SFC funded and supported Sebastian Steck's lawsuit against wireless router manufacturer AVM. That lawsuit has recently concluded. AVM has provided the complete source code for all LGPL works, which means everything needed to reinstall changes, for the FRITZ!Box 4020. This marks the first time to our knowledge in Germany that an individual purchaser has successfully sued a manufacturer and received complete source code as a result. This talk will describe what the case was about, what the compliance issues were before the lawsuit, and how "the scripts used to control compilation and installation" that AVM provided over the course of the lawsuit brought them into compliance with LGPLv2.1.

The Yocto Project offers the cve-check class to allow users to check for known vulnerabilities in the packages they include in their distribution. However, the CRA (Cyber Resilience Act) and changes around vulnerability databases require a different approach. The move to multiple databases and more dynamic vulnerability checking is in progress.

In this talk, we will explain the ongoing move to external checking for vulnerabilities in the Yocto Project. This will allow users to verify their distribution years after the release without the original build directory.

As the future of the NVD (National Vulnerability Database) is unknown, we are also considering using other databases, starting with raw data from the CVE (Common Vulnerability Enumeration) program.

The audience will also discover VEX (Vulnerability Exchange), allowing per-product annotations of vulnerabilities: you can finally say, "Not affected, we disabled the vulnerable configuration option!"

This talk is 25 minutes; if we have 50, we can add more content and examples.

How to ensure that object files from two compilers are ABI (Application Binary Interface) compatible?

This talk presents a tool capable of extracting ABI properties for a RISC-V compiler. This human readable summary can be compared to another version, be it a reference version or one created for a different compiler or with different options, exposing where compatibility problems can pop up.

While the topic may not receive extensive attention, certain methods for ABI validation do exist, most of which focus on libraries. This tool, however, adopts a unique approach by focusing on extracting ABI properties to ensure compatibility between object files produced by different compilers. It covers aspects from data type sizes/alignment to the organization of data in registers and on the stack. For example, it identifies which registers or stack locations are used for variable/struct argument passing and distinguishes caller-saved from callee-saved registers.

Let's take look at how much of the LibreOffice internal and external API is marked as deprecated and since when. Maybe also ask ourselves whether we are doing fine or we forgot something important we wanted to do.

Want to stay in sync with Android’s latest features and bring them into your own projects? Join a former Googler and Android team member as we dive into Trunk Stable – Android’s new quarterly release model.

We’ll explore why this change is much needed for improving quality, releasing more frequently, and meeting upcoming regulatory compliance.

You’ll learn how to define features, A/B test them, and make sense of next, trunk_food, and trunk_staging. We’ll discuss strategies for rebasing your changes onto the latest code, managing feature flags with tools like aconfig, and keeping your projects aligned with the newest Android updates.

We invite open-source maintainers, testers, designers, developers, human rights defenders, researchers, activists, community organizers, digital security experts working, and others currently working within FOSS communities in the Global Majority, to join our gathering.

This gathering focuses on exchanging perspectives, sharing insights, and identifying both challenges and opportunities in designing usable and accessible open source internet circumvention technologies for underrepresented and historically marginalized communities. Through open and collaborative dialogue, we’ll share best practices and collectively strategize inclusive and contextually relevant approaches. In doing so, we hope to foster a practice of mutual support and care, sustaining our effort in contributing to a safer, more equitable, and resilient digital space for those at risk.

We'll facilitate our session like a circle where each participant will get to contribute and share their stories. The outline will roughly be like this:

• Goal of the session
• Individual Introduction
• Questions for group discussion
• Note-taking and sharing

We are planning to kick off this BoF by discussing the Continuous Performance Testing (CPT) methodology. At Red Hat, We are implementing this approach to ensure that our projects and products consistently meet the minimum performance and scalability standards with each update.

After that, participants will have the opportunity to discuss the performance and scalability challenges they are encountering, as well as the strategies they are employing to address these issues prior to the final release of their projects or products.

Following these discussions, We intend to arrange dedicated talks later with attendees that will concentrate on the specific performance and scalability challenges they are facing.

