This panel will explore what makes a machine learning model, or an “AI system”, Free Software / Open Source. Some topics we may address: - What, if anything, is the source code of a model? If the source code includes training data, what are the implications for LLMs and other large generative models? Can trained weights themselves be considered source code? - What does user freedom (and in particular, freedom to study and modify) mean in the context of AI models? How, if at all, does it differ from our traditional understanding of software freedom? - Are there any reasons to tolerate use restrictions in AI model licenses that we would reject for FOSS? - Proposed normative definitions of free/open AI and related efforts, including the OSI’s OSAID 1.0, FSF’s criteria for free machine learning applications, and the Model Openness Framework - Should we have different tiers of free-ness/openness when assessing AI models/systems? - Leaving aside the question of source code, are there other kinds of artifacts that should be released with a model for it to legitimately be considered free/open?

In 2024, I worked with a small team to bring up BlueZ as the Bluetooth stack of a real-world automotive In-Vehicle Infotainment (IVI) system. In this talk, I am going to discuss the steps that we went through, the challenges that we faced, the caveats of BlueZ in contrast with closed-source alternatives and also present the contributions that we made to BlueZ and PipeWire as part of this process.

Open Source is all about collaboration, but of course we don't all work in one big project. So projects have to work together - actively. How do collaboration and integration stack up with the competition between projects and even the forking into new ones? Should there be more distributions on distrowatch.org or should we abolish them? We can't speak for distributions, but certainly for the collaboration tools we built!

Progress in hardware development often leaves devices with outdated software versions behind. This primarily affects Android devices, especially as Google is currently accelerating its release schedule for Android versions. The rapid version change means that older devices are often left without software updates, which makes the devices vulnerable to security threats and compatibility problems. This presentation shows how this trend can be counteracted by upgrading a handheld device from Android 9 to Android 14 by using open-source components.

We will outline the entire upgrade process from migrating the kernel to UI and HAL customizations to match the original device’s look and feel. This includes discussing technical challenges developers face when dealing with outdated drivers, newer kernel versions, and hardware abstractions during OS upgrades of old devices.

To ease the pain of testing container images, we’ve developed the pytest_container plugin for pytest. The plugin makes it possible to use pytest to perform tests on containers and software inside containers. You don’t have to take care of pulling images, building them, or picking ports on the host. You just describe your container setup and pass it to a test function. In return, the plugin gives you a connection to the container. Using the connection, you can verify the container’s state using the testinfra python framework. The plugin even cleans up after itself when you’re done.

In short, pytest_container makes it possible to write tests in Python: no need to build your own framework from scratch or worry about the boring container plumbing tasks.

Join this talk to see pytest_container in action and learn how it can make your life easier!

In open-source projects, contributors often wear many hats—developer, tester, writer—and resources are typically stretched thin. This multitasking environment can make it challenging to maintain comprehensive and accurate API documentation. Yet, high-quality documentation is vital for the usability and adoption of any open-source project.

This talk focuses on how AI can help simplify one aspect of documentation development: testing. By using AI to simulate user interactions, we can efficiently identify gaps and inconsistencies in API documentation that a contributor might miss due to exceptional knowledge of the topic.

By integrating AI-driven user simulations into your workflow, you can improve the quality of your documentation while managing multiple responsibilities more effectively. This approach not only benefits individual contributors but also strengthens the overall success and sustainability of open-source projects.

This talk explores the practical implementation of Large Language Models (LLMs) in email filtering, giving the example of the integration between Rspamd and various LLM services. We'll discuss how LLMs can complement traditional filtering methods, comparing supervised (Bayes) and unsupervised (LLM-based) approaches to spam detection.

We'll examine real-world results from different models (GPT-3.5, GPT-4, and alternatives via OpenRouter), analyzing their effectiveness, false positive rates, and cost implications. The presentation will cover advanced features such as content categorization, password extraction from archives, and message anonymization for privacy-preserving learning.

