Open Source Summit Europe 2024

Back to all conferences

Table of Contents

• AI & ML (11 videos)
• Analytics (1 videos)
• Architecture (1 videos)
• Automotive (1 videos)
• Compute (37 videos)
• Decentralized Identity (1 videos)
• Developer Experience (87 videos)
• Embedded (2 videos)
• Embedded Systems (1 videos)
• Identity (1 videos)
• Keynote (7 videos)
• Networking (10 videos)
• Observability (11 videos)
• Open Source (6 videos)
• Policy (1 videos)
• Power Management (1 videos)
• Scaling (3 videos)
• Security (42 videos)
• Standardization (1 videos)
• Standards (1 videos)
• Storage (3 videos)
• Sustainability (9 videos)

AI & ML

Lightning Talk: RISC-V and AI: How an Open-Standards ISA Underpins Portability f...- Philipp Tomsich The presentation discusses how RISC-V, an open-standards Instruction Set Architecture (ISA), is positioning itself as a platform for AI and ML, enabling portability and customization. The speaker highlights the adoption of RISC-V by major tech companies for their AI accelerators, and the RISC-V community's efforts to standardize AI extensions to create a unified software ecosystem, free from vendor lock-in. back to top

Lightning Talk: Building the AIverse: Standardizing Autonomous AI Agents for a Decent... - Chris Xie The presentation introduces a standardized, modular, and interoperable framework for building autonomous AI agents in a decentralized ecosystem. The framework leverages large language models and open protocols to create a secure, private, and ethical platform for personal AI assistants that can be embedded in various devices and systems. back to top

Reducing Bias in AI with Open Source - Abubakar Siddiq Ango, GitLab The video discusses how open source can help reduce bias in AI. Key strategies proposed include ensuring diverse data, cognitive diversity in AI development, transparency and accountability, and building open AI models and tools that are truly accessible to the broader community. back to top

Towards Useful, Reliable, and Scalable AI Agents - Tomas Dvorak, IBM Research This talk introduces a framework called 'B' that aims to provide a reliable and scalable platform for building AI agents powered by large language models (LLMs). The framework addresses key challenges such as reliability, safety, and observability, and provides a set of tools and abstractions to help developers create effective and trustworthy AI agents. back to top

Panel Discussion: What's the State of Open Source in Europe? Key Research Findings Revealed! This panel discussion delves into the state of open source in Europe, revealing key research findings from the Linux Foundation's annual Spotlight report. The discussion covers emerging trends, challenges, and opportunities around open source adoption, regulation, and the role of open source initiatives, particularly in the public sector and emerging technologies like AI. back to top

Introducing Open Platform for Enterprise AI - Arun Gupta, Intel The presentation introduces Opia, an open platform for enterprise AI developed by Intel and the Linux Foundation. Opia provides a framework of composable microservices, blueprints, and an evaluation system to simplify the development, deployment, and adoption of generative AI in enterprises. back to top

Unleashing Collective Genius: Building GenAI Through Open Collaboration Anni Lai, Futurewei This talk explores the work of the Generative AI Comment community, which aims to advance open-source and open-science approaches to generative AI through initiatives like the Model Openness Framework and the Responsible AI Framework. The speaker highlights the importance of building inclusive, transparent, and sustainable AI systems that align with human values and societal needs. back to top

The Open Source AI Definition Is (Almost Ready) - Stefano Maffulli & Justin Colannino The Open Source Initiative has been working to define what it means to be open source AI, in the face of inconsistent usage of the term. The proposed definition aims to capture the principles of open source, such as the ability to use, share, and modify the AI system, while addressing the unique challenges posed by machine learning and large language models. back to top

Sponsored Session: Beyond the Buzz: Navigating AIs Myths and Realities - Ezequiel Lanza, Intel The talk covers common myths and realities surrounding AI, including the perception that AI is the answer to everything, the capabilities of large language models (LLMs), the misconception that LLMs can reason, the notion that open source is risky, and the fear that AI will eliminate jobs. The speaker emphasizes the importance of understanding the true nature of AI, the limitations of LLMs, the benefits of open source, and the evolving nature of job markets in the face of technological advancements. back to top

Towards Industrial AI Governance Inspired by OSPO: A Primer - Zoran Jovanovic, Volvo Car Corporation The talk provides a comprehensive overview of the strategies and processes involved in establishing an effective AI governance framework, drawing inspiration from the experiences of Open Source Program Offices (OSOPOs). The speaker highlights the importance of aligning governance policies with organizational objectives, fostering collaboration across functional teams, and implementing flexible yet robust processes to enable innovation while ensuring compliance with evolving regulatory requirements. back to top

Sponsored Session: InstructLab: Applying Open Source Methods to Building and Trai... - Martin Hickey This talk discusses a technique called 'Large Scale Alignment Chatbot' (LAB) that enables open-source-like contributions to large language models (LLMs) through a workflow of taxonomy data generation and model alignment. The speaker introduces 'InstructLab', an open-source community implementation of the LAB technique, which aims to make LLM tuning and versioning more accessible to developers and domain experts. back to top

Analytics

What Can Open Source Project Health Metrics Reveal About Project Users? - Sophia Vargas & Georg Link The presentation explores how open source project health metrics can reveal insights about project users, discussing the use of proxy metrics like GitHub data, Stack Overflow activity, and Slack engagement to estimate user activity in the absence of direct user data. The research highlights the potential of metrics like fork counts to serve as proxies for user engagement, while also acknowledging the challenges in accurately measuring open source project usage. back to top

Architecture

RISC-V: Maturing an Open Standards Development Process - Philipp Tomsich, VRULL GmbH The talk discusses the evolution of RISC-V from an open-source project to an international standard, focusing on the maturation of its open standards development process. The speaker highlights the importance of building consensus, ensuring long-term stability, and addressing challenges such as the participation gap and the need for a clear roadmap to support the growing RISC-V ecosystem. back to top

Automotive

Panel Discussion: The Automotive OSPO - Masato Endo, Ana Jiménez Santamaría, Mary Wang, and... This panel discussion explored the importance of Automotive Open Source Program Offices (OSPOs) and the challenges they face, such as gaining executive buy-in, fostering an open source culture, and managing open source licensing and compliance. The panelists shared their experiences and insights on how their organizations are leveraging open source innovation, contributing upstream, and lowering the entry barrier for open source usage and contributions. back to top

Compute

Scalable Multi-Node AI Workloads in Multi-Tenant AI Clouds U...- Girish Moodalbail & Leonid Grossman This talk presents a scalable and efficient open-source software stack for running multi-node AI workloads in multi-tenant AI clouds. The stack leverages hardware acceleration, RDMA, and open-source projects like Open vSwitch and Open Virtual Network to achieve high performance and isolation for large-scale GPU-based AI training. back to top

Painless Multi-Tenant Kafka on Kubernetes with Istio at ASML - Thomas Reichel & Dominique Chanet The presentation discusses how ASML, a leading semiconductor equipment manufacturer, has built a multi-tenant Kafka platform on Kubernetes using open-source technologies like Istio and Kubernetes operators. The key aspects covered include secure authentication, multi-tenancy, and data governance, which are tailored to ASML's specific requirements but provide general insights for implementing similar solutions. back to top

