Open science is at the forefront of transformative progress in research, yet its advancement is often stymied by fragmented infrastructure, limited interoperability, and inadequate crediting of research outputs. These challenges hinder the accessibility, reproducibility, and verification of research, slowing the pace of and trust in discovery and innovation.

This talk introduces the Scientific Coordination Infrastructure and Operating Systems Collaborative (SciOS) as a solution-oriented 501c3 (US non-profit) initiative to bridge the gap between researchers and technologists. SciOS facilitates the ongoing development of open, scalable, and interoperable infrastructure that empower the scientific community.

This talk will explore the rapid development of solutions possible when researchers and technologies exist in the same space.

Key Technologies and Innovations:

• dPIDs and CODEX:
  Decentralized Persistent Identifiers (dPIDs) generate cryptographically unique, permanent identifiers for research artifacts. Combined with CODEX, an open system for managing versionable research objects, dPIDs ensure trust, reproducibility, and accessibility in scientific outputs.

• Journal Creation Software:
  SciOS supports tools that enable decentralized, community-driven curation-based journals. These platforms exist on an open repository of human knowledge accessible to everyone, and empower scientific communities to elevate from that repository research that aligns with their values, quality definitions, and scope with minimal friction.

• DeSci Publish:
  Operating on CODEX, DeSci Publish redefines scientific publishing by allowing researchers to share data, code, manuscripts, and more as versionable objects.

• Granular Citation Systems:
  Through dPIDs, CODEX, and decentralized platforms, SciOS enables journals to credit contributions ranging from datasets and software to peer review and editorial work.

• Automating Metadata Creation:
  In partnership with DeSci Labs and Discourse Graphs, SciOS automates the generation of metadata and discourse nodes. This initiative creates a map of research claims and evidence, allowing researchers to evaluate the relevance of prior work at a granular level.

• Research Assessment Tools:
  Collaborating with the CoARA ERIP working group, SciOS is developing tools that combine human expertise with AI to evaluate modular research objects. These tools enable clear, reliable assessments tailored for rapid response to research outputs.

• Open Source Permanent Versionable Containers and Attestation Platform:
  SciOS supports this platform to create immutable repositories for software tools. It provides versionable digital containers enriched by community validations, enabling researchers and engineers to track, validate, and determine software impact across domains.

• Institute of Open Science Practices (IOSP):
  IOSP fosters collaboration between researchers and technologists, guiding the adoption of innovative infrastructure. It facilitates workshops and conferences powered by novel tools, enabling open science practices throughout the research lifecycle.

Join us to explore how SciOS’s collaborative efforts and cutting-edge tools are transforming open science. Discover how decentralized infrastructure, automated metadata, and innovative publishing systems can break barriers, foster trust, and accelerate discovery across disciplines. Together, we can build the open science infrastructure the world needs.

With the introduction of the EU Cyber Resilience Act a number of interesting questions are raised. This talk focus on the EU CRA and discuss some of the implication when applied to Free and Open Source Software licensed under Copyleft licenses such as the GPL.

The EU CRA introduces, under some circumstances, an obligation to contribute upstream if there are vulnerabilities, what will best practices be to manage this obligation in permissively licensed project respective in Copyleft licensed projects, how will this impact customer agreements, R&D collaborations and similar.

MicroPython is a tiny implementation of Python, designed for very constrained environments such as microcontrollers and embedded devices. It can run on devices with as little as 64 kB of RAM and 256 kB of FLASH. Over the last 10 years, MicroPython has become a productive development environment and mature platform for firmware development. It has been used in many applications - and has been deployed on everything from smartwatches to medical devices and satellites.

There are many features of MicroPython that make it an attractive way of developing firmware, such as: the built-in file systems, first-class package management, built-in communication over WiFi/Ethernet/BLE/USB/etc, interactive programming via REPL, automated testing on PC and device. We will introduce these features briefly, and then discuss our favorite feature: the support for C modules, and how it enables building sensor systems that are both computationally efficient and fast to develop.

Transition from open collaboration to customized control with Wikibase, a self-hosted platform designed for tailored data management. While Wikidata provides a robust, open, multilingual, and collaborative environment, it may not fully address the specific needs of personal or institutional data. Wikibase empowers you to structure and manage your information on your own infrastructure, combining the strengths of Wikidata with the flexibility of a self-hosted solution. By seamlessly integrating global entities, leveraging existing translations, and aligning with linked open databases, including Wikidata, Wikibase enables you to build a connected and enriched data ecosystem. Discover how Wikibase bridges collaboration and control, offering independence while staying interconnected within the open data landscape.