Special attention will be given to practical deployment considerations, including:

• Cost-effective strategies for different scales of operation
• Self-hosted models vs. cloud APIs
• Privacy considerations and message anonymization techniques
• Integration with existing email infrastructure
• Extended message analysis capabilities

The talk will conclude with insights into future developments and best practices for implementing LLM-based email filtering in both personal and enterprise environments.

Target Audience: Email administrators, spam filtering specialists, and developers interested in modern email security solutions.

Over the last 15 years, HAMNET (Highspeed Amateur Radio Multimedia NETwork) has developed from an experiment into a stable infrastructure, particularly in German-speaking regions.

It generally connects unmanned amateur radio stations via microwave links using the IP- and BGP-protocol and provides a platform for networking amateur radio applications.

This talk will show how HAMNET has evolved and how it could evolve (challenges in deployment, expansion in Europe, densification of the backbone, higher speeds, access technologies for non-line-of-sight propagation).

OAuth 2.0 uses access tokens to grant access to secured resources. When using Single Page Applications, they are passed from browsers to the servers as bearer tokens using HTTP headers.

While they are secured in transit using TLS, those tokens could be stolen from a browser, replayed, or mis-used by a malicious or vulnerable server. OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) takes this one step further by equipping the client like your Single Page Application with a key pair so that it can show a proof when passing the access token, so no-one else can use the access token. DPoP is part of the FAPI 2.0 Security Profile by the OpenID Foundation. It promotes best practices on how to protect APIs exposing high-value and sensitive (personal and other) data, for example, in finance, e-health and e-government applications.

This talk will explain the concepts and demos how this can be implemented using Keycloak and other open source components. We will also describe the current challenges, limitations and alternatives of the approach.

TrenchBoot is an open source project led by 3mdeb, Apertus Solutions, and Oracle. It aims at the security and integrity of the boot process by leveraging advanced silicon security features, like Intel Trusted Execution Technology (TXT) and AMD Secure Startup. It integrates with open source projects like GRUB2, Xen, and Linux, to perform a measured launch of the operating system software, also called Dynamic Root of Trust for Measurement (DRTM).

The presentation will provide an overview of the project's current status, emphasizing the key developments during the last year such as progress towards upstreaming patches in Linux and GRUB, as well as bringing UEFI support for Xen boot path.

Pretty much every application has state, the bigger your application the more state you have. Things can get challenging when you are asking much of your state. You might need to maintain multiple indexes into your state, react to changes to the state, keep multiple pieces of state in sync and make sure that all of it is thread-safe for multiple readers and writers. Doing this for one piece of state is a challenge, but doing it for a few dozen is painful.

Presenting, StateDB (cilium/statedb) a non-persistant in-memory database of your application state. It was created to tackle state management challenges experienced by Cilium. It leverages Go features such as generics, iterators, channels and Go’s garbage in combination with immutable data structures to make complex state management easy.

StateDB provides Multi Version Concurrency Control (MVCC) through snapshots, indexing(multiple indexes per table, unique and non-unique indexes, composite keys), write transactions across multiple tables and the ability to watch for changes on a whole table or a subset of data. To name a few.

Let's explore StateDB together and take a little peek under the hood.

This talk looks deeper at class metadata storage in the Hotspot JVM and the changes JEP 450 "Compact Object Headers" brought. We will examine the mechanics and CPU cache effects of oop iteration and propose a more cache-friendly solution. We will investigate the class storage limits and possible ways to circumvent them. Finally, we will examine an alternative to the current class space solution.

A disk full, a saturated or lossy network, too-few CPU cores, an unexpected IO error… how will your software handle such scenarios?

In this talk we present a collection of tools that can be used to systematically "break" things, so you can write test cases and make sure that these unexpected situations will be handled gracefully by your software: ToxiProxy, charybdefs, tc qdisc, strace --inject, taskset, numactl, cgroups and syscall overloading, all can be used to emulate a wide array of failures.

Interactive maps on the web have evolved a lot in the past years. OpenLayers is no exception: it has been around for more than a decade and has become a reference with its extensive feature set and excellent performance. As a landmark open-source project, it has received thousands of contributions over time while managing a very high level of quality.

