Events in room H.1309 (Van Rijn)

Intro of the devroom

Web developers use open-source data all the time to help guide their decisions.

In this talk, I'd like to tell you more about this data, and in particular about web-features, an open-source project which aims at being a reference data point for the web platform.

The project contains the list of all features of the web platform, at a level of granularity that's most useful to you, web developers. This project has gained a lot of traction over the past two years, in particular thanks to Baseline.

Baseline banners help web developers make quicker decisions based on the maturity of the web features they use, and are now visible on MDN, Can I use, and many other development tools.

Baseline isn't the only consumer of the web-features data though. The data is starting to get used in more and more web-platform-related data which you rely on every, sometimes without realizing it. The web-features project is making it easier to get access to information about the state of the web platform, in a practical way.

In this talk, I'll go over the resources that make use of open source web-related data sources to help you stay aware of changes, but also discover new features, and make decisions.

I'll also go over what web-features does not cover today, such as accessibility or progressive enhancements, and how these are areas that demand careful planning and implementation. I'll offer pointers showing how we're thinking about addressing these on the WebDX community group, and will invite contributions from those interested.

When talking about CSS, we generally speak about how it’s super nice to have good looking websites, introduce a new feature and how to use it, etc.

But today, we’d like to speak about a feature that has been into the CSS specifications since 1998, and that we don’t talk about very often: CSS for print 🖨️.

During this talk, we’ll show how CSS can be used not to only create web pages, but also beautiful and structured paged documents. Interested in generating reports, invoices, tickets, or even slideshows? Take a look at which tools − except your favorite web browser − you can use to accomplish that, and why it’s very convenient in particular for automating documents generation.

How does a website display a mathematical formula? More importantly, how can we ensure that all browsers show it the same way?

MathML Core is a small subset of MathML 3, specifically crafted for web browsers. It addresses inconsistencies in mathematical rendering across different browser engines. Igalia has been actively working on improving MathML interoperability, aligning the implementations of Firefox, WebKit and Chromium with this standard.

From nested exponents to Arabic writing direction, this session will explore the process of going from a specification to a feature release. MathML's unique history makes the task particularly interesting, as it often required deprecating existing features or implementing significant changes.

Slides: https://eri.pages.igalia.com/slides/2026/01_fosdem_mathml

Bad Apple!! but it's MathML (run in your browser): https://conflor.es/bad-apple-mathml

WebViews are everywhere—but fragmented, inconsistent, and often invisible to web developers. Used for in-app browsers, hybrid apps, and MiniApps, WebViews form a significant part of the web platform that many developers unknowingly target. Some developers specifically build for WebViews in hybrid apps or MiniApps, while others create standard websites without realizing they'll run in WebView contexts with different behaviors and constraints.

Through initiatives like Baseline, CanIWebView, apps, and the WebView Community Group, we're working to map this fragmented landscape and identify paths forward. MiniApps that are very popular in some markets also show a very strong fragmentation and very little standardization. With collaboration and improvements between WebViews, MiniApps, PWA, new technologies like Isolated Web Apps or new engines like Servo there is good potential to improve the web in this space, but it's complicated.

The W3C WebView Community Group was formed to identify, understand, and reduce the issues arising from the use of software components (typically referred as WebViews) that are used to render Web technology-based content. As member and co-chair of the community group I'd like to give a little overview what WebViews are today, the work we've done to improve interoperability, and call to action to "fix things" in this overlooked but critical part of the web platform.

WebTransport is an upcoming protocol (standardized by the IETF) and Web API (standardized by the W3C) for bidirectional communication on the web. It provides multiplexed streams and unreliable datagrams on top of HTTP/3 and HTTP/2.

This talk explains how WebTransport works at the protocol level, how it maps to QUIC when run on top of HTTP/3, and how its capabilities differ from WebSocket. The session will also cover the current state of browser and server support, and where the ecosystem is heading next.

Web Components have become a bit of a divisive topic in the Web community in recent years. On the one hand you have platform advocates arguing Web Components are a boon to interoperability, can simplify tooling and distribution, and provide a common bed for experimentation and innovation. On the other hand, framework authors often complain that they complicate runtime code with special-cases and that Custom Elements are the wrong level of abstraction for framework components.

Lustre 1 - a frontend framework for the functional programming language Gleam [2] - is bucking this trend; quietly using Web Components as a core building block of its runtime. In this talk we'll explore how Lustre can lean harder into the platform by adopting a different idea of what "components" should be, and how this can end up benefit framework users too.

[2] https://gleam.run

This presentation provides a comprehensive status update on WebKitGTK and WPE, the Open Source ports of the WebKit Web rendering engine that Igalia maintains for Linux devices. These ports are currently being used in millions of devices (e.g. phones, set-top boxes, smart home appliances...), leveraging the flexible architecture of WebKit to provide HW-accelerated graphics and multimedia capabilities with a minimal resource footprint (e.g., memory, binary size).

We will begin by providing some context on what WebKit is and how WebKitGTK and WPE bring the power of the Web Platform to Linux-based devices and distributions. After that, we will summarize the current status of these ports, detailing the latest and most important highlights of the work done in the past year, followed by a description of what the new developments will be focused on during 2026.

The Linux ports have experienced huge changes recently, including a massive refactoring of its graphics pipeline, the development of a new API for embedded devices, dma-buf support for zero-copy buffer sharing, a complete revamp of its QA infrastructure, and even adding support for Android. With all this in mind, this session should be useful for anyone interested in creating Web-based products on Linux devices, understanding the current state of these ports, and seeing where development is headed next.

The Servo project, now hosted under Linux Foundation Europe, is a modern Rust-based rendering engine pushing forward safety, modularity and high-performance web rendering. After its early foundations at Mozilla and a couple of years of impasse, Servo entered a new chapter in 2023 when Igalia took over stewardship, ensuring long-term maintenance, open governance, and a clear technical direction for the project. The Servo community has continued to grow steadily since then.

In this talk we’ll review the recent evolution of the project together with the plans for the future. Apart from that, we’ll focus on the impact of this work in the whole web platform, by finding issues in specifications and improving them, reporting interop bugs, contributing new tests, etc.; showing that the development of new web engines benefits the whole ecosystem.

The goal is of this session is to have some folks representing some various browsers to have a panel discussion. it will be moderated

What does accessibility interoperability look like? This talk explores the edges of support between browsers, assistive tech, and specs.

Accessibility Compat Data: https://github.com/lolaslab/accessibility-compat-data

Modern web applications face a constant barrage of attacks targeting authenticated user sessions, including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), clickjacking, Cross-Site Leaks (XS-Leaks), and even Spectre. Fortunately, recent advancements in web browser security provide developers with powerful tools to mitigate these threats. This talk delves into the latest web platform security features, equipping you with the knowledge to protect your applications. We'll explore CSP3, Trusted Types, Fetch Metadata headers, and COOP, demonstrating how these mechanisms can effectively thwart entire classes of web vulnerabilities.

File uploads are a ubiquitous and fundamental part of modern web applications. While simple at first, they become increasingly challenging as file sizes grow. Users expect reliable data transfers, even when uploading multi-gigabyte files over unreliable mobile networks.

Conventional file uploads over HTTP fail unrecoverably when the underlying connection is interrupted. Resumable uploads, on the other hand, allow an application to continue uploading a file exactly where it left off. This preserves previously transferred data and greatly improves the user experience.

Historically, resumable uploads were implemented in proprietary ways, with each application building its own solution. Developers couldn’t benefit from the advantages of resumable uploads without investing significant engineering effort.

In 2013, we started the tus project and created a free and open-source protocol for resumable uploads. The project and its community provide implementations for various client and server runtimes, making it easy today to add resumable uploads to any application.

In 2022, we began engaging with the HTTP Working Group at the IETF to make resumable uploads a standardized extension to HTTP. Our goal is to integrate resumable uploads directly into browsers, HTTP clients, servers, and proxies so that even more developers can easily benefit from their capabilities.

This talk explores the past and present of resumable uploads and how upcoming standards will help developers deliver exceptional file-upload experiences.