With just five years remaining to achieve the Sustainable Development Goals (SDGs), the window for action is rapidly closing. This session explores how the United Nations and other stakeholders are accelerating efforts toward meeting these goals and how open source solutions are critical. The Digital Public Goods Alliance in collaboration with the UN Envoy on Technology will dive into the role of digital public goods in supporting SDG progress, highlighting innovative initiatives, partnerships, and technologies that can scale impact in areas like health, education, climate action, and more. Join us for a conversation about how the open-source community can unite with governments, NGOs, and the private sector to build the digital infrastructure needed to meet these ambitious goals.

The Digital Public Goods Alliance is a multi-stakeholder UN-endorsed initiative that facilitates the discovery and deployment of open-source technologies, bringing together countries and organisations to create a thriving global ecosystem for digital public goods and helping to achieve the sustainable development goals.

The Office of the UN Secretary-General’s Envoy on Technology is dedicated to advancing the United Nations’ digital cooperation agenda, ensuring that technological advancements benefit all of humanity while mitigating associated risks.

Keynote Presentation:

1. Brief introduction to the UN’s Sustainable Development Goals and the urgency of achieving them within the next five years.
2. The unique role of open source solutions in bridging critical gaps and delivering scalable, impactful innovations in health, education, climate action, and beyond.
3. The Power of Digital Public Goods (DPGs):
4. Introduction to Digital Public Goods, their role in achieving the SDGs, and how the DPG Standard ensures openness, scalability, and ethical implementation with the latest updates made in it to assess open AI systems.
5. Case studies of impactful DPGs, showcasing their real-world benefits in addressing systemic global challenges.

Collaboration with the UN Envoy on Technology:

The Global Digital Compact (GDC): 1. The UN Envoy on Technology will present highlights of the GDC, emphasizing its relevance to open source communities and sustainable development. 2. Key areas of focus: - Digital Inclusion: Bridging digital divides through open collaboration and equitable access. - Open-Source as a Foundation: Recognizing open technologies as a cornerstone of global cooperation and innovation.

Special Announcement by the Digital Public Goods Alliance (DPGA):

Formal Recognition of New Flagship DPGs and insights from some other notable DPGs and their alignment with open source principles and the impact of their inclusion as DPGs on advancing global digital equity.

Call to Action:

Engaging the FOSDEM Community: A compelling closing appeal to developers, contributors, and organizations in the open-source ecosystem to: 1. Actively participate in scaling DPGs. 2. Leverage their expertise to support SDG-aligned open initiatives. 3. Join global efforts like ours to create inclusive, ethical, and open digital infrastructure.

In recent years, it has been repeatedly shown that memory safety problems account for the vast majority of security vulnerabilities in software systems. In response, security researchers and government agencies alike have urged software developers to replace their use of C and C++ with memory-safe programming languages. Fortunately, there are several native programming languages to choose from, but there is a catch: you must rewrite your code to get these memory-safety benefits. In today's established software systems, that could mean rewriting hundreds of millions of lines of existing C and C++ code, which is beyond impractical.

To move memory safety forward in an established software system, we propose an incremental approach comprised of three parts. First, use of a memory-safe language (in our case, Swift) for new code or for targeted rewrites. Second, memory-safety improvements to C and C++ that can be applied to large swathes of existing code. Finally, deep interoperability between the memory-safe language and existing C and C++ without sacrificing memory safety. This talk will explore all three aspects of this approach in the context of Swift, and will reflect on lessons learned for both programming language design and rollout in an established software system.

At the Scientific Computing Institute at TU Darmstadt, we have experience with developing LLVM-based tools. In the past, however, we usually focused on C/C++ codes via the Clang compiler [1,2]. With the change to flang-new [3] as the default LLVM Fortran frontend, we were interested in developing tooling for Fortran codes. In this talk we want to take you through our journey towards flang‑new based Fortran tooling. After building ~legacy~ established Fortran codes [4,5] with flang-new we wrangled with OpenMPI, employed static analysis tools inside the compile pipeline, and measured performance with the Score‑P [6] profiling library.

