How we implemented PVH boot capability to the NetBSD kernel, allowing it to start straight from QEMU's -kernel parameter or Firecracker's VMM. In the process, we reduced boot time from 300 to 20ms, using methods borrowed from FreeBSD, and some in-house optimisations to get rid of unnecessary delays.

Our community has been confused and concerned at the last-minute addition to the Cyber Resilience Act (CRA) that created the class of “Open Source Steward”. Many projects want to know ASAP if their own project will be such a Steward, or if their fiscal sponsor will be forced to be a Steward. Most projects operate with small budgets, even those with fiscal sponsors, and as such CRA compliance could financially ruin projects.

At this session, we'll have experts to answer these questions and others, and help you to not panic about what we face in the CRA.

Bluetooth Low Energy, commonly abbreviated as BLE, is a well-known wireless communication technology aimed at low-power applications. It divides devices into two categories: low-cost, potentially high volume, battery constrained peripheral devices such as head phones or heart rate monitors, and comparatively more powerful and less constrained central devices, such as smartphones and notebooks.

The Zephyr Project has supported developing BLE peripheral applications for a long time. But it may not be well known that it also supports BLE host applications, or central devices as the standard calls them. In his talk, Florian will take a look at how we can develop BLE host applications using Zephyr. After a (very) short introduction to the BLE protocol stack, he will delve into Zephyr's Bluetooth API and more importantly talk about the pitfalls he encountered while getting his feet wet with Zephyr. On the practical side, this talk will look into how BLE applications remain portabile between boards by different vendors, and how the many BLE-enabled emulators and simulators provided by Zephyr can be used for quicker development and testing.

In this talk you will learn about:

• the basics of the BLE protocols
• the Zephyr Bluetooth API and its pitfalls
• how portable Zephyr applications using BLE are
• how you can utilize the Zephyr emulators and simulators for BLE development

Passbolt is an open-source platform for secure credential management. The solution has demonstrated its effectiveness with over 400,000 daily users and thousands of companies relying on it worldwide.

In this talk, we will present real-world use cases, and discuss Passbolt strengths in centralizing, organizing, and sharing credentials without compromising security or privacy. We will also provide a sneak peek at the upcoming v5 release, which features a new security model.

This talk aims to provide insights into technical advancements while sparking discussions on the challenges and opportunities posed by the need for secure collaboration.

As a follow up to my award-winning FOSDEM 2023 talk "Hosting your own DNS for 'fun' and zero profit", I'll provide an update covering my experiences using Lightning Stream for zone replication between PowerDNS authoritative servers.

Lightning Stream offers significant advantages over traditional database-style replication (typically using relational databases like MariaDB and PostgreSQL), including simpler configuration, easier troubleshooting, and the ability to add/remove cluster members without having to reconfigure existing cluster members (providing a very loosely coupled 'cluster').

PowerDNS Lightning Stream MinIO LMDB

Let's meet and talk about Multipath TCP (MPTCP)!

Everybody is welcome! There is no fixed agenda or schedule. We will have open discussions about problems, improvements, use cases and ideas for MPTCP. Feel free to come with a topic, or simply join to meet people.

It is also possible to talk about kernel development, and continuous integration in the Linux kernel, e.g. the way MPTCP is continuously validated using Virtme-NG on public CI instances.

See https://www.mptcp.dev/#communication for how reach the community.

IRC is a venerable 37 year old chat protocol used by many open-source software projects, technical experts happily lending their help and other discussion groups. However, the historic IRC protocol is not always well-suited to modern usage, such as connecting from multiple devices with unreliable connectivity, or connecting from battery-constrained mobile devices.

In this talk, Simon and Thomas will explain how IRC has evolved in the last few years to address these challenges through efforts like the IRCv3 working group and new software (soju, senpai, gamja, goguma). We've been working on adding new features such as easily accessing message history, sharing files and pictures and searching through messages. Some of the architectural design decisions may be interesting to people working on other open protocols, for instance secure and interoperable push notifications or OAuth integration.

Quantum computers that are able to break classical cryptography are generally expected to appear in the coming decades. To prevent encrypted emails from being decryptable by an attacker at that point, we need to start using post-quantum cryptography as soon as feasible.

