Many processes are packed with document generation, and forms of various types, from applications to contracts. Come and hear how new APIs built on LibreOffice Technoloy provided by Collabora Online can make building complex documents easier. From populating fields, to making richer templates, to tweaking chart data, our new Automatic Document REST APIs here enable powerful document interaction - both creation and extraction of data with a simple JSON based API.

Whether you want to extract data from docx files, generate richer templates for subsequent editing, or enable powerful electronic signature functionality - have we got an API for you!?

Come and hear how to use and improve it.

If you are processing and storing sensitive data in the cloud, can you really trust anyone (including the cloud)? The answer is no. Confidential Containers (CoCo) is a CNCF project that leverages Trusted Execution Environments (TEEs) to tackle this challenge. A critical aspect in this effort is providing secure and confidential storage solutions that can be seamlessly deployed across cloud providers.

This session explores the implementation of trusted storage in CoCo, highlighting key aspects such as Kubernetes storage drivers, device virtualization, and the role of attestation in secure key release and data encryption. We also demonstrate how we prevent attackers from injecting data into the TEE using the CNCF Rego policy language.

Overall, we aim to show how cloud providers and end users can securely store and protect sensitive data, enabling the adoption of confidential computing across numerous use cases.

Validating low-level firmware presents unique technical challenges, from automating hardware control operations to testing interactive UEFI firmware menus. In this presentation, we delve into how the Dasharo Open Source Firmware Validation (OSFV) project uses Robot Framework, an open-source automation tool, to address these complexities.

Drawing from years of firmware development experience across diverse hardware platforms ranging from network appliances to workstations we will showcase how OSFV tackles: - automating hardware interactions such as GPIO toggling, UART communication, power control, video output capture, USB devices simluation, and more, on a wide variety of hardware platforms, - testing dynamic and interactive firmware interfaces, including menu navigation and switching configuration options, - managing the variability of real-world hardware environments to ensure repeatable and reliable test execution.

Dealing with web mapping can be complicated, and when tasked with the requirement of drawing on one, things can quickly become a challenging, especially when dealing with complex requirements. Enter Terra Draw: an open source JavaScript library designed to simplify and standardise drawing functionality across popular web mapping libraries such as Leaflet, OpenLayers, Google Maps, MapboxGL JS, and MapLibreGL JS.

Terra Draw offers a versatile set of built-in drawing modes, enabling seamless creation of geometries. The library supports simpler geometry types like points lines and polygons, but also more complex modes like rectangles, circles and sectors. There is also advanced functionalities like snapping, rotation, and scaling, which often require significant effort to implement from scratch. These functionalities are designed to "just work" across the different mapping ecosystems.

The library’s modular design promotes extensibility, allowing developers to create custom drawing modes and adapters for new mapping libraries that may come along. Thanks to its decoupled architecture, any mode can work with any adapter, creating a multiplier effect. This flexibility also ensures that swapping out one mapping library should be much simpler, as the drawing logic is abstracted away from the mapping library.

In this talk, we’ll explore the origins of Terra Draw, demonstrate how to get started, and provide a glimpse of what's possible with it. Whether you're a seasoned developer or just starting with web maps, you'll walk away with practical insights on how Terra Draw can be used in your project.

Not everything needs to become a string! At least not so fast. Don't lose your typing information when building templates for Django, Flask, FastAPI or even without any framework.

With htpy you can write templates just like you write Python, including full support for mypy or pyright checks.

I will show you how to get started with htpy and show you some patterns that make your components reusable and typesafe.

The Ryzen AI NPUs consist of an array of vector processors and programmable interconnect to allow granular control of compute and data movement to achieve high performance and power efficiency. This talk presents a MLIR-based data tiling and packing design for these NPUs that leads to optimized machine instructions. Specifically, it shows how we can derive and optimize how data flows through the array from high-level tiling decisions and how we can efficiently utilize a high degree of data packing by leveraging low-level DMA control and capabilities.

The SMB service in Ceph uses a Samba container to export the Cephfs volume using the vfs_ceph_new plugin. We hit a problem when scaling the number of client connection which results in resource exhaustion on the server host. This was determined to be caused by Samba's forking model and the way data is cached by libcephfs. This presentation delves deeper into the cause of this problem and the proposed solution - the multiplexing proxy.

Nix offers an alternative to the well-known container-based deployment flow, and can offer several benefits compared to those container-based deployments. However, it's not immediately obvious how you would use nix to deploy services on machines running Linux distributions other than the nix-native NixOS. To address this, we developed a tool called system-manager, which allows you to manage certain aspects of the system configuration of a Linux system using nix, while leaving others to be managed using the usual tools of the underlying distribution.