We will conclude our talk by presenting first results and describing our first impressions working with the evolving flang-new infrastructure.

This talks is intended for people with an interest in Fortran applications, tooling, or a general curiosity in the possibilities given by the LLVM infrastructure.

With zero experience with NixOS, I grabbed an unused $60 LTE-enabled laptop bought in a fire sale during the pandemic and an LTE SIM card to build a router for my newly purchased home so I could have the minimal Internet necessary for its security system and home automation without having to record what I did in case the laptop died.

I did this in a few hours with less than 100 lines of Nix. I did not think that it would be this easy. It served my Internet needs for several months without failure.

This talk will cover some hijinks of NixOS, using LTE for home internet somewhere you don't yet live, and the joy of things that Just Work... when they work.

Lots of open-source projects use documentation as code to collaborate on web sites and documentation. But how do you integrate the different parts of a documentation pipeline to provide a great contributor and user experience? AsciiDoc is a popular plain text markup language for writing technical content, and lots of open-source projects use it. It’s loved for its rich features and its ability to modularize and reuse content. The AsciiDoc Working Group at the Eclipse Foundation has recently published the AsciiDoc Language documentation, and it is continuing to work on the AsciiDoc Language Specification that is the foundation to define standard parsing rules for the language. This talk showcases different AsciiDoc tools in real-world project documentation pipelines to show what is possible today when you author, verify, convert, and publish content. It also highlights what challenges will be solved with the evolving AsciiDoc Language Specification.

Self-hosting an e-mail server is notoriously challenging. While privacy is a top concern for many individuals and businesses, the complexities of self-hosting a mail server often outweigh the benefits, leading many to choose to sacrifice some privacy and pay a third-party provider to manage their email instead. One of the key challenges of self-hosting an email server is the outdated and complex nature of most available open-source mail server software.

Stalwart Mail Server seeks to change this by providing a modern, open-source mail server built in Rust that prioritizes ease of use, security, and privacy. Designed to simplify self-hosting, Stalwart Mail Server enables individuals and businesses to reclaim their email autonomy with confidence. This talk will explore how Stalwart Mail Server democratizes email, promoting decentralization by making self-hosted email accessible, secure, and efficient. Join us to learn how Stalwart can empower you to take back control of your email in today’s digital landscape.

In May 2023, the a decloaking method called tunnelvision raised awareness about security implications about supporting the DHCP option 121. This talk with show practical mitigation methods against this technique and also similar issues that deserve similar attention. This will be from the perspective of the team developing NetworkManager that makes mitigation against this easily available.

Most computer programs run with far more privileges than necessary. Many techniques have been developed to drop privileges and split applications into multiple components, each of which can run with the least amount of privileges necessary to do its job. This can greatly reduce the impact of security bugs, as the affected component will hopefully no longer have the rights to spawn other processes or even access files. Relatively small architectural changes can result in huge security gains.

Most privilege separated daemons out there are written in C. However, it is also possible to do this in Go, as this talk will show with almost copy-pasteable examples targeting POSIX-like operating systems.

After 3 years of development, Project Lilliput, also known as 'Compact Object Headers' is going to ship JEP 450 in JDK24. We want to celebrate that by looking back at how we got here and talk about what Java users can expect from it. We also talk about why we are not done, yet, how all Java users are going to benefit from 'Lilliput 2' and what it takes to get there.

Consider you want to have a concurrency bug that requires threads to run in a specific order. Wouldn't it be great if you could stop and start threads at random? Prevent them from being scheduled onto the CPU? And the best part: Without the application being able to prevent this, like it could do with POSIX STOP and START signals? In come the scheduler extensions for the Linux Kernel. Introduced in version 6.12, they allow you to quickly write your own schedulers with eBPF, and can be the base for simple libraries that enable you to start and stop threads directly in the Linux kernel. This opens the possibility of creating complex scheduler scenarios at a whim.

In this talk, we'll show you a prototypical sched_ext-based library for concurrency testing that we used to reproduce bugs when working on the OpenJDK.