To that end, we're standardizing the use of post-quantum cryptography in OpenPGP. In addition, for long-term storage and archival, we're standardizing the use of persistent symmetric keys, which allows for more efficient encryption, while still being post-quantum secure as well.

In this talk, we'll present the state of the standardization and implementation efforts, and discuss how the transition might affect applications using OpenPGP, as well as their end users.

ActivityPub remains, to this day, the most successful decentralized social networking platform to date: dozens of interoperable implementations, thousands of servers, millions of users, all speaking over the same protocol in what's today called the "fediverse" (federated social web). The modern-day fediverse is an impressive achievement, but it also leaves many issues to be addressed. Servers can go down, content can disappear and users can lose access to their identity. Authorization mechanisms are under-specified and rich interactions are fairly limited. This talk, by the two primary editors of the ActivityPub specification, explores where we think the fediverse should go and how we're building a future for "secure collaboration" technology at the Spritely Institute.

What was the last npm package you installed? Did anything unexpected happen? Are you sure?

The scale and pace of modern software development are made possible by the ready availability of open-source packages via major registries like npm and PyPI. These registries are always within reach of developers thanks to command-line package managers like npm and pip, enabling rapid testing and deployment of third-party code as part of normal workflows. However, these benefits come at the cost of particular security concerns: threat actors routinely target software developers via open-source package registries, either by publishing backdoored packages or by taking over and corrupting legitimate software. In many such supply-chain attacks, merely installing the malicious package is enough to hand control of one’s system over to the adversary.

In this talk, we lay out the strategies that threat actors use when targeting software developers via open-source package registries. We do so by examining case-studies in open-source malware delivery via npm and PyPI, some involving nation-state actors, that we at Datadog Security Research have collected while continuously monitoring these ecosystems with GuardDog, an open-source scanner for identifying malicious packages by analyzing code patterns and package metadata. We then propose recommendations for developers, as well as for the package registries themselves, to counter these strategies that could lead to a greater overall level of software supply-chain security in the open-source community.

In the latest installment of the Go Without Wires saga, I will demonstrate several new capabilities in wireless communication using a variety of frequencies of the electromagnetic spectrum, all using our favorite programming language. There will be moving objects.

Java developers struggle with the trade-off between precise profiling and application stability. Unofficial methods like AsyncGetCallTrace offer precision but risk crashes, while official APIs such as JVMTI, JMX, and StackWalker are stable but biased due to safepoint polling. Java Flight Recorder (JFR) reduces this bias but introduces interpolation errors.

This talk addresses these challenges with three key topics: • Combining precise sampling with JFR’s stability to remove biases without sacrificing reliability. • Using eBPF probes and examining JVM internals for safer, detailed profiling. • Enhancing precision with user-supplied profiling contexts.

We will review the history of Java profilers and discuss the future of JVM profiling, with a focus on CPU profiling. Attendees will gain insights into new methods aimed at achieving accurate, stable performance analysis in Java applications, comparing them with async-profiler and existing tools.

The Dronecode Foundation hosts an ecosystem of open-source projects, developers, and contributing organizations. Dronecode is an umbrella foundation (part of The Linux Foundation) hosting open-source projects that offer solutions to robotics developers looking to build Aerial solutions.

The PX4 Autopilot is an open-source flight controller project that offers developers a stable foundation for building drones. The project sustains a community of thousands of robotics developers and hundreds of companies building complex drone solutions on top of PX4, including everything from wedding photography to package delivery for Walmart.

Our humble open-source project has supported an ever-growing community of contributors at times with little to no resources. With the growing complexity of demanding robotics workflows, proving reliable and reproducible testing to guarantee the safety of our codebase has been a constant challenge.

I will share the cautionary tale of how not to run CI for a robotics project, the scary times when we wanted to delete our whole infra and start fresh, and how we found the strength to move on. I will also share the gory details behind running an open-source robotics project and the supporting tooling needed to support our complex workflows and demanding community.

Our Continuous Integration pipeline is far from sophisticated, but it is responsible for supporting thousands of developers and is the backbone of our infrastructure. Some of the topics I will be discussing: Maximizing containers for reproducible builds Running a hardware-in-the-loop service with embedded hardware connected to the cloud. Moving from Jenkins to GitHub Actions Hosting our own GitHub Actions runners Build patterns for better GitHub Actions development across distributed teams. Building an array of upwards of 60 builds per pull request in GitHub Actions

This session will focus on the open-source distributed SQL databases TiDB and YugabyteDB. We will explore their building blocks to understand how they function, highlighting their similarities and architectural differences. Key topics will include how changes are versioned (using either Time Stamp Oracle or Hybrid Logical Clocks), how data is replicated (with Raft), how they store rows, index entries, and transaction intents (utilizing RocksDB LSM trees), and how they implement ACID properties (through either Percolator or IntentsDB).

Digital Public Goods are often celebrated as open-source software, open data, open AI models, open standards, and open content. However, true public goods require more than openness—they demand active community governance, collective stewardship, and responsible contributions to thrive as shared resources.

While proprietary software sustains itself through licensing, support, and vendor lock-in, open-source software relies on a delicate balance of professional firms, organizational backing, and dedicated enthusiasts. The open model has fueled flexibility, innovation, and the global adoption of open technologies.

Yet, the rapid growth of "open" has not been matched by an equivalent rise in contributions or investments in maintenance. Discussions often prioritize licensing over the essential question: How do we, as a community, ensure that digital public goods are sustainable? This talk explores the responsibility of contributors, organizations, and users in building a resilient ecosystem for open technologies.

Incremental LTO in GCC

Link Time Optimization (LTO) postpones many compiler steps into linking, when we have access to all files linked together. This allows us to optimize across compilation units leading to significantly faster and smaller binaries. However it comes at a cost of long compile times because after even a minor edit the entire application needs to be re-optimized. Incremental LTO will be a new feature of GCC 15 which aims to reduce those compile times for small changes by caching LTO partitions unaffected by the change.

This talk will cover quick overview of Incremental LTO and how to use it in upcoming GCC 15 along with a simple example. I will also show estimate of how much compile time can be saved when recompiling GCC itself.

eBPF (Extended Berkeley Packet Filter) is revolutionizing the way developers interact with the Linux kernel, enabling them to run user-defined programs in a highly efficient and safe manner.

This session will introduce you to Aya, a modern Rust-based eBPF library. Unlike traditional eBPF libraries such as libbpf and bcc, Aya is built entirely in Rust and leverages the libc crate for syscalls, offering a clean, lightweight, and efficient interface for eBPF development.

In this session, we’ll explore how Aya simplifies the eBPF programming workflow, including features like BTF (BPF Type Format) support, which enables programs to run across different kernel versions without needing recompilation.

You’ll learn how Aya’s architecture ensures fast deployment and builds, with no need for a kernel build, compiled headers, or even a C toolchain. The result is a streamlined, "compile once, run everywhere" solution that allows you to easily deploy a single self-contained binary across different Linux distributions and kernel versions.

We'll cover that by using a sample XDP program where we'll be covering aya we'll go across and explain how to use aya components such as aya_log_ebpf or aya_ebpf to bootstrap the code and how our dev and build environment looks like.

Whether you’re new to eBPF or an experienced kernel developer, this session will provide you with the tools and insights to leverage the full power of eBPF using Rust and Aya in your next project.

Links:

• Aya on GitHub
• bpfman on GitHub

Manyfold (https://manyfold.app) is a self-hosted tool for storing, organising and sharing 3d print models. This session will talk about how we've approached adding ActivityPub federation to the system using the "Federails" Rails Engine (https://gitlab.com/experimentslabs/federails), and our approach to using custom extensions to share information across instances and different AP software systems.

Dangerzone is a multi-platform project that performs a simple task; give it an untrusted document, and get back a sanitized one. Qubes did it first with disposable Xen VMs (see TrustedPDF), but Dangerzone is doing it with containers across all major platforms. How secure are containers though, and can you achieve VM-level parity with them?

In this talk we’ll discuss the attack surface of Linux containers, and how Dangezone uses gVisor to contain RCEs in document viewers. Even if you don’t use gVisor or are not interested in it, we’ll show some easy ways to harden your security-sensitive containers right now, for harm reduction purposes.