Additional links: - Tus homepage: https://tus.io/ - GitHub organization: https://github.com/tus - “Resumable Uploads for HTTP” Internet-Draft: https://datatracker.ietf.org/doc/draft-ietf-httpbis-resumable-upload/

In June 2025, researchers exposed a major tracking vulnerability - Local Mess, where Meta Pixel and Yandex Metrica scripts were exploiting localhost access to track millions of Android users across the web. This talk presents Local Network Access (LNA) standards and how it addresses similar threats and helps fix long standing security vulnerabilities with localhost and local network devices. The talk explains the LNA specification and how it categorizes network requests into public, local, and loopback address spaces, requiring explicit user permission when websites access more private network zones. The presentation covers Firefox's implementation, key differences from Chrome's approach, real-world deployment challenges and mitigations.

References: Local Mess - https://localmess.github.io/ Local Network Access Standard - https://wicg.github.io/local-network-access/ Local Network Standards Issues - https://github.com/WICG/local-network-access/issues/ Firefox Implementation Bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1481298 List of long pending security vulnerabilities with localhost and local network - https://github.com/WICG/local-network-access/issues/21

About the Speaker Sunil Mayya is a software engineer on Mozilla's Firefox Networking team, and a core contributor to Firefox's implementation of the Local Network Access standard.

The WebAssembly (Wasm) 1.0 specification is a linear memory system suitable as a compiler target for static languages like C and Rust. However, the recently released Wasm 3.0 specification, which includes garbage collected reference type instructions, has opened the door to using all kinds of dynamic languages on the web. Wasm GC compilers already exist for languages such as Java, Scala, Kotlin, OCaml, and Scheme. However, the value of Wasm GC is often misunderstood! In this talk, I'll attempt to clear things up by examining the benefits and drawbacks of Wasm GC at present and how compiling to Wasm GC stacks up against compiling to JavaScript (or just using plain ol' Javascript). I'll conclude with a brief look at some proposals from the Wasm Community Group that could improve Wasm GC in the near future.

A large number of Linux applications have been developed over the years. Reusing them allows developers to reduce development costs, leverage well-established and battle-tested applications, and gain significant benefits by porting them to WebAssembly (Wasm). Migrating Linux applications to the browser as Wasm offers several advantages, such as: 1. Developing browser-based applications by reusing existing Linux libraries 2. Protecting client privacy and reducing server load by moving server-side Linux applications into the browser 3. Building browser-based systems that rely on Linux applications that are traditionally difficult to port (e.g., shells, compilers)

In this session, I will introduce elfconv, a binary translator that directly converts existing Linux binaries into Wasm without requiring their source code and provides a layer for emulating Linux system calls. This enables Linux applications that depend on system calls unavailable in Wasm (e.g., fork/exec) to run inside the browser. Furthermore, by performing ahead-of-time (AOT) translation, elfconv achieves dramatically lower overhead compared to CPU-emulator-based projects such as container2wasm and v86. Our evaluation on several benchmark tests shows that elfconv delivers approximately 30× to 70× higher performance. At the moment, the system call emulation layer in particular is still under development, but I believe that as elfconv matures, it will greatly expand the potential of the browser.

elfconv: https://github.com/yomaytk/elfconv container2wasm: https://github.com/container2wasm/container2wasm v86: https://github.com/copy/v86

The old Servo Streams implementation was relying on SpiderMonkey’s own stream implementation. In the latest SpiderMonkey versions, that stream implementation was removed, which prevented us from updating the version in Servo. So we reimplemented the Streams spec without the built-in SpiderMonkey implementation, and we ended up implementing WritableStream and TransformStream.

Servo repo: https://github.com/servo/servo

Identifying the exact commits where bugs are introduced or regressed in web browsers is often a tedious and time-consuming task. As a result, mapping the full lifecycle of a newly reported bug rarely becomes part of the standard bug-fixing process, even though doing so can reveal valuable insights and support more effective fixes. With BugHog, we developed an automated bisection tool on steriods, simplifying the hunt for buggy commits.

BugHog runs: - dynamic test cases against historical browser builds - in isolated Docker containers - guided by an adaptive binary search algorithm - across more than a decade of browser development history.

Originally developed for browser security research, BugHog has already demonstrated its value by reconstructing the lifecycle of publicly disclosed Content Security Policy bugs in Chromium and Firefox. This gave new perspectives on how security bugs evolve over time, exposed ineffective fixes, and even uncovered prematurely disclosed vulnerabilities.

In this talk, I will demonstrate how BugHog works, share lessons from large-scale browser analyses, and highlight how it can help both researchers and developers accelerate their bug investigations.

We will talk about how we are building the Midori browser, a lightweight, fast, secure browser that promotes privacy, is completely open source and free software, and at the same time we will talk about how we are building a pro-privacy ecosystem around Midori, including tools such as VPN, DNS, all without telemetry, without invasive advertising and, most importantly, all stored and hosted in the European Union to increase its technological independence.

The Cyber Resilience Act defines web browsers as an important product requiring special attention to cybersecurity requirements. What does this mean? How can you participate in defining in what it means for a web browser to be secure?

Introduction to the Open Hardware and CAD/CAM Devroom

Gnucap is a free/libre versatile and modern, modular, analog and mixed-signal simulator. Verilog-AMS is a standardised behavioural language for analog and mixed-signal systems based on the IEEE 1364-2005 industry standard, commonly known as Verilog. Verilog and its extensions offer a portable representation for circuits and device models consistent across application domains. With funding from NLnet we are pushing for standardisation in an otherwise heterogeneous environment of traditional and incompatible tools.

We are working on a first open source (and free/libre) Verilog-AMS implementation. It consists of extensions for Gnucap that elaborate circuits represented in Verilog, provide suitable simulation algorithms and interface with artifacts from related projects. The companion tool Modelgen-Verilog deals with behavioural models for mixed-signal devices, turning them into plugins for Gnucap.

In this talk we will explain the need for standard support in free software tools and summarise the developments since FOSDEM-25. We have filled gaps in the simulator infrastructure and extended the standard coverage vastly improving the user experience. We will outline some related ongoing activities, e.g. on porting open source PDKs to Verilog, on the Qucs schematic editor and on device libraries as well as testing and QA.

PCB design often require a lot of exchange with mechanical CAD softwares especially when the mechanical integration has a lot of constraints. Today, most of the time, the ECAD/MCAD collaboration is done through STEP, DXF, SVG, or other file formats, and usually a combination of several of them.

The IDX protocols aims at using a single protocol, that will keep tracks of the changes incrementally as the design goes on, and even use a shared library of components, bridging the gap between the electrical and the mechanical worlds.

Implemented in KiCad at first, it will allow interfacing with most commercial MCAD softwares used in the industry, and certainly pave the way for the open source ones.

Just about a year ago I started on my 3rd attempt at building a new FreeCAD workbench to provide bidirectional syncing between FreeCAD and KiCAD with a focus on multiple boards and minimal user interaction. With KiCAD v9 being release with it's new long-term API it made sense to try again.

This is a followup to my KiCon 2025 which I will detail some of the progress that has been made since, and impressions of the KiCAD API as I've used it more.

Dune 3D is parametric 3D CAD application I started developing about 2½ years ago. It combines the solver from Solvespace with OpenCASCADE for a geometry kernel under a modern Gtk4-based user interface.

In this talk, I'll go into how the project evolved in the past two years as well as what's ahead.

https://dune3d.org/

There are thousands of different IoT devices on the market. To control them, you currently have a few options:

1. Use the vendor’s cloud service. This approach has many problems: there is no interoperability between different vendors, so you end up installing 10 different cloud apps for 10 different devices; there are privacy concerns; and anything beyond the basics usually requires paid features.

2. Use an open-source platform such as Home Assistant, OpenHAB, Domoticz, FHEM, PiDome, or Majordomo. These platforms are powerful but often too complex, time-consuming to learn, and relatively expensive to run—typically EUR 100+ and tens or even hundreds of hours of study.

Currently, there is no simple, easy-to-use, and low-cost solution on the market.

We accepted this challenge and are now designing an open-source hardware solution running Free/Libre Open Source Software. Our goal is a device that costs around EUR 20 for the end user, offers more functionality than typical vendor cloud services, and remains fully open for modification and customization by anyone interested.

After six months of work, we already have a functioning hardware prototype and software that supports basic features.

In this presentation, I will discuss the challenges we encountered, demonstrate our current progress, and highlight the major obstacles we are facing. If others share a similar interest, your help and collaboration are very welcome.

LibrePCB 2.0 is an exciting milestone of our mission to provide an easy-to-use, modern, Open-Source PCB design software. With its completely redesigned user interface and new design concepts, the productivity and general user experience have been significantly improved. In this talk I will demonstrate the capabilities and advantages of LibrePCB 2.0, including other new features and improvements beyond its new UI. Also you will get an update about other aspects of the LibrePCB project, like our funding status or why & how we started the transition from C++/Qt to more modern technologies.

LibrePCB is an Open-Source EDA software to design PCBs, providing the following advantages:

• Cross-platform: Windows/Linux/MacOS/Others | x86/ARM
• Intuitive & easy-to-use UI
• Powerful library concept
• Human readable file format

Whether you are a newbie or a professional engineer, LibrePCB is made for you - just give it a try!

I'm the developer of the Flipper Blackhat, a 100% open source WiFi addon board for your Flipper Zero. Unlike other modules, it doesn't use an ESP32, but a Allwinner Linux SoM. The question I hear most often is: "What’s the point of the Flipper Zero?"

The Blackpants are a carrier board for the Blackhat, and my answer to this question. No longer do you need the Flipper Zero!

In this talk I'll overview all the hardware and software of both the Blackpants and the Blackhat and my journey throughout developing the device!

https://github.com/o7-machinehum/Blackpants

https://github.com/o7-machinehum/flipper-blackhat

https://youtu.be/tdRWB2ILRtY?si=evX8zsZ_B1GQfZtv

We're members of a hacker team that made Blepis, a hacker-friendly and fully open-source Linux PDA. The Blepis project is a continuation of Beepy PDA, which in turn was made possible thanks to a string of open-source hardware projects. We're here to tell you that story, share our own radical open-source strategy and how it's already been helping other open-source PDA projects grow, and also tell more about our project's journey.

Developing hardware is hard. It's quite literally in the name. Building a global open source collaboration is also hard, and even harder when every new contributor needs to source physical components.

In general the hardware development toolchain is locked down vastly expensive walled gardens, limiting contribution and collaboration to well funded organisations.

This talk will explore how the OpenFlexure Microscope project uses (and abuses) a whole toolchain of open source software to manage, automate, and accelerate the design of a lab-grade microscope in use all over the world.

What to expect for the KiCad version 10 release, what the project hopes to achieve during version 11 development, and all the latest news about the KiCad project.

https://www.kicad.org/

This is a generic state-of-affairs talk about FreeCAD, a manner for people to catch up with all that has happened in the FreeCAD universe since last FOSDEM. We will show what is new in FreeCAD itself, what is cooking in the development kitchens, and a glimpse over community happenings and what the FPA, the non-profit behind the project, has been doing.

OpenCascade Technology (OCCT) serves as the geometric backbone for the open-source CAD/CAM ecosystem, powering major platforms like FreeCAD, KiCad, and numerous industrial IFC viewers.

In this session, the member of OCCT3D (Capgemini Engineering) will unveil the roadmap and technical achievements of the upcoming Version 8.0.0 release. We will discuss the architectural evolution required to support modern modeling challenges and the balance between industrial robustness and open-source flexibility.

Key topics will include:

• The 8.0.0 Milestone: A breakdown of major breaking changes, API cleanups, and the transition strategies for developers.
• Core Algorithms: Improvements in Boolean operations, meshing robustness, and tolerance handling.
• Interoperability: Updates on data exchange formats.

This talk is essential for developers relying on OCCT for their applications and users interested in the future of the underlying kernel that drives open hardware design.

Project: https://github.com/Open-Cascade-SAS/OCCT Forum: https://dev.opencascade.org/forums OCCT3D: https://occt3d.com/

The Electrical Rule Checks (ERC) in a CAD design software are a set of heuristic checks to help spotting potential mistakes in schematics. However, they have subtleties and quirks, which can lead people to fight against them instead of using them to their full potential. In this talk, I will discuss some of the pain points I have experienced or have whitnessed people experience while using ERC, give some tips, and encourage people to use them and even try and improve them even more. It will be illustrated by a few real-life blunders that a good use of ERC could have prevented. TL;DR: I love ERC.