Being able to receive weather and public emergency warnings can save lives, and we don't want people using FOSS to be at a disadvantage compared to proprietary platforms when it comes to that.

Cell broadcast covers some of this, but it's only part of the puzzle. It's typically only used for the most severe and urgent cases, is limited in the amount of data it can transmit, and doesn't allow monitoring of other areas. Public alerting is, therefore, often augmented by additional channels, including mobile apps. Despite being funded by public money, those are usually limited to proprietary platforms. So, as usual, we have to build this ourselves.

The foundation for this is OASIS' Common Alerting Protocol (CAP), which has been in widespread use for many years all over the world, and UnifiedPush as a free alternative for proprietary push notifications. On top of that, we currently have an aggregation server for alerts from about 100 countries, which notifies clients about incidents in their respective areas of interest.

In this talk, we'll show how this works and how alerts can be integrated into applications.

age-plugin-se allows you to protect arbitrary files with your Apple Secure Enclave. This plugin for age (a simple, modern and secure file encryption tool) is written entirely in Swift, and works on macOS, Linux, and Windows.

In this talk, I will show age-plugin-se in action, and touch on the steps taken to make it robust, simple, and distributable on multiple platforms (including Alpine Linux), all while keeping the dependencies (including tools) to a minimum.

Active Directory-like deployments rely heavily on working DNS infrastructure. FreeIPA project handles this by providing an integrated DNS server based on Bind 9. Samba Active Directory also uses Bind 9, although in a different style. While both are capable to use an external DNS server infrastructure, ability to kickstart a whole enterprise environment from scratch with an integrated DNS server is valuable to administrators, as practice does show.

The talk will reflect on FreeIPA and Samba teams' experience on DNS requirements these Kerberos-dependent and certificate-heavy environments do have.

Two years ago at FOSDEM, I gave a talk titled “How Podcasting 2.0 Will Save the Open Internet”. I’ll be honest—it was partly a bluff. But it turns out I was right. Today, we are here to celebrate the victory of open standards in podcasting.

Podcasting 2.0, launched in 2020 to revitalize a stagnant ecosystem, introduced innovations like transcripts, funding tags, and social interaction features. These weren’t just tools; they empowered creators, listeners, and developers while keeping podcasting open and decentralized.

In a surprising turn, even Apple—long resistant to adopting anything "not invented here"—embraced the Podcasting 2.0 DTD specification in April 2024, bringing transcription features to its platform.

This was a milestone for open standards and open source. Transcriptions improve accessibility for millions, while also boosting SEO, content discoverability, and personalized recommendations. Through Castopod—one of the first platforms to implement Podcasting 2.0 features.

A grassroots, open-source movement is reshaping an entire industry.

But this victory is just the beginning. Together, let us explore how the lessons of Podcasting 2.0 can be applied to other areas, ensuring that technology remains open, accessible, and collaborative.

Sources: - Castopod source code - Podcasting 2.0 Namespace - How Podcasting 2.0 will save the Open Internet (FOSDEM 2023)

Rewrite it in Rust has been a theme (and meme) for almost as long as Rust exists. But what actually makes a rewrite work? At first glance you would think that just making a memory safe implementation of a protocol, library or program should be enough. But in practice there are many factors that make an implementation work.

Our work on, among others, ntpd-rs, zlib-rs and sudo-rs gave us some insight into that. Both from outside the Rust community: How to identify projects that could benefit from a rewrite? What do you need to do to get your Rust project accepted in a wider community? How do you get your project known? How do I get my project distributed? But also from inside the Rust community: Which crates do can I use as dependencies? What if my preferred crate name is already in use? Should I publish on crates.io? Do I offer a Rust interface for my crate?

The now infamous quote:

“Webassembly on the server is the future of computing” – Solemn Hykes, creator of Docker

But really, what would it take? I'm talking about FULL feature parity. This talk will go deep into how we looked at and attempted to solve every single piece of this very large problem.

While containers have been pivotal in cloud computing, offering isolated environments for applications, they bring notable drawbacks. These include substantial overhead, resulting in larger, less efficient deployments and startup times, and a dependency on the underlying OS for security, posing potential vulnerabilities.