Open source projects can promise the moon in their READMEs, but have you ever wondered what causes end users to actually adopt a project? Bill has interviewed over 20 companies in industries ranging from media to financial services about why they picked Cilium for their cloud native platform.

In this talk, he will reveal what end users truly want when adopting open source projects and what the forcing function was for each of them. You’ll hear firsthand accounts of why companies like DigitalOcean, Rabobank, and The New York Times chose to deploy a project to production, the specific benefits these organizations are reaping, from enhanced security and observability to improved performance and cost savings, and all the triumphs and tribulations along the way.

The talk will also teach other open source projects a process for creating impactful case studies to grow their community. By the end, the audience will how to grow their project with a case study program and why end users actually pick a project.

What's Guix? GNU Guix is a software deployment tool that supports reproducible software deployment. As research results are increasingly the outcome of computational processes, software plays a central role. The ability to verify research results and to experiment with methodologies, core tenets of the scientific methods, requires reproducible software deployment.

What's Software Heritage? Software Heritage is a long term, non-profit, multistakeholder initiative with the ambitious goal to collect, preserve and share all source code publicly available. To our knowledge, Software Heritage is the largest publicly available archive of software source code.

Could we connect Guix with Software Heritage? Yes! It makes Guix the first free software distribution and tool backed by Software Heritage, to our knowledge.

This presentation describes design and implementation we came up and reports on the archival coverage for package source code with data collected over five years. It opens to some remaining challenges toward a better open and reproducible research.

Putting the pixels of LibreOffice into a browser window. With or without Qt. Asking for interaction.

Talk Summary This talk introduces a groundbreaking project aimed at creating a universal solution for scanner drivers across various Linux distributions. By leveraging Snaps and OCI containers, the ScaniVerse project enables the distribution-independent packaging of scanner drivers and applications. This approach enhances flexibility, reduces dependencies, and supports immutable operating systems. Attendees will gain insights into advanced techniques for integrating scanner and printer drivers, including the use of the PAPPL library for retrofitting legacy devices.

Project Description The ScaniVerse project is a pioneering initiative designed to streamline the installation and management of scanner drivers across different Linux distributions. By utilizing Snaps, the project enables the creation of distribution-independent packages, allowing scanner drivers to be easily installed on any system that supports snapd. Additionally, scanner applications can be containerized using OCI containers, facilitating their deployment on immutable operating systems. Key components of the project include the integration of scanner support into the PAPPL library, originally developed for printer applications. This integration supports multi-function devices and provides a unified driver format for both printers and scanners. The project also focuses on retrofitting legacy scanners to ensure continued support for older hardware.

Learning Outcomes for the Community Learning basics of how to package printer/scanner drivers in Snaps for easy installation on any distro supporting snapd. Gaining insights into separating scanning frontends from drivers, enhancing modularity and reducing dependencies. Explore how to package and deploy scanner applications in OCI containers for enhanced manageability and deployment on immutable systems. Understand the potential of eSCL and IPP scanning as standardised infrastructures, moving beyond the limitations of SANE. Discover methods to support legacy scanners using SANE and PAPPL-retrofit for a seamless transition to modern systems. Learn about establishing a common scanning infrastructure that simplifies development and maintenance, benefiting the entire ecosystem.

Traditional package updates using tools like RPM or Zypper can introduce risks, such as incomplete updates or accidentally breaking the running system. To overcome these challenges, we developed container-snap, a prototype plugin designed to deliver atomic OS updates—updates that are fully applied or rolled back without compromising the system's state.

container-snap leverages OCI images as the source for updates and integrates seamlessly with openSUSE’s tukit to enable transactional OS updates. By utilizing Podman’s btrfs storage driver, it creates btrfs subvolumes directly from OCI images, allowing systems to boot from the OCI image. This approach empowers users to construct their own OS images using familiar container image-building tools, like Docker or Buildah.

In this session, we’ll dive into: - The architecture and technical implementation of container-snap - Challenges encountered during development and how we resolved them - Key lessons learned along the way - A live demo showcasing container-snap in action

Come and join this session to learn more about how to boot from an OCI image without bricking your system!