References: 1. Wikidata 2. Wikibase 3. Wikibase on GitHub 4. Wikibase Cloud 5. The Linked Open Data Cloud

This session will give you an overview of the current status of the CJK input system in Wayland.

We will start with an overview of how to input CJK languages, focusing on the Korean writing system(한글, Hangul).

Next, we'll look at the different input protocols in Wayland and how they work. I will also show what still needs to be done to improve the CJK input system in Wayland.

Every year there are a lot of Debian community members at Fosdem, so let's gather Debian Developers, contributors and enthusiasts to talk about Debian, their contributions, answer questions and talk about DebConf25 (The Debian Conference will take place in France this year).

Managing the data deluge (exabytes) generated by worldwide large-scale scientific collaborations is a challenge.

The Rucio Data Management platform is an open-source framework written in Python engineered to orchestrate the storage, distribution, and management of massive data volumes across a globally distributed and heterogeneous storage infrastructure.

Rucio meets the requirements of high-energy physics, astrophysics, genomics, and beyond, pioneering new ways to facilitate research at the exabyte-scale and is used by major scientific experiments: the ATLAS and CMS experiments at CERN, Square Kilometer Array Observatory, Cherenkov Telescope Array, KM3NET and Belle II to name a few.

This presentation introduces the Rucio project and the technology behind it.

This talk will include a presentation about changes that are happening to email address syntax, as well as recent developments to Unicode email addresses. In addition, IETF and W3C email syntax rules, which are primarily compatible, will be discussed. Both organizations have proposed updates to extend the rules (i.e., via an IETF draft and W3C Github pull request). There'll be brief information regarding the proposed changes, address validation and web browsers/forms and of course implementation progress

Postmarks is a piece of Fediverse software meant to provide a social bookmarking platform along the lines of De.licio.us and its successors. Despite the published ActivityPub spec having in mind a variety of verbs and nouns, and the ability to create "extensions", most software that I found while looking around in the early days of Postmarks looked to be recreating "timeline-based social media", where the primary activity took place on the platform itself and involved reading content from other users and generating more content of the same expectations. This is not to say there are none, but how much they expect to integrate with platforms like Mastodon varies.

When thinking about what that meant for Postmarks, deciding how interoperability should work presents some interesting questions. There are opportunities in interoperability: even if you're not the kind of person to whom the activity of bookmarking and curating links is interesting, you may know someone who does whose work you want to follow, which you can then do from Mastodon. On the flipside, you may be a researcher who spends time collecting information and values the viewpoints of others but doesn't want to take part in a product designed like a traditional social media site. There are also drawbacks: as an individual maintainer with a handful of contributors to my platform, integrating with existing platforms that are already large enough to have abusers, scrapers, and other bad actors opens me up to those problems much sooner than it would if I were creating my own siloed ecosystem. Less urgently, there are new software design questions raised by the functionality of the platforms interacting. How do I make Postmarks content appear on platforms like Mastodon? As I build out the ability to find bookmarkable content from the Fediverse within Postmarks, how do I do that in a way that keeps in mind the ideals of Postmarks rather than the spaces it's connecting to? What choices have been made that add extra requirements on top of the ActivityPub spec in order to make interoperability smooth and consistent? In designing a piece of ActivityPub software designed to have one small "instance" that hosts the activity of one "actor", I also found myself stumbling across design decisions made in the creation of large platforms like Mastodon and Pixelfed that left me with questions about the ethics of designing software that can interact with those places. How do I prevent my software from becoming a tool for bad actors targeting those places?

By looking at the design problems introduced within the early development of Postmarks and an analysis of other ActivityPub platforms that have either dealt with, are still working on, or have not faced these questions, we can create space for discussing what a future looks like where a broad variety of ActivityPub software is out on the internet speaking the same protocol but choosing when and how they interact in a way that cultivates communication and works to minimize harm.

In today’s software development landscape, products are often an intricate blend of in-house code and open-source third-party dependencies. While many organizations have robust procedures to secure their own codebase, the strategies to safeguard against vulnerabilities in open-source components are not as well-developed.

In this session, we will navigate the complexities of implementing an effective process to manage vulnerabilities within open-source dependencies. Our discussion will cover key considerations for evaluating software composition analysis tools and detail the steps necessary for a successful tool rollout. We will delve into effective strategies for triaging findings and shifting from a reactive to a proactive security posture.

You will leave the session equipped with a foundational but adaptable process, ready to enhance the security of your products that depend on open-source dependencies.

