In late 2023, the Libre Space Foundation asked my company to develop an Open Source photometer—a device designed to help astronomers measure and understand sky quality. The goal was to create a community-friendly tool accessible to enthusiasts and professionals alike, with an ambitious vision of building a global, crowdsourced network of photometers. While the network is a story for another time, this talk focuses on the journey of designing and deploying the device itself.

After writing down the requirements, we realized that the architecture—comprising I2C sensors, a microcontroller, and WiFi connectivity—was relatively straightforward. This simplicity gave us the opportunity to explore new technologies. In particular, could we use Rust to build a robust, unattended, battery-powered device?

Fast forward to today: we have manufactured several hundred units and are collaborating with the Instituto de Astrofísica de Canarias, a leading research institute, to rigorously test the devices under challenging conditions. In this session, we’ll share the lessons learned during development, the hurdles we overcame, and how Rust has since become an integral part of our workflow.

In the eyes of a site editor or administrator, web content management systems haven’t really changed much in 20 years. They all seem so similar to each other and cover the same distance as to be wholly generic. If there’s innovation in CMSes, it seems to be more about architecture, marketing, SEO and templates and less about customizations, new ideas and administrator delight. The players haven’t changed much over the years, and the newer players seem mostly focused on monetization through scale and commerce.

What can we do as a community to rethink the humble web CMS and open new pathways and ideas that could make a web CMS exciting again? This talk hopes to open more questions than answers, drawing on my 25 years of experience working with and building CMSes, and will cover some potential ways to move the industry forward through collaboration, CMS data interoperability and collective innovation.

In April 2024 Delta Chat introduced "instant onboarding" using chatmail servers leading to several 10K new users-per-day surges in geographies like Somalia, Russia, Mexico, Cuba and the US. There are currently 1-2 new chatmail servers per month and in 2025 we want to cover more of the planet, and will dicuss our plans for "zero-metadata" operations.

Mattermost is an open-source collaboration platform that uses PostgreSQL for its database. As a developer heavily involved with Mattermost, I constantly explore new technologies. Recently, I came across YugabyteDB and decided to test it as a replacement for PostgreSQL. In this tech talk, I will share my previous experience with another distributed database and how it compares with my experience with YugabyteDB. Also, I will share the results of running load tests on Yugabyte and how it compares to regular Postgres.

In an era dominated by centralized platforms and algorithm-driven content, the open web's foundational principles of diversity and user autonomy have been overshadowed. John O'Nolan, founder and CEO of Ghost.org, will explore how Ghost is integrating ActivityPub to reconnect with the open web's ethos. This session will delve into the motivations behind adopting ActivityPub, the technical journey of embedding it into Ghost, and the anticipated impact on publishers and readers. Attendees will gain insights into the challenges and triumphs of this integration and understand Ghost sees the evolution of independent media and networked publishing.

Key Takeaways:

• Understanding the significance of ActivityPub in journalism and publishing
• Insights into Ghost's strategic and technical approach in integrating ActivityPub.
• The anticipated benefits for publishers and readers within the Fediverse.
• A vision for the future of open, interconnected web platforms.

In the evolving landscape of software development, ensuring the integrity of build artifacts like container images is crucial. GitHub Artifact Attestations is an artifact signing solution and PKI built on open source software like TUF and Sigstore. In this talk, I'll discuss and demonstrate how to use Artifact Attestations to generate signed SLSA attestations, and verifying their origin and authenticity. By the end of this session, you'll have a good understanding of how open source tools like Sigstore, in-toto, SLSA and TUF can collectively strengthen the security of the software supply chain.

GraalVM Native Image is a popular tool for building standalone executables from Java applications. It is able to generate executables with fast startup time and low memory footprint through the use of a closed world assumption, constraints on dynamism, and many traditional compiler optimizations.

Unfortunately, Native Image's many advanced features can make its build process inscrutable to an inexperienced developer. It is hard to decipher how its many internal components (e.g. analysis, compiler phases, plugins, intrinsics, features, singletons, substitutions, etc.) work in concert and what assumptions must not be violated.

In this talk I will attempt to help make sense of the Native Image build process. I will first describe what components exist and how they interact with each other. Next, I will walk through a native image build and highlight key phases of the process. Finally, I will provide some practical tips to follow when trying to learn more about specific functionality within Native Image.