CryptPad is an open-source and end-to-end encrypted collaborative office suite. Since its inception 10 years ago, it has been actively developed at XWiki to offer a unique combination of privacy and collaboration. In this talk I will summarise CryptPad's development to date, from a single-page prototype to a full-blown office suite. I will then give an overview of the progress made in the last year including: accessibility and mobile, performance improvements, cloud instances, and work on the OnlyOffice integration to name a few. Finally I will give a glimpse of things to expect in 2025.

While metrics provide valuable insights into system behavior, they often lack the detail to really understand the system. In this talk, we will explore how tracing techniques can complement metrics to provide a more detailed view of Ceph operations, enabling deeper analysis and troubleshooting.

The presentation will discuss current state of GRUB upstream development.

The satellites of the Sentinel family are Europe's eye in space – managed by the European Space Agency (ESA). They observe the earth continuously and collect enormous amounts of data that provide valuable insights into environmental, climatic, and geospatial changes. These data are used for various applications, including Land Use and Land Cover (LULC) mapping, environmental monitoring, disaster response, climate change analysis, and agricultural monitoring. The Copernicus Data Space Ecosystem makes these data freely available to users, along with tools for processing and analysis. It encourages researchers, developers, and organizations to use these products for various applications, from scientific studies to practical environmental monitoring solutions. These products include but are not limited to, Sentinel data, Digital Elevation Models (DEMs), mosaics, and service products like biophysical parameters such as FAPAR (Fraction of Absorbed Photosynthetically Active Radiation). In addition to these products, the ecosystem also provides a range of tools, including cloud-computing environments and APIs, to simplify and enhance the usability of Earth Observation data. In this session, we will explore how, in addition to freely available data, the Copernicus Data Space Ecosystem provides several open-source capabilities to simplify and enhance EO data usability. These include a cloud-computing environment like JupyterLab, a user-friendly Copernicus Browser for easy data exploration, and APIs like STAC and openEO for streamlined data access and integration. By offering these resources openly, the Copernicus Data Space Ecosystem supports a growing community of users, helping them turn satellite data into actionable knowledge to address global challenges.

LibreOffice Technology provides great engine for processing the documents with LibreOfficeKit. For more advanced usage in a user-friendly fashion the good UI is needed. JSDialog API provides way to interact with existing dialogs and build bespoke widgets for different platforms in the browser.

The Coconut community is actively developing the Secure VM Service Module (SVSM) to provide secure services and trusted device emulation for guest operating systems running in Confidential Virtual Machines (CVMs). Originally designed for AMD SEV-SNP, Coconut SVSM is evolving into a multi-platform solution, with ongoing efforts to integrate support for Intel TDX Partitioning.

This talk will dive into the current progress of Coconut SVSM, focusing on the emulation of devices such as the virtual Trusted Platform Module (vTPM), based on the reference implementation from the Trusted Computing Group (TCG). At this stage, the vTPM in Coconut SVSM is ephemeral, being re-manufactured with each boot. To unlock broader use cases, the community is working on introducing a persistent state for SVSM, enabling the vTPM to preserve its state across reboots. This enhancement will also allows us to support UEFI variable store to support Secure Boot.

Achieving this persistence requires storing encrypted state securely on the untrusted host, with early boot-time attestation to decrypt and validate the state. This process raises several technical challenges that we are actively tackling.

Join us to explore the latest progress in Coconut SVSM, the challenges we’ve overcome, and the exciting opportunities still ahead.

There are many ways to get container runtimes and Kubernetes on a node, all with their benefits and drawbacks. This talk will present shipping Kubernetes as a system extension with systemd-sysext – a self-contained, immutable, verifiable, distribution independent disk image. We’ll also look into automated in-place updates, both from the OS as well as the Kubernetes side.

The talk includes multiple live demos, from a single node deployment to cover sysext basics to a full-blown Kubernetes cluster deployed with ClusterAPI which we’ll then update live. While all demos will use Flatcar Container Linux - an immutable special purpose OS optimised for container workloads – the mechanisms demonstrated are distro independent and cloud be used on any Linux distribution.