What if gaming didn’t require a powerful computer or even a traditional console? In this talk, we’ll explore how with TinyGo you can create interactive games and experiences directly on microcontrollers and embedded hardware. From LED matrix games to unconventional input methods and minimalist sound effects, we’ll demonstrate how to harness the simplicity of TinyGo for innovative hardware projects.

Whether you're a seasoned Go developer curious about embedded systems or a hardware tinkerer looking for new ways to code your ideas, join us for a fun, hands-on dive into the possibilities of TinyGo-powered gaming, no computer required!

Project Leyden was created in May 2022 with the goal of improving footprint, startup time and time to peak performance of Java applications. Initially, a variety of different approaches were under consideration and the first proposed solutions only started to clarify around 18 months ago. An early preview of the 'premain' solution, prototyped by Oracle, was presented at the August 2023 JVM Language Summit. It has been under very active development since then, with a team that includes developers from Oracle, Red Hat, Microsoft, Amazon and Google, and has already delivered improvements to JDK and application startup time in OpenJDK 24 via JEP 483. The plan is for the project to deliver a series of JEPs that improve performance step by step rather than wait for a complete, shrink-wrapped solution and the Leyden team is already working on the next set of enhancements. In this talk we will explain what was delivered in JEP 483 and how it works to improve startup, then go on to describe what other features are in the pipeline. We will also touch upon some of the barriers we currently face to improving performance and ideas we are exploring to resolve them.

In this talk, we will walk through different scalability challenges various modern CI setups encounter today: caching, distributed computing, reproducibility, telemetry... and how advanced build tools such as Bazel, Buck2, Pants,... addressed them at scale at big enterprises. We will then drill down into the common Remote Build Execution protocol that these tools all have in common. Finally, we shall reflect upon the current state of the build tool ecosystem and highlight key areas to improve upon.

phosh is a graphical shell for mobile devices built using GNOME technologies. With more than 80 releases in about 6 years under it's belt it is both time to celebrate and glimpse into what the future will bring!

The WebKit WPE and GTK ports are aiming to leverage GstWebRTC as their WebRTC backend. Over the years we made progress towards this goal both in WebKit and in GStreamer. During this talk we will present the current integration status of GstWebRTC in WebKit and the plans we have for the coming months.

Vitess, a CNCF-graduated, open-source, MySQL-compatible database, is designed for massive scalability and cloud-native deployments. As one of the most robust solutions for managing large-scale database workloads, Vitess on Kubernetes powers some of the largest systems in the world.

Modern data teams face a growing challenge: scaling databases dynamically to handle surges, such as holiday sales or viral trends. For many, vertical scaling has reached its limits, leaving fundamental architectural changes as the only option. Vitess, with its built-in horizontal sharding capabilities, provides a seamless path for organizations to scale beyond the constraints of legacy MySQL or Aurora clusters. This talk explores how Vitess enables smooth migrations from Aurora and MySQL into Kubernetes clusters with near-zero downtime. We will begin with an overview of Vitess’ architecture, highlighting horizontal sharding and its advantages for scaling. Next, we will dive into the powerful workflows Vitess provides for data import and live production migrations, emphasizing their safety, efficiency, and reversibility—even for massive datasets.

To ground these concepts, we will share real-world examples of successful migrations from web-scale Aurora and legacy MySQL databases, including performance metrics, data sizes, and challenges encountered. Attendees will gain practical insights and a clear blueprint for transitioning large-scale database systems to Vitess, unlocking unprecedented scalability and operational agility.

PostgreSQL's extensibility is legendary, and a revolution is brewing: Rust is emerging as the new gold standard for writing robust, performant database extensions, with the promise to make them safer, faster, and more maintainable than ever before.

In this hands-on session, we'll discover the PGRX framework through 4 practical examples showcasing:

• Memory safety guarantees
• A fully managed development environment
• Access to Rust's vast ecosystem of libraries
• Seamless PostgreSQL integration

Based on my experience rewriting the PostgreSQL Anonymizer extension from C to Rust, I'll share the lessons learned along the way.

Whether you're a seasoned C developer, a rustacean, or a new to PostgreSQL extension writing, this talk will equip you with the knowledge to leverage Rust's powerful features in your next database projects.

Large language models (LLMs) may represent a shift in how open source communities support their members. This talk explores the nuanced and evolving role of LLMs in fostering community engagement. Specialized companies offer tailoring of LLM and automation of responses to technical questions. We will explore a range of adoption options from cautious, opt-in approaches confined to specific channels to fully embracing LLMs for first-line support across forums. These strategies raise questions like:

• Could automation stifle organic, person-to-person connections in communities, or can it expedite learning and enable meaningful contributions from newcomers?
• How do LLMs reshape the balance between in-person and digital interactions, and what does this mean for the future of community building?
• Are LLMs the natural evolution of IRC-era bots, or will they alter the patterns of open source collaboration?