WebAssembly (Wasm) addresses these challenges, and this talk will introduce the open-source project Boxer (https://boxer.dev), which offers tooling for taking existing containerized workloads and definitions, and creating near-universally deployable Wasm distributions (“Boxes”) offering roughly the same environment, with all the benefits of the WebAssembly target. Wasm, a compact binary instruction format, enables lightweight, sandboxed execution, significantly reducing overhead compared to traditional containers. This leads to enhanced performance and smaller, more efficient deployments, ideal for cloud computing. Additionally, Wasm's memory-safe, isolated execution environment provides superior security, independent of the OS. Thus, Wasm, with its blend of efficiency and security, emerges as not just an alternative, but a substantial improvement over container technology for cloud deployments.

Marcotte (https://github.com/dphilla/marcotte) -- the underlying tool for virtualizing layers of system functionality -- allows us to make safe, sandboxed, discrete, and composable system functionality, by leveraging Rust's memory safety model, and the inherent properties of WebAssembly.

This talk will critically examine this new technology, its approach, benefits, and existing limitations compared with containers, and its path forward as a new standard in cloud infrastructure.

pkgsrc, the NetBSD package collection, includes the pbulk tool to build all (or a subset of) packages. Bulk build reports are an invaluable resource for pkgsrc developers to find build breakage and its causes.

Since 2014, I have maintained a web app called Bulk Tracker (written in Go) to visualize bulk build results along different dimensions such as package name, platform and compiler. Originally written as a "serverless" App Engine application, it has recently been completely rewritten to run natively on NetBSD, on a server owned by the project.

This talk will show how bulk build data is useful and some typical use cases the app supports. It will also be about the journey out of the cloud and from a document datastore to SQLite.

https://releng.NetBSD.org/bulktracker/

A common first step to adding full code-generation functionality for a new instruction, or set of instructions is to add them to the back-end as a builtin function. This is particularly common with RISC-V where custom ISA extensions are common place.

In this tutorial I will take you through the steps to add a builtin-function to the back-end, using a case study from the OpenHW CV32E4Pv2 RISC-V core. This has 8 ISA extensions, with a total of more than 300 instructions.

I will conclude by looking at some of the things we got wrong. In particular unexpected consequences when the new compiler started being used more widely.

In this talk, we'll explore the lifecycle of data at CERN, the European Organization for Nuclear Physics, starting at particle collisions ultimately leading to physics research. The bulk of the data from the physics programme at CERN is stored in an open source storage system developed at CERN, EOS - EOS Open Storage.

We'll delve into technical & architectural details on EOS and cover how it solves the problem of large scale storage for scientific data and analysis use cases. EOS supports FUSE, HTTP & GRPC as access protocols. EOS is used also outside of physics use cases, for eg. powering CERNBOX, a cloud storage for CERN users, at JRC, for analytics etc and may power your next large scale storage needs!

We have built a low latency 5g Video camera for race cars using linux and WebRTC.

We use RTCP (RTP's companion protocol) to help cope with the variability in quality and bandwidth of a 5g connection.

The talk will describe the problems we encountered, how we used data from RTCP to solve them. We will present experimental data from tests run with and without RTCP at varying speeds (30->160km/h).

We will also describe the opensource java (S)RTP/RTCP library we developed and used for this work https://github.com/steely-glint/srtplight as well as an LGPL demo program that uses srtplight implement the WebRTC based WHIP protocol (https://github.com/pipe/whipi)

Swift is a relatively new language in the server world but provides a significant number of benefits that makes it ideal for building applications for servers. In this session you’ll see how Swift's tenets of Safety, Performance, Ease of Use using modern features along with a goal of making it an ideal language for anywhere in the stack make it the perfect language for backend development.

We’ll take a short tour of the language and see how easy it is to write clear, maintainable safe code that scales for large asynchronous applications. We'll discuss the language features that eliminate entire classes of common programming errors and see the capabilities that enable Swift to run on embedded devices, Lambda functions, WASM environments, and Docker containers. Finally we’ll discuss Swift’s interoperability with other languages such as C, C++ and Java that make it easy to migrate codebases to Swift.

Over time the web has become more reliant on JavaScript… but we've very little information on how its growth is affecting our visitors' experience.

Some believe JavaScript is the only way to build the modern web and dismiss the performance concerns, while others hold opposing views.

Wouldn't it be great if we had data on how scripts actually perform in our visitor's browsers – when they delay loading, cause jankiness and slowdown interactions, and perhaps more importantly which scripts are responsible?

After all, if we can't measure it, how can we improve it?

The W3C Long Tasks API was a first attempt at providing this data but it only helped us to understand when the Main Thread was busy and couldn't answer the question of why it was busy.