The Torch-MLIR project [1] builds a bridge between the world of machine learning and the LLVM project by providing compiler support from the PyTorch ecosystem to the MLIR ecosystem. This short tutorial covers:

• The projects structure and how to build it
• The TorchOnnxToTorch conversion
• Decomposing complex ONNX
• Lowering from Torch to LinAlg and other lower level dialects

Furthermore, it is discussed how you can get involved and what opportunities especially exist for first time contributors to contribute (code) to the project.

[1] https://github.com/llvm/torch-mlir/

In this talk, I will present how to integrate the Nix package manager with Buck2, an open-source build system developed by Meta, to achieve highly granular and reproducible builds across different platforms.

By integrating Nix and Buck2, developers can benefit from Nix's robust package management and reproducible build environments, while also taking advantage of Buck2's scalable and efficient build system.

I will dive into the details of using remote execution services that support the Bazel remote execution protocol with Buck2 in conjunction with Nix's remote build capabilities and showcasing that using a sample project.

For FSF-copyrighted GNU packages, FSF insists on executing copyright assignments and employer disclaimers. These are designed to ensure steady and continuing enforcement of the GPL, as well as to serve other important purposes related to licensing and copyright management. The maintainers of some GNU packages would like to use a simple mechanism called "Developer Certificate of Origin" (DCO). It is hard, and some lawyers think it's even impossible, for a DCO to allow FSF to enforce the GPL. However, we at the FSF have once promised to accept DCOs and to draft a DCO that would best serve the needs of the free software community. We want to fulfill this promise after a broad discussion about issues surrounding copyright assignments: their importance, best approaches, and challenges in managing copyrights in free software projects.

Panelists will elaborate on the following questions: 1) How to ensure swift enforcement of the GPL? 2) How to protect free software against third party claims, including employers' copyright or patent claims? 3) How to enable swift relicensing or adding additional permissions, while protecting software against appropriation? 4) How to remove any challenges a contributor might encounter with the process?

Various blobs like PSCI provider or TEE are currently started between BootROM and the U-Boot bootloader. This has multiple downsides, the blobs are difficult to update and the blobs may configure the platform in a way that prevents U-Boot from accessing all system resources, thus making it less useful as a debug tool. This talk explains how to start U-Boot before most of the blobs, thus giving it full unrestricted access to the platform, and how to start the blobs from U-Boot afterward, so Linux can still access the services like PSCI provided by the blobs. Finally, the talk hints at how to perform a safe A/B update of the blobs.

Project link: https://www.u-boot.org/

Come to see a first prototype of a CRDT-based real-time distributed collaboration implementation - for being able to collaboratively comment on a Writer document, from a number of distributed LibreOffice instances (desktop, browser or cloud).

If you want to use Android for your custom project, then you are almost inevitably going to have to modify the platform code. Typical reasons include supporting specialised hardware, running dedicated system services and pre-installing system apps. AOSP, and some parts of the Board Support Packages, are open source, so what's stopping you just changing the bits you need to? Indeed, this is the standard development model for Android platforms: fork; modify; repeat. Of course, we all know that forking is bad but there isn't any choice, especially when it is so difficult up merge changes upstream

Well, maybe there is a choice, In this talk we will examine the problems created by simply forking Android, and we will look at various ways to make the process more maintainable. In particular we will look at using local_manifests, and at maintaining out of tree patches for AOSP. In the latter case, we will talk about the tooling required to track patch sets ("layers") and the dependencies between them.

We hope that this will spark a conversation in the community through which we can establish best practice for maintaining custom Android systems without forking

Ladybird is a brand-new browser & web engine. Driven by a web standards first approach, Ladybird aims to render the modern web with good performance, stability and security. Currently in heavy development, we take a quick look at its progress, architecture and challenges.

Mgmt is a cutting-edge, real-time, automation tool designed to be fast, safe, and revolutionary. Our goal wasn't just to replicate legacy tools but to surpass them-- and we believe we've done exactly that. Mgmt is now powering real production workloads, showcasing its potential to redefine what's possible in automation.