Accessing a Kubernetes cluster for the first time can be daunting. But that’s the price for testing Deployments, Volumes, and other Kubernetes objects, right? Nope. There is an easier way that doesn’t entail learning how to deploy a Kubernetes cluster.

One of the least-known commands of Podman is kube play, and it’s fantastic. It works as kubectl apply and supports the same objects but doesn’t need a Kubernetes cluster. It supports Pods, Deployments, Volumes, ConfigMaps, and many other Kubernetes resources and runs on Linux, macOS, and Windows. It has some additional features compared to kubectl, such as using local images.

This talk will discuss using kube play and its alter-ego kube generate to simplify Kubernetes’ first experiences.

Overview of a feature implementation in Collabora Online, building on LibreOffice Technology, where autotext and other presets and configuration data can be supplied both at an individual user level and at an organization level, via their wopi server, to a Collabora Online instance serving multiple organization tenants.

In high-energy physics, ensuring that analyses remain reproducible and interpretable over time is a significant challenge. As the Large Hadron Collider (LHC) produces vast datasets and as analyses evolve, reproducibility becomes crucial for both current and future research efforts. Rivet (Robust Independent Validation of Experiment and Theory) addresses this challenge by providing a framework for the preservation and reinterpretation of LHC analyses. This talk will discuss how Rivet facilitates analysis preservation, enabling researchers to reproduce, validate, and reuse complex particle collision studies long after initial publication. We’ll explore specific use cases, including how Rivet supports reinterpretation for new physics searches, and the technical underpinnings that make Rivet an indispensable tool for long-term data analysis preservation. This presentation will emphasise Rivet’s role within the broader landscape of open science and data preservation, with insights into its integration with other high-energy physics frameworks. Attendees will gain a clear understanding of Rivet’s contributions to sustainable research practices and reproducibility within the scientific community.

For the training of generative AI models, developers usually have to gather large amounts of mostly copyrighted data (texts, images, code, music etc.). Datasets are provided online for download or can be assembled individually via crawling & scraping.

In both cases, copies and sometimes further adjustments of data are necessary in preparation for AI training - acts relevant to copyright law, usually requiring a license. Since June 2021, the "text and data mining exception", introduced via the DSM directive, is a part of national copyright laws in the member states of the EU, allowing for license-free copies for the purposes of text and data mining (TDM). It is since being discussed whether the TDM exception can be applied to the training of (generative) AI models, and how respective reservations can be made in a "machine-readable format".

The talk will present the first German court decision (09/2024) on the application of the TDM exception to AI analysis and provide an overview of the discussion regarding the applicability of the TDM exception to AI training in Germany. Participants are also invited to join a constructive discussion regarding the feasibility of a machine-readable reservation and the importance of international / EU-wide (copyright) rules on AI training.

Linux v6.12 adds usb9pfs as a new USB gadget function, which can be used to mount a filesystem provided over USB.

Booting from an external rootfs in the form of NFS is already a staple in embedded systems development, but multiple issues complicate its usage:

• network interface required , which may not always be available
• Interference with normal network setup, especially in existence of switches
• Requires setup of multiple services: DHCP, TFTP, NFS...

By using usb9pfs for the rootfs, these limitations can be avoided on all devices that feature a USB gadget port.

This talk will discuss the design of 9p and usb9pfs and showcase how streamlined development on a Yocto root file system can be with both barebox and Linux making use of usb9pfs.

We'll introduce you to our project "Ethersync," a software and protocol for real-time collaboration. The goal is to make it feel like Etherpad, but for entire projects, on the local file system, and with Neovim, VS Code, or your other favorite text editors! We’ll talk about our vision, technical implementation, and the challenges we encountered along the way.

Collaborating with software like Etherpad or Hedgedoc feels a bit like magic: you can instantly see what others are typing. The downside is that you need to be online to access the content—since the document is on a server, it disappears as soon as you disconnect.

We’re working on an open-source software called "Ethersync" to bring real-time collaboration to the file system! We want to make it possible to write notes and documentation together, and we’re also considering use cases like pair programming—directly in Neovim, VS Code, or perhaps your favorite text editor soon. We’re following a "local-first" approach, ensuring you always have control over your data since it’s stored on your own hard drive.