TuxWrangler is a framework designed to simplify the creation and management sets of containers, focusing on automation, scalability, and flexibility. Unlike Packer, which excels at building single "golden images" for immutable infrastructure, TuxWrangler is tailored for environments requiring multiple lightweight, highly-configured images, such as GEICO's. It automates dependency updates by dynamically fetching and locking versions from container repositories, reducing manual effort and ensuring consistency. With its centralized configuration management and integration with CI/CD pipelines, TuxWrangler streamlines complex workflows, automates testing, and publishes validated images efficiently.

TuxWrangler addresses use cases requiring dynamic updates and multiple image variations without duplicated build logic. Its ability to manage dependencies dynamically, scale configurations efficiently, and integrate seamlessly with DevOps ecosystems makes it ideal for modern, fast-paced environments.

We will present a demo of TuxWrangler, which is currently being used by us to solve our engineering needs. We will focus on its ability to simplify multi-image builds, automate dependency management, and integrate seamlessly with existing workflows. We would like to receive feedback from the community regarding its future iterations, ensuring TuxBake remains a valuable tool for evolving infrastructure needs.

At DigitalOcean's internal platform team, we use a tool called docc to make deploying apps easier for our teams. It’s designed to hide the complexity of Kubernetes so teams can focus on getting their apps running without needing to understand Kubernetes itself.

When we deploy updates to applications, we usually use a simple method where old versions are replaced with new ones, one by one, over a short time. This works fine most of the time, but if the new version has bugs—causing slower performance or errors for users—this method doesn’t have a built-in way to catch those problems early or quickly switch back to the previous version.

To solve this, we’ve added safer deployment strategies like canary and A/B testing. These allow us to release updates more cautiously by directing only a small percentage of user traffic to the new version first. If everything looks good, we slowly increase the traffic. If not, we can automatically roll back quickly.

We achieved this by using tools like the Kubernetes Gateway API, Envoy proxy, and Istio to manage and control how traffic flows between different versions of an app. These tools work together to create a "service mesh," which helps us balance traffic and make deployment smoother and safer.

In this talk, we’ll share what we learned while setting this up and how it’s helping us ensure more reliable application updates at DigitalOcean.

FreeBSD is one of the most popular platforms to run syslog-ng. Recently, I was approached if we could add a FreeBSD audit source driver to syslog-ng. While developing a new C-based driver is not something we could do in the short term, thankfully, using the program() source of syslog-ng still allowed us to create a new source in just a few hours, including its documentation. From this talk, you can learn how the freebsd-audit() source was created and how you can also easily develop similar sources yourself. A few more FreeBSD specific developments will also be mentioned.

The "Do No Harm" principle, well-established in fields like medical research, healthcare, and humanitarian aid, has significant potential to improve the quality and reduce the negative effects of open research practices and technology.

As open research/science practices become a norm across different disciplines, it is important to identify, improve awareness of, and reduce its known or unintended negative impacts on people and their communities. While efforts like ethical source licenses (like the Do No Harm and Hippocratic License) are yet to become an acceptable legal pathway to enforcing responsible practices in open source, more general adoption and use of the "Do No Harm" will help account for societal and environmental implications of research and technology.

In this talk, I will introduce a “do no harm” framework to identify risks and develop actionable plans to mitigate the negative impacts of open research practices and technology. This framework examines the development and deployment of technology across four critical areas: the actors involved or affected, the dynamics and relationships within impacted communities, the economic realities faced by researchers, and environmental impact. Additionally, I will highlight practical methods for addressing the potential negative consequences of our work.

This session is designed for anyone involved in open source/science, including researchers, designers, contributors, developers, maintainers, and community members who seek to better understand and navigate the ethical challenges of open research and technology. Attendees will gain insights into global disparities in technology and explore how they can share responsibility to ensure their work promotes more equitable benefits by combining open practices with the do-no-harm principle.

A quick introduction to postmarketOS (Linux Mobile distro based on Alpine that has been ported to lots of devices by now!), as well as an overview of cool things we did throughout the last year or so. Also what we are up to :>

Source code: https://postmarketos.org/source-code/

Introduced in kernel v6.7, the Netkit device is an eBPF-programmable network device designed with containers in mind. In this talk, I will go over the the basics of the Netkit device, and discuss the performance gains we have realized and challenges we faced when rolling out Netkit across millions of containers at Meta.

Open-source projects used in this talk: Linux Kernel. View the netkit driver source code here.

A short story about why & how Omniconvert migrated from MongoDB to TiDB, with no downtime, for an application serving 15-20k requests per minute. We will discuss the challenges that prompted the migration, why we chose TiDB, overview stress testing & performance evaluation of the application running on TiDB, as well as walk through the steps of the migration. And of course, highlight some lessons learned and the end-user perceived improvements.

