pkgsrc, the NetBSD package collection, includes the pbulk tool to build all (or a subset of) packages. Bulk build reports are an invaluable resource for pkgsrc developers to find build breakage and its causes.

Since 2014, I have maintained a web app called Bulk Tracker (written in Go) to visualize bulk build results along different dimensions such as package name, platform and compiler. Originally written as a "serverless" App Engine application, it has recently been completely rewritten to run natively on NetBSD, on a server owned by the project.

This talk will show how bulk build data is useful and some typical use cases the app supports. It will also be about the journey out of the cloud and from a document datastore to SQLite.

https://releng.NetBSD.org/bulktracker/

A common first step to adding full code-generation functionality for a new instruction, or set of instructions is to add them to the back-end as a builtin function. This is particularly common with RISC-V where custom ISA extensions are common place.

In this tutorial I will take you through the steps to add a builtin-function to the back-end, using a case study from the OpenHW CV32E4Pv2 RISC-V core. This has 8 ISA extensions, with a total of more than 300 instructions.

I will conclude by looking at some of the things we got wrong. In particular unexpected consequences when the new compiler started being used more widely.

In this talk, we'll explore the lifecycle of data at CERN, the European Organization for Nuclear Physics, starting at particle collisions ultimately leading to physics research. The bulk of the data from the physics programme at CERN is stored in an open source storage system developed at CERN, EOS - EOS Open Storage.

We'll delve into technical & architectural details on EOS and cover how it solves the problem of large scale storage for scientific data and analysis use cases. EOS supports FUSE, HTTP & GRPC as access protocols. EOS is used also outside of physics use cases, for eg. powering CERNBOX, a cloud storage for CERN users, at JRC, for analytics etc and may power your next large scale storage needs!

We have built a low latency 5g Video camera for race cars using linux and WebRTC.

We use RTCP (RTP's companion protocol) to help cope with the variability in quality and bandwidth of a 5g connection.

The talk will describe the problems we encountered, how we used data from RTCP to solve them. We will present experimental data from tests run with and without RTCP at varying speeds (30->160km/h).

We will also describe the opensource java (S)RTP/RTCP library we developed and used for this work https://github.com/steely-glint/srtplight as well as an LGPL demo program that uses srtplight implement the WebRTC based WHIP protocol (https://github.com/pipe/whipi)

Swift is a relatively new language in the server world but provides a significant number of benefits that makes it ideal for building applications for servers. In this session you’ll see how Swift's tenets of Safety, Performance, Ease of Use using modern features along with a goal of making it an ideal language for anywhere in the stack make it the perfect language for backend development.

We’ll take a short tour of the language and see how easy it is to write clear, maintainable safe code that scales for large asynchronous applications. We'll discuss the language features that eliminate entire classes of common programming errors and see the capabilities that enable Swift to run on embedded devices, Lambda functions, WASM environments, and Docker containers. Finally we’ll discuss Swift’s interoperability with other languages such as C, C++ and Java that make it easy to migrate codebases to Swift.

Over time the web has become more reliant on JavaScript… but we've very little information on how its growth is affecting our visitors' experience.

Some believe JavaScript is the only way to build the modern web and dismiss the performance concerns, while others hold opposing views.

Wouldn't it be great if we had data on how scripts actually perform in our visitor's browsers – when they delay loading, cause jankiness and slowdown interactions, and perhaps more importantly which scripts are responsible?

After all, if we can't measure it, how can we improve it?

The W3C Long Tasks API was a first attempt at providing this data but it only helped us to understand when the Main Thread was busy and couldn't answer the question of why it was busy.

The W3C Long Animation Frames (LoAF) API aims to overcome the weaknesses of the Long Tasks API and provides both information on when there were long frames during rendering the process, and where possible, details on what Main Thread activity caused the long frame.

In this talk we'll explore:

• What data the API provides and how it relates to the Main Thread activity we see when profiling pages using Chrome DevTools

• How we can use this data to get a better understanding of our visitors experience in the wild and identify scripts that are having a harmful impact on our visitors experience

• What data the API doesn't currently provide and how some of these gaps might be filled in the future

At the end of this talk you'll have a good understanding of the Long Animation Frames API and how to use the data to identify scripts that need improvement.