Empowering our users starts with great documentation! To achieve this, we aimed to minimize the time spent maintaining our docs while ensuring they stay perfectly in sync with the code. So we developed custom AST parsing code that automatically converts code into a structured data format. We then use a GoHugo templating system to publish it in a polished and user-friendly way.

All of this code is open source, making it available for others to use and benefit from! We'll also show how even a small project could do this.

I'll deliver live demos throughout, ensuring the concepts come to life.

You'll also get a glimpse of how mgmt can revolutionize your workflows-- it might just become your go-to tool for managing documentation pipelines!

For those who want a head start, check out our blog posts. Reading a few before the talk will provide a great background of the topic!

Mox is a relatively young modern, all-in-one mail server. One of its goals it making it easy to setup a mail server, and keeping it up to date. In this talk, we'll look at how mox helps with setting up and running a mail server. From the original quickstart with its environment checks, setting up initial DNS records and modifying them later on, notifying about new mox releases and installing them, to a future easier guided setup process and automatic DNS management.

In February 2024, Red Hat released an update to insights-core, a package providing host data for Red Hat Insights. It slipped through our testing and caused all SELinux-enabled systems to crash the service, stopping the hosts from reporting. Even though the patch was released two days later, we couldn’t fix the hosts ourselves, and had to figure out which customers are affected and how to even contact them. It was a big lesson to both engineering and management. We’d like to share this story with the public.

Achieving exactly-once semantics is a cornerstone of reliable event streaming systems, but the challenge magnifies when ensuring guarantees across the entire pipeline—from data ingestion in Apache Kafka to stateful processing in Apache Flink, and back to Kafka or another sink. In this talk, we’ll explore the intricacies of designing an end-to-end system that maintains data integrity and correctness without compromising on scalability.

We’ll dive into: * Kafka’s 2 phase commit transactional guarantees and how they align with Flink’s checkpointing mechanisms. * Flink 2 phase commit E2E protocol * Practical strategies to address challenges like fault tolerance, recovery, and latency trade-offs.

This session will explore the implementation of Flink and Kafka 2 phase commit(2PC), the magic files, coordinating it across two distributed systems and the challenges you will face in implementing exactly once event processing E2E in your systems.

Motivation

Computer Science curriculums often focus on theoretical lessons, such as how garbage collection (GC) works under the hood or the trade-offs between different GC designs. However, there is much less emphasis on how to write GC-aware code in languages like Go. This is surprising since most of these practices are language-agnostic.

This is a significant gap, especially given GC's impact on application performance. Profiling data from real-world applications consistently shows that a considerable amount of time is spent on memory allocation and GC-related activities.

This talk will be a practical session on writing memory-efficient code, supported by an understanding of Go's garbage collection and memory allocation internals.

The talk

Introduction

I will begin by discussing the motivation behind this talk and explaining why this topic is crucial, backed by empirical profiling data from real-world applications.

Essentials

Next, I’ll provide a high-level overview (a 10,000-foot view) of stack, heap, and GC concepts. This segment will be brief but necessary to establish a foundational understanding.

Main

• Walk through real code examples and demonstrate techniques for writing memory-efficient Go code, such as avoiding pointers, preventing overallocation of slices, minimizing the overuse of interfaces and generics and many more, clarify misconceptions about sync.Pool and leverage it effectively.

• Short Overview of Go's standard tooling for observing memory usage and GC behavior: memory profiler, benchmarking tools, escape analysis, GC configuration, execution tracer. Shed more light on less known/used tools like execution tracer.

Finish

Finish the talk by emphasizing that writing allocation-friendly code is crucial for maintaining application performance and should not be overlooked and a wrap-up.

Much of the advice given to Java programmers seeking efficiency is misleading or out of date.

This talk is a result of the author's experience trying making the Java Virtual Machine more efficient, but it isn't just for JVM engineers, it is also relevant to Java programmers. We will cover wide-issue processors, branch and memory-access prediction, and the way Java programmers can use tools to illuminate what is really going on inside a computer when it runs their programs.