The W3C Long Animation Frames (LoAF) API aims to overcome the weaknesses of the Long Tasks API and provides both information on when there were long frames during rendering the process, and where possible, details on what Main Thread activity caused the long frame.

In this talk we'll explore:

• What data the API provides and how it relates to the Main Thread activity we see when profiling pages using Chrome DevTools

• How we can use this data to get a better understanding of our visitors experience in the wild and identify scripts that are having a harmful impact on our visitors experience

• What data the API doesn't currently provide and how some of these gaps might be filled in the future

At the end of this talk you'll have a good understanding of the Long Animation Frames API and how to use the data to identify scripts that need improvement.

In January 2018, inspired by similar initiatives, a group of enthusiastic researchers at the Research Institute for Nature and Forest (INBO) launched a coding club. The INBO coding club was, is, and will continue to be a welcoming space for anyone interested in learning more about programming and data analysis, with a particular focus on ecological and environmental topics.

Our goal has always been to foster an environment of collaborative experimentation, where participants share code, learn from one another, and grow together—regardless of their level of experience. Everyone is encouraged to contribute, express their ideas freely, and engage as equals. We firmly believe that learning is a mutual process, independent of expertise levels, and that doing it together is not only more effective but also more enjoyable.

More than seven years—and a pandemic—later, the INBO R Coding Club remains vibrant and thriving. We are excited to share the strategies that have helped sustain this initiative, transforming initial enthusiasm into a widely recognized and enduring effort both within and beyond INBO.

Key lessons learned include: Learn together: Create a supportive space where every question is valued, and mistakes are celebrated as opportunities for growth. As live as possible, as remote as necessary: Live coding in the same room is far more engaging and effective than remote sessions. Community-driven evolution: The club should always prioritize the needs of its community, with feedback playing a central role in shaping its activities. Dedication: A committed core team is essential for the consistent and sustainable organization of club activities. Full openness: All session materials—including slides, code, and recordings—are freely available to everyone.

Many views about antitrust abound in the FOSS communities, but what do the laws actually say? We've invited Alana Rutherford, an accomplished United States antitrust lawyer to answer our questions about how these laws actually work.

Between 2009 and 2015, Samsung released over 30 WiFi-equipped compact and mirrorless camera models that could email photos or upload them to social media. In 2021, they shut down the required API services, crippling the WiFi functionality.

To revive the WiFi feature, the firmware of multiple camera models was reverse-engineered to understand the protocol and to “circumvent” the WiFi hotspot detection implemented by Samsung.

Based on the gained knowledge, a FOSS implementation of the API was created using the Python Flask framework, allowing to post to Mastodon right from the camera. The project supports ~75% of the camera models, looking for hardware donations and better-skilled reverse engineers to close the gap.

It was exemplarily deployed on an inexpensive LTE modem running Debian, allowing on-the-go use of the camera WiFi.

Real-time editing offers users many advantages, editing conflicts are reduced, writing minutes before and during the meeting is much more effective, and much more. However, the fact that real-time editing is now a standard requirement for a modern visual editor is primarily due to the fact that user expectations have changed with Google Docs and Confluence. The open source world has faced and continues to face the challenge of keeping up.

We have therefore extended the Wikimedia VisualEditor with real-time editing for the MediaWiki distribution BlueSpice. The result is a freely available, 100% open source solution for real-time editing, which is based on the most popular wiki software.

In this talk we will provide a first, thoroughly self-critical field report: we will show which technical problems had to be solved, we will report on use cases and initial experiences and on the impact on knowledge sharing with wikis. For example, questions of version control and accountability had to be redefined. Was it worth the effort? Definitely.

Debugging issues with the Linux kernel and user space can be both interesting and challenging. This talk goes through looking at a couple of bugs we found while working with RISC-V in both kernel and user space.

The aim is to show multiple ways of approaching issues in both the kernel and user space, a run through why these happen, and how we fixed these problems. We will include taking an syzbot report and analysing what is going on during a strange kernel OOPS, and going through a user report of a crashing system where there was an issue with a Buildbot on a set of remote workers.

As part of this we will go into how to decode kernel OOPs, how to dump object code and attempt to decpher bug reports without the aid of attaching a debugger.

Modern AI workloads rely on large GPU fleets whose efficient utilisation is crucial due to high costs. However, gathering telemetry from these workloads to optimise performance is challenging because it requires manual instrumentation and adds performance overheads. Further, it does not produce telemetry in a standardised format for commonly used visualisation tools like Prometheus.