We’ll look at case studies from real communities. Attendees will get actionable insights for navigating the adoption of LLMs in their own communities, striking a balance between automation and authentic human connection.

As RISC-V reaches maturity, we look at how RISC-V designs are performing. We look at how performance has improved over the years and how performance compares to other cores, particularly those from Arm. We'll explore the impact of different extensions and compilers on performance of compiled code. We'll also look at how useful measuring performance using models is for predicting the performance of real silicon.

Throughout we will use mostly the Embench benchmark suites, with some use of SPEC CPU for application class cores. We will present the first results from the new Embench IoT version 2.0 test suite.

Finally we will show how combining accurate benchmarking with simple machine learning can yield additional performance of compiled software. This will be illustrated with the OpenHW CV32E40Pv2, where we were able to improve benchmarked code density by 7% in just 24 hours.

I've created an rDNS map, available at https://reversedns.space/, and I want to tell you how.

It was not hard to do, but there was a lot of unusual and amusing stuff in the process.

I'll give an update on the latest development from kprobe and uprobe world including new session feature and uprobe performance enhancements that already got merged and those that are still being worked on.

Scheduling problem arise in many subsystems such as the CPU scheduler, disk IO or Qdisc. Despite extensive research during several decades, this problem remain challenging to solve due to varying workload requirements, diversity of scheduled resources, latency versus throughput considerations, scheduler overhead and many others. For instance, the Linux CPU scheduler continues to evolve.

In this talk, we’ll explore another scheduling scenario: HTTP streams prioritization. Having that a busy web server can manage millions of TCP connections, each potentially containing hundreds of HTTP/2 or HTTP/3 streams, a pretty efficient stream is essential. It should be fair, say, for progressive JPEGs, but it should prioritize shorter load times for PNG images. It should also be smart enough, particularly if browsers don’t adequately prioritize streams (which is still could be an issue for mainstream browsers in 2024). Additionally, it must be resilient against DDoS attacks.

This talk will cover the following topics:

• The different nature of resources, their relationships, and how these factrors affect streams scheduling used for delivering these resources

• Fair O(logN) and fast O(1) scheduling algorithms

• Discussions on underlying data structures to optimize the scheduler for a large number of streams

• HTTP/2 streams prioritization in servers such as Nginx, H2O, nghttp2 (Envoy, Apache HTTPD) and Tempesta FW

• Differences between stream prioritization in HTTP/2 and HTTP/3, along with corresponding RFCs

• How modern browsers construct stream priority trees

• Server-side optimizations for streams scheduling in Cloudflare and Tempesta FW

• Known vulnerabilities exploiting the HTTP/2 prioritization mechanisms

In this talk we briefly present Sxmo and share the current state of things. Sxmo is a hacker-friendly mobile UI for Linux phones, like those running on postmarketOS. Our approach differs from what the mobile user is accustomed too, but one that will appeal to those drawn to software minimalism and those with an urge to tweak and control their system to the max! We tie together various FOSS components, some interchangeable, via POSIX shell scripts. Through our hook system users can customize these to a large extent.

• Do you want to SSH into your phone and have all functionality available remotely?
• Do you like the idea of running a tiling window manager (sway, dwm) on your phone just like on your desktop?
• Do feel nostalgia for operating your phone with menus (dmenu, bemenu, wofi) and hardware buttons?
• Do you want to be the one in control of our own device and data, rather than be on the leash of big tech companies?

Then this talk may be interesting for you!

Did you know that you can write a cloud-native service in Swift and publish it in a container image, ready to run on any standard container-based cloud infrastructure, all using just the Swift compiler and its build system?

In this talk we'll see how Swift's strong multi-platform support and highly extensible package manager can take care of the whole process for you, allowing you to build your application, package it and upload it in one efficient step:

• Swift SDKs extend your native Swift compiler, giving it the ability to cross-compile and produce Linux executables directly on macOS.
• swift-container-plugin extends Swift Package Manager, giving it the ability to construct a container image and publish it to a container registry.

We'll see these tools in action and peek behind the scenes to learn how they actually work. Along the way we'll answer questions such as:

• How can we build Linux binaries on macOS?
• Can we build our own custom Swift SDKs?
• What actually goes on when we build, push and pull container images?
• How can we build a container image from scratch, just using Swift?