In this talk we will look at the state of the library today, what it now allows and why, now more than ever, it is an essential part of every geospatial web application. From high-performance rendering of large datasets to on-the-fly satellite image processing, its list of features is so large that you will most likely discover things along the way. New formats, ever-improving WebGL rendering, a powerful new expression-based styling API, and more!

Whether you're a long-time user or just discovering OpenLayers, this session promises fresh insights and practical takeaways for leveraging its full potential.

Find the OpenLayers website here: https://openlayers.org/

And the GitHub repository here: https://github.com/openlayers/openlayers

Securing embedded devices, particularly those with minimal resources, presents a unique and pressing challenge. Conventional approaches to Trusted Execution Environments (TEEs) often require specialized hardware or substantial system resources, leaving low-end devices vulnerable to breaches. The need for a lightweight, efficient solution that bridges this gap is greater than ever in today’s interconnected world.

Introducing Spock

Through the development of Spock, we have created a versatile and efficient Trusted Execution Environment (TEE) tailored for RISC-V embedded devices. By relying solely on Physical Memory Protection (PMP) for isolation and requiring only machine and user modes as specified in the RISC-V privileged instruction set, Spock delivers robust security without relying on any specialized hardware.

At the core of Spock’s architecture is the Security Manager (SM), which plays a key role in managing enclave data and buffer permissions. The SM enables Spock to efficiently virtualize buffers and dynamically allocate PMP entries, providing a flexible and scalable approach to memory isolation. By leveraging this abstraction, Spock can create virtual enclaves that surpass hardware-imposed limitations, such as the number of PMP entries.

Core Features and Capabilities

Spock’s minimalist API design delivers essential security functions, including secure execution and attestation. This design supports:

• Virtualization of critical operations while maintaining a minimal Trusted Computing Base (TCB).
• Integration into very low resource embedded devices.
• Both relocatable and fixed enclaves, offering flexibility for diverse use cases.

Why Spock Matters

Spock’s design represents a modern, efficient solution for secure computing in low-resource embedded devices. Its ability to combine robust security with minimal hardware requirements makes it uniquely suited for the demands of today’s connected world, ensuring that even the smallest devices can operate securely.

Available at : https://github.com/jiphelsen/Spock

Open-source software thrives on diverse perspectives, yet women remain significantly underrepresented in FOSS communities.

While we celebrate women who've "made it"—and their visibility is vital—survivorship bias hides a crucial truth: up to half leave tech by age 35, women exit at a higher rate than men, and many never even join the field.

This talk delves into the concept of survivorship bias—the tendency to focus on successful individuals while ignoring those who faced barriers—and how it impacts women in open source. You’ll learn how this bias skews community perceptions, perpetuates systemic challenges, and limits opportunities.

By examining barriers like unwelcoming dynamics, recruitment biases, and a lack of mentorship, you'll understand why many are deterred before or during their FOSS journeys. You'll also learn how survivorship bias interacts with intersectionality, compounding challenges for women of color, LGBTQ+ individuals, and others.

We’ll also explore examples of communities and initiatives that successfully counter these trends, demonstrating allyship's role in building equitable environments. Finally, drawing on research and real-world examples, we’ll propose actionable steps to create a more inclusive and welcoming FOSS landscape for all.

Whether you’re a contributor, maintainer, or community leader, this session will give you a deeper understanding of the problem and tangible ways to drive change in your circles.

How we work together and bring Collabora Online integration in Nextcloud to the next level with file conversion, document transformation and AI.

For me, Nix-the-package manager has replaced homebrew, ASDF, and even docker. But its potential goes far beyond managing development environments. With its declarative, reproducible configurations, Nix is also an excellent choice for managing entire servers.

In this talk, I’ll share how I use NixOS and nixos-generators in order to create both stable and ephemeral VMs on my Proxmox hypervisor hosts, and how I run services like Grafana, Docker, Tailscale, and more.

We’ll explore how to deploy and update Proxmox VMs remotely using Nix, set up a WireGuard router with NixOS, and deploy services directly to NixOS declaratively. I’ll also show how to deploy Docker services to NixOS, using the same object tree and code files as all of your other configurations.

