differ across the offerings and how they can be made use of as embedded browsers in mobile applications.

To give a more complete understanding of what embedded browsers are like to use in practice, the talk will include example applications with demonstration code.

Chrome's Speedometer scores have more than doubled in the last ~two years. We'll outline major improvements and dig deeper into build optimizations and their impact on CPU microarchitecture bottlenecks. We'll also discuss the relevance of benchmarking end-to-end user journeys in the lab, and how we approached building a page load benchmark (bit.ly/loadline) to allow optimizing across the software/hardware stack.

The Wikimedia Foundation supports hundreds of thousands of people around the world in creating the largest free knowledge projects in history. In order to do this we run on-premise infrastructure at significant scale, using almost exclusively free and open-source components. Our data processing and real-time analytics requirements are constantly evolving and our Data Platform Engineering teams face complex challenges in the fields of data-engineering and machine-learning, as well as the operational workload of supporting these systems in production.

Wikimedia’s data platform today runs on some of the most vital open source projects such as Hadoop, Kubernetes, Ceph, Druid, Cassandra, Spark, Hive, Iceberg, Flink, Presto, Jupyter, MariaDB, PostgreSQL, Superset, and Airflow.

We started working with Airflow in 2019, when it was still an Apache incubator project. Over the past five years our deployments have matured and we succeeded in migrating the last of our Oozie-based workflows to Airflow in mid-2023. In addition, we offer Airflow services to other data-focused WMF engineering teams, in order to facilitate a self-service approach to data pipelines.

During 2024, the Data Platform SRE team undertook a major project to enhance our Airflow services by migrating them from bare-metal and VMs to our on-premise Kubernetes and Ceph clusters. This burgeoning integration between Airflow, Kubernetes, Spark, and Ceph has enabled us to broaden the scope and applicability of Airflow to include ML model training and data publishing workloads, plus more in future.

This is an account of how we got here, the challenges we overcame and where we plan to go from here.

How we implemented PVH boot capability to the NetBSD kernel, allowing it to start straight from QEMU's -kernel parameter or Firecracker's VMM. In the process, we reduced boot time from 300 to 20ms, using methods borrowed from FreeBSD, and some in-house optimisations to get rid of unnecessary delays.

Our community has been confused and concerned at the last-minute addition to the Cyber Resilience Act (CRA) that created the class of “Open Source Steward”. Many projects want to know ASAP if their own project will be such a Steward, or if their fiscal sponsor will be forced to be a Steward. Most projects operate with small budgets, even those with fiscal sponsors, and as such CRA compliance could financially ruin projects.

At this session, we'll have experts to answer these questions and others, and help you to not panic about what we face in the CRA.

Bluetooth Low Energy, commonly abbreviated as BLE, is a well-known wireless communication technology aimed at low-power applications. It divides devices into two categories: low-cost, potentially high volume, battery constrained peripheral devices such as head phones or heart rate monitors, and comparatively more powerful and less constrained central devices, such as smartphones and notebooks.

The Zephyr Project has supported developing BLE peripheral applications for a long time. But it may not be well known that it also supports BLE host applications, or central devices as the standard calls them. In his talk, Florian will take a look at how we can develop BLE host applications using Zephyr. After a (very) short introduction to the BLE protocol stack, he will delve into Zephyr's Bluetooth API and more importantly talk about the pitfalls he encountered while getting his feet wet with Zephyr. On the practical side, this talk will look into how BLE applications remain portabile between boards by different vendors, and how the many BLE-enabled emulators and simulators provided by Zephyr can be used for quicker development and testing.

In this talk you will learn about:

• the basics of the BLE protocols
• the Zephyr Bluetooth API and its pitfalls
• how portable Zephyr applications using BLE are
• how you can utilize the Zephyr emulators and simulators for BLE development

Passbolt is an open-source platform for secure credential management. The solution has demonstrated its effectiveness with over 400,000 daily users and thousands of companies relying on it worldwide.

In this talk, we will present real-world use cases, and discuss Passbolt strengths in centralizing, organizing, and sharing credentials without compromising security or privacy. We will also provide a sneak peek at the upcoming v5 release, which features a new security model.

This talk aims to provide insights into technical advancements while sparking discussions on the challenges and opportunities posed by the need for secure collaboration.

As a follow up to my award-winning FOSDEM 2023 talk "Hosting your own DNS for 'fun' and zero profit", I'll provide an update covering my experiences using Lightning Stream for zone replication between PowerDNS authoritative servers.