This talk explores the potential of leveraging eBPF to capture CUDA calls made to GPUs, including kernel launches and memory allocations. Data from these probes can be used to export Prometheus metrics, facilitating detailed analysis of kernel launch patterns and associated memory usage. This approach offers significant benefits as eBPF imposes minimal overhead and requires no intrusive instrumentation. Our implementation is also open-source and available on GitHub.

The talk shows the status of the standarization efforts for autoconfiguration and 2FA authentication for email, for example based on OAuth2 or Passkeys. It shows the various Draft RFCs discussed at the moment, and the state of their standards efforts.

There are a few strategic choices to be made, and tradeoffs, which give advantage to certain parties, e.g. email providers or email clients or their users. The talk highlights these choices and it might ask the audience for an opinion poll of some of these choices.

https://datatracker.ietf.org/doc/draft-ietf-mailmaint-autoconfig/ https://datatracker.ietf.org/doc/draft-bucksch-mauth/ https://datatracker.ietf.org/doc/draft-jenkins-oauth-public/ https://benbucksch.github.io/sasl-passkey/draft-bucksch-sasl-passkey.html

A presentation of the Funkwhale project with a focus on interoperability. We want to highlight the role of the activityPub protocol but also show the interest of musicbrainz, rss, wikipedia to build a web of knowledge.

The infosec industry has seen a big growth in recent years, with a plethora of mostly closed-source solutions such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) marketed as indispensable tools for defending organizations. These solutions often emphasize protection against sophisticated adversaries, zero-day exploits, and malicious insiders. However, our real-world experience reveals that the majority of initial compromises occur through simpler approaches, such as stolen credentials and phishing attacks.

In this talk, we introduce Buffalogs, an open-source solution designed to detect and alert on anomalous login behaviors. Adhering to the Unix philosophy of "do one thing and do it well," Buffalogs offers a way to analyze common application logs (ssh, Apache, Microsoft Entra ID, etc) and detect credential misuse. Attendees will gain insights into the challenges of login anomaly detection, the development of Buffalogs and the differences between our solution and other commercial alternatives.

Mach, famous for its complex IPC and VM subsystems, remains to this day an influential and historically significant Microkernel.

This talk introduces MACHINA, a new microkernel for AMD64 and RISCV64 modelled after the Mach 3 Microkernel. Currently in prototype stage, MACHINA aims to create a modular architecture for experimenting with "Mach-like" systems, reinterpreting Mach’s principles for modern hardware and software environments.

The talk will describe Mach 3’s abstractions and architecture—with a particular focus on its IPC and VM subsystems—and explore the process, design choices, and challenges of reimplementing them from scratch.

Have you ever heard about WebAssembly?

WebAssembly is a compilation target meant for efficient compilation, portability, and safe execution. A WebAssembly runtime is a language VM that is small and easy to embed.

All cool gophers know they can compile their Go software into Wasm using the Go compiler and TinyGo. But did you know that you can also embed Wasm binaries in your applications? Did you know that you can use Wasm to dynamically load code at runtime without giving up memory safety and performance?

In this talk, we will first show how WebAssembly might be relevant to your use cases, such as providing extension points to your end users or importing foreign libraries.

We will then dive deep into the implementation of one such language VM specifically designed for embedding in Go, and show how a WebAssembly function is compiled into efficient native code and then invoked without sacrificing the portability, safety, and integrity of your Go code base.

Join this session for a journey from Wasm to Asm from the eye of a gopher!

Swift is a fantastic general purpose language, which can and has been successfully used beyond its mobile origins, from embedded through server-side systems. One of Swift’s unique strengths is its powerful native language interoperability with C and C++. Recently, the Swift project started work on integrating improved Swift/Java interoperability with the use of both JNI and the new Foreign Function and Memory APIs introduced in JDK22. In this talk we’ll deep dive into the deep integration approach taken between the language runtimes using the FMM APIs and their unique strengths but also challenges.