Whether you’re managing a homelab or building out larger infrastructure, this talk will showcase how Nix can transform your approach to system configuration and service deployment.

Since the beginning of time, declarative APIs have been driving everything that can happen inside a Kubernetes cluster. Predefined CRDs, operators defining custom CRDs, everything is about declarative APIs. Write your YAML once, deploy it, forget it. That’s how you create a cluster, that’s how you deploy your workload.

But is it, for real, as simple as it sounds? How do you bring declarativeness to the imperative world? In the current state of things, host networking is one huge imperative nightmare. So how to happily marry an old-school Network Manager and brand new Kubernetes API?

Over the years we were working on the NMstate project to provide you with a Declarative Network API, allowing you to manage host networking in a declarative manner.

In 2025 we are coming back with brand new features. Based on the feedback, we focused on air-gapped and big clusters – think hundreds of nodes with hundreds of VLANs each. We also happily married K8s and KubeVirt – no matter what your workload is, containers or VMs, NMstate is there for you.

Not only a project update – we will also show you how the Kubernetes cluster with NMState Operator manages networking on the nodes it deploys. It may sound like a chicken and egg situation, but trust us, it is not. Last but not least, we show how it protects itself from applying destructive network changes potentially taking your cluster down.

Join us and discover what’s new in the world of complex network topologies.

The LLVM compiler infrastructure uses a range of resources for testing various project components, including Buildbots, Buildkite, and GitHub Actions. However, the diversity of these technologies can be confusing, particularly for new maintainers. I personally found it challenging to understand. The introduction of the new CI/CD admin role and the discussions in the RFC are promising developments that should help clarify these complexities.

AMD ROCm™ is based on the LLVM project, which is why AMD is deeply invested in supporting its development. This includes providing resources to test the AMDGPU code generation backend and various GPU offloading programming models. Consequently, AMD maintains a range of upstream buildbots for this purpose.

In this presentation, I discuss the motivation and objectives behind the AMD ROCm™ compiler buildbots and related initiatives. I share my two-year journey, which began with inheriting a single buildbot, then another, and eventually maintaining multiple machines and bot configurations. I delve into the technical challenges I encountered and the solutions I implemented. I also touch on non-technical issues from my perspective and how they were resolved by both me and the community. The presentation concludes with a forward-looking perspective on potential additions to the upstream test infrastructure to address existing blind spots from our point of view.

Necturus is a free and open-source tool for visualizing the connection between handwritten manuscript images and their machine-readable transcriptions. While platforms like Transkribus and eScriptorium excel at generating text from handwritten material, they leave visualization to the side—Transkribus hides its solution behind a paywall, and eScriptorium offers none at all. Yet, for many research endeavors, the line-by-line relationship between text and image remains critical, as seen in projects like the Beckett Digital Manuscript Project and the Joyce Letters Project.

Designed as a lightweight, embeddable React component, Necturus makes it easy for libraries, archives, and researchers to present manuscript images alongside their transcriptions in an interactive and accessible format. A plug-and-play template allows deployment via GitHub Pages with no coding required, while a full version supports scalable, customizable setups for larger projects. By emphasizing both transcription and the manuscript as objects of study, Necturus offers a practical solution for those who value visualization in the process of, as Transkribus puts it, “unlocking the past”.

Project Repositories: Necturus, Necturus Compact

Asfaload aims to secure internet downloads by ensuring the integrity and authenticity of downloaded files. With attacks on the software supply chain becoming more common and more sophisticated, an effective and simple to use solution has to be found for both the developers and their users. All our published software is under the AGPLv3 or MPLv2, and allows for a self-hosted deployment.

The first building block of our solution is a mirror of checksums files, which helps detect modification of released files but is of no help in case of account compromise. That's why we are also working on an upcoming blockchain-based multi-user multi-factor signature scheme, though users will not be directly exposed to the blockchain. For end users, we develop a CLI downloader tool with its accompanying library at asfald. As for software developers, publishing a checksum file (with sha256sum or sha512sum) is sufficient to integrate with Asfaload. In this talk we will present the problem we are addressing, why it is important, how we are addressing it and what simple steps project authors can take to increase the security of their users.