Open Source Business Intelligence (BI) is here, and here to win!

In this talk, we'll take a look at Apache Superset, the Apache Software Foundation (ASF)'s #1 project by GitHub stars, and learn about the features and flexibility that make it the leading tool for data visualization in the open-source data stack. We'll talk about what it does, how it works, and how it's built, highlighting its key workflows and philosophies.

In this talk I will share some details on the path towards the recently obtained Security (EAL4+, German GEHEIM) and Safety (ISO26262 ASIL-B, SIL-2) certifications that have been achieved for the L4Re Operating System Framework. I will show some details on where generic software development, operating systems, and third-party code clash with the expectations of the safety norms. I will also shed some light on the challenges we face in maintaining these certifications while staying true to the open source nature of the system with contributions form a multitude of actors from various fields. I will conclude with an outlook of the things to come and how we want to ensure that open source microkernel-based operating systems can be a vital cornerstone to safe & secure systems.

In this talk, I will introduce Syd-OCI, a secure OCI container runtime for Linux systems (version 5.19 and above). Syd-OCI seamlessly integrates the advanced sandboxing capabilities of Syd -- our rock-solid application kernel designed for sandboxing applications -- into containerized environments by leveraging Youki, a modern container runtime written in Rust.

Syd-OCI operates as a thin wrapper around Youki, utilizing Youki's robust OCI implementation while replacing its default executor with a custom one that runs container processes under Syd's comprehensive sandboxing framework. This integration allows Syd-OCI to provide enhanced security features -- such as Path Sandboxing, Execution Control with SegvGuard, Network Sandboxing, and advanced mechanisms like Lock Sandboxing and Proxy Sandboxing -- within standard OCI-compliant containers.

The presentation will cover Syd-OCI's key features:

• Integration of Syd and Youki: How Syd-OCI combines Syd's advanced sandboxing mechanisms with Youki's efficient OCI runtime, creating a secure container runtime without requiring extra privileges, SETUID binaries, or privileged kernel context.
• Technical Architecture: An in-depth look at how Syd-OCI replaces Youki's default executor with a custom executor that runs commands under Syd, enabling seamless integration of Syd's security features into container workflows.
• Configuration and Usage: Guidance on setting up Syd-OCI with container platforms like Docker, Podman, and CRI-O, including configuring the Syd sandbox using profiles and integrating sandbox configurations into container images.
• Advanced Sandboxing and Verified Images: Showcasing practical use cases where Syd-OCI enhances container security through advanced features like Force Sandboxing for verified execution and Crypt Sandboxing for transparent file encryption using AES-CTR. We will explore how these mechanisms provide integrity verification for container images and binaries, ensuring that only trusted and securely encrypted code is executed within containers, thereby strengthening protection against unauthorized modification and data breach.

Attendees will gain insights into the design and implementation of Syd-OCI, understanding how the integration of Syd and Youki provides a secure, efficient, and practical solution for container security. This talk will illustrate how Syd-OCI can be seamlessly integrated into existing container workflows, enhancing security without compromising performance or compatibility, and adhering to the UNIX philosophy of doing one thing well with the least privilege necessary.

A walkthrough of a packet's journey through (FreeBSD's) pf, concentrating on the big picture and its implications.

We'll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we'll cover what DTrace probes can show us, what some of pfctl's counters mean and just how many times pf can look at a single packet.

This talk is intended for firewall admins looking for a deeper understanding and aspiring pf developers. It is not a "How to use pf" talk.

In the digital age, the pervasive presence of the internet has fundamentally altered the landscape of capitalism, knowledge and human communication. However, alongside its transformative potential, voluntary data sharing in the public interest, or data donation, is plagued by systemic issues, ranging from lack of trust and privacy breaches to legal uncertainty, undermining its intended role as a democratizing force.

Recognizing this brokenness, we turn to the concept of digital repair as a lens through which to understand and address these deficiencies. Drawing from social innovation and data governance theories, this abstract advances the sociology of repair centered on the concept of data altruism, the new EU framework for voluntary data sharing for objectives of general interest, including scientific research purposes. This talk explores the potential of data donation as a means to not only rectify the fractures in the digital data ecosystem, but also to stimulate a more socially sustainable data economy.

By conceptualizing data donation within the framework of sociology of repair, this talk proposes its implications for reframing data agency, and advancing notions of digital constitutionalism. This talk is explicitly an effort to facilitate discussion about useful and plausible conceptual tools to theorize data donation. Through an ethnographically-informed investigation, this talk contributes to an understanding of the infrastructure enabling data altruism for scientific research purposes in the Netherlands, offering insights that are fruitful for navigating future research journeys into the European data economy.