Continuous Integration (CI) workflows often encounter bottlenecks when testing Kubernetes applications. Traditional methods of building and tearing down full clusters, whether locally or in the cloud, can be both time-consuming and resource-intensive. vCluster, an open-source virtual cluster solution, offers a game-changing alternative by enabling lightweight Kubernetes clusters to be created on demand and quickly

This talk will guide you through integrating vCluster into your CI pipelines and the benefits you get from it. Virtual Cluster enables rapid application testing in production-like environments, including support for custom resource definitions (CRDs) without the overhead of traditional cluster setups. By the end of this session, you'll be equipped to reduce build times, accelerate testing cycles, and enhance the overall developer experience, as your clusters will take less time to build and you will have more time to test.

Distributed systems are great in multiple aspects: they are built to be fault tolerant and reliable, can scale almost infinitely, provide low latency in geo-distributed scenarios and, finally, they are geeky and fun to explore. YDB is an open source distributed SQL database which has been running production for years. There are installations with thousands of servers storing petabytes of data. To provide these capabilities, any distributed DBMS must achieve consistency and consensus while tolerating unreliable networks, faulty hardware and absence of a global clock.

In this session, we will provide a gentle introduction to problems, challenges and fallacies of distributed computing, explaining why sharded systems like Citus are not always ACID and differ from truly distributed systems. Then, we will dive deep into the design decisions made by YDB to address these difficulties and sketch YDB's architecture layer by layer - from the bare metal disks and distributed storage up to OLTP and OLAP functionalities. At the end, we will briefly compare our approach with that of Calvin, which originally inspired YDB, and Spanner.

dbt (Data Build Tool) is a great framework for creating, building, organizing, testing and documenting data models, i.e. data sets living in a database or a data warehouse. Through a declarative approach, it allows data practitioners to build data with a methodology inspired by software development practices.

This leads to data models being bundled with a lot of metadata, such as documentation, data tests, access control information, column types and constraints, 3rd party integrations... Not to mention any other metadata that organizations need, fully supported through the meta parameter.

At scale, with hundreds or thousands of data models, all this metadata can become confusing, disparate, and inconsistent. It's hard to enforce good practices and maintain them in continuous integration systems. We introduce in this presentation a linter we have built: dbt-score. It allows data teams to programmatically define and enforce metadata rules, in an easy and scalable manner.

dbt-score is an open-source linter for dbt metadata. It is designed to be flexible to enforce and encourage any good practice set up by data teams. Through its CLI, data practitioners can easily obtain a maturity score of their data models, keep the metadata chaos manageable, improve consistency, and eventually deliver high-quality data.

In today's world, where disability affects a significant percentage of the population, it is crucial for open-source communities to address the challenges faced by persons with disabilities (PWDs) and work towards their inclusion. This talk will delve into practical measures such as referral programs, internal disability disclosures, and integrating disability into existing agendas rather than treating it as a separate issue. We will dive into disability mainstreaming with a focus on its role in promoting universal design and inclusivity. Attendees will gain insights into establishing disability mainstreaming committees, formulating action plans, implementing best practices, and monitoring and evaluating progress.

PostmarketOS is a distribution based on Alpine Linux that boots on everything from Amazon Alexas to Android phones (over 500 devices). To help users install and develop this distribution, we use pmbootstrap - a swiss army knife for embedded and mobile development. In this talk, I will go over how we use pmbootstrap to develop postmarketOS and how you can use pmbootstrap for general embedded linux development.

https://gitlab.postmarketos.org/postmarketOS/pmbootstrap

https://postmarketos.org/

The Oniro Project, an open-source operating system built upon OpenHarmony and tailored for European market needs, is expanding its ecosystem to include mobile devices. In this lightning talk, we will discuss the ongoing effort to bring Oniro to the Volla X23 smartphone, focusing on the technical challenges and solutions in adapting Android drivers to a musl libc-based platform.

We will explore the role of libhybris in enabling compatibility with proprietary Android drivers, a critical step in hardware enablement for Oniro on mobile devices. The presentation will highlight how libhybris bridges the gap between the Bionic and musl libc environments, allowing us to leverage GPU acceleration and other hardware features while maintaining an open-source user space. Key challenges, such as adapting Android’s graphics stack and addressing ABI compatibility issues, will be outlined, along with our current progress in running Oniro in an LXC container for rapid testing.

This talk will provide insights into the broader implications of this work for the FOSS on Mobile ecosystem, offering a pathway to more accessible open-source mobile platforms. Join us to learn how Oniro aims to contribute to the vision of a truly open mobile ecosystem.

Elk is a nimble Mastodon client with great attention to user experience, boasting features such as being an installable Progressive Web App (PWA), support for code blocks with syntax highlighting, chronological threading, and markdown formatting.