For decades, ODBC/JDBC have been the standard for row-oriented database access. However, modern OLAP systems tend instead to be column-oriented for performance - leading to significant conversion costs when requesting data from database systems. This is where Arrow Database Connectivity comes in!

ADBC is similar to ODBC/JDBC in that it defines a single API which is implemented by drivers to provide access to different databases. The difference being that ADBC's API is defined in terms of the Apache Arrow in-memory columnar format. Applications can code to this standard API much like they would for ODBC or JDBC, but fetch result sets in the Arrow format, avoiding transposition and conversion costs if possible..

This talk will cover goals, use-cases, and examples of using ADBC to communicate with different Data APIs (such as Snowflake, Flight SQL or postgres) with Arrow Native in-memory data.

A presentation about the challenges of tracking and analysis COOL UI / UX commands.

The Server Base Boot Requirements (SBBR) by ARM requires UEFI and ACPI support on AArch64 platforms.

While UEFI is already natively supported by U-Boot, ACPI support on ARM64 was only recently added. A first patch series added basic support for booting Linux on QEMU's sbsa-ref machine, which doesn't provide a device-tree to the OS, but ACPI tables only. This is opening the path for U-Boot booting recent ARM server platforms using the SBBR specification.

The session gives an overview how ACPI tables are generated by U-Boot drivers. The challenges of integrating the ACPI subsystem with U-Boot's infrastructure on ARM64 are described and an outlook is provided.

Questions this talk should answer: - How does the ACPI driver model work? - How does this integrate with U-Boot? - What to expect next in U-Boot's ACPI implementation?

Zynq 7000 SoCs are popular devices widely used in embedded scenarios when both CPU power and flexible logic are required. However, the ARM (processing system, PS) + FPGA (programmable logic, PL) combo makes developments reply on an even heavier set of propriety toolchains.

In this talk, I'll introduce the recently developed GenZ, a free software BSP generator for the Zynq 7000 PS register configuration. Together with OpenXC7, the free and open source FPGA toolchain for Xilinx 7-series chips, and a enlarging amount of open-source IP cores, development on Zynq 7000 SoCs can be done without a single piece of propriety tool.

The speed and ease of GenZ + OpenXC7 will be demonstrated on site with an ARM laptop and Zynq boards.

Murena team developed a new launcher for /e/OS, based on Launcher3. In this talk, we will introduce this AOSP key component, and how it is possible to use it as a base for your own Android Launcher project.

https://gitlab.e.foundation/e/os/BlissLauncher3

One of the reasons why Go is easy to learn is due to the interactive examples all through the documentation, we wanted to emulate this success. Six months later, we now manage 26 sandbox tutorials and totalled over 9,800 unique instances. They transformed our documentation by letting users run commands, deploy sample projects, and see real-world use cases come alive.

Scaling the concept to support over 10 products brought unique challenges for us. How could we streamline the creation of new sandbox tutorials? How could we maintain a single source of truth between our sandboxes and evolving documentation?

In this session, we’ll dive into: *What an interactive sandbox is and how it enhances developer experiences * How we created an open-source tool to automatically synchronize our documentation and sandboxes via CI/CD pipelines

This talk will help you get started integrating interactive sandboxes into your documentation and arm you with the tools you need to scale them effectively!

Mushroom is a project for securely running Linux workloads in attestable, integrity-protected environments with a minimalistic TCB. Mushroom depends on TEEs to provide integrity guarantees for data in use. It was initially developed for AMD SEV-SNP, but it recently gained support for running on Intel TDX as well. This talk will explore some of the required changes and discuss how the differences between AMD SEV-SNP and Intel TDX informed some of the design decisions.

From out daily experience as Linux Mail Security Consultants, we see different groups of infrastructures like universities and government authorities getting similar spam and threats. We have implemented automated ways to share this information among these clusters. We will introduce the techniques used in our Rspamd implementations and we will point at some pitfalls that should be avoided. We also like to talk about our experience with pre-queue deep threat second stage security analysis like sandboxing.