Although it was invented decades before the term "safe language", COBOL was created to meet that very need. At the time in that environment, the predominate alternatives were FORTRAN, and assembly language.

Safety means different things to different people and in different contexts. By some definition, no language is safe. By others, COBOL may be considered among the safest.

Kamailio is one of the most widely used open source SIP servers for large VoIP and real-time communication platforms. The talk will give an overview of the key topics of the newly released version 6.0, describing the improvements in the UDP worker architecture, asynchronous processing, the new build system and other important changes. The presentation is aimed at people who are interested in developing high-performance VoIP platforms, developers who want to extend or improve Kamailio, and operations experts who run Kamailio infrastructures.

In recent years, Europe has seen an increase in regulations directly affecting the software industry, and with implications for free and open source software. The regulatory landscape is complex and evolving, which makes a deeper understanding of the intended and unintended consequences on FOSS projects and the ecosystem necessary.

This session will explore the intricacies of EU legislative processes, using the CRA as a focal point. The panel aims to share and identify key moments of realization ('aha' moments) that enable navigating regulatory challenges more efficiently.

Participants will hopefully gain practical models and strategies for navigating legislative processes, and actionable methods to effectively engage with policymakers and other stakeholders, or in short: to be better able to talk to the right people at the right moment about the right subject to have most impact.

You've heard it from colleagues, you've seen it on Reddit... Zephyr RTOS can be difficult to navigate.

Join this session for a "Zephyr Roasting Party" where we'll openly look at and discuss the most complained-about aspects of Zephyr, and try to honestly answer common questions and criticisms such as:

• "Zephyr is bloated and really has poor real-time performance compared to other RTOSes"
• "I already have a HAL from my silicon vendor, why would I need even more HW abstractions?"
• "Devicetree is so complex! How do I even understand what's going on with all these 'macrobatics'?"
• "There's lots of drivers available upstream, sure, but how do I know how mature they are?"
• "What is this west thing, and why are you asking me to learn Python?"
• "Why is my board/driver not supported?"

The goal of the talk is NOT to rhetorically question some of the "bad" parts of Zephyr, only to immediately tell you why Zephyr is in fact the best thing since sliced bread. Instead, we will honestly discuss these pain points to help you understand better some of the design decisions behind Zephyr, and why they might (or might not!) actually be worth the steep learning curve. This will also prove to be an interesting exercise that will help you understand when you might not need or want an RTOS in the first place.

Through practical demos and examples, we’ll show how tools like Devicetree, Kconfig, or West can actually make embedded development more efficient, and we'll try to make those "scary" parts of Zephyr more approachable, and give a sense of the roadmap for all the other areas of Zephyr that still need work and love.

Cypht is an awesome Free/Libre/Open Source webmail aggregator written in PHP and JavaScript. Tiki is the Free/Libre/Open Source Web Application with the most built-in features, obviously including a webmail. Cypht within Tiki expands on the collaboration possibilities.

Email handling (reading, replying and archiving) should be part of a larger collaborative workflow. Instead of one gigantic mail store, we should have a number of smaller ones that make sense to one's workflow (ex.: around projects, tasks, clients, etc.) and that can easily be shared and prioritized.

Most, if not all, mobile devices have a GPS receiver in them, and most, if not all of them, support A-GPS. A-GPS as a technology is not designed with privacy in mind (in fact, it is specifically designed to not be private, as it sends the phones' IMSI to the A-GPS server), and one of the few providers of A-GPS services is Google. There exists, at present, no open source, privacy-respecting A-GPS service; mostly impacting FOSS on Mobile projects, such as Ubuntu Touch, who do not wish to use this Google service (and may not be allowed to either, as Google only offically provides SUPL services for Android devices, as far as I understand)

The OpenAGPS project aims to create a open-source A-GPS / SUPL (Secure User Plane Positioning) service. GNSS systems (such as GPS) are both surprisingly simple and complicated; the talk would provide a short overview into the functioning of a GNSS system, how asssisted GNSS / A-GPS / SUPL works, how a privacy-respecting system could be built, and the current state of the OpenAGPS project.

This project has also received a grant from NLNet (Mobifree call) very recently; at the time of this submission we do not have any fully functioning code/codebase, although we hope to get a working prototype of the system in time for it to be potentially showed of as a working demo at FOSDEM.