Started by core maintainers behind popular developer tooling in the Vue/Vite/Nuxt ecosystem in 2022, it attracted hundreds of contributors and resulted to the creation of new libraries now widely used in other projects.

In this talk, I will give a brief history of Elk development from the perspective of a contributor who has never written a Vue component (before Elk), a walkthrough of key strengths of the technology under the hood, and a look forward to the future of the project.

Links

1. Elk Git Repo
2. Elk mastodon account
3. My contribution highlights
4. My Github
5. Some screenshots

Managing packages across systems and containers can be complex, especially when debugging issues or ensuring consistent deployments.

This short presentation introduces the manifest plugin for the DNF package manager, a tool that simplifies such workflows by capturing system package states into YAML-based manifest files. These files enable users to replicate environments, debug customer issues by mirroring setups, and streamline container builds with transparent, manifest-driven package management.

In an era driven by data and digital collaboration, access to foundational research skills is increasingly essential—yet research capacity remains deeply unequal across the globe. For instance, Africa has only 20 health researchers per million people, compared to 246 per million in Europe, according to the World Health Organization’s Global Observatory on Health Research and Development. This stark disparity highlights the urgent need for accessible, inclusive research training to bridge the gap in global knowledge production.

Pre-Seeds (Research 101) is an open-source, community-driven initiative inspired by OLS’s capacity-building programs, such as Open Seeds and Nebula. The course is designed to break down barriers to research literacy and amplify underrepresented voices in open science. It is targeted at research enthusiasts, citizen scientists, early-career researchers, and Research Software Engineers (RSEs) from non-academic backgrounds.

Currently in its early stages, Pre-seeds aims to create a flexible, modular curriculum covering key aspects of research often taken for granted, such as research design, ethical considerations, data management, and collaborative practices. The project leverages open tools like GitHub to promote collaboration, transparency, and reproducibility, inviting broad participation across disciplines and experience levels.

This session will present Pre-Seeds as a growing, collaborative effort to build an inclusive research ecosystem. By showcasing the project’s vision and its potential real-world applications, we’ll open the floor to feedback and invite attendees to join us in shaping this initiative—whether through expertise, funding, or community engagement—to co-create a more diverse and accessible future for open science.

I started with the question "how can I make managing DNS more user friendly for a customer" and the discovery of a small plugin for NetBox and ended up as the maintainer of a moderately complex and increasingly powerful DNS management tool.

The talk will touch the core features of the plugin: * Validation of names and values * Automatic generation of NS, SOA and PTR records * Zone and record templates * Handling of RFC2317 zones * Automatic generation of DNS address records for IPAM IP addresses

Our exploratory quest of previously uncharted territory of real-time TCP/TLS media over SIP RFC4145 (hey don't confuse it with TCP as a SIP transport!) and all the fun and possibly profit that can be had from it potentially. As part of the presentation I would announce the SIP Proxima project implementing this functionality and do a demo of various application protocols (e.g. postgresql, mysql, rrdcache, thrift, https etc) operating over it.

In early 2024, Tesla introduced strict API rate limits, reducing the number of commands to just 50 per day. This disrupted my smart charging automations, which were sending thousands of commands on a daily basis for tasks like solar charging and load balancing. To overcome this, I re-implemented Tesla's vehicle protocol in C++ for the ESP32 microcontroller, enabling local control of my Tesla by acting as a BLE (Bluetooth Low Energy) vehicle key.

In this talk, I'll give an overview of Tesla's vehicle protocol, dive into BLE communication using an ESP32, and show practical ESPHome implementations for common vehicle controls. The result is a cheap, open-source solution operating entirely locally with sub-second response times - no internet or API tokens required.

Wireless displays are something most of us use, but in a fragmented and proprietary landscape. We propose a new approach to virtual screen sharing between Linux mobile and desktop devices.