Modern slavery impacts millions of people worldwide, posing urgent ethical and human rights challenges In response, the UK and Australian Modern Slavery Acts require companies meeting specific revenue thresholds to produce annual modern slavery statements, aiming to increase accountability in addressing modern slavery risks. Since 2016, Walk Free and Wikirate have partnered to assess companies’ response to these Acts, leveraging Wikirate’s open-data platform. This assessment considers whether companies are releasing statements that meet the legal requirements, but also if they detail policies and actions that go beyond compliance to enable businesses to better respond to modern slavery. Key to this initiative is its open, collaborative approach, and therefore, a set of accessible metrics on Wikirate that empowers non-expert researchers to contribute meaningfully. Through the project, volunteers and researchers have conducted an in-depth analysis of over 2000 MSA statements. Over the years, the project has mobilized thousands of volunteers and engaged over 20 universities worldwide, using Wikirate’s crowdsourcing platform to organize and perform research at scale. The insights generated through the research not only inform Walk Free’s advocacy efforts with governments and companies but also demonstrate the power of open research principles in tackling complex global issues.

In this talk, we will introduce Datafari Enterprise Search, in its open source Community Edition. Datafari aims at providing an end-to-end solution, from multi-sources knowledge crawling up to the search interface, including a web administration. We will be presenting its architecture, its main functionalities, and its current roadmap for integrating generative AI to the mix (including RAG).

Repositories are hosted on our gitlab: https://gitlab.datafari.com/explore/groups

With a mirror on github for the main Datafari CE repository: https://github.com/francelabs/datafari

Like most POSIX file systems, CephFS has always been a case-sensitive file system. However, it has become a priority to improve integration with gateways like Samba which present a case-insensitive view of some tree in the file system. In order to present that view, Samba requires expensive checks for file name lookups to locate a directory entry with the computed case-insensitive folding. It is also necessary to politely handle interoperating with other clients that are using normal case-sensitive names. To address this gap, CephFS now provides a mechanism for enforcing case-insensitive operations on a directory tree for all clients by simply setting a Ceph extended attribute. This talk will walk through the challenges for Samba's gateway on CephFS, the changes to the CephFS metadata server and clients, the interfaces used by other well-known file systems, and the expectations users may have going forward.

This talk gives an overview of the new Swift unqualified name lookup swift-syntax library: SwiftLexicalLookup and the process required to integrate it within the compiler.

It dives into the intricacies of Swift’s name handling, highlights the complex lexical scope hierarchy with many, sometimes unexpected, interesting cases, and provides an overview of the challenging process of testing the new implementation and integrating it within the compiler.

Lastly, the talk provides some practical insights on how to start contributing to Swift from the perspective of a new contributor.

The libobscura experiment exists to find out what a point-and-shoot API abstracting Video4Linux should look like. It has its roots on one hand in the
Librem 5 project, where I wrote some 70% of the camera stack, and on the other
hand in libcamera, which I found too difficult to use.

You think controlling a modern camera is easy? Think again. Between pixel formats, depths, media entities, pads and links, sensitivity, denoising, phase
detection, shutter lengths, DMAbuf, OpenGL, feedback loops, requests, and statistics, there's enough opportunities to get lost in the detail.

Thankfully, Prototype Fund thinks I'm up for the challenge, so they are funding
me through libobscura in order to get lost, and maybe find something in the process.

Apart from showing the general problems of camera support, I'll tell about new
problems since CCC.

Project repo: https://codeberg.org/libobscura/libobscura

In this talk we will review together TrendS, a newly implemented subsystem within CGRateS to help you build your own traffic trends analysis as well as react to unexpected behaviour through automatic actions available. CGRateS is a battle-tested Open-Source Enterprise Billing Suite with support for various prepaid and postpaid billing modes.

What is a problem on Twitter et al will become the same mess on GitHub od Gitlab - just a matter of time.

For this reason Forgejo is working on federation for git platforms. Some months ago we released the first user visible feature the federated star and we will continue our path.

We will talk about our motivation, point out the general roadmap and show implementation details.

Other fedi devs and discussions are very welcome.

One of the most idiosyncratic parts of POSIX compliance is signal support. On microkernels the implementation can prove to be quite difficult. One especially tricky part is the cancellation of POSIX syscalls when they are interrupted by signals, and the intricacies of EINTR side effects. Monolithic kernels inheritely have the bookkeeping required to implement this without extra overhead. In contrast, due to the generally distributed nature of microkernels, properly cancelling syscalls requires extra work. This is especially the case for Managarm, where (1) POSIX is implemented in a userspace server, (2) syscalls are asynchronous and (3) can involve multiple servers.