Website (slight update: placeholder has been replaced with a blog, although its still not got too much yet): https://openagps.net/ Source: https://gitlab.com/openagps/

Integrated in the Linux kernel since 2014, eBPF has allowed the creation of a large variety of projects (observability, security, network, etc.). Unlike kernel modules, eBPF programs can be loaded by unprivileged users. The Linux kernel is protected by a static analyzer, called the eBPF verifier, which verifies that eBPF programs cannot harm the kernel and respect required security properties. Recently, several research works have shown that the eBPF verifier, which is a critical component, is not sound. This means that programs which should be rejected are accepted by the verifier, allowing unprivileged users to run malicious programs (e.g [1,2,3,4,5]). In this talk, we propose to evaluate the performance of the eBPF verifier through the measurement of three main aspects:

• Performance evaluation: to understand the evolution of the eBPF verifier versions, we evaluated the verification time and consumed memory of six eBPF verifier versions (Linux kernel 5.0 to 6.8, both included). The results show that for some eBPF programs, the verifiers have nearly the same verification times (except for the conditional jumps, where the verification time has decreased since the introduction of the bounded loops in the Linux kernel 5.3). Consumed memory remains also stable.

• Comparative evaluation with PREVAIL: as the eBPF verifier is not sound, we compared it to PREVAIL, which is another verifier proposed in 2019 at the PLDI conference. PREVAIL is a sound verifier that runs in user space and is used in the eBPF infrastructure of Windows. On the one hand, we were interested in the implementation differences between the two verification solutions and on the other hand, we observed the performance difference between the two verifiers. We observed that, although PREVAIL's performance has improved, it remains less efficient than the eBPF verifier. Nevertheless, PREVAIL showed that it can efficiently verify programs containing a lot of paths (implied by conditional jumps) thanks to the join operator and the fixpoint computation used for the bounded loops, where the eBPF verifier would have created a lot of paths, trying to reduce them with pruning.

• Impact of compilers: beyond the verification mechanisms, there are external constraints such as the compilers: An eBPF program is first compiled into eBPF bytecode and then analyzed. However, we observed that for the eBPF verifier with a specific eBPF program, which varies only by its number of loop iterations, Clang-8 produced more programs accepted by the eBPF verifier and these programs are verified faster than those produced by Clang-14.

I want to keep up my mission to make STARTTLS a technology of the past by recapping on the issues STARTTLS creates and providing advice how to (avoid) implementing (most of) it. The talk will be 5 to 10 minutes and is motivated by my research about real-world STARTTLS issues (https://nostarttls.secvuln.info/) and the implementations I (reluctantly) wrote (https://github.com/duesee/imap-next).

Today, each application (and server/instance) that participates in the Fediverse is largely independent when it comes to discovery. User search, discovery of content, trends and recommendations are not easily possible across the network. This is especially problematic for small servers.

"Fediscovery" is a project led by Mastodon gGmbH and funded by NGI Search that explores a way to improve this situation with a set of external services that any fediverse software can use.

The project is meant to produce both specifications that everyone can implement and a reference server implementation.

This talk will give an overview of the project and its goals. And it will give an update about the current state of both the specification efforts and the reference implementation.

The Log4j project gained worldwide attention, when the Log4Shell bug shook the foundations of many software companies and government agencies, affecting millions of applications worldwide.

While the possibility of a security vulnerability can never be excluded, we will look at the steps taken by the Log4j project to minimize the security exposure of its users and drastically improve reaction times to any future vulnerability.

Parallelism is hard. So until recently, TinyGo (the alternative Go compiler for small systems) simply did not implement it. Instead, we used a simple single threaded scheduler that provides concurrency, but not parallelism. This made all programs act like GOMAXPROCS=1, which caused some practical issues.

Over the past few months we added support for running multiple goroutines in parallel on Linux, MacOS, and on the dual-core RP2040 chip. This required changes in many parts of TinyGo that previously assumed single threaded operation.

This talk will cover a variety of topics that may be interesting to anybody who wants to learn about low level primitives:

• Which parts of Go are affected by parallelism.
• Futexes: the building block of concurrency primitives on modern operating systems.
• How some synchronisation primitives like channels and sync.Mutex are implemented in TinyGo.
• How parallelism is implemented in TinyGo on Linux, MacOS, and the RP2040 chip.

The first stage of Valhalla (https://openjdk.org/projects/valhalla/) is almost ready, soon we will release the first stage of the rocket, the ability to declare a class as a value class. A value class object is like a cheap box that is able to solarise itself on stack, avoiding the traditional boxing cost. The next phase is to allow to flatten value class into fields, but for that we need to get ride of null as a possible value. This talk is about the challenges to introduce nullness emotion ('?' Or '!') to the Java type system. Sadly, if you hope that Java can be turned into Kotlin, you will be disappointed.

Testing packages across diverse environments often involves integrating legacy setups like bash scripts with modern frameworks such as testinfra. For many testing teams, traditional Jenkins setups rely on pre-provisioned worker nodes managed exclusively by DevOps, Build and Release, or Operations teams. This reliance often creates a bottleneck, as testing teams are restricted from modifying infrastructure directly, limiting their ability to adapt environments dynamically to meet specific testing requirements.

In this talk, we will demonstrate how Molecule, an open-source testing tool, provides a robust framework for overcoming these challenges. By decoupling test environment management from pre-configured nodes, Molecule empowers testing teams to independently define and execute their tests across multiple environments. We’ll discuss how this approach integrates seamlessly with Jenkins pipelines and supports both legacy and modern testing frameworks.

Attendees will learn how to use Molecule to reduce infrastructure dependencies, streamline testing workflows, and increase flexibility in testing.

In an attempt to increase security and reduce spam, website services ask for more proofs. Most services require you to confirm your email address, but nowadays, some services also demand a proof of domain ownership. Sometimes you need to prove write access to a website. Registration gets much harder, and we have to do it so often. Time to rethink.

We have been used to creating usernames for three decades by now, but the practice has reached it limits: users need to do much more to get access to a service. A tiny simplification is offered via OpenID ("Login via Google"), but the new Open Console project offers a more integrated solution to build a trust relation between a person and a service provider.

In Open Console, a person (or group) collects personal (and group) facts, and can share them with the requirements of the service. When the service only needs a proven email-address, it only gets that email address, not your name. The negotiation about which data is delivered is totally transparent and far more diverse.

Besides personal facts, many different kinds of proofs can be maintained, like a proof of website-ownership. You only need to prove ownership once, and this can be shared with any service which requires it.

Proving website ownership is not easy. The focus of this talk is on the process of establishing this proof. There are many complications in checking the validity of a website. We implemented different approaches for this proof (via DNS, HTML-meta, and file). We would also like to discuss the possible proofs of domain and network (ip-range) ownership with the participants: how to express them in DNS.

Open Console received support from NGI OpenWebSearch.EU and the NLnet Foundation.

The goal of this presentation is twofold:

Firstly, we want to demystify open source project governance. Do you freeze when you hear the term governance? Do you blindly copy and paste the governance of other projects hoping it works for your project too? Do you struggle to keep governance up to date or aligned with what’s actually going on in the project? You’re not alone.

Secondly, we want to provide a simple, practical, and proven approach to writing governance that’s directly inspired from coding best practices. The very same concepts that are used when writing code (e.g. Don’t Repeat Yourself, Keep It Simple, or Separation of Concerns) have direct application when authoring governance documents and create the same kind of positive outcomes: governance that is simple to understand, flexible, and and easy to maintain. You’ll never come back from thinking about governance as code.

By the time you leave this presentation, you’ll have an entirely new perspective on governance and will feel empowered by your ability to leverage your existing software engineering skills in this new domain.

After spending the past 10 years (and more!) working with WebRTC, and even more than that with SIP/RTP, I decided to have a look at the efforts happening within the standardization community on how to leverage QUIC for real-time media. This led me to studying not only QUIC itself, but also RTP Over QUIC (RoQ) and Media Over QUIC (MoQT).

As part of my learning process, I started writing a QUIC library, called imquic. While it can (mostly) be used as a generic QUIC/WebTransport library, I also implemented native support within the library for both RoQ and MoQT, as a testbed to use for prototyping the new protocols in an experimental way. This presentation will introduce these new protocols and the imquic library implementing them, talking a bit about the existing demos and the proof-of-concept integration in the Janus WebRTC Server for QUIC-to-WebRTC translation.

Get to know the Aparoksha project. Write your app once and deliver a truly native look and feel across the major desktop platforms, all with a declarative framework!

The most mature part of this project is the Adwaita for Swift package, allowing the creation of native GNOME apps.

In this presentation, I'll introduce the core principles of Aparoksha, showcase its current capabilities, and share my vision for its future.

Wikis are a place where humans collaborate to store knowledge. It excels at free-form natural language representation of knowledge which can be stored and retrieved easily by humans. It also increasingly serves as a knowledge base for chat bots and other artificial agents which are based on LLMs and their technologies.

While interacting with humans in a chat, AI agents can also gain new knowledge. This talk proposes that the wikis can also be a place where AI agents can persist this information. In that way, it would be readable for both humans and AI agents. This would make the wiki a perfect place for human / AI collaboration.