This solution uses a combination of video pipelines optimized for ARM and x86 hardware, D-Bus, and low-latency UDP streaming to create virtual “second monitors” and stream the desktop between peer devices. It is optimized to be usable even on low-power hardware such as the Librem 5, allowing us to repurpose older devices as secondary network monitors without proprietary tools. [2]

In this talk, I will try to demystify some of the technicalities required for implementing efficient wireless desktop streaming using GStreamer, PipeWire, and D-Bus. To this end, we will explore how to build network video pipelines from scratch, with a focus on minimizing latency and making good use of hardware acceleration. Finally, we will present the Mirror Hall app, an experimental GTK4 app that encapsulates the above concepts. [2]

Links: 1. https://notes.nokun.eu/post/2024-09-22-mirrorhall/ 2. https://gitlab.com/nokun/mirrorhall

Endpoint Detection and Response (EDR) solutions continuously monitor the events occurring on an endpoint, create detailed process timelines, and analyse these data, to reveal suspicious patterns that could indicate threats such as ransomware. To create these detailed timelines, EDR solutions collect a variety of information about each process running on the endpoint, such as timestamp, PID, process name, path, command line, etc. On Linux systems, this is often done using the proc filesystem provided by the operating system, which provides rich information for each process currently running on the system. However, if a process is short-lived and exits quickly, the proc filesystem entries for it get cleared out before the EDR solution can read them, leading to incomplete timelines. To take a simple example, suppose a malicious actor runs a script that downloads a binary from the network and then executes it. This downloaded binary quickly spawns a bunch of long-running malicious processes and exits itself. If EDR solution is unable to extract the complete process information about the execution of the downloaded binary from proc filesystem (being a short-lived process), it'll miss details about the creator of the malicious process in the system. Hence, EDR solution will have visibility gaps about the downloaded binary required for Security Threat Analysis. We propose a solution to address the gaps by attaching extended Berkeley Packet Filter (eBPF) programs dynamically to the Linux kernel system calls (such as fork, exec and exit) and extracting all the required information directly from the kernel hooks using BPF Type Format (BTF). These hooks use fundamental task structure in kernel representing a process or thread to extract variety of information about the process. Our proof of concept shows that eBPF-based process data extraction provides process timelines with near 100% reliability, compared to proc filesystem-based approaches which have a reliability of only around 83% for short lived processes.

Join us as we build a ChatGPT client, from scratch, using Swift OpenAPI Generator. We’ll take advantage of Swift OpenAPI’s pluggable HTTP transports to reuse the same generated client to make upstream calls from a Linux server, providing end-to-end streaming, backed by async sequences, without buffering upstream responses.

In this session you’ll learn how to:

• Generate a type-safe ChatGPT macOS client and use URLSession OpenAPI transport.
• Stream LLM responses using Server Sent Events (SSE).
• Bootstrap a Linux proxy server using the Vapor OpenAPI transport.
• Use the same generated ChatGPT client within the proxy by switching to the AsyncHTTPClient transport.
• Efficiently transform responses from SSE to JSON Lines, maintaining end-to-end streaming.

Timeline algorithms should be useful for people, not for companies. Their quality should not be evaluated in terms of how much more time people spend on a platform, but rather in terms of how well they serve their users’ purposes. Objectives might differ, from delving deeper into a topic to connecting with like-minded communities, solving a problem or just passing time until the bus arrives. How these objectives are reached might differ too, e.g. while respecting instances’ bandwidth, one’s own as well as others’ privacy, algorithm trustworthiness and software licenses. This talk introduces an approach to personal, local timeline algorithms that people can either run out-of-the-box or customize. The approach relies on a stack which makes use of Mastodon.py to get recent timeline data, llamafile to calculate post embeddings locally, and marimo to provide a UI that runs in one’s own browser. Using this stack, we will show how to perform search, clustering, and recommendation of posts from the fediverse without any of them leaving your computer.

Despite memory isolation being used for decades now; a typical contemporary low-power IoT embedded system does not use this technique. One of reasons might be that in virtually all available systems memory isolation is an afterthought. We proposed, designed and implemented CMRX real-time operating system targeted towards devices without MMU which takes memory isolation as non-negotiable feature.

Achieving usable memory isolation on such constrained hardware has its challenges and there are compromises to be made. In this talk I will outline high-level design decisions and overall system design of the CMRX RTOS. Why micro-kernel design is suitable in this situation, what advantages does it bring? I will tackle benefits and potential drawbacks of proposed architecture and finally cybersecurity point of view will be discussed.

This session will give you an overview of the current status of the CJK input system in Wayland.

We will start with an overview of how to input CJK languages, focusing on the Korean writing system(한글, Hangul).

Next, we'll look at the different input protocols in Wayland and how they work. I will also show what still needs to be done to improve the CJK input system in Wayland.

phosh is a graphical shell for mobile devices built using GNOME technologies. With more than 80 releases in about 6 years under it's belt it is both time to celebrate and glimpse into what the future will bring!