In this talk, we will explore the process of implementing syscall cancellation on Managarm. A brief overview of signal delivery is given, followed by a deep dive into the new lifetime of a Managarm POSIX request. Finally, we give a summary of the lessons learned while implementing cancellation in a fully asynchronous microkernel.

This talk will be focused on the software engineering techniques that we are using or plan to use to bring the BIND 9 into 21 century to scale better, use less memory and overall have improved design to utilize the modern CPU architecture.

A few years ago, a musician friend of mine reached out, hoping to build a custom controller for a live act performance. Together, we decided on a USB-MIDI device, which soon became a hands-on learning journey into Zephyr, USB development, and the MIDI protocol.

MIDI (Musical Instrument Digital Interface) has been the leading standard for connecting digital instruments and controllers since the 1980s. Although USB includes MIDIStreaming (a subclass of the Audio device class), Zephyr had no support for it. So, I decided to build one.

In this talk, I’ll walk you through my adventures implementing (and eventually upstreaming) this new device class. We’ll start by revisiting the original MIDI 1 protocol from the eighties, the original USB-MIDI1.0 from the 2000s and the updated USB-MIDI2.0 specification from 2020. After a brief refresher on USB devices, I’ll introduce the USB MIDIStreaming interface and the various supported topologies. Finally, we’ll see how to bring it all together using Zephyr USB device_next, and how it is used from your application's code. In the end, we should be able to make any kind of MIDI speaking device using our favorite kite-stamped RTOS.

Alongside this technical content, I may relate my experience as an occasional hobbyist contributor since Zephyr 1.14, and how I navigated spec updates (Device tree changes, USB-MIDI 1.0 to 2.0, Zephyr USB device next).

Cyclic redundancy check (CRC) is a widely used error-detection mechanism that helps in the validation of data communication and storage in the digital world. While traditional bitwise implementations are slow and less efficient, alternative methods such as lookup tables, carry-less multiplication, and hardware CRC instructions offer significant performance improvements. In this talk, I will present a novel method for automatically identifying and replacing inefficient bitwise CRC implementations with optimized alternatives. The approach uses fast detection of candidate code fragments, symbolic execution for validation, and automatic replacement with more efficient implementations. The method is implemented in the GCC compiler as a separate pass and is open-source available. Experimental evaluation was performed for i386, AArch64, and RISC-V architectures, and the results demonstrated up to 91%, 98%, and 93% performance improvements respectively, highlighting the effectiveness of the proposed optimization.

The Hitchhiker's Guide to the Galaxy has following to say about benchmarking: avoid, if at all possible. One of the reasons is that it's hard and often counterintuitive, another -- it attracts Ravenous Bugblatter Beasts.

Despite all those dangers it's still an important and underappreciated topic, and in this talk I would like to discuss cases when unexpected results arise from benchmarking of BPF programs and why they could be important. Kernel selftest benchmarks would serve as an example, but we will vary the load generation to produce different arrival distributions, introduce contention on tracepoints, or simulate swarm of network connections in user space. To make it easier, we will use home-grown tool Berserker, which was created with an intent to exercise real world BPF applications.

This talk will provide an overview of observability in server-side Swift, with a focus on Distributed Tracing. I’ll start off by talking about some of the design decisions that went into building the swift-distributed-tracing library, which I co-created as part of Google Summer of Code in 2020. The talk will not only compare it to other Swift observability libraries (swift-log, swift-metrics), but also highlight some of the differences between Distributed Tracing in Swift compared to other ecosystems. My personal highlight is the fact that we eliminated the need for support libraries such as “OTel instrumentation for this specific web framework” by implementing swift-distributed-tracing to be used by libraries directly. During the next part, I’ll cover what it means to build a tracer implementation for swift-distributed-tracing with plenty of examples from my OpenTelemetry client swift-otel. I’ll finish the talk with an end-to-end example of a server-side Swift application using the Hummingbird web framework, fully instrumented using Logging, Metrics, and Distributed Tracing, including context propagation and log correlation. This example exports logs, metrics, and spans via the OpenTelemetry Protocol (OTLP) to both a standalone OTel Collector instance and other observability backends that support OTLP natively.

Links: - GitHub: apple/swift-distributed-tracing - GitHub: slashmo/swift-otel - OpenTelemetry Website

Over the years, Delta Chat has matured to be an easy-to-use, secure, and even fast messenger for all platforms, based on the massive e-mail server network. We'll give an overview of the ways Delta Chat is used today and how it is developed by a dozen active contributors. This talk will highlight our recent introduction of realtime chat-shared apps that use e-mail OpenPGP-encrypted messaging to establish a private Peer-to-Peer network among chat group members. In this talk we will demonstrate how these apps work in real-time. We'll also report on several interesting situations where Delta Chat is used today in context of partial shutdowns or strict internet censorship.

Description:

In the beginning, Delta Chat was a fun little experiment, an experimental solution to the network effects problem: “nobody uses secure messengers! But everyone has E-Mail… 🤔" Since then it has come a long way. From a cross-platform set of messenger apps with freely chosen e-mail servers to using audited and well analyzed end-to-end encryption, our project is based on IETF and W3C approved protocols and specifications. We interoperate with the massively distributed SMTP e-mail routing network as well as other e-mail based apps or webmailers and socially are in collaborative relations with numerous other projects, including XMPP-based messengers and standardization specialists.

Delta Chat was among the first messengers to adopt Rust (2019) as its core implementation language and provide all-platform apps. Together with XMPP-projects like Cheogram and Monocles we are evolving a new paradigm and quasi-standard called "webxdc" that enables integration of web apps into chat groups, giving users full control over app distribution. Webxdcs provide a unique Peer-to-Peer model for deploying collaborative standards based software.

Mobilizon is a decentralized, privacy-focused platform for event management and group organization. In this talk, we will explore how Mobilizon empowers users to create and manage events without sacrificing their privacy or control over their data. We will discuss the importance of decentralization, provide a technical overview of the platform, and share insights into its growing community and future roadmap.

Much of the world's open source lives on GitHub, and uses GitHub Actions to provide tasks ranging from routine testing to critical build and release processes. As such, the security of GitHub Actions (and the workflows and actions that users develop and consume) is paramount to the security of the world's software.

But how secure is GitHub Actions, really? This talk will introduce GitHub Actions' internal building blocks and (mostly implicit) security model, and provide real world examples of security failures and surprising avenues of exploitation that recur in widely used actions and workflows. These examples will be motivated via zizmor, a Rust-based static analysis tool for GitHub Actions that can catch many of the most common (and severe) footguns that occur when writing workflows.

Attendees will leave knowing more about GitHub Actions security and best practices for writing secure workflows, as well as how to use zizmor both locally and in CI to detect potential security issues. No prior familiarity with GitHub Actions is necessary.

Java code that is ahead-of-time (AOT) compiled using GraalVM Community Edition native-image may run more slowly than code that is just-in-time (JIT) compiled with the HotSpot compiler. This is something I quickly discovered when I joined the GraalVM team at Red Hat.

Diagnosing performance issues in Java code can be done using Java Microbenchmark Harness (JMH), which helps developers build, run and analyse microbenchmarks written in Java. However, it only works with Java virtual machines using JIT compilation. For the past four years I’ve been wondering how to make JMH achieve the same objectives when that Java code runs as GraalVM native executables.

Eventually I solved this problem creating an extension to JMH that allows Java developers to seamlessly run their existing JMH benchmarks as GraalVM native executables. In this talk I will demonstrate how to obtain benchmark results, gather performance statistics and inspect annotated assembly code. Finally I will compare how the GraalVM native-image AOT code differs from the JIT code of HotSpot.

As with many stages of the software development lifecycle, the release process needs to be constantly improved, iteration by iteration. This way, the software product gets delivered faster and more reliably to customers. This paper focuses on different techniques that have shortened the release cycle of the Kuiper Linux distribution. The new release process involves creating a stabilization branch from main which is dedicated to the new release. Previously, the software components were built and installed during the image creation. Now they are released independently as Debian packages which are uploaded on Analog Devices' Linux Package Repository. This is an easy, user-friendly method that facilitates the distribution and installation of ADI software packages. Each software component has its own release cycle so that one component's bugs won't affect the other components' release. The software components are tested both separately and integrated into the Kuiper image. The latter required creating a Kuiper Docker image. This ensures that each software component is compatible with the target system as early as possible in the development process.

As a project we have notoriously great documentation. The handbook and man pages make it easy to find out how to do anything you might want to on a FreeBSD system, whether it is setting up a network or debugging kernel locking.

Explaining the changes we make to improve FreeBSD? We are less good at communicating what we are up to.

For the last 6 months I have been writing regular status reports about changes in the FreeBSD network stack using a tool guided approach to automate finding and managing what to write about.

In this talk I’ll explain how I am trying to improve communication around FreeBSD development and how you can get involved in writing about FreeBSD.

This is the story of how Jitsi's AI evolved and expanded its features while keeping it all open source: from half-botched PoCs in a weekend to features our customers use in production on a daily basis. Razvan will walk you through some of the implementation details and gotchas of the near-real-time transcription system, while Tudor will guide you through all the other goodies which rely and expand on it.

In the era of distributed systems, many modern databases are designed to scale horizontally from the ground up. Yet, some of the most widely used databases, like MySQL and PostgreSQL, remain single-node by design, relying on third-party sharding solutions like Citus or Vitess for distribution. This raises a critical question: do we always need to go distributed, or can replicated single-node databases meet most use cases? In this talk, we’ll explore the trade-offs between distributed and non-distributed architectures, evaluate the limits of single-node databases, and discuss when it truly makes sense to embrace distribution. Join us as we navigate the complexities of modern database design and uncover what’s best for your applications.

Over 30 years ago, Neal Stephenson wrote about a pizza-delivering hacker who saved the digital world. Today, we're all facing our own L. Bob Rife – not through ancient Sumerian viruses, but through corporate consolidation and regulatory pressure threatening to end open source as we know it.

Our digital commons began as a frontier of freedom and innovation. Today giants are consolidating control over the infrastructure that shapes our digital world. The dark future seen in the franchise-owned streets of Snow Crash's America is coming. But Hiro showed us how to fight back: with skill, with allies, and with unwavering dedication to freedom.

We're facing our own daemon – not ancient Sumerian, but modern corporate and regulatory control. The question is: Will you remain a pizza delivery driver, or will you become a Hiro?

The future of open source depends on your answer.

Container images sometimes take tens to hundreds of megabytes in size and require many network resources to be transferred. Especially in low-bandwidth network environments like edge computing, frequent image updating will be difficult and increase the network cost. In this talk, I will present "D4C", a software that provides faster and lighter image updating with delta encodings. Delta encodings reduce data size, but generating and applying deltas is a time-consuming operation. D4C utilizes some techniques to reduce them including merge-based delta management and applying deltas lazily. D4C reduces the data size to update images by up to 95% and provides about 10x faster updating in low-bandwidth networks than the state-of-the-art approach. Benchmarks with PostgreSQL and PyTorch showed that their performance degradation caused by D4C is negligible.

We started building CMSes before the days of Wordpress, and we’ve built new CMS every five years or so since. In 2020, hunkered in my covid quarters, I wanted to devise the next version that had a hosted version, a self-hosted, more customizable version, and an open source version.

Kentico’s Petr Palas wrote a treatise in 2017 on why we shouldn’t build a new CMS. His essay basically considers custom CMSes a way to lock in clients, and suggests cloud-first headless CMSes were the future. I, as well, have built multiple versions of custom CMSes, but I see it quite the opposite – even 8 years later, now is exactly the time to create a new CMS.

In this talk I’m going to show the process, roadmap, dangers and successes of creating a content management system from the ground up. I’m going to talk through each of the parts, including errors and notification systems, issues and help systems, user and permissions systems, etc. I’m going to cover the many “required” layers of development that we just didn’t need that saved us thousands of hours and acquired a fraction of the technical debt.

In today's hyper-connected world, organizations demand database solutions that transcend traditional infrastructure limitations. This talk explores how distributed SQL databases (such as the open source based YugabyteDB) enable unprecedented global resilience and scalability. We'll dive into practical strategies for building fault-tolerant, geo-distributed systems that can withstand regional failures while maintaining data consistency and high performance.

Key insights include: * Architectural principles of cloud-native distributed databases * Multi-region deployment strategies * Automatic failover and self-healing mechanisms * Real-world implementation patterns

Open Source project that is being used in this talk: YugabyteDB