Alice will present Gapfruit's design of trusted boot in combination with a microkernel operating system built with the Genode OS framework on an i.MX8MP SoC. This presentation will cover the various building blocks involved, including TPM, u-boot, libraries, and supporting tools. It will also explore how these components integrate within a microkernel environment and the trade-offs we have faced.

The object-capability security paradigm (ocaps) is a conceptually simple, efficient model for collaboration in mutually-suspicious contexts. Spritely is exploring concepts and building solutions in this space to solve real-world problems while encouraging the wider adoption of ocaps, including by working alongside other ocaps organizations and projects to define a standard protocol for intercommunication between ocaps systems. This talk will explain what ocaps is and why you should use it.

Our current model of collaboration is broken. Rather than basing our systems on granting consent, we base them on revoking authority. Ocaps inverts this model with its "if you don't have it, you can't use it" approach, facilitated by restricted means of exchanging authority. Meanwhile, the Object Capability Network protocol (OCapN) abstracts away transport mechanisms between objects while creating a security barrier with minimal overhead. Altogether, this ocaps ecosystem enables secure collaboration in mutually-suspicious contexts by emphasizing and enforcing a consent-based approach to information and authority exchange. Spritely is pioneering new tooling for ocaps with its Goblins library, which also serves as a model for other implementations; and has plans for solutions to problems like distributed storage, identity management, and even social networking.

Writing a Just-In-Time (JIT) compiler is a complex task. For that reason, libraries like libgccjit were developed to ease the process; but most often than not, JIT compilers are written from scratch, and only target one or two architectures.

In this talk I am going to present GNU Lightning, a cross-platform library that can be used to generate machine code at run-time. I will present its strengths and weaknesses, how to use it, and why I decided to use it in my JIT compiler project.

Until a few months ago, the only working approach for connecting realtime AI agents to WebRTC streams and phone calls was to use lengthy pipelines of speech to text, agent orchestration, and text to speech, often using multiple machine learning models from commercial vendors. That has changed with new realtime speech to speech models, most famously the (closed) OpenAI advanced voice, but what are the open source ways to build these kind of systems? This talk walks through my experience with using 4 different projects to build functional systems which can use open source (open weights) models at their core. We will talk about how we have integrated Jambonz, Livekit, and Ultravox (Fixie.AI) within our Aplisay framework and what this allows us to do.

Social and Solidarity Economy (SSE) refers to a wide range of economic activities that aim to prioritize social profitability instead of purely financial profits. SSE organizations act guided by values ​​such as equity, solidarity, sustainability, participation, inclusion and commitment to the community, and are also promoters of social change.

There is a great diversity of entities in the Social and Solidarity Economy. Different types of activity, different sizes of the entity, different maturity of the IT teams, different quantity and quality of data, medium budgets, low budgets, etc. The SSE, like the rest of the companies, must also make decisions based on data.

Normally the budget of the entities of the SSE is reduced, for this reason, we must facilitate intercooperation to minimize costs without reducing functionalities. The architecture must also be adaptable to future changes within the same entity, without having to make major migrations or lose the work already done. And, of course, Social and Solidarity Economy 💓 Feee Software

We will set up a Business Intelligence architecture by exploring free software tools such as PostgresSQL, DBT, Airflow, Zulip, Superset, etc. to adapt to the needs of the SSE, and Ansible to facilitate replicability and inter-cooperation.

Replication is a cornerstone of modern database systems, enabling high availability, scalability, and seamless data transfer across environments.

In this talk, we’ll delve into the replication capabilities of TiDB and explore how they address real-world database challenges at Bolt, the fast-growing Estonian-based mobility company.

We’ll begin with an introduction to TiDB Data Migration (DM), which facilitates MySQL-to-TiDB replication. Through practical examples, we’ll demonstrate its role in migrating MySQL workloads to TiDB, including shard consolidation.

Next, we’ll highlight TiCDC (TiDB Change Data Capture), a powerful tool for real-time data streaming. We’ll explain how TiCDC captures changes in TiDB and replicates them to downstream systems such as TiDB, MySQL, Apache Kafka, and other services. Use cases include easily reversible TiDB version upgrades, cross-region high availability with standby TiDB clusters, and real-time Change Data Capture into Kafka.

Throughout the talk, we’ll share practical tips and scenarios, including simplifying database migrations, minimiing downtime during upgrades, and ensuring data integrity in complex workflows.

Whether you’re migrating from MySQL to TiDB, upgrading TiDB clusters, or building cross-region high availability environments, this talk will equip you with the knowledge and strategies to leverage replication as a powerful tool in your database operations.