In a world where security training often feels like a mundane chore, discover the refreshing impact of gamification and turn learning into an enjoyable experience. Embark on an insightful journey as we unveil the success story of gh.io/secure-code-game, an open-source game hosted on GitHub Skills, that attracted over 5,000 developers within its first year.

This session will provide you with an exclusive behind-the-scenes perspective, offering valuable insights and practical strategies to revolutionize various aspects of security training for your benefit. We’ll explore a case study from a tech startup that observed, among the developers who played the game, an increased sense of ownership for code security, improved communication with security teams, and a strong willingness to embrace further security training.

gRPC is a popular RPC framework and go has a quite performant gRPC implementation. However, the performance can still be significantly increased by changing the default setup and by using the library in a way that reduces memory allocations.

This talk will also show how to use the excellent go tooling to profile and benchmark some code.

Native Memory Tracking (NMT) has supported diagnosing memory issues in Hotspot for over a decade. Yet, much of the native memory allocated cannot be accounted for using NMT, as it is not only Hotspot but core libraries, JNI and FFM which may perform native allocations. Clearly, NMT must extend itself if it intends to remain a useful tool.

In this talk, I will present a design for extending NMT to core libraries and a possible future extension to FFM. External APIs will be shown in the context of porting small portions of the core libraries. Internal design details, including data structure design, will likewise be presented and its trade offs discussed. Finally, possible ways of bringing NMT and the new Foreign Function & Memory API will be presented.

Incus is a next-generation manager for system containers, application containers, and virtual machines, forked from Canonical's LXD in August 2023.

This presentation explores the evolution of LXD/Incus, with a focus on clustering and its capabilities for natively managing both stateless and stateful workloads.

Drawing on real-world experience as a system architect at a cloud provider using LXD/Incus since 2016, we will examine the technologies underpinning Incus, including OVN-based networking and flexible storage configurations. The session will also showcase the key commands and workflows for building and managing an Incus cluster, with practical examples to highlight best practices.

This session is intended for system administrators, DevOps engineers, and container enthusiasts seeking to enhance their understanding of Incus and its role within the modern container ecosystem.

After fuzzing databases for the last 3 years, I learned that simple design decisions on a fuzzer impact on the issues it can ever find. In this talk I would to address some of those decisions. As an example, I would to discuss about the design of BuzzHouse, a new database fuzzer to test ClickHouse.

You, Eleanor Shellstrop, are dead. You are in cardiac arrest. Your heart has stopped beating, you have stopped breathing, and medically speaking you have died. Not a great start to your day! But worry not: someone has called emergency services. This is the story of that call — and how open geospatial information just might help save your life.

This talk, presented by the CAD & Technical Lead at the London Ambulance Service, will discuss how we use open data to locate patients, how your phone sends live geospatial information to our control room, and the other open (and some not-open) data that our emergency medical service uses to save lives across London every day.

Expect high-level conversations about medical emergencies, but this talk is suitable for all ages.

Collabora Online is an online document editor based on LibreOffice, but there's also both an Android and an iOS Collabora Office app based on the same technology - LibreOffice Kit. Have you ever wondered how it works?

In this talk, I'll give a high-level overview of the architecture of the Collabora Office mobile app. Along the way, I'll discuss how it's similar but different to the Collabora Online server, and what limitations on the mobile platform (for example a lack of availability of clipboard web APIs) pushed us to write in the way that we have.

NixOps used to be the only Nix-native deployment and provisioning tool, but it failed. NixOps4 is a complete redesign of the tool, taking lessons from NixOps, taking inspiration from Terraform, and borrowing its providers. In doing so, it creates a unified deployment platform, architecturally similar to how Nix is a platform for unified builds. It allows you to combine configurations freely with the Nix language and build system, and it makes it easy to "extend" the tool.

In this presentation, we'll have a look at the concepts that make up NixOps4, as well as its integration into the Fediversity project, which aims to enable hosting providers to let their customers deploy applications such as Mastodon, PeerTube and Pixelfed, fully automatically - running NixOps4 "unattended" in production.