Lightning Stream offers significant advantages over traditional database-style replication (typically using relational databases like MariaDB and PostgreSQL), including simpler configuration, easier troubleshooting, and the ability to add/remove cluster members without having to reconfigure existing cluster members (providing a very loosely coupled 'cluster').

PowerDNS Lightning Stream MinIO LMDB

IRC is a venerable 37 year old chat protocol used by many open-source software projects, technical experts happily lending their help and other discussion groups. However, the historic IRC protocol is not always well-suited to modern usage, such as connecting from multiple devices with unreliable connectivity, or connecting from battery-constrained mobile devices.

In this talk, Simon and Thomas will explain how IRC has evolved in the last few years to address these challenges through efforts like the IRCv3 working group and new software (soju, senpai, gamja, goguma). We've been working on adding new features such as easily accessing message history, sharing files and pictures and searching through messages. Some of the architectural design decisions may be interesting to people working on other open protocols, for instance secure and interoperable push notifications or OAuth integration.

Quantum computers that are able to break classical cryptography are generally expected to appear in the coming decades. To prevent encrypted emails from being decryptable by an attacker at that point, we need to start using post-quantum cryptography as soon as feasible.

To that end, we're standardizing the use of post-quantum cryptography in OpenPGP. In addition, for long-term storage and archival, we're standardizing the use of persistent symmetric keys, which allows for more efficient encryption, while still being post-quantum secure as well.

In this talk, we'll present the state of the standardization and implementation efforts, and discuss how the transition might affect applications using OpenPGP, as well as their end users.

ActivityPub remains, to this day, the most successful decentralized social networking platform to date: dozens of interoperable implementations, thousands of servers, millions of users, all speaking over the same protocol in what's today called the "fediverse" (federated social web). The modern-day fediverse is an impressive achievement, but it also leaves many issues to be addressed. Servers can go down, content can disappear and users can lose access to their identity. Authorization mechanisms are under-specified and rich interactions are fairly limited. This talk, by the two primary editors of the ActivityPub specification, explores where we think the fediverse should go and how we're building a future for "secure collaboration" technology at the Spritely Institute.

What was the last npm package you installed? Did anything unexpected happen? Are you sure?

The scale and pace of modern software development are made possible by the ready availability of open-source packages via major registries like npm and PyPI. These registries are always within reach of developers thanks to command-line package managers like npm and pip, enabling rapid testing and deployment of third-party code as part of normal workflows. However, these benefits come at the cost of particular security concerns: threat actors routinely target software developers via open-source package registries, either by publishing backdoored packages or by taking over and corrupting legitimate software. In many such supply-chain attacks, merely installing the malicious package is enough to hand control of one’s system over to the adversary.

In this talk, we lay out the strategies that threat actors use when targeting software developers via open-source package registries. We do so by examining case-studies in open-source malware delivery via npm and PyPI, some involving nation-state actors, that we at Datadog Security Research have collected while continuously monitoring these ecosystems with GuardDog, an open-source scanner for identifying malicious packages by analyzing code patterns and package metadata. We then propose recommendations for developers, as well as for the package registries themselves, to counter these strategies that could lead to a greater overall level of software supply-chain security in the open-source community.

In the latest installment of the Go Without Wires saga, I will demonstrate several new capabilities in wireless communication using a variety of frequencies of the electromagnetic spectrum, all using our favorite programming language. There will be moving objects.

Java developers struggle with the trade-off between precise profiling and application stability. Unofficial methods like AsyncGetCallTrace offer precision but risk crashes, while official APIs such as JVMTI, JMX, and StackWalker are stable but biased due to safepoint polling. Java Flight Recorder (JFR) reduces this bias but introduces interpolation errors.

This talk addresses these challenges with three key topics: • Combining precise sampling with JFR’s stability to remove biases without sacrificing reliability. • Using eBPF probes and examining JVM internals for safer, detailed profiling. • Enhancing precision with user-supplied profiling contexts.

We will review the history of Java profilers and discuss the future of JVM profiling, with a focus on CPU profiling. Attendees will gain insights into new methods aimed at achieving accurate, stable performance analysis in Java applications, comparing them with async-profiler and existing tools.

The Dronecode Foundation hosts an ecosystem of open-source projects, developers, and contributing organizations. Dronecode is an umbrella foundation (part of The Linux Foundation) hosting open-source projects that offer solutions to robotics developers looking to build Aerial solutions.

The PX4 Autopilot is an open-source flight controller project that offers developers a stable foundation for building drones. The project sustains a community of thousands of robotics developers and hundreds of companies building complex drone solutions on top of PX4, including everything from wedding photography to package delivery for Walmart.

Our humble open-source project has supported an ever-growing community of contributors at times with little to no resources. With the growing complexity of demanding robotics workflows, proving reliable and reproducible testing to guarantee the safety of our codebase has been a constant challenge.

I will share the cautionary tale of how not to run CI for a robotics project, the scary times when we wanted to delete our whole infra and start fresh, and how we found the strength to move on. I will also share the gory details behind running an open-source robotics project and the supporting tooling needed to support our complex workflows and demanding community.

Our Continuous Integration pipeline is far from sophisticated, but it is responsible for supporting thousands of developers and is the backbone of our infrastructure. Some of the topics I will be discussing: Maximizing containers for reproducible builds Running a hardware-in-the-loop service with embedded hardware connected to the cloud. Moving from Jenkins to GitHub Actions Hosting our own GitHub Actions runners Build patterns for better GitHub Actions development across distributed teams. Building an array of upwards of 60 builds per pull request in GitHub Actions

This session will focus on the open-source distributed SQL databases TiDB and YugabyteDB. We will explore their building blocks to understand how they function, highlighting their similarities and architectural differences. Key topics will include how changes are versioned (using either Time Stamp Oracle or Hybrid Logical Clocks), how data is replicated (with Raft), how they store rows, index entries, and transaction intents (utilizing RocksDB LSM trees), and how they implement ACID properties (through either Percolator or IntentsDB).

Digital Public Goods are often celebrated as open-source software, open data, open AI models, open standards, and open content. However, true public goods require more than openness—they demand active community governance, collective stewardship, and responsible contributions to thrive as shared resources.

While proprietary software sustains itself through licensing, support, and vendor lock-in, open-source software relies on a delicate balance of professional firms, organizational backing, and dedicated enthusiasts. The open model has fueled flexibility, innovation, and the global adoption of open technologies.

Yet, the rapid growth of "open" has not been matched by an equivalent rise in contributions or investments in maintenance. Discussions often prioritize licensing over the essential question: How do we, as a community, ensure that digital public goods are sustainable? This talk explores the responsibility of contributors, organizations, and users in building a resilient ecosystem for open technologies.

Incremental LTO in GCC

Link Time Optimization (LTO) postpones many compiler steps into linking, when we have access to all files linked together. This allows us to optimize across compilation units leading to significantly faster and smaller binaries. However it comes at a cost of long compile times because after even a minor edit the entire application needs to be re-optimized. Incremental LTO will be a new feature of GCC 15 which aims to reduce those compile times for small changes by caching LTO partitions unaffected by the change.

This talk will cover quick overview of Incremental LTO and how to use it in upcoming GCC 15 along with a simple example. I will also show estimate of how much compile time can be saved when recompiling GCC itself.

eBPF (Extended Berkeley Packet Filter) is revolutionizing the way developers interact with the Linux kernel, enabling them to run user-defined programs in a highly efficient and safe manner.

This session will introduce you to Aya, a modern Rust-based eBPF library. Unlike traditional eBPF libraries such as libbpf and bcc, Aya is built entirely in Rust and leverages the libc crate for syscalls, offering a clean, lightweight, and efficient interface for eBPF development.

In this session, we’ll explore how Aya simplifies the eBPF programming workflow, including features like BTF (BPF Type Format) support, which enables programs to run across different kernel versions without needing recompilation.

You’ll learn how Aya’s architecture ensures fast deployment and builds, with no need for a kernel build, compiled headers, or even a C toolchain. The result is a streamlined, "compile once, run everywhere" solution that allows you to easily deploy a single self-contained binary across different Linux distributions and kernel versions.

We'll cover that by using a sample XDP program where we'll be covering aya we'll go across and explain how to use aya components such as aya_log_ebpf or aya_ebpf to bootstrap the code and how our dev and build environment looks like.

Whether you’re new to eBPF or an experienced kernel developer, this session will provide you with the tools and insights to leverage the full power of eBPF using Rust and Aya in your next project.

Links:

• Aya on GitHub
• bpfman on GitHub

Manyfold (https://manyfold.app) is a self-hosted tool for storing, organising and sharing 3d print models. This session will talk about how we've approached adding ActivityPub federation to the system using the "Federails" Rails Engine (https://gitlab.com/experimentslabs/federails), and our approach to using custom extensions to share information across instances and different AP software systems.

Dangerzone is a multi-platform project that performs a simple task; give it an untrusted document, and get back a sanitized one. Qubes did it first with disposable Xen VMs (see TrustedPDF), but Dangerzone is doing it with containers across all major platforms. How secure are containers though, and can you achieve VM-level parity with them?

In this talk we’ll discuss the attack surface of Linux containers, and how Dangezone uses gVisor to contain RCEs in document viewers. Even if you don’t use gVisor or are not interested in it, we’ll show some easy ways to harden your security-sensitive containers right now, for harm reduction purposes.

Modern slavery impacts millions of people worldwide, posing urgent ethical and human rights challenges In response, the UK and Australian Modern Slavery Acts require companies meeting specific revenue thresholds to produce annual modern slavery statements, aiming to increase accountability in addressing modern slavery risks. Since 2016, Walk Free and Wikirate have partnered to assess companies’ response to these Acts, leveraging Wikirate’s open-data platform. This assessment considers whether companies are releasing statements that meet the legal requirements, but also if they detail policies and actions that go beyond compliance to enable businesses to better respond to modern slavery. Key to this initiative is its open, collaborative approach, and therefore, a set of accessible metrics on Wikirate that empowers non-expert researchers to contribute meaningfully. Through the project, volunteers and researchers have conducted an in-depth analysis of over 2000 MSA statements. Over the years, the project has mobilized thousands of volunteers and engaged over 20 universities worldwide, using Wikirate’s crowdsourcing platform to organize and perform research at scale. The insights generated through the research not only inform Walk Free’s advocacy efforts with governments and companies but also demonstrate the power of open research principles in tackling complex global issues.

In this talk, we will introduce Datafari Enterprise Search, in its open source Community Edition. Datafari aims at providing an end-to-end solution, from multi-sources knowledge crawling up to the search interface, including a web administration. We will be presenting its architecture, its main functionalities, and its current roadmap for integrating generative AI to the mix (including RAG).

Repositories are hosted on our gitlab: https://gitlab.datafari.com/explore/groups

With a mirror on github for the main Datafari CE repository: https://github.com/francelabs/datafari

Like most POSIX file systems, CephFS has always been a case-sensitive file system. However, it has become a priority to improve integration with gateways like Samba which present a case-insensitive view of some tree in the file system. In order to present that view, Samba requires expensive checks for file name lookups to locate a directory entry with the computed case-insensitive folding. It is also necessary to politely handle interoperating with other clients that are using normal case-sensitive names. To address this gap, CephFS now provides a mechanism for enforcing case-insensitive operations on a directory tree for all clients by simply setting a Ceph extended attribute. This talk will walk through the challenges for Samba's gateway on CephFS, the changes to the CephFS metadata server and clients, the interfaces used by other well-known file systems, and the expectations users may have going forward.

This talk gives an overview of the new Swift unqualified name lookup swift-syntax library: SwiftLexicalLookup and the process required to integrate it within the compiler.

It dives into the intricacies of Swift’s name handling, highlights the complex lexical scope hierarchy with many, sometimes unexpected, interesting cases, and provides an overview of the challenging process of testing the new implementation and integrating it within the compiler.

Lastly, the talk provides some practical insights on how to start contributing to Swift from the perspective of a new contributor.

The libobscura experiment exists to find out what a point-and-shoot API abstracting Video4Linux should look like. It has its roots on one hand in the
Librem 5 project, where I wrote some 70% of the camera stack, and on the other
hand in libcamera, which I found too difficult to use.

You think controlling a modern camera is easy? Think again. Between pixel formats, depths, media entities, pads and links, sensitivity, denoising, phase
detection, shutter lengths, DMAbuf, OpenGL, feedback loops, requests, and statistics, there's enough opportunities to get lost in the detail.

Thankfully, Prototype Fund thinks I'm up for the challenge, so they are funding
me through libobscura in order to get lost, and maybe find something in the process.

Apart from showing the general problems of camera support, I'll tell about new
problems since CCC.

Project repo: https://codeberg.org/libobscura/libobscura

In this talk we will review together TrendS, a newly implemented subsystem within CGRateS to help you build your own traffic trends analysis as well as react to unexpected behaviour through automatic actions available. CGRateS is a battle-tested Open-Source Enterprise Billing Suite with support for various prepaid and postpaid billing modes.

What is a problem on Twitter et al will become the same mess on GitHub od Gitlab - just a matter of time.

For this reason Forgejo is working on federation for git platforms. Some months ago we released the first user visible feature the federated star and we will continue our path.

We will talk about our motivation, point out the general roadmap and show implementation details.