In January 2018, inspired by similar initiatives, a group of enthusiastic researchers at the Research Institute for Nature and Forest (INBO) launched a coding club. The INBO coding club was, is, and will continue to be a welcoming space for anyone interested in learning more about programming and data analysis, with a particular focus on ecological and environmental topics.

Our goal has always been to foster an environment of collaborative experimentation, where participants share code, learn from one another, and grow together—regardless of their level of experience. Everyone is encouraged to contribute, express their ideas freely, and engage as equals. We firmly believe that learning is a mutual process, independent of expertise levels, and that doing it together is not only more effective but also more enjoyable.

More than seven years—and a pandemic—later, the INBO R Coding Club remains vibrant and thriving. We are excited to share the strategies that have helped sustain this initiative, transforming initial enthusiasm into a widely recognized and enduring effort both within and beyond INBO.

Key lessons learned include: Learn together: Create a supportive space where every question is valued, and mistakes are celebrated as opportunities for growth. As live as possible, as remote as necessary: Live coding in the same room is far more engaging and effective than remote sessions. Community-driven evolution: The club should always prioritize the needs of its community, with feedback playing a central role in shaping its activities. Dedication: A committed core team is essential for the consistent and sustainable organization of club activities. Full openness: All session materials—including slides, code, and recordings—are freely available to everyone.

Many views about antitrust abound in the FOSS communities, but what do the laws actually say? We've invited Alana Rutherford, an accomplished United States antitrust lawyer to answer our questions about how these laws actually work.

Between 2009 and 2015, Samsung released over 30 WiFi-equipped compact and mirrorless camera models that could email photos or upload them to social media. In 2021, they shut down the required API services, crippling the WiFi functionality.

To revive the WiFi feature, the firmware of multiple camera models was reverse-engineered to understand the protocol and to “circumvent” the WiFi hotspot detection implemented by Samsung.

Based on the gained knowledge, a FOSS implementation of the API was created using the Python Flask framework, allowing to post to Mastodon right from the camera. The project supports ~75% of the camera models, looking for hardware donations and better-skilled reverse engineers to close the gap.

It was exemplarily deployed on an inexpensive LTE modem running Debian, allowing on-the-go use of the camera WiFi.

Real-time editing offers users many advantages, editing conflicts are reduced, writing minutes before and during the meeting is much more effective, and much more. However, the fact that real-time editing is now a standard requirement for a modern visual editor is primarily due to the fact that user expectations have changed with Google Docs and Confluence. The open source world has faced and continues to face the challenge of keeping up.

We have therefore extended the Wikimedia VisualEditor with real-time editing for the MediaWiki distribution BlueSpice. The result is a freely available, 100% open source solution for real-time editing, which is based on the most popular wiki software.

In this talk we will provide a first, thoroughly self-critical field report: we will show which technical problems had to be solved, we will report on use cases and initial experiences and on the impact on knowledge sharing with wikis. For example, questions of version control and accountability had to be redefined. Was it worth the effort? Definitely.

Debugging issues with the Linux kernel and user space can be both interesting and challenging. This talk goes through looking at a couple of bugs we found while working with RISC-V in both kernel and user space.

The aim is to show multiple ways of approaching issues in both the kernel and user space, a run through why these happen, and how we fixed these problems. We will include taking an syzbot report and analysing what is going on during a strange kernel OOPS, and going through a user report of a crashing system where there was an issue with a Buildbot on a set of remote workers.

As part of this we will go into how to decode kernel OOPs, how to dump object code and attempt to decpher bug reports without the aid of attaching a debugger.

Almost a decade and a half ago we introduced systemd, and it since has been adopted by most commercial and community distributions in one form or another.

Let's have a look back at the tumultuous beginnings, how we became what we are now, and let's talk a bit the perspective for the future, what systemd is supposed to be in the eyes of its developers – and what it shouldn't be.

In 2024, the Zephyr project hit a milestone by becoming one of the few open source projects with over 100,000 commits in it's main repo. Why are developers joining and contributing to it?

When the project launched in 2016, there was the commitment from the start apply known best practices to its development. While Zephyr is a different code base, a lot of the lessons learned from the Linux Kernel Community were applied to forming it's community. The project focused on incorporating security best practices as the were identified right from the start, and is now working towards formal safety certification.

This talk will go through some of the best practices that have been applied for developing open source projects, and illustrate the results of applying these best practices.

Modern AI workloads rely on large GPU fleets whose efficient utilisation is crucial due to high costs. However, gathering telemetry from these workloads to optimise performance is challenging because it requires manual instrumentation and adds performance overheads. Further, it does not produce telemetry in a standardised format for commonly used visualisation tools like Prometheus.

This talk explores the potential of leveraging eBPF to capture CUDA calls made to GPUs, including kernel launches and memory allocations. Data from these probes can be used to export Prometheus metrics, facilitating detailed analysis of kernel launch patterns and associated memory usage. This approach offers significant benefits as eBPF imposes minimal overhead and requires no intrusive instrumentation. Our implementation is also open-source and available on GitHub.

The talk shows the status of the standarization efforts for autoconfiguration and 2FA authentication for email, for example based on OAuth2 or Passkeys. It shows the various Draft RFCs discussed at the moment, and the state of their standards efforts.

There are a few strategic choices to be made, and tradeoffs, which give advantage to certain parties, e.g. email providers or email clients or their users. The talk highlights these choices and it might ask the audience for an opinion poll of some of these choices.

https://datatracker.ietf.org/doc/draft-ietf-mailmaint-autoconfig/ https://datatracker.ietf.org/doc/draft-bucksch-mauth/ https://datatracker.ietf.org/doc/draft-jenkins-oauth-public/ https://benbucksch.github.io/sasl-passkey/draft-bucksch-sasl-passkey.html

A presentation of the Funkwhale project with a focus on interoperability. We want to highlight the role of the activityPub protocol but also show the interest of musicbrainz, rss, wikipedia to build a web of knowledge.

The infosec industry has seen a big growth in recent years, with a plethora of mostly closed-source solutions such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) marketed as indispensable tools for defending organizations. These solutions often emphasize protection against sophisticated adversaries, zero-day exploits, and malicious insiders. However, our real-world experience reveals that the majority of initial compromises occur through simpler approaches, such as stolen credentials and phishing attacks.

In this talk, we introduce Buffalogs, an open-source solution designed to detect and alert on anomalous login behaviors. Adhering to the Unix philosophy of "do one thing and do it well," Buffalogs offers a way to analyze common application logs (ssh, Apache, Microsoft Entra ID, etc) and detect credential misuse. Attendees will gain insights into the challenges of login anomaly detection, the development of Buffalogs and the differences between our solution and other commercial alternatives.

Mach, famous for its complex IPC and VM subsystems, remains to this day an influential and historically significant Microkernel.

This talk introduces MACHINA, a new microkernel for AMD64 and RISCV64 modelled after the Mach 3 Microkernel. Currently in prototype stage, MACHINA aims to create a modular architecture for experimenting with "Mach-like" systems, reinterpreting Mach’s principles for modern hardware and software environments.

The talk will describe Mach 3’s abstractions and architecture—with a particular focus on its IPC and VM subsystems—and explore the process, design choices, and challenges of reimplementing them from scratch.

Have you ever heard about WebAssembly?

WebAssembly is a compilation target meant for efficient compilation, portability, and safe execution. A WebAssembly runtime is a language VM that is small and easy to embed.

All cool gophers know they can compile their Go software into Wasm using the Go compiler and TinyGo. But did you know that you can also embed Wasm binaries in your applications? Did you know that you can use Wasm to dynamically load code at runtime without giving up memory safety and performance?

In this talk, we will first show how WebAssembly might be relevant to your use cases, such as providing extension points to your end users or importing foreign libraries.

We will then dive deep into the implementation of one such language VM specifically designed for embedding in Go, and show how a WebAssembly function is compiled into efficient native code and then invoked without sacrificing the portability, safety, and integrity of your Go code base.

Join this session for a journey from Wasm to Asm from the eye of a gopher!

Swift is a fantastic general purpose language, which can and has been successfully used beyond its mobile origins, from embedded through server-side systems. One of Swift’s unique strengths is its powerful native language interoperability with C and C++. Recently, the Swift project started work on integrating improved Swift/Java interoperability with the use of both JNI and the new Foreign Function and Memory APIs introduced in JDK22. In this talk we’ll deep dive into the deep integration approach taken between the language runtimes using the FMM APIs and their unique strengths but also challenges.

Continuous Integration (CI) workflows often encounter bottlenecks when testing Kubernetes applications. Traditional methods of building and tearing down full clusters, whether locally or in the cloud, can be both time-consuming and resource-intensive. vCluster, an open-source virtual cluster solution, offers a game-changing alternative by enabling lightweight Kubernetes clusters to be created on demand and quickly

This talk will guide you through integrating vCluster into your CI pipelines and the benefits you get from it. Virtual Cluster enables rapid application testing in production-like environments, including support for custom resource definitions (CRDs) without the overhead of traditional cluster setups. By the end of this session, you'll be equipped to reduce build times, accelerate testing cycles, and enhance the overall developer experience, as your clusters will take less time to build and you will have more time to test.

Distributed systems are great in multiple aspects: they are built to be fault tolerant and reliable, can scale almost infinitely, provide low latency in geo-distributed scenarios and, finally, they are geeky and fun to explore. YDB is an open source distributed SQL database which has been running production for years. There are installations with thousands of servers storing petabytes of data. To provide these capabilities, any distributed DBMS must achieve consistency and consensus while tolerating unreliable networks, faulty hardware and absence of a global clock.

In this session, we will provide a gentle introduction to problems, challenges and fallacies of distributed computing, explaining why sharded systems like Citus are not always ACID and differ from truly distributed systems. Then, we will dive deep into the design decisions made by YDB to address these difficulties and sketch YDB's architecture layer by layer - from the bare metal disks and distributed storage up to OLTP and OLAP functionalities. At the end, we will briefly compare our approach with that of Calvin, which originally inspired YDB, and Spanner.

dbt (Data Build Tool) is a great framework for creating, building, organizing, testing and documenting data models, i.e. data sets living in a database or a data warehouse. Through a declarative approach, it allows data practitioners to build data with a methodology inspired by software development practices.

This leads to data models being bundled with a lot of metadata, such as documentation, data tests, access control information, column types and constraints, 3rd party integrations... Not to mention any other metadata that organizations need, fully supported through the meta parameter.

At scale, with hundreds or thousands of data models, all this metadata can become confusing, disparate, and inconsistent. It's hard to enforce good practices and maintain them in continuous integration systems. We introduce in this presentation a linter we have built: dbt-score. It allows data teams to programmatically define and enforce metadata rules, in an easy and scalable manner.

dbt-score is an open-source linter for dbt metadata. It is designed to be flexible to enforce and encourage any good practice set up by data teams. Through its CLI, data practitioners can easily obtain a maturity score of their data models, keep the metadata chaos manageable, improve consistency, and eventually deliver high-quality data.

In today's world, where disability affects a significant percentage of the population, it is crucial for open-source communities to address the challenges faced by persons with disabilities (PWDs) and work towards their inclusion. This talk will delve into practical measures such as referral programs, internal disability disclosures, and integrating disability into existing agendas rather than treating it as a separate issue. We will dive into disability mainstreaming with a focus on its role in promoting universal design and inclusivity. Attendees will gain insights into establishing disability mainstreaming committees, formulating action plans, implementing best practices, and monitoring and evaluating progress.

PostmarketOS is a distribution based on Alpine Linux that boots on everything from Amazon Alexas to Android phones (over 500 devices). To help users install and develop this distribution, we use pmbootstrap - a swiss army knife for embedded and mobile development. In this talk, I will go over how we use pmbootstrap to develop postmarketOS and how you can use pmbootstrap for general embedded linux development.

https://gitlab.postmarketos.org/postmarketOS/pmbootstrap

https://postmarketos.org/

The Oniro Project, an open-source operating system built upon OpenHarmony and tailored for European market needs, is expanding its ecosystem to include mobile devices. In this lightning talk, we will discuss the ongoing effort to bring Oniro to the Volla X23 smartphone, focusing on the technical challenges and solutions in adapting Android drivers to a musl libc-based platform.

We will explore the role of libhybris in enabling compatibility with proprietary Android drivers, a critical step in hardware enablement for Oniro on mobile devices. The presentation will highlight how libhybris bridges the gap between the Bionic and musl libc environments, allowing us to leverage GPU acceleration and other hardware features while maintaining an open-source user space. Key challenges, such as adapting Android’s graphics stack and addressing ABI compatibility issues, will be outlined, along with our current progress in running Oniro in an LXC container for rapid testing.

This talk will provide insights into the broader implications of this work for the FOSS on Mobile ecosystem, offering a pathway to more accessible open-source mobile platforms. Join us to learn how Oniro aims to contribute to the vision of a truly open mobile ecosystem.

Elk is a nimble Mastodon client with great attention to user experience, boasting features such as being an installable Progressive Web App (PWA), support for code blocks with syntax highlighting, chronological threading, and markdown formatting.

Started by core maintainers behind popular developer tooling in the Vue/Vite/Nuxt ecosystem in 2022, it attracted hundreds of contributors and resulted to the creation of new libraries now widely used in other projects.

In this talk, I will give a brief history of Elk development from the perspective of a contributor who has never written a Vue component (before Elk), a walkthrough of key strengths of the technology under the hood, and a look forward to the future of the project.

Links

1. Elk Git Repo
2. Elk mastodon account
3. My contribution highlights
4. My Github
5. Some screenshots

Managing packages across systems and containers can be complex, especially when debugging issues or ensuring consistent deployments.

This short presentation introduces the manifest plugin for the DNF package manager, a tool that simplifies such workflows by capturing system package states into YAML-based manifest files. These files enable users to replicate environments, debug customer issues by mirroring setups, and streamline container builds with transparent, manifest-driven package management.

In an era driven by data and digital collaboration, access to foundational research skills is increasingly essential—yet research capacity remains deeply unequal across the globe. For instance, Africa has only 20 health researchers per million people, compared to 246 per million in Europe, according to the World Health Organization’s Global Observatory on Health Research and Development. This stark disparity highlights the urgent need for accessible, inclusive research training to bridge the gap in global knowledge production.

Pre-Seeds (Research 101) is an open-source, community-driven initiative inspired by OLS’s capacity-building programs, such as Open Seeds and Nebula. The course is designed to break down barriers to research literacy and amplify underrepresented voices in open science. It is targeted at research enthusiasts, citizen scientists, early-career researchers, and Research Software Engineers (RSEs) from non-academic backgrounds.

Currently in its early stages, Pre-seeds aims to create a flexible, modular curriculum covering key aspects of research often taken for granted, such as research design, ethical considerations, data management, and collaborative practices. The project leverages open tools like GitHub to promote collaboration, transparency, and reproducibility, inviting broad participation across disciplines and experience levels.

This session will present Pre-Seeds as a growing, collaborative effort to build an inclusive research ecosystem. By showcasing the project’s vision and its potential real-world applications, we’ll open the floor to feedback and invite attendees to join us in shaping this initiative—whether through expertise, funding, or community engagement—to co-create a more diverse and accessible future for open science.

I started with the question "how can I make managing DNS more user friendly for a customer" and the discovery of a small plugin for NetBox and ended up as the maintainer of a moderately complex and increasingly powerful DNS management tool.

The talk will touch the core features of the plugin: * Validation of names and values * Automatic generation of NS, SOA and PTR records * Zone and record templates * Handling of RFC2317 zones * Automatic generation of DNS address records for IPAM IP addresses

Our exploratory quest of previously uncharted territory of real-time TCP/TLS media over SIP RFC4145 (hey don't confuse it with TCP as a SIP transport!) and all the fun and possibly profit that can be had from it potentially. As part of the presentation I would announce the SIP Proxima project implementing this functionality and do a demo of various application protocols (e.g. postgresql, mysql, rrdcache, thrift, https etc) operating over it.

In early 2024, Tesla introduced strict API rate limits, reducing the number of commands to just 50 per day. This disrupted my smart charging automations, which were sending thousands of commands on a daily basis for tasks like solar charging and load balancing. To overcome this, I re-implemented Tesla's vehicle protocol in C++ for the ESP32 microcontroller, enabling local control of my Tesla by acting as a BLE (Bluetooth Low Energy) vehicle key.

In this talk, I'll give an overview of Tesla's vehicle protocol, dive into BLE communication using an ESP32, and show practical ESPHome implementations for common vehicle controls. The result is a cheap, open-source solution operating entirely locally with sub-second response times - no internet or API tokens required.

Wireless displays are something most of us use, but in a fragmented and proprietary landscape. We propose a new approach to virtual screen sharing between Linux mobile and desktop devices.

This solution uses a combination of video pipelines optimized for ARM and x86 hardware, D-Bus, and low-latency UDP streaming to create virtual “second monitors” and stream the desktop between peer devices. It is optimized to be usable even on low-power hardware such as the Librem 5, allowing us to repurpose older devices as secondary network monitors without proprietary tools. [2]

In this talk, I will try to demystify some of the technicalities required for implementing efficient wireless desktop streaming using GStreamer, PipeWire, and D-Bus. To this end, we will explore how to build network video pipelines from scratch, with a focus on minimizing latency and making good use of hardware acceleration. Finally, we will present the Mirror Hall app, an experimental GTK4 app that encapsulates the above concepts. [2]

Links: 1. https://notes.nokun.eu/post/2024-09-22-mirrorhall/ 2. https://gitlab.com/nokun/mirrorhall

Endpoint Detection and Response (EDR) solutions continuously monitor the events occurring on an endpoint, create detailed process timelines, and analyse these data, to reveal suspicious patterns that could indicate threats such as ransomware. To create these detailed timelines, EDR solutions collect a variety of information about each process running on the endpoint, such as timestamp, PID, process name, path, command line, etc. On Linux systems, this is often done using the proc filesystem provided by the operating system, which provides rich information for each process currently running on the system. However, if a process is short-lived and exits quickly, the proc filesystem entries for it get cleared out before the EDR solution can read them, leading to incomplete timelines. To take a simple example, suppose a malicious actor runs a script that downloads a binary from the network and then executes it. This downloaded binary quickly spawns a bunch of long-running malicious processes and exits itself. If EDR solution is unable to extract the complete process information about the execution of the downloaded binary from proc filesystem (being a short-lived process), it'll miss details about the creator of the malicious process in the system. Hence, EDR solution will have visibility gaps about the downloaded binary required for Security Threat Analysis. We propose a solution to address the gaps by attaching extended Berkeley Packet Filter (eBPF) programs dynamically to the Linux kernel system calls (such as fork, exec and exit) and extracting all the required information directly from the kernel hooks using BPF Type Format (BTF). These hooks use fundamental task structure in kernel representing a process or thread to extract variety of information about the process. Our proof of concept shows that eBPF-based process data extraction provides process timelines with near 100% reliability, compared to proc filesystem-based approaches which have a reliability of only around 83% for short lived processes.

Join us as we build a ChatGPT client, from scratch, using Swift OpenAPI Generator. We’ll take advantage of Swift OpenAPI’s pluggable HTTP transports to reuse the same generated client to make upstream calls from a Linux server, providing end-to-end streaming, backed by async sequences, without buffering upstream responses.

In this session you’ll learn how to:

• Generate a type-safe ChatGPT macOS client and use URLSession OpenAPI transport.
• Stream LLM responses using Server Sent Events (SSE).
• Bootstrap a Linux proxy server using the Vapor OpenAPI transport.
• Use the same generated ChatGPT client within the proxy by switching to the AsyncHTTPClient transport.
• Efficiently transform responses from SSE to JSON Lines, maintaining end-to-end streaming.

Timeline algorithms should be useful for people, not for companies. Their quality should not be evaluated in terms of how much more time people spend on a platform, but rather in terms of how well they serve their users’ purposes. Objectives might differ, from delving deeper into a topic to connecting with like-minded communities, solving a problem or just passing time until the bus arrives. How these objectives are reached might differ too, e.g. while respecting instances’ bandwidth, one’s own as well as others’ privacy, algorithm trustworthiness and software licenses. This talk introduces an approach to personal, local timeline algorithms that people can either run out-of-the-box or customize. The approach relies on a stack which makes use of Mastodon.py to get recent timeline data, llamafile to calculate post embeddings locally, and marimo to provide a UI that runs in one’s own browser. Using this stack, we will show how to perform search, clustering, and recommendation of posts from the fediverse without any of them leaving your computer.

Kubernetes is commonly run on cloud, and even more commonly on its managed form. However, self-managing k8s on your own metal is also fun!

In this talk I will walk through some of the challenges I've found while doing this for the last three years, and share what are the tools I've used to conquer them, such as kubeadm, cilium, metallb, stateless-dns (external-dns + powerdns), and others.

Packet Filtering in BSD could be seen from several angles. There are quite a number of packet filters in the BSDs. some Implemented in the kernel, some in the user space. In this talk, we will go through a particular NetBSD packet filter, NPF, evaluate its numerous advantages and assess critical performances and share its directions going forward.

The valgrind error manager makes it easy for valgrind tools to report issues that can include execution backtraces for multiple events, integrate with gdb, generate xml reports and lets users suppress specific issues. The valgrind error manager contains a fast unwinder which can be used to detect "equivalent" issues.

For valgrind 3.23.0 we introduced "core errors" which are tool independent and can be used to report on core events for resources that are explicitly created and destroyed. We used this to add errors when using file descriptors that can be reported by any valgrind tool by using --track-fds=yes. This allows reporting on bad use of file descriptors, file descriptors that are double closed, used after closing, and file descriptors that "leak". Because these are "normal" valgrind errors all these events can be reported in the xml output, suppressed by the user, intercepted by gdb and integrated in CI runs with --error-exitcode.

For Valgrind 3.24.0 we added bad file descriptor usage errors.

Despite memory isolation being used for decades now; a typical contemporary low-power IoT embedded system does not use this technique. One of reasons might be that in virtually all available systems memory isolation is an afterthought. We proposed, designed and implemented CMRX real-time operating system targeted towards devices without MMU which takes memory isolation as non-negotiable feature.

Achieving usable memory isolation on such constrained hardware has its challenges and there are compromises to be made. In this talk I will outline high-level design decisions and overall system design of the CMRX RTOS. Why micro-kernel design is suitable in this situation, what advantages does it bring? I will tackle benefits and potential drawbacks of proposed architecture and finally cybersecurity point of view will be discussed.

Open science is at the forefront of transformative progress in research, yet its advancement is often stymied by fragmented infrastructure, limited interoperability, and inadequate crediting of research outputs. These challenges hinder the accessibility, reproducibility, and verification of research, slowing the pace of and trust in discovery and innovation.

This talk introduces the Scientific Coordination Infrastructure and Operating Systems Collaborative (SciOS) as a solution-oriented 501c3 (US non-profit) initiative to bridge the gap between researchers and technologists. SciOS facilitates the ongoing development of open, scalable, and interoperable infrastructure that empower the scientific community.

This talk will explore the rapid development of solutions possible when researchers and technologies exist in the same space.

Key Technologies and Innovations:

• dPIDs and CODEX:
  Decentralized Persistent Identifiers (dPIDs) generate cryptographically unique, permanent identifiers for research artifacts. Combined with CODEX, an open system for managing versionable research objects, dPIDs ensure trust, reproducibility, and accessibility in scientific outputs.

• Journal Creation Software:
  SciOS supports tools that enable decentralized, community-driven curation-based journals. These platforms exist on an open repository of human knowledge accessible to everyone, and empower scientific communities to elevate from that repository research that aligns with their values, quality definitions, and scope with minimal friction.

• DeSci Publish:
  Operating on CODEX, DeSci Publish redefines scientific publishing by allowing researchers to share data, code, manuscripts, and more as versionable objects.

• Granular Citation Systems:
  Through dPIDs, CODEX, and decentralized platforms, SciOS enables journals to credit contributions ranging from datasets and software to peer review and editorial work.

• Automating Metadata Creation:
  In partnership with DeSci Labs and Discourse Graphs, SciOS automates the generation of metadata and discourse nodes. This initiative creates a map of research claims and evidence, allowing researchers to evaluate the relevance of prior work at a granular level.

• Research Assessment Tools:
  Collaborating with the CoARA ERIP working group, SciOS is developing tools that combine human expertise with AI to evaluate modular research objects. These tools enable clear, reliable assessments tailored for rapid response to research outputs.

• Open Source Permanent Versionable Containers and Attestation Platform:
  SciOS supports this platform to create immutable repositories for software tools. It provides versionable digital containers enriched by community validations, enabling researchers and engineers to track, validate, and determine software impact across domains.

• Institute of Open Science Practices (IOSP):
  IOSP fosters collaboration between researchers and technologists, guiding the adoption of innovative infrastructure. It facilitates workshops and conferences powered by novel tools, enabling open science practices throughout the research lifecycle.

Join us to explore how SciOS’s collaborative efforts and cutting-edge tools are transforming open science. Discover how decentralized infrastructure, automated metadata, and innovative publishing systems can break barriers, foster trust, and accelerate discovery across disciplines. Together, we can build the open science infrastructure the world needs.

With the introduction of the EU Cyber Resilience Act a number of interesting questions are raised. This talk focus on the EU CRA and discuss some of the implication when applied to Free and Open Source Software licensed under Copyleft licenses such as the GPL.

The EU CRA introduces, under some circumstances, an obligation to contribute upstream if there are vulnerabilities, what will best practices be to manage this obligation in permissively licensed project respective in Copyleft licensed projects, how will this impact customer agreements, R&D collaborations and similar.

MicroPython is a tiny implementation of Python, designed for very constrained environments such as microcontrollers and embedded devices. It can run on devices with as little as 64 kB of RAM and 256 kB of FLASH. Over the last 10 years, MicroPython has become a productive development environment and mature platform for firmware development. It has been used in many applications - and has been deployed on everything from smartwatches to medical devices and satellites.

There are many features of MicroPython that make it an attractive way of developing firmware, such as: the built-in file systems, first-class package management, built-in communication over WiFi/Ethernet/BLE/USB/etc, interactive programming via REPL, automated testing on PC and device. We will introduce these features briefly, and then discuss our favorite feature: the support for C modules, and how it enables building sensor systems that are both computationally efficient and fast to develop.

Transition from open collaboration to customized control with Wikibase, a self-hosted platform designed for tailored data management. While Wikidata provides a robust, open, multilingual, and collaborative environment, it may not fully address the specific needs of personal or institutional data. Wikibase empowers you to structure and manage your information on your own infrastructure, combining the strengths of Wikidata with the flexibility of a self-hosted solution. By seamlessly integrating global entities, leveraging existing translations, and aligning with linked open databases, including Wikidata, Wikibase enables you to build a connected and enriched data ecosystem. Discover how Wikibase bridges collaboration and control, offering independence while staying interconnected within the open data landscape.

References: 1. Wikidata 2. Wikibase 3. Wikibase on GitHub 4. Wikibase Cloud 5. The Linked Open Data Cloud

This session will give you an overview of the current status of the CJK input system in Wayland.

We will start with an overview of how to input CJK languages, focusing on the Korean writing system(한글, Hangul).

Next, we'll look at the different input protocols in Wayland and how they work. I will also show what still needs to be done to improve the CJK input system in Wayland.

Project Leyden was created in May 2022 with the goal of improving footprint, startup time and time to peak performance of Java applications. Initially, a variety of different approaches were under consideration and the first proposed solutions only started to clarify around 18 months ago. An early preview of the 'premain' solution, prototyped by Oracle, was presented at the August 2023 JVM Language Summit. It has been under very active development since then, with a team that includes developers from Oracle, Red Hat, Microsoft, Amazon and Google, and has already delivered improvements to JDK and application startup time in OpenJDK 24 via JEP 483. The plan is for the project to deliver a series of JEPs that improve performance step by step rather than wait for a complete, shrink-wrapped solution and the Leyden team is already working on the next set of enhancements. In this talk we will explain what was delivered in JEP 483 and how it works to improve startup, then go on to describe what other features are in the pipeline. We will also touch upon some of the barriers we currently face to improving performance and ideas we are exploring to resolve them.

In this talk, we will walk through different scalability challenges various modern CI setups encounter today: caching, distributed computing, reproducibility, telemetry... and how advanced build tools such as Bazel, Buck2, Pants,... addressed them at scale at big enterprises. We will then drill down into the common Remote Build Execution protocol that these tools all have in common. Finally, we shall reflect upon the current state of the build tool ecosystem and highlight key areas to improve upon.

phosh is a graphical shell for mobile devices built using GNOME technologies. With more than 80 releases in about 6 years under it's belt it is both time to celebrate and glimpse into what the future will bring!

The WebKit WPE and GTK ports are aiming to leverage GstWebRTC as their WebRTC backend. Over the years we made progress towards this goal both in WebKit and in GStreamer. During this talk we will present the current integration status of GstWebRTC in WebKit and the plans we have for the coming months.

In this talk we briefly present Sxmo and share the current state of things. Sxmo is a hacker-friendly mobile UI for Linux phones, like those running on postmarketOS. Our approach differs from what the mobile user is accustomed too, but one that will appeal to those drawn to software minimalism and those with an urge to tweak and control their system to the max! We tie together various FOSS components, some interchangeable, via POSIX shell scripts. Through our hook system users can customize these to a large extent.

• Do you want to SSH into your phone and have all functionality available remotely?
• Do you like the idea of running a tiling window manager (sway, dwm) on your phone just like on your desktop?
• Do feel nostalgia for operating your phone with menus (dmenu, bemenu, wofi) and hardware buttons?
• Do you want to be the one in control of our own device and data, rather than be on the leash of big tech companies?

Then this talk may be interesting for you!