If you're looking for a talk about huge memories or millions of threads, this isn't it. Rather, it's about how small details can have surprising effects.

Mechanical Sympathy is when you use a tool or system with an understanding of how it operates best. "You don't have to be an engineer to be be a racing driver, but you do have to have Mechanical Sympathy."

Project: https://github.com/openjdk/jdk

In a continuously changing IT world, not being able to adapt is the difference between yesterday's and tomorrow’s projects. Everybody wants the benefits of changes, but nobody wants to endorse its associated risk. From dev to ops, I’ll share why we created Updatecli, an open-source declarative dependency manager. How automation helps us to anticipate, and fix early, our day-to-day challenges, and where the traps lie.

This presentation aims at presenting a fully open-source pipeline to extract, curate, and explore web archives, a captive data source whose access is restricted. Its purpose is to detail both the technical pipeline and the socio-institutional setting that made it possible to emerge, highlighting the challenges of developing open tools for closed sources.

The French web archives is an institutional repository of data maintained by the French National Library (BnF). It contains more than 2 petabytes of data spanning over close to 30 years, which accounts to more than 50 billion web pages. Access to this data is restricted under the heritage and legal deposit law: academic researchers willing to work on web archives as data are expected to submit research projects that, upon a formal or informal agreement, will enable them to access this data. But what then? Building the methodological means to pursue epistemological goals in that context is particularly challenging. Web archivists do provide toolkits for exploration. Recent initiatives have scaled up the effort to make these sources more accessible. The RESPADON project has successfully managed to build a “captive web archive” capacity into the Hyphe software, and in doing so has opened a new way into developing tools for such data.

In this presentation, we will present a new solution to extensively study, at the qualitative level, specific topics in the full-text indexed collections of the French web archives. Built around the PANDORÆ software, this pipeline has been designed to interrogate the captive data source on site, but also extract relevant metadata in a compliant manner to enable its exploration off-site, while ensuring reproducibility by publishing the code. In doing so, this pipeline provides an up-to-date example of the “one-way mirror” situation of building open tools that are fit to operate on closed data sources.

Have you ever wondered why people get involved in community work? If you think it's just about networking, think again! Let's talk about the deeper motivations rooted in our brains: from fast and slow thinking to the role of the amygdala, our basic human needs, and the impact of collective loneliness on society.

As confidential computing continues to gain importance, AMD SEV-SNP has matured within the open-source community. This session will provide an overview, from the OVMF perspective, of how it integrates with QEMU and the Linux Kernel to encrypt memory and safeguard memory security in a virtualized environment. The session is open to UEFI developers as well as virtualization, kernel, and security developers. Attendees will gain insights into how AMD SEV-SNP in confidential computing protects systems in virtualized environments, the latest upstream development progress, and an analysis of the protections it offers. The session will also address whether these protections are adequate and if there is a need to adopt this technology.

Many processes are packed with document generation, and forms of various types, from applications to contracts. Come and hear how new APIs built on LibreOffice Technoloy provided by Collabora Online can make building complex documents easier. From populating fields, to making richer templates, to tweaking chart data, our new Automatic Document REST APIs here enable powerful document interaction - both creation and extraction of data with a simple JSON based API.

Whether you want to extract data from docx files, generate richer templates for subsequent editing, or enable powerful electronic signature functionality - have we got an API for you!?

Come and hear how to use and improve it.

Validating low-level firmware presents unique technical challenges, from automating hardware control operations to testing interactive UEFI firmware menus. In this presentation, we delve into how the Dasharo Open Source Firmware Validation (OSFV) project uses Robot Framework, an open-source automation tool, to address these complexities.

Drawing from years of firmware development experience across diverse hardware platforms ranging from network appliances to workstations we will showcase how OSFV tackles: - automating hardware interactions such as GPIO toggling, UART communication, power control, video output capture, USB devices simluation, and more, on a wide variety of hardware platforms, - testing dynamic and interactive firmware interfaces, including menu navigation and switching configuration options, - managing the variability of real-world hardware environments to ensure repeatable and reliable test execution.