Other fedi devs and discussions are very welcome.

One of the most idiosyncratic parts of POSIX compliance is signal support. On microkernels the implementation can prove to be quite difficult. One especially tricky part is the cancellation of POSIX syscalls when they are interrupted by signals, and the intricacies of EINTR side effects. Monolithic kernels inheritely have the bookkeeping required to implement this without extra overhead. In contrast, due to the generally distributed nature of microkernels, properly cancelling syscalls requires extra work. This is especially the case for Managarm, where (1) POSIX is implemented in a userspace server, (2) syscalls are asynchronous and (3) can involve multiple servers.

In this talk, we will explore the process of implementing syscall cancellation on Managarm. A brief overview of signal delivery is given, followed by a deep dive into the new lifetime of a Managarm POSIX request. Finally, we give a summary of the lessons learned while implementing cancellation in a fully asynchronous microkernel.

This talk will be focused on the software engineering techniques that we are using or plan to use to bring the BIND 9 into 21 century to scale better, use less memory and overall have improved design to utilize the modern CPU architecture.

Cyclic redundancy check (CRC) is a widely used error-detection mechanism that helps in the validation of data communication and storage in the digital world. While traditional bitwise implementations are slow and less efficient, alternative methods such as lookup tables, carry-less multiplication, and hardware CRC instructions offer significant performance improvements. In this talk, I will present a novel method for automatically identifying and replacing inefficient bitwise CRC implementations with optimized alternatives. The approach uses fast detection of candidate code fragments, symbolic execution for validation, and automatic replacement with more efficient implementations. The method is implemented in the GCC compiler as a separate pass and is open-source available. Experimental evaluation was performed for i386, AArch64, and RISC-V architectures, and the results demonstrated up to 91%, 98%, and 93% performance improvements respectively, highlighting the effectiveness of the proposed optimization.

The Hitchhiker's Guide to the Galaxy has following to say about benchmarking: avoid, if at all possible. One of the reasons is that it's hard and often counterintuitive, another -- it attracts Ravenous Bugblatter Beasts.

Despite all those dangers it's still an important and underappreciated topic, and in this talk I would like to discuss cases when unexpected results arise from benchmarking of BPF programs and why they could be important. Kernel selftest benchmarks would serve as an example, but we will vary the load generation to produce different arrival distributions, introduce contention on tracepoints, or simulate swarm of network connections in user space. To make it easier, we will use home-grown tool Berserker, which was created with an intent to exercise real world BPF applications.

This talk will provide an overview of observability in server-side Swift, with a focus on Distributed Tracing. I’ll start off by talking about some of the design decisions that went into building the swift-distributed-tracing library, which I co-created as part of Google Summer of Code in 2020. The talk will not only compare it to other Swift observability libraries (swift-log, swift-metrics), but also highlight some of the differences between Distributed Tracing in Swift compared to other ecosystems. My personal highlight is the fact that we eliminated the need for support libraries such as “OTel instrumentation for this specific web framework” by implementing swift-distributed-tracing to be used by libraries directly. During the next part, I’ll cover what it means to build a tracer implementation for swift-distributed-tracing with plenty of examples from my OpenTelemetry client swift-otel. I’ll finish the talk with an end-to-end example of a server-side Swift application using the Hummingbird web framework, fully instrumented using Logging, Metrics, and Distributed Tracing, including context propagation and log correlation. This example exports logs, metrics, and spans via the OpenTelemetry Protocol (OTLP) to both a standalone OTel Collector instance and other observability backends that support OTLP natively.

Links: - GitHub: apple/swift-distributed-tracing - GitHub: slashmo/swift-otel - OpenTelemetry Website

This is the story of how Jitsi's AI evolved and expanded its features while keeping it all open source: from half-botched PoCs in a weekend to features our customers use in production on a daily basis. Razvan will walk you through some of the implementation details and gotchas of the near-real-time transcription system, while Tudor will guide you through all the other goodies which rely and expand on it.

In the era of distributed systems, many modern databases are designed to scale horizontally from the ground up. Yet, some of the most widely used databases, like MySQL and PostgreSQL, remain single-node by design, relying on third-party sharding solutions like Citus or Vitess for distribution. This raises a critical question: do we always need to go distributed, or can replicated single-node databases meet most use cases? In this talk, we’ll explore the trade-offs between distributed and non-distributed architectures, evaluate the limits of single-node databases, and discuss when it truly makes sense to embrace distribution. Join us as we navigate the complexities of modern database design and uncover what’s best for your applications.