In this talk, we’d like to explain our vision for this type of collaboration and show you our progress and current prototype. We’ll discuss some of the problems we’ve encountered and dive into the underlying technology (like Conflict-Free Replicating Data Types and Operational Transform).

Finally, we'll discuss how you can get involved: For example, we could use help developing plugins for more text editors! We'll go over the Ethersync protocol, and discuss how it could help interoperability between collaborative projects.

AOSP is a great start - but increasingly doesn't deliver all the functionality you'd expect in a phone OS. Even the mail client that was present in early AOSP is no longer there: You're expected to use the closed-source GMail app.

This talk explains shows how to get most Android functionality on AOSP without having to use closed source applications.

It covers integrating GMS-like services through microG and Open Source alternatives to applications typically preinstalled on Android phones, as well as tricks for better integration of alternatives.

Documentation often struggles to keep up with development cycles. Your users become testers of inaccurate information, which leads to a poor experience. But what if you could test your documentation for accuracy and catch breaking changes before your users do?

This short talk shows how you can improve your docs-as-code workflows with automated testing. Attendees will hear an explanation of Doc Detective and its testing framework. We will also show off some implementation strategies and automation to help keep your docs current.

In times of complexity and easy cloud computing - is it still value-able to maintain an on-prem mail cluster with open-source tools? We will showcase our approach to sizing and rolling out a complete and flexible mail infrastructures, highlight why we chose Ansible for IaC, our approach to template the configuration and automatic documentation generation. We continue to update and develop our roles to incorporate our best practices, develop new features and counter latest security threats. Our Ansible Playbooks and Roles to roll-out this full fledged E-Mail infrastructure are open-source and publicly available. The setups are maintained either by us, the customer with our support or also completely independent.

sq is Sequoia PGP's primary command line tool. After seven years of development, we've just released version 1.0.

In this talk, I'll present sq. I'll start by discussing sq's design philosophy. In particular, I'll explain how sq aims to firstly be a tool for end users, and not developers writing scripts, and what that means for users of the tool. I'll then present how sq is different from other tools in the ecosystem. In this regard, one of the most important differences is that sq explicitly does not support curated keyrings; users have to authenticate all of the certificates that they use. At first blush, this may sound like a usability nightmare, but I'll show how sq supports users by managing evidence, which simplifies these decisions. Finally, I'll demonstrate several workflows. These include how to verify files, how to create and manage a certificate, how to find a certificate and use it, and how to create and manage a CA for your organization.

go build . is a very common way to build and release binaries for go projects. But there are many settings one can pass to go to build better release binaries. This talk will give overview of compile time optimizations, give guidance on re-releasing, apply CGO hardening as recommended by OpenSSF, upgrading dependencies, ensuring binaries can be scanned for vulnerabilities, ensure codebase is compatible with popular go forks for FIPS compliance, and are easier to reproduce.

Relevant projects: - https://pkg.go.dev/cmd/go#hdr-Compile_packages_and_dependencies - https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html - https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck - https://github.com/chainguard-dev/gobump - https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/build.yaml - https://github.com/wolfi-dev/os

Java Flight Recorder (JFR) provides deep visibility into cryptographic operations offering developers unprecedented insights into their applications' security behavior. Learn how to leverage these JFR events to monitor and analyze cryptographic operations in production Java applications with minimal overhead.

Most developers approach unit testing by manually defining specific examples to verify the expected behaviour. With this approach, catching all the edge cases can be tricky – or tedious.

Property-based testing offers an alternative, by emphasizing general properties or rules that should hold true across a wide range of inputs. By automatically generating test cases, property-based testing provides broader coverage and can uncover issues that are difficult to find with conventional techniques.

In this talk, we'll explore property-based testing, breaking down how it works and when to use it. We'll cover:

• Core principles of property-based testing and how it differs from example-based approaches.
• Practical techniques for identifying useful properties in various domains, including algorithms, data structures and APIs.
• Tools and libraries that enable property-based testing in popular programming languages.
• Real-world examples of how this approach has uncovered critical bugs and improved test coverage.

This session is designed for developers curious about expanding their testing toolbox. Whether you're new to property-based testing or looking for ways to apply it in your work, this talk will provide practical guidance and resources to help you get started.

LibreOfficeKit has new API to expose slideshow elements: content, animations, transitions and notes. Short story about composing the impressive 3D slideshows in WebGL directly in the browser.

We will introduce nmbl (no more boot loader), our fast, secure boot scheme based on the Linux kernel. GRUB is a powerful, flexible, fully-featured boot loader used by many distributions on multiple architectures, but its complexity is difficult to maintain, and it necessarily lags behind the Linux kernel exposing many security holes. The kernel itself, on the other hand, has a large developer base, fast feature development, quick responses to vulnerabilities, and much better overall scrutiny. Our approach is to use the Linux kernel as its own boot loader in the form of a unified kernel image (UKI). Loaded by the EFI stub on UEFI, an UKI is made up of all the components needed to reach the final boot target: the kernel, initramfs, and kernel command line, in one signed bundle. All necessary drivers, filesystem support, and networking are already built in and code duplication is avoided. We will describe the work and testing done so far and our approach to customization, as well as fallback, and hope for your feedback and use cases.

The open source community can be siloed at times. People tend to ‘stay in their lane’ and don’t realize what they may be missing out on by not expanding their network. I know time is limited and it’s impossible to participate in every community so how do you become like Kevin Bacon? How do you set yourself up to be connected to people in various communities that you may be able to help or vice versa without being present at every meeting? I’m going to show you how you can channel your inner Kevin Bacon and learn how to expand your network like your funding counted on it!

Self-hosting Web applications is a practice that is useful both in the personal and business context. Depending on the situation, we can enjoy better privacy, flexibility, performance and reduced costs. However, some "boring" aspects we need to think about are backups, authentication, security, scalability and management across servers.

In this lightning talk, I will present a new multi-server container-based solution that sets a solid foundation for self-hosting, while remaining simple to use and operate: NethServer 8.

• Project page: https://www.nethserver.org
• Source code repositories: https://github.com/nethserver
• Community:< https://community.nethserver.org>
• Apps (some are in "testing"): https://wiki.nethserver.org/doku.php?id=ns8:applications:applications

Data theft and leakage, caused by external adversaries and insiders, demonstrate the need for protecting user data. Trusted Execution Environments (TEEs) offer a promising solution by creating secure environments that protect data and code from such threats. The rise of confidential computing on cloud platforms facilitates the deployment of TEE-enabled server applications, which are expected to be widely adopted in web services such as privacy-preserving LLM inference and secure data logging. One key feature is Remote Attestation (RA), which enables integrity verification of a TEE. However, compatibility issues with RA verification arise as no browsers natively support this feature, making prior solutions cumbersome and risky.

To address these challenges, in this talk, we present RA-WEBs (Remote Attestation for Web services), a novel RA protocol designed for high compatibility with the current web ecosystem. RA-WEBs leverages established web mechanisms for immediate deployability, enabling RA verification on existing browsers. We will show preliminary evaluation results and highlight open challenges when introducing RA to the web.

In this talk, we share our journey in making QuestDB, an Apache 2.0-licensed open-source time-series database, a significantly faster analytical database. Over the course of just one year, we achieved query performance gains of up to 6x by implementing specialised data structures, SIMD-based optimisations, scalable aggregation algorithms, and parallel execution pipelines.

QuestDB is designed for high-performance ingestion—processing millions of rows per second—and efficient queries over billions of rows. While it excelled in time-based queries, we found that certain generic analytical queries were slower than expected. In this session, we’ll walk through how we identified opportunities for improvement, the key changes we implemented, and how those changes delivered dramatic performance improvements in a relatively short timeframe.

We’ll demonstrate before-and-after queries to showcase the impact of these optimisations. All the code is freely available in QuestDB's GitHub repository for anyone to explore or contribute to.

Fuchsia is a new (non-Linux) operating system from Google, and one of the key pieces of Fuchsia's design is the component framework. Components on Fuchsia have many similarities with some of the container solutions on Linux (such as Docker): they both fetch content addressed blobs from the network, assemble those blobs into an isolated filesystem structure that holds all the dependencies necessary to run some piece of software, and launch namespaced processes with that created directory as its root.

The most interesting details are where these two projects diverge. Both have different use cases and requirements, which leads to different strengths between the systems. This talk will largely be focusing on where and why these two similar technologies diverge.

Relevant links: - Fuchsia's source code - Fuchsia's code review - Getting started page

NextGraph is an open source ecosystem providing solutions for end-users (a platform) and software developers (a framework), wishing to use or create decentralized apps featuring: live collaboration on rich-text and JSON documents, peer to peer communication with end-to-end encryption, offline-first, local-first, portable and interoperable data, total ownership of data and software, security and privacy.

Centered on repositories containing semantic data (RDF), rich text, and structured data formats like JSON, synced between peers belonging to permissioned groups of users, it offers strong eventual consistency, thanks to the use of CRDTs. Documents can be linked together, signed, shared securely, queried using the SPARQL language and organized into sites and containers.

Collabora Online (COOL) delivers collaborative document editing based on LibreOffice Technology to any modern browser. Come and hear about how we've been improving usability, deploy-ability, performance, feature-set and georgeousness of Collabora Online. See how COOL can be deployed and catch the excitement of making code simpler, faster and better for users at pace.

Finally hear how you can get involved with the fun.

LLVM libc has been steadily growing over the past few years. From its origins as an overlay to be used on top of an existing libc, LLVM libc is now complete enough and scalable enough to be used on embedded toolchains too.

This talk will contain: * LLVM libc's current status. * Why you might want to use LLVM libc. * How to build it for linux and an embedded system. * How to use a prebuilt example from LLVM Embedded Toolchain for Arm. * Other uses including the Google Pigweed SDK.

LLVM libc in llvm-project https://github.com/llvm/llvm-project/tree/main/libc

After looking at the current way Go code is packaged in nixpkgs using buildGoModule, disadvantages are pointed out with a focus on security (backed by data from govulncheck-nixpkgs project) and performance. Out-of-tree alternatives are presented with a focus on the new and promising approach of gobuild.nix, which implements a hook-based builder with module-level caching.

Flakes aka tests that don’t behave deterministically, i.e. they fail sometimes and pass sometimes, are an ever recurring problem in software development. This is especially the sad reality when running end-to-end tests where a lot of components are involved. There are various reasons why a test can be flaky, however the impact can be as fatal as CI being loaded beyond capacity causing overly long feedback cycles or even users losing trust in CI itself.

Ideally we want potential flakes to be flagged at the earliest stage of the development lifecycle, so that they do not even enter the end-to-end test suite. We want a gate that acts as a safeguard for developers, pointing out to them what kind of stability issues a test has. This reduces CI user frustration and improves trust in CI. At the same time it cuts down on unnecessary waste of CI system resources.

This talk will explore the CANNIER approach, which aims to reduce the time cost of rerunning tests. We will take a closer look at the feature set used to create training data from existing test code of the KubeVirt project, enabling us to predict probable flakiness of a certain test with an AI model.

We will cover how a subset of the CANNIER feature set is implemented, how it is used to generate training data for an AI model, and how the model is used to analyze flakiness probability, generating actionable feedback for test authors.

Attendees will gain insight on how the CANNIER approach can help them improve test reliability, ultimately enhancing overall software quality and team productivity.

Geospatial programming often requires stitching together a variety of formats, interfaces, APIs, libraries, tools and languages. How can we fluidly download data from OpenStreetMap using the Overpass Query Language, run performant queries with GEOS, calculate projections with PROJ, store and manipulate GeoJSON or WKT-formatted data with duckdb's spatial extention, and then visualize things with a javascript library like Leaflet or Deck.gl?

This talk explores Raku's expressive and powerful style as we mesh together all of these things, creating new modules along the way, and leapfrogging ahead of other implementations with some of Raku's unique features such as NativeCall for native libraries, Grammars for parsing, multiple modes of interacting with command line tooling, and plentiful concurrency models. Also let's see how we can reign in large language models so that we can apply them judiciously to our data and our code.

Links:

raku-geos, Geo::Basic, WebService::Overpass, Geo::Geometry, Duckie, WebService::Nominatum

XWiki is a wiki engine, and, as with most wiki engines, it allows uploading attachments to wiki pages. In order to edit these attachments quickly, we recently released an extension allowing to link an XWiki instance with a COOL server, and thus enabling real-time collaboration office files attached to wiki pages.

This presentation will focus on the technical integration of COOL with XWiki, and will discuss use-cases that we identified over the years, as well as the roadmap for this extension. The application code can be found at https://github.com/xwikisas/application-collabora

To ease the pain of testing container images, we’ve developed the pytest_container plugin for pytest. The plugin makes it possible to use pytest to perform tests on containers and software inside containers. You don’t have to take care of pulling images, building them, or picking ports on the host. You just describe your container setup and pass it to a test function. In return, the plugin gives you a connection to the container. Using the connection, you can verify the container’s state using the testinfra python framework. The plugin even cleans up after itself when you’re done.

In short, pytest_container makes it possible to write tests in Python: no need to build your own framework from scratch or worry about the boring container plumbing tasks.

Join this talk to see pytest_container in action and learn how it can make your life easier!