My name is David Berman. I am an electrician by trade, not a programmer by profession, but I have ventured into the world of programming out of necessity and conviction. My journey into this realm has been fueled by a desire to challenge the prevailing norms of an industry heavily skewed toward proprietary, enterprise-oriented solutions. Specifically, I have worked to advocate for open-source, cost-effective methods to control city streetlights and other industrial control systems traditionally dominated by expensive and exclusive technologies.

During my talk I would like to share my newest project, Gungnir: https://github.com/davidjrb/gungnir

This journey has been far from easy. The resistance to change in this space is significant, and the challenges are both technical and cultural. One of the key barriers is the entrenched power of profit-driven opponents, including corporate lobbyists and those with vested interests in maintaining the status quo. These forces often stifle innovation and prevent the adoption of solutions that could benefit society as a whole by reducing costs and fostering collaboration.

Another challenge comes from within the very community I advocate for. Despite the immense potential of open-source solutions, there is a tendency among many non-programmers—particularly those in traditional trades or management roles—to dismiss these solutions out of hand. This is often due to a lack of familiarity with the technology or misconceptions about its reliability and scalability. Bridging this gap requires not only technical expertise but also the ability to communicate the value and viability of open-source approaches in terms that resonate with a broader audience.

In my talk, I aim to explore these challenges in depth, sharing insights from my own experience as a non-programmer navigating a highly technical field. I will discuss the hurdles faced by the open-source community when advocating for transparency, collaboration, and cost-efficiency in an industry often resistant to such ideals. I will also highlight strategies to foster greater acceptance and collaboration between open-source advocates and those unfamiliar with or skeptical of these technologies.

Ultimately, my goal is to spark a dialogue about how we, as a community, can better advocate for open-source solutions in industrial and civic systems, ensuring that they are not only adopted but also embraced as a viable and beneficial alternative to proprietary models. By sharing stories, challenges, and strategies, I hope to inspire others—whether programmers, non-programmers, or industry professionals—to join this important movement.

Thank you for having me.

I look forward to seeing you all 14:00, Saturday, 1. February in Baudoux - UB5.230

Most software build systems, following the tradition of make, refer to artifacts by an assigned location on the file system. However, when developing software, one is usually more interested in the contents of the file than its location. So why not take the definition itself as key? Similarly, when building typical complex targets, like libraries, additional information has to be considered when using them, e.g., transitive dependencies when linking. So why not make that part of the data of the analyzed library? In this way, we obtain definitions that are independent of their origin and hence can meaningfully be cached. This high-level caching allows a seamless transition between fine-granular building and traditional package building (obtaining all artifacts by a single lookup). As an additional benefit, when using remote build execution, it is enough to have the sources of the project you're working on, while still having the benefits of a bootstrapped build.

All those concepts are implemented in the open-source build system justbuild, available, at https://github.com/just-buildsystem/justbuild

Profile-Guided Optimization (PGO) is a well-known compiler optimization technique that brings runtime statistics about how an application is executed to the Ahead-of-Time (AoT) compilation model. However, this technique is not widely used nowadays.

In this talk, I want to discuss with a wider audience typical issues that I met with PGO implementation in LLVM-based compilers (like Clang and Rustc). During my work on the Awesome PGO project, I gathered a lot of interesting data points and insights about current PGO issues in the ecosystem (mostly with LLVM-based tools since I prefer using LLVM), and discussed many issues with different stakeholders like end-users, maintainers, and application developers. We will talk about:

• PGO documentation issues across compilers
• Different PGO integration states across LLVM-based compilers
• PGO awareness across the industry
• Strengths and weaknesses of different PGO modes for different use cases in real-world
• Top blockers for PGO adoption
• And many other things!

I believe that after the talk more people will be aware of PGO, aware of usual PGO blockers with LLVM, and know more about how to avoid these limitations in practice.

Target audience: LLVM users (especially LLVM-based compiler engineers and LLVM adopters)

We will close the devroom with lightning talks that will serve as a great conversation starter during the lunch break.