Keynote: A Unified Approach for Intelligent Deployments at the Edge - Derek Straka This talk presents a unified approach for intelligent deployments at the edge, introducing a new Debian derivative called Elixir. The speaker highlights the challenges faced in the chaotic edge computing landscape and how Elixir aims to provide a harmonized solution that spans from the edge to the core, enabling developers to be productive and creating a robust, reliable, and resilient ecosystem. back to top

Lightning Talk: Millisecond Scale-to-Zero and the Quest to Never Pay for Idle Again - Felipe Huici This talk presents a novel approach to cloud infrastructure using 'unikernels' - specialized virtual machines that can run applications at millisecond scale-to-zero, enabling efficient use of cloud resources and eliminating the need to pay for idle time. The speaker demonstrates a cloud platform built on this technology, showcasing the ability to deploy and scale thousands of instances in seconds with negligible cold start times. back to top

UCSI, TCPM, PD, AltModes: Demystifying USB-C and Its Support in Linux - Dmitry Baryshkov, Linaro Ltd The presentation provides a comprehensive overview of the evolution of USB-C technology, its features, and the challenges in implementing it on Linux platforms. It delves into the various standards, protocols, and APIs involved in managing USB-C connections, power delivery, and alternative modes, highlighting the complexities and the efforts made to streamline the user experience. back to top

What Is an ABI, and Why Should You Care? - Shung-Hsi Yu, SUSE The talk explores the concept of Application Binary Interface (ABI) and its importance in software development. It highlights the challenges of maintaining ABI stability, the tools available for ABI checking, and the real-world implications of ABI changes, such as the Year 2038 problem and the benefits of ABI-compatible interfaces like in emulators and foreign function interfaces. back to top

How to Build Your Own High-Performance Charger with EVerest - Andreas Heinrich & Kai-Uwe Hermann This talk provides an overview of the Everest project, an open-source framework for building high-performance EV chargers. The speaker discusses the organizational structure of Everest, the detailed workings of a DC charging session, and the technical details of building a custom charger using Everest's reference hardware. back to top

Global School Connectivity DataOps Platform - Shilpa Arora, UNICEF UNICEF's Giga team has built a comprehensive data operations platform to support its global mission of connecting all schools to the internet. The platform includes tools for data ingestion, quality assessment, cataloging, sharing, and analytics, all designed to enable governments and partners to effectively manage school connectivity data and drive sustainable progress. back to top

From Hardware to Linux - Stefan Eichenberger, embear GmbH The presentation covers the process of bringing up hardware with Linux, including selecting the right components, initial software loading, device tree creation, and debugging techniques. The speaker shares their experience with a specific hardware platform, the AM62 from Texas Instruments, and provides practical insights and tips for a successful hardware-to-Linux transition. back to top

Real-time Scheduling Fault Simulation - Ben Dooks, Codethink This talk explores the challenges of real-time scheduling fault simulation in the Linux kernel. The speaker discusses various techniques for disrupting the proper scheduling of processes, including user-space and kernel-level approaches, and the difficulties encountered in attempting to directly modify the complex scheduler code. back to top

Virter – How the "Docker for VMs" Can Help You Test the Linux Kernel - Christoph Böhmwalder, LINB... The video presents Virter, a tool developed by the speaker's team at LINBIT to simplify testing of the Linux kernel and kernel modules. Virter leverages cloud images and the Linux virtualization stack to provide a Docker-like experience for managing and provisioning virtual machines, enabling efficient and reproducible testing of complex software like LINBIT's DRBD. back to top

Linux in Space: Fault Detection, Recovery and Fault-Tolerant System Designs - Lenka Kosková Třísk... This talk explores the challenges of running Linux in space, including fault detection, recovery, and fault-tolerant system designs for CubeSats. The speakers discuss their experiences with Linux-based satellites, the importance of redundancy and testing, and the trade-offs between cost and reliability in the 'new space' era. back to top

Sponsored Panel Discussion: Hello Future! Meet Hedera’s Next Generation in Open Source Technology The panel discussion explores the implications of Hedera's decision to open-source its entire codebase and place it under the Linux Foundation's Decentralized Trust (LFD) project. Panelists discuss the benefits of this move, including increased community involvement, collaboration, and adoption of Hedera's technology across different industries and use cases. back to top

What's Happening with Automotive Grade Linux and How Our Update to Yocto 5.0 Went - Walt Miner, T... This talk provides an overview of Automotive Grade Linux (AGL), a collaborative open-source project focused on building the car of the future. The presenters discuss the community's recent upgrade to the Yocto Project 5.0 (Scar Gap) release, highlighting the challenges and benefits of maintaining a long-term support branch and keeping up with upstream changes. back to top

Sponsored Session: Sustaining Git Performance Under Heavy Workloads - Daniele Sassoli, GerritForge This talk discusses how to sustain Git performance under heavy workloads using AI-powered solutions. The speaker presents a framework called 'GHS' (Git Forge Health Services) that employs reinforcement learning to optimize Git maintenance operations, resulting in significant improvements in clone times and repository management. back to top

Demystifying CRI - Writing a CRI from Scratch - Filip Nikolic, Isovalent This talk provides an overview of the Container Runtime Interface (CRI) and demonstrates how to write a CRI from scratch. The speaker explains the key concepts, such as container runtimes, Linux namespaces, and gRPC, and walks through the implementation of a basic CRI using Go code. back to top

Lightning Talk: Optimizing Kubernetes Multicluster Backup & Restore - Hường Đinh, Viettel Solutions The talk presents a practical approach to optimizing Kubernetes multicluster backup and restore using a centralized Velero controller. The proposed solution leverages the Kubernetes configuration of different clusters to manage backup and restore processes from a single Velero instance, simplifying the overall architecture and improving resource utilization. back to top

Testing Your Yocto Proj: from Ptest & Testimage to LAVA - Clara Kowalsky & Florian Bezdeka, Siemens This talk provides an overview of testing Yocto projects, focusing on two key frameworks: test-image and ptest. The speakers also discuss the integration of LAVA, a continuous integration system for deploying and testing operating systems on physical hardware, and how it can be used to automate testing and share hardware resources across teams. back to top

Inspecting and Optimizing Memory Usage in Linux - João Marcos Costa, Bootlin The talk covers the inspection and optimization of memory usage in Linux, including the concepts of virtual memory, kernel and user space memory usage, memory leaks, and memory management techniques. The speaker shares their experiences and approaches to optimizing memory usage in an embedded Linux system with limited RAM. back to top

RISC-V and RISE Project BoF - Drew Fustini, Tenstorrent The talk discusses the open-source RISC-V instruction set architecture, its ecosystem, and the RISE project that aims to coordinate and drive the software development for RISC-V. The speaker provides an overview of the RISC-V hardware and software landscape, highlighting the availability of open-source cores, commercial offerings, and the efforts to optimize the software stack for RISC-V. back to top

Taming DMA: Tales Wrestling Memory Corruption - Ahmad Fatoum, Pengutronix The talk discusses the challenges and pitfalls of using DMA (Direct Memory Access) in embedded Linux development, highlighting various issues encountered and the importance of properly utilizing the Linux DMA API to ensure memory coherence and avoid memory corruption. The speaker also explores potential solutions, including the use of Rust's type system and kernel-level sanitizers, to improve DMA safety and reliability. back to top

Rusty Swapping: Rewriting a Zswap Backend in Rust - Vitaly Wool, Konsulko AB The presentation discusses the author's experience in rewriting the Zswap backend in Rust, highlighting the challenges and insights gained. It covers the implementation of a new allocator called Zblock, its performance compared to existing solutions, and the author's perspective on the use of Rust in the Linux kernel. back to top

Visions for the Linux Kernel PWM Subsystem - Uwe KleineKönig, BayLibre The talk presents the author's vision for improving the Linux Kernel PWM (Pulse Width Modulation) subsystem, including ideas for coupling channels, adding duty offset, improving exactness, and providing a character device interface. The talk aims to gather feedback from users to better understand their needs and challenges, in order to incorporate them into the future development of the PWM subsystem. back to top

Transforming Mainframes: My Zowe-Python SDK Journey - Adbul Samad Siddiqui This talk presents the speaker's journey as a Linux Foundation Mentee, where they worked on enhancing the Zowe Python SDK, an open-source framework for interacting with mainframes. The speaker highlights the technical expertise gained, the collaborative open-source environment, and the mentorship experience, expressing gratitude to the Linux Foundation and their aspirations to become a leading voice in the open-source community and a research scientist in AI and computational neuroscience. back to top

The Case for an SoC Power Management Driver - Stephen Boyd, Google The presenter proposes an SoC Power Management Driver to address the complexity of power management in device tree-based systems. The key idea is to introduce a middleware layer using generic power domains that can coordinate power sequencing and resource management across different kernel subsystems, without requiring changes to existing device tree bindings. back to top

Exploring the Potential of Zephyr in Automotive and Software Defined Vehicles - Philipp Ahmann, R... The presentation explores the potential of using the Zephyr RTOS in the automotive industry, particularly in the context of software-defined vehicles. It highlights the benefits and challenges of integrating Zephyr into the conservative and standards-driven automotive ecosystem, as well as the opportunities presented by emerging trends such as centralization, multi-core microcontrollers, and the need for increased connectivity and software updates. back to top

Lightning Talk: The CFU: Custom Hardware with RISCV and Zephyr - Mohammed Billoo, MAB Labs Embedd... The talk discusses the Custom Function Unit (CFU) feature in the RISC-V instruction set architecture, which allows offloading functionality from software to hardware for performance improvements. The speaker demonstrates integrating the CFU with the Zephyr operating system and explores opportunities for hardware-accelerated functions, including machine learning and CPU-independent features. back to top

Lightning Talk: Open Source Fleet Management in Zephyr - Maciej Sobkowski, Antmicro This talk presents an open-source fleet management solution, RDM (Remote Device Fleet Manager), that supports various platforms including Linux, Android, and Zephyr. RDM provides a modular architecture with a centralized API for managing device fleets, enabling over-the-air (OTA) updates and firmware management, particularly focused on the Zephyr RTOS. back to top

Lightning Talk: Zephyr Portability with an AI Application on Very Different MCUs - Ales Ryska, NXP This talk explores the portability of Zephyr, an open-source real-time operating system, by showcasing a facial detection demo running on two vastly different NXP microcontroller platforms. The presentation highlights how Zephyr's hardware abstraction layer and device tree configuration enable seamless porting of the application, leveraging the powerful neural processing unit (NPU) on the M6N platform for efficient inference. back to top

Optimized String Processing in RISC-V: How Toolchain Improvements Can Boost Performance - Christo... This talk discusses optimized string processing in RISC-V architectures, focusing on improvements to the toolchain that can boost performance. The speaker presents a strategy for optimizing string functions using SIMD-within-a-register techniques and demonstrates the implementation and impact of these optimizations in GCC and GLibC. back to top

Surviving 19 Jan 2038 on 32 Bit Platforms: Lessons Learned and Common Problems - Alexander Kanav... This presentation discusses the challenges of surviving the 2038 problem, where 32-bit systems will face issues due to the limited representation of time. The speaker outlines the necessary steps to address this problem, including updates to the kernel, C library, and user space components, as well as the importance of comprehensive testing to ensure the system's resilience beyond 2038. back to top

Lightning Talk: From Ideas to 3 Firmwares Powering Railway-Infrastructure Monitoring... Tobias Meyer This talk discusses the development of three different firmware solutions to enable railway infrastructure monitoring over the past two years. The speaker highlights the use of the Zephyr RTOS, its advantages, and the lessons learned during the firmware development process. back to top

Messing up Your NUMA Topology with CXL - Hannes Reinecke, SUSE Linux The talk discusses the complexities of NUMA (Non-Uniform Memory Access) topology and how the introduction of CXL (Compute Express Link) technology can further complicate the memory management and IO handling in modern computer systems. The speaker explores the challenges in optimizing performance and resource utilization in such a complex hardware landscape, highlighting the need for new approaches to memory allocation and IO scheduling. back to top

Milvus: Scaling Vector Data Solutions with Gen AI - Stephen Batifol, Zilliz This talk provides an overview of Milvus, a scalable vector database solution for AI and machine learning applications. The speaker discusses Milvus's architecture, indexing strategies, and use cases, highlighting its ability to handle billions of vectors and support various search types, including semantic search and hybrid search. back to top

How Will IPCEI-CIS Redefine Open Source in the EU? - Alberto P. Martí, OpenNebula Systems The video discusses the IPCEI-CIS (Important Project of Common European Interest on Next Generation Cloud Infrastructure and Services), a major European initiative to develop an open-source, decentralized cloud infrastructure that aims to reduce Europe's reliance on non-EU cloud providers. The project involves 12 EU member states and over 100 companies collaborating to build a European alternative to the dominant hyperscaler cloud platforms, with the goal of enhancing Europe's digital sovereignty and fostering the development of European open-source technologies. back to top

Panel Discussion: Do One Thing, and Do It Well: Special Purpose OSes Apply the Unix App Philosoph... This panel discussion explores the concept of special purpose operating systems, which are highly specialized and optimized for specific workloads and use cases. The panelists represent a diverse range of these operating systems, each with its own unique approach to achieving efficiency, security, and ease of use. back to top

Keynote: Welcome & Opening Remarks - Gabriele Columbro, GM, Linux Foundation Europe & Special Guests The keynote covers the growing importance and maturity of open source, highlighting the role of trust in enabling open source projects to have global impact. It announces several new initiatives by the Linux Foundation, including the Open Search Software Foundation, the Developer Relations Foundation, and the LF Decentralized Trust, which aims to advance blockchain and decentralized technologies. back to top

Decentralized Identity

Decentralized Identity Landscape: Communities, Projects, Technologies, and Tools - Markus Sabadello, The presentation provides an overview of the decentralized identity landscape, including the evolution of digital identity, key technologies like decentralized identifiers and verifiable credentials, and various projects and initiatives in this space, particularly within the European Union. The speaker discusses the potential of these technologies to enable self-sovereign identity and enable new models of data exchange and collaboration. back to top

Developer Experience

DevSecOps Transformation at Speed and Scale Using Tekton - Caroline Cameron & Tony Higham, IBM This session presents IBM's DevSecOps transformation journey, showcasing how they onboarded over 150 teams to a centralized, standardized platform for security and compliance using Tekton. The platform provides comprehensive security and compliance capabilities, with a focus on ease of use for developers and continuous improvement through community contributions and enhancements to Tekton. back to top

OpenPrinting - We Make Printing Just Work! - Till Kamppeter, OpenPrinting / Canonical The video discusses the work of the OpenPrinting project, led by Till Kamppeter, to make printing just work on Linux and free software. It covers the project's efforts to design the printing architecture, implement standards, support driverless printing, and integrate printing support into desktop environments, as well as the project's history and future plans. back to top

Level Up Your Embedded Testing Game – Christian Schlotter, ZEISS & Tobias Kästner, inovex This talk presents an approach to level up embedded testing using a combination of the NASA FRET tool for requirements engineering, the Robot Framework for automated testing, and the Zephyr RTOS ecosystem. The speakers demonstrate how they have integrated these open-source tools to enable traceability from requirements to executable test cases, enabling more robust and reliable development of medical devices. back to top

Container Development Client for Reproducible Artifacts - Harsh Thakur, Civo & Kunal Verma The talk presents a container development client called Build Safe that aims to address issues in the current container ecosystem, such as lack of reproducibility, vulnerability management, and flexible package management. The speaker demonstrates how Build Safe leverages tools like Nix and Lima to provide a seamless development experience and build secure, reproducible container artifacts. back to top

How Is Integration Testing in Hybrid Cloud Possible? - Joe Winchester, IBM The video discusses how integration testing in a hybrid cloud environment is a major challenge, and introduces an open-source project called Gassa developed by IBM to address this challenge. The project aims to automate 80% of enterprise testing, which is currently primarily manual, and has been adopted by several banks and financial institutions. back to top

Combining the Best of Two Worlds: From TF-IDF to Llama LLM - William Arias, GitLab This presentation discusses how to combine traditional natural language processing techniques, such as TF-IDF, with large language models like Llama to solve a real-world problem of understanding customer questions and pain points. The speaker demonstrates a practical approach that leverages domain knowledge, custom entity recognition, and retrieval-based augmentation to generate human-readable insights from a large dataset of customer questions. back to top

Learning by Example: Highlights from Google Season of Docs - Erin McKean, Google The presentation highlights the key learnings from the Google Season of Docs program, a grant initiative aimed at improving documentation in open-source projects. The speaker discusses the program's goals, the types of documentation created, the challenges faced by project maintainers, and the importance of honest case studies in helping other projects learn from their experiences. back to top

How to Enable Android (AOSP) on Your Developer Board - Mattijs Korpershoek, BayLibre This presentation covers the steps to enable Android (AOSP) on a developer board, including obtaining the source code, building the kernel, configuring the bootloader, and addressing various hardware-specific requirements such as graphics, audio, and power management. The presenter walks through the process in detail, highlighting the challenges and customizations needed to get a functional Android system running on the target hardware. back to top

ELinux Wiki BOF - Tim Bird, Sony Electronics The video discusses the ELinux Wiki, a repository for embedded Linux conference materials and resources. The speaker proposes ideas to revive and improve the wiki, such as cleaning up outdated content, establishing better governance, and funding projects to maintain and promote the wiki. back to top

Lightning Talk: Kustomize Your Operator - Moritz Wanzenböck, LINBIT The talk discusses how to leverage Kustomize to enhance the customizability of Kubernetes operators. It highlights the benefits of providing users with a generic patch option to tailor the operator's deployment to their specific needs, while also addressing potential challenges and best practices. back to top

AOSP Developers Birds of a Feather - Chris Simmonds, 2net Ltd The video discusses the challenges and opportunities for the AOSP (Android Open Source Project) developer community. The session explores ways to build a stronger community, improve contribution processes, and address pain points in the Android build system. back to top

FX Mentorship Showcase Speakers: Asmit Malakannawar, prateek singh, Deepesha Burse, Akshay Gaikwa... This video showcases the work of various mentees who participated in the LFX Mentorship program, covering a wide range of topics from empowering newcomers to the open-source community, to improving the documentation and user experience of the Oras project, to securing containers, and even contributing to the Linux kernel. The presentations highlight the mentees' technical skills, problem-solving abilities, and their valuable contributions to the open-source ecosystem. back to top

Developing on Containers with Dev Containers - Hrittik Roy, Loft Labs This talk explores the benefits of using Dev Containers, a specification for defining development environments, and Deport, an open-source tool that simplifies the management of these environments. The presentation highlights how Dev Containers and Deport can improve developer experience, streamline onboarding, and reduce infrastructure costs by providing a self-service, cloud-powered solution for development environments. back to top

How to Make Your Kubernetes Add-Ons Management Painless in Multi Cloud - Eleni Grosdouli & Gianlu... This talk explores how to manage Kubernetes add-ons in a multi-cloud environment using Felos, a Kubernetes add-on controller that simplifies the deployment and management of various add-ons across a fleet of clusters. The presenters demonstrate how Felos can handle challenges like deployment order, dynamic manifest population, and multi-environment management, providing a seamless and painless experience for Kubernetes add-on management. back to top

Getting Linux Distros to New Architectures - Bernhard Rosenkränzer, Baylibre This talk discusses the challenges and techniques involved in porting Linux distributions to new hardware architectures, such as ARM64 and RISC-V. The speaker showcases the approach taken by the Open Mandriva project, including the use of cross-compilation toolchains, building a minimal OS for bootstrapping, and creating customized boot images for different devices. back to top

The Devboards Community for Android - Amit Pundir, Linaro Ltd. This presentation discusses the Devboards Community for Android, an initiative to enable a collaborative workspace for Android system developers working on AOSP development boards. The project aims to consolidate resources, share knowledge, and co-develop generic software solutions across multiple devices to benefit the entire AOSP ecosystem. back to top

The Power of Mentorship: Your Path to Open Source Success - Stephanie Taylor, Google The presentation discusses the power of mentorship programs in open-source software development, highlighting three major initiatives: Google Summer of Code, Outreachy, and the Linux Foundation Mentorship Program. The speaker emphasizes the importance of these programs in lowering the barrier to entry, developing skills, and fostering diverse participation in open-source communities. back to top

Who Owns This Code? Navigating Code Ownership from Inner to Open Source - Clare Dillon & Tom Sadler This talk explores the complex and multifaceted concept of code ownership, discussing legal, psychological, and practical aspects of managing code ownership in collaborative software development. The speakers share insights from research and their experiences at the BBC, highlighting the importance of clear ownership models, communication, and a culture of collaboration to ensure effective and sustainable code management. back to top

Panel Discussion: Advancing Innovation Through Open Source: Lessons from the Vertical Industries This panel discussion covers the key role of open source in driving innovation across different industries, particularly the energy and government sectors. The panelists share insights on the challenges, best practices, and the evolving role of open source program offices in fostering open collaboration and accelerating digital transformation within their organizations. back to top

Hidden in Plain Sight: Corner Case Defects - Robert Altnoeder, LINBIT HA-Solutions GmbH This talk explores the concept of 'corner case defects' - problems in code that may not be immediately apparent or tested for, but can lead to unexpected and sometimes surprising behavior. The speaker presents several real-world examples of such defects, ranging from simple counting bugs to issues with parsing and interprocess communication, and discusses strategies for avoiding and detecting these types of issues in software development. back to top

How to Drive Consensus & Transparency in OpenSource Communities - Jill Lovato & Trishan de Lanerolle The presentation discusses strategies for fostering transparency, inclusivity, and engagement in open-source communities to drive consensus. Key topics covered include finding the community's North Star, clear communication, active listening, and managing conflicts through mediation and documented decision-making processes. back to top

Progressive Application Delivery: Istio Ambient Mesh and Argo Rollout in Action - Lin Sun, solo.io This talk explores progressive application delivery using Istio Ambient Mesh and Argo Rollout. The speaker demonstrates how to gradually roll out new versions of a microservices-based application, leveraging features like traffic shifting, canary deployments, and observability provided by these technologies. back to top

Sponsored Session: How We Built GLIDE - Mickey Hoter & Madelyn Olson, Amazon Web Services This talk discusses how AWS built the open-source GLIDE client for the Valkyrja and Redis databases. The key focus is on the unique architecture of GLIDE, which uses a Rust-based core with language-specific wrappers, enabling a consistent experience across different programming languages and simplifying maintenance and feature development. back to top

Panel Discussion: How to Chart Your Own Career Path in Open Source - Ildiko Vancsa The panel discussion explores strategies for charting a career path in open source, emphasizing the importance of active involvement, visibility, and adaptability in navigating the evolving job market. The panelists share insights on leveraging open source projects for skill development, building connections, and aligning career goals with company objectives. back to top

Panel Discussion: Creating your Community Mentorship Program - Stephanie Taylor & Maria Cruz This panel discussion covers the design, goals, impact, and challenges of running community mentorship programs in open source, such as Google Summer of Code, Outreachy, and others. The panelists share insights on measuring program success, avoiding mentor burnout, and securing funding for these initiatives that aim to increase diversity and inclusion in open source communities. back to top

Cross Industry Demands and Collaboration Opportunities - Phillip Ahmann & Olivier Charrier This talk explores the challenges and opportunities of integrating open source software into safety-critical systems across industries. The speakers discuss the safety standards, collaboration efforts, and practical solutions being developed through the Elisa project to enable the use of open source, particularly Linux, in safety-critical applications. back to top

Promoting Group Wide Open Source Activity Within Sony - Kazumi Sato & Masayuki Kuwata The presentation discusses Sony's efforts to promote group-wide open source activity by identifying common key open source projects across their diverse business entities. It highlights the importance of aligning open source strategies with the company's overall direction, fostering collaboration among different entities, and engaging with external open source communities to drive standardization and interoperability. back to top

New Dev, Old Codebase: A Series of Mentorship Stories - Carmen Huidobro, DevCraft Academy This talk explores the power of mentorship in the tech industry, highlighting the various forms it can take and the benefits it offers both mentors and mentees. The speaker shares personal experiences and practical strategies to foster meaningful mentorship relationships, emphasizing the importance of empathy, communication, and a collaborative learning environment. back to top

What Makes a Good or Bad Open Source Experience - Ildiko Vancsa & Philip Robb The speakers discuss the challenges and best practices of the open-source ecosystem, highlighting the importance of community, corporate involvement, security, and sustainability. They emphasize the need for education, collaboration, and a balanced approach to ensure the continued success and growth of open-source software. back to top

Understanding Cultural Differences When Approaching OSS - Daniel Izquierdo Cortázar & Willem Jiang This talk explores the cultural differences between Western and Eastern societies, particularly Chinese culture, and how they impact participation in open-source communities. The speakers discuss strategies for bridging these gaps, such as building local communities, fostering cultural curiosity, and leveraging communication tools to facilitate cross-cultural collaboration. back to top

Mesa3D Unveiled: From glDrawArrays to GPU Magic - Christian Gmeiner, Igalia The talk provides an in-depth overview of the Mesa3D graphics stack, exploring how it bridges the gap between high-level graphics APIs and GPU execution, unlocking the 'GPU magic' that powers embedded systems. The speaker delves into the architecture of Mesa3D, including shader compilation and command stream management, highlighting its importance for long-term support and security in the embedded space. back to top

Testing, a Journey from Testing Kernels to Testing Debian and Yocto - Sudip Mukherjee, Codethink Ltd This talk presents a comprehensive approach to testing, from testing Linux kernels to testing Debian and Yocto distributions. The speaker discusses the evolution of their testing practices, the integration of tools like Gitlab, Lava, and OpenQA, and the challenges faced in automating the testing of graphical interfaces on Raspberry Pi and Yocto-based systems. back to top

Give Me Back My GPIO Persistence Intro to the libgpiod GPIOManager - Bartosz Golaszewski, Linaro This talk introduces the libgpiod GPIOManager, a new user-space solution for managing GPIO persistence and control. The speaker discusses the limitations of the current GPIO character device interface and presents the GPIOManager as a centralized, daemon-based approach that provides a more user-friendly and persistent GPIO management experience. back to top

Pinctrl and GPIO - Interactions and Footguns - ChenYu Tsai, Google LLC The talk discusses the interactions and potential pitfalls between the pinctrl and GPIO subsystems in the Linux kernel. It highlights issues with the implementation of strict mode, pin configuration options, and the interplay between the two subsystems, and suggests improvements to ensure consistent and correct behavior across different hardware platforms. back to top

How to Generate Test-Cases and Data Mocks for Microservices at Kernel Using eBPF - Neha Gupta & A... This talk presents a novel approach to generating test cases and data mocks for microservices using eBPF, a powerful Linux kernel technology. The speaker discusses the challenges of traditional testing methods and how Klo, their open-source tool, can record and replay production traffic to create realistic test scenarios without the need for complex setup or synthetic data generation. back to top

BoF: The Yocto Project and OpenEmbedded - Josef Holzmayr & Philip Balister This session covers the Yocto Project and OpenEmbedded, including updates on the project, community involvement, and tips for working with the build system. The presenters encourage audience participation, provide updates on upcoming events, and address common questions and challenges faced by developers using these tools. back to top

Automated Testing & Board Farming - Rouven Czerwinski and Jan Lübbe, Pengutronix This talk covers the use of automated testing and board farming in embedded development, with a focus on the Labgrid tool and its features for interactive kernel development and CI/CD workflows. The presenters discuss strategies for handling boards with limited availability, managing file system snapshots, and sharing test equipment across multiple teams. back to top

Eight Years of Farming; Is EveryboArDy Happy? -nGeert Uytterhoeven, Glider bv This presentation discusses the speaker's experience in building and maintaining a board farm for embedded Linux development over the past eight years. The talk covers the evolution of the board farm, the challenges faced in terms of power management, remote access, and supply chain issues, as well as the speaker's vision for the future of the board farm. back to top

Building and Maintaining Binary Distributions with Yocto - Michael Opdenacker, Root Commit This talk discusses the support for binary distributions in the Yocto Project, including the comparison between binary and custom root file systems, the packaging formats supported, and the recent features added to Yocto to improve binary distribution support. The speaker also shares their experience as a contributor to the Yocto Project and the goals of their new company, Root Commit, to contribute to open-source projects and provide Linux training. back to top

How to Contribute a Zephyr Sensor Driver - Maureen Helm, Analog Devices This talk provides a comprehensive overview of how to contribute a new sensor driver to the Zephyr project. It covers the key components of a sensor driver, including device tree bindings, Kconfig options, the sensor driver API, and device runtime power management, as well as the testing and contribution processes involved. back to top

Panel Discussion: Outreachy Linux Kernel Internship Report - Julia Lawall, Inria; Hans Verkuil, C... This panel discussion provides an overview of the Outreachy Linux Kernel Internship program, including its history, goals, application process, and the experiences of past interns. The discussion covers the impact of the internship on the interns' careers, the challenges faced by mentors, and the importance of the initial project design in the success of the internship. back to top

Panel Discussion: Measuring the Health of Open Source Projects in Public Health - Cynthia Lo This video discusses the development and deployment of an open-source dashboard to measure the health of the World Health Organization's (WHO) open-source projects. The dashboard, created through a partnership between GitHub and WHO, aims to provide visibility into key metrics such as collaboration, licensing, and issue management to help the WHO better support and engage with its open-source community. back to top

Panel Discussion: The Next Phase in OSS - Samson Goddy, Oluebube Princess Egbuna, Edidiong Askipo This panel discussion explores the current state and future potential of open-source software (OSS) in Africa and the global South. The panelists discuss the shift from advocacy to commercialization and project-building, as well as the challenges of retaining talent and building sustainable local OSS initiatives. back to top

Lightning Talk: How to Create an Asset Tracker With Zephyr and Thingsboard In No... Tobias Marquardt This talk demonstrates how to create an asset tracker using the Zephyr RTOS and the ThingsBoard IoT platform. The speaker covers the key components of the system, including the device hardware, positioning, wireless communication, cloud platform, and data visualization, and provides a working sample application as a starting point for developers. back to top

Lightning Talk: Delta Firmware Over The Air (DFOTA) Update: Optim... Romain Pelletant & Clovis Corde The presentation describes a Delta Firmware Over The Air (DFOTA) update solution developed by Kick Maker, an embedded design agency and industrialization partner. The solution focuses on reducing the update size by generating and applying a patch instead of a full firmware update, using the BDF differential algorithm and the H-ring compression algorithm to achieve a smaller footprint on embedded devices. back to top

Tutorial: How to Win Friends & Influence LLMs (with Prompt Engineering) - James Busche, IBM This tutorial explores the use of prompt engineering techniques to effectively leverage large language models (LLMs) for various applications. The presenter demonstrates how to fine-tune LLM parameters, utilize retrieval-augmented generation (RAG), and leverage pre-trained models to address challenges in areas such as text summarization, sentiment analysis, and code generation. back to top

Zephyr Build System: Sysbuild and New Hardware Model - Torsten Tejlmand Rasmussen, Nordic Semicon... The presentation discusses the new hardware model and sysbuild (CIS build) introduced in the Zephyr build system. It highlights the improvements in board management, multi-image builds, and the integration of CIS build with existing Zephyr features. back to top

Innovating in Open Source in Your Enterprise - Daniel Doubrovkine, Amazon Web Services The talk discusses the challenges and strategies for enterprises to innovate in open-source software. It emphasizes the importance of aligning business models, bridging the gap between enterprise and open-source development practices, and leveraging the collective expertise of the open-source community to drive innovation and create industry standards. back to top

Design Thinking: Generative AI Style - Martin Hickey & Donal Madden, IBM This talk explores the use of design thinking and generative AI to enhance the product development process. It showcases how AI agents can assist product owners and engineering teams in generating epics and user stories, complementing human expertise and accelerating the implementation of customer-centric solutions. back to top

Generative Conversational AI Interoperability - Diego Gosmar, OpenVoice Interoperability, LF AI&DATA This talk presents a framework for enabling interoperability between different conversational AI models and agents, allowing them to collaborate and share information to provide a more comprehensive user experience. The proposed open-source solution leverages a standardized JSON-based API and a discovery mechanism to facilitate seamless communication between diverse AI systems, addressing the challenges of scalability and data access in the growing landscape of conversational AI technologies. back to top

Panel Discussion: Bring Your Product Manager to the Open Source Party - Nithya Ruff This panel discussion explores how product managers and business leaders can be more involved in open source strategy and decision-making within their organizations. The panelists share insights on aligning open source efforts with business goals, measuring the impact of open source contributions, and building consistent open source policies and practices across the company. back to top

VSCorode: Inside Your IDE, Inside Your Git Repository - Kevin Ward & Fabian Kammel, ControlPlane This talk explores the evolution of IDEs, the rise of VS Code, and the security implications of the increased functionality and integration within modern IDEs. The presenters demonstrate a malicious VS Code extension that can steal credentials and provide security advice for enterprises looking to use VS Code securely. back to top

Bridging the Gap: Incorporate OpenSource In Product Managers Toolbox - Philipp Ahmann, Robert Bosch The presentation discusses how product managers can incorporate open source into their toolbox, addressing concerns around risk, liability, and compliance. It covers various frameworks and models, such as PESTEL, SWOT, and Kano, to help evaluate the opportunities and challenges of using open source in product development. back to top

From Vision to Action: PagoPAs Journey Towards Open Source Leadership - Leonardo Favario, PagoPA Spa The talk discusses PagoPA's journey towards open source leadership within the Italian government ecosystem. It highlights the company's efforts to establish an open source program office, develop an open source maturity model, and foster collaboration with small and medium enterprises to drive digital transformation across public administrations. back to top

Tutorial: Build AI-Supercharged RAG Apps with a Vector Database - JP Hwang, Weaviate This tutorial demonstrates how to build AI-powered applications using a vector database, Weaviate, and retrieve-augmented generation techniques. The presentation covers various search methods, including vector, keyword, and hybrid searches, as well as how to perform retrieval-augmented generation to combine search results with language models for more accurate and up-to-date outputs. back to top

Track Keynote: TODO Updates & Announcements - Ana Jiménez Santamaria & Zhang Yiyang The video discusses the importance of open source strategy and the role of the TODO group in promoting it. It highlights the benefits of open source adoption, the challenges organizations face, and the collaborative efforts of the TODO community in sharing best practices and case studies. back to top

Sponsored Session: How to Make Your First Contribution to a CNCF Project - Daniel Krook This talk provides an overview of the Cloud Native Computing Foundation (CNCF) and its role in hosting and supporting open-source projects. It outlines various ways for new contributors to get involved, including reporting bugs, submitting code patches, and providing non-technical contributions, and highlights the benefits of building a portfolio of open-source contributions. back to top

Simplifying Generative AI App Development Why Standards Matter - Katherine Druckman & Ezequiel Lanza The video discusses the challenges of developing generative AI applications and introduces the Open Platform for Enterprise AI (OPIA), a vendor-neutral, interoperable platform that helps simplify the deployment of end-to-end AI applications. The presenters demonstrate how OPIA's reference architecture and microservices-based approach can help tame the complexity of working with various AI frameworks and models. back to top

From Data Tsunami to Actionable Insights - Dawn Foster, CHAOSS & Cali Dolfi, Red Hat This talk explores how open source projects generate a 'data tsunami' and how to turn that data into actionable insights to improve project health. The speakers discuss using metrics, data visualizations, and a series of practitioner guides from the CHAOSS project to help identify and address challenges around project responsiveness, contributor sustainability, organizational diversity, and security. back to top

Open Source for the Greater Good - Cynthia Lo, GitHub & Gia Coelho, Ruby for Good This talk explores the unique challenges and opportunities of building open-source software for the social sector, which encompasses non-governmental organizations, UN agencies, and others working towards the UN's Sustainable Development Goals. It highlights key differences in areas like interoperability, monitoring and evaluation, and resource sustainability, as well as initiatives like the Digital Public Goods Alliance that aim to support the discovery and deployment of open-source solutions for social impact. back to top

Open Source Software Engineering Education - Stephen Walli, Microsoft The speaker discusses his experience in creating an open-source software engineering education program, focusing on the importance of mentorship, social learning, and building communities of practice. He also explores the broader implications of this approach for software engineering education and the industry, highlighting the need to address the dilution of software engineering theory and the importance of understanding the 'why' behind software development. back to top

1 Billion Dollars for Open Source Maintainers - Tobie Langel, UnlockOpen The talk proposes a shift in mindset around open-source maintenance, arguing that a billion dollars per year could be dedicated to professionalizing maintenance, which is distinct from innovation. The speaker suggests creating new entities and funding models to support open-source maintainers and their work, rather than solely relying on volunteer efforts. back to top

BoF: Collaboration with Universities and Enterprises OSPO: What's Next? - Jonas van den Bogaard... The panel discusses the collaboration between universities and enterprises in the open source space, highlighting the challenges and opportunities in bridging the gap between academia and industry. The panelists share their perspectives on the role of open source in fostering innovation, the importance of sustainable open source projects, and the need for effective intellectual property management in these collaborations. back to top

Panel Discussion: Measuring Suc... - Sean Goggins, Clare Dillon, Michael P. Nolan, Sayeed Choudhury The panel discussion explores the unique challenges and opportunities of measuring success in academic open-source software (OSS) projects. Panelists discuss the differences between academic and industry OSS, the importance of aligning metrics with institutional goals, and the need for new tools and frameworks to support the diverse use cases and timelines of academic OSS. back to top

How Can We Define the Value of Open Source Work? - Sophia Vargas, Google The speaker explores the challenges of defining the value of open-source work, drawing insights from various software development and economic models. They highlight the subjective and context-dependent nature of value, emphasizing the need for a multi-faceted approach that considers both quantitative and qualitative metrics to capture the diverse benefits and contributions within open-source communities. back to top

German Administration and Open Source - Thomas Fricke, Independent The video discusses the German government's efforts to adopt open-source technologies and strategies for digital sovereignty. It highlights the challenges faced, such as resistance to cloud-native approaches, and the progress made in projects like Open Desk, a cloud-native desktop solution for the German administration. back to top

Lightning Talk: The BlueHats Awards: Funding Open Source Critical Li... - Bastien Guerry & Jos Oever The video discusses the BlueHats Awards, a program initiated by the French government to fund and support critical open-source software projects that are widely used in the public sector. The program collaborates with the NLnet Foundation to manage the award process, provide financial support, and promote the recognized projects, addressing the challenge of funding open-source maintenance and development within the constraints of public procurement. back to top

A-Typical but Fruitful Public Sector Collaborations Through OSPO's - Nico Rikken & Karel Rietveld This presentation discusses the collaboration between the Dutch Tax Office and the Alander energy company in establishing open source program offices (OSOPs) and the challenges they faced in areas like software composition analysis, policy development, and community building. The speakers share their experiences in overcoming organizational differences, standardizing software bill of materials (SBOMs), and working towards open sourcing government software in the Netherlands. back to top

Start Building Distributed Applications with Ease Using Building Block APIs - Marc Duiker, Diagrid Dapper is a distributed application runtime that abstracts away the complexity of building distributed applications by providing a suite of building block APIs for communication, state management, and more. The presentation demonstrates how Dapper's flexible and swappable component model allows developers to easily build and deploy distributed applications without worrying about the underlying infrastructure. back to top

Lightning Talk: From Spark to Flame: How Ideas and Collaboration...- Nikki Winands & Alain Schoovers This lightning talk shares the journey of two government employees who sought to create a design system ecosystem within the public sector. They faced challenges around culture, risk aversion, and policy-driven mindsets, but were able to overcome these by inspiring others, building a coalition of stakeholders, and daring to dream big. back to top

Fast & Furious: From Zero to Open Source Community in 9 Weeks - Martin Hickey, IBM This talk describes the journey of creating an open-source community from scratch in just 9 weeks, highlighting the challenges and lessons learned in building a collaborative platform for tuning large language models. The speaker emphasizes the importance of people over technology, and invites the audience to get involved in the community. back to top

Panel: What is...- Ana Santamaría, Nicholas Gates, Fiona Krakenbürger, Bastien Guerry, Alberto Martí This panel discussion explored the opportunities and challenges for open source collaboration in the European public sector. The panelists discussed the need for greater investment, policy coordination, and community-building to ensure the long-term sustainability and impact of open source initiatives in government. back to top

An Unprecedented Partnership Between the Linux Foundation and the United Nat.. - Daniel Goldscheider The video discusses the partnership between the Linux Foundation and the United Nations to create the Open Wallet Forum, a platform for governments and companies to collaborate on digital wallet standards and infrastructure. The goal is to provide a neutral, interoperable, and privacy-preserving solution for digital identity and credentials, addressing the challenges of reliance on proprietary platforms and the need for digital sovereignty. back to top

Panel Discussion: The Parallel Universes of ISPOs an... - Clare Dillon, Tom Sadler, Russell Rutledge This panel discussion explores the parallel universes of inner source program officers (ISPOs) and open source program officers (OSPOs), highlighting the similarities, differences, and opportunities for collaboration between these two roles. The panelists share their experiences, insights, and practical advice on the governance, culture, and skills required to effectively support inner source and open source initiatives within large organizations. back to top

Transforming the Future: Open Source Innovations for Digital Public Goods & Infra... - David Manset The presentation discusses the Open Source Ecosystem Enabler project, a collaboration between the ITU and UNDP to support countries in developing digital public goods and infrastructure using open-source solutions. The project aims to build a comprehensive training framework, deploy open-source program offices in selected countries, and create a network of affiliates to promote the use of open-source technologies for achieving the UN Sustainable Development Goals. back to top

Our First Steps Establishing an Open Source Program Office - J. Manrique Lopez, INDITEX This talk discusses the journey of Inditex, a major fashion retailer, in establishing an Open Source Program Office (OSPO) over the past three years. The speaker highlights the challenges of introducing open source collaboration in a non-IT-centric company, the importance of building internal communities, and the strategies employed to drive adoption, compliance, and visibility of open source initiatives within the organization. back to top

Building a Digital Workplace for Civil Servants - Olivier Delteil, Dinum This video presents an initiative by the French government to develop a digital workplace for civil servants, leveraging open-source technologies and international collaboration to create a suite of applications and tools that address the specific needs of public administration. The project aims to provide a flexible and interoperable solution that enhances the efficiency and collaboration of civil servants, while also exploring the potential for these tools to serve as alternatives to commercial offerings. back to top

Open Source Governance for Software Engineers - Tobie Langel, UnlockOpen This talk explores the concept of governance in open-source projects, demystifying it and providing a practical, code-inspired approach to writing and maintaining project governance. The speaker emphasizes the importance of formalizing implicit norms and culture, delegating authority, and applying coding best practices to create flexible and maintainable governance structures. back to top

Who Broke the Build? — Using Kuttl to Improve E2E Testing and Release Faster - Ram Mohan Rao Chukka The presentation discusses the use of Kuttl, an open-source tool for improving end-to-end testing and faster release cycles. The speaker shares how Kuttl has helped the JFrog team to automate the creation and management of development environments, enabling developers to test their applications locally and reproduce production issues more effectively. back to top

Next-Gen Documentation with AI - Hema Veeradhi, Red Hat The talk discusses the evolution of documentation and the potential of large language models (LLMs) to enhance documentation tasks. It covers the implementation and deployment of LLM applications, evaluating their performance, and the challenges and limitations of using LLMs for documentation. back to top

Documentation Templates: A Helpful Aid or an Obstacle - Lana Novikova, JetBrains The speaker discusses the benefits and limitations of using documentation templates, highlighting how they can improve consistency, streamline processes, and onboard newcomers, while also potentially limiting creativity. The presentation covers various use cases for templates and introduces the Good Docs project, an open-source initiative aimed at providing resources and templates to help improve documentation quality. back to top

Stabilizing Chromium's Wayland Support: Implementing and Testing Fallback Tab Drag... Max Ihlenfeldt The talk discusses the efforts to stabilize Chromium's Wayland support, with a focus on implementing and testing fallback tab dragging. It covers the motivation for Chromium on Wayland, the current state of Chromium's Wayland support, the Wayland protocol and its extensions, and the challenges and solutions in implementing and testing fallback tab dragging on Wayland. back to top

Tackling Language Barriers in Open Source Docs: A Case Study of openEuler's... Helen Liu & Wang Jing The presentation discusses the challenges of tackling language barriers in open-source documentation, using the case study of the openEuler project. The speaker, Helen Liu, shares the strategies and approaches adopted by the openEuler community to make their content more accessible to a global audience, including translation workflows, content visualization, and developer experience improvements. back to top

Keynote: Linus Torvalds in Conversation with Dirk Hohndel In this conversation, Linus Torvalds and Dirk Hohndel discuss the evolution of the Linux kernel, the integration of Rust, and the challenges of maintaining a large open-source project. They also explore the importance of attracting and nurturing the next generation of contributors to ensure the sustainability of the Linux ecosystem. back to top

Online Hands-on Tech Docs, the Easy Way! - Jorge Morales Pou, Broadcom This presentation discusses the benefits and challenges of implementing hands-on training platforms for software documentation. The speaker highlights the importance of providing a seamless user experience, ensuring secure sandboxing, managing time constraints, and addressing the needs of content authors when selecting or developing a hands-on training solution. back to top

Sponsored Session: Building the IDE Golden Path - Ben Potter, Coder The talk provides an overview of building an IDE Golden Path, a platform approach to managing developer environments and tooling. It covers the benefits, challenges, and strategies for implementing a consistent and secure development environment across an organization, including case studies and a maturity model for rolling out such a solution. back to top

Panel Discussion: How Stakeholders Across Government, Enterprise, & Civil Society can Accelerate... The panel discussion explored how stakeholders across government, enterprise, and civil society can leverage open source to accelerate the UN's Sustainable Development Goals. The key takeaways include the need to expand the open source community's reach, foster greater collaboration and empathy, and establish clear guidelines and models for public-private partnerships around open source initiatives. back to top

Embedded

Embedded Audio Policies Made Easy with WirePlumber - George Kiagiadakis, Collabora The video discusses the implementation of embedded audio policies using WirePlumber, a session manager for PipeWire. It highlights the key components of a use-case based policy, including associating application streams to use cases, mapping use cases to hardware, and arbitrating between multiple streams. back to top

Using Yocto to Debug Embedded Device Crashes - Etienne Cordonnier, Snap Inc The presentation discusses techniques for debugging embedded device crashes using the Yocto build system. It covers various approaches for managing debug symbols, utilizing systemd's coreDump functionality, and leveraging kernel dumps to investigate hard-to-reproduce crashes. back to top

Embedded Systems

Embedded Linux in EOD Robots - Lessons Learned - Marcin Bis, Łukasiewicz Research Network – Indus... This talk explores the challenges and lessons learned in using Embedded Linux in Explosive Ordnance Disposal (EOD) robots. The speaker discusses the evolution of these robots, the integration of hardware and software, the importance of safety-critical systems, and the ongoing efforts to maintain and update the systems for long-term deployment. back to top

Identity

The Future of Digital Identity - All You Need to Know About ID Wallets & How to... - Dominik Beron The presentation explores the future of digital identity, focusing on the rise of decentralized identity and identity wallets. It discusses the key trends driving this shift, including regulations, identity ecosystems, standards, developer tools, and the adoption of identity wallets, and showcases real-world use cases and a live demo of an open-source decentralized identity solution. back to top

Keynote

Keynote: European Digital Identity Wallet: The Open-Source European Stack for Secu...- Paolo De Rosa The European Commission is developing a European Digital Identity Wallet, an open-source framework that will provide secure identification, data storage, and digital signing capabilities for all EU citizens and businesses. This initiative aims to create a unified digital public infrastructure that enables digital transformation, improves inclusivity, and fosters innovation by encouraging public-private collaboration and open-source development. back to top

Keynote: Welcome Back - Gabriele Columbro, Executive Director, Fintech Open Source Foundation This keynote features Gabriele Columbro, the Executive Director of the Fintech Open Source Foundation, welcoming attendees to the conference. The keynote includes information about the day's schedule, including expert sessions, a women and non-binary lunch, and a raffle, as well as an introduction to a panel discussion on Kubernetes development. back to top

Keynote: Kernel Developer Roundtable - Alice Ryhl, Anna-Maria Behnsen, Dan Williams, Josef Bacik... This keynote discussion explores the challenges and progress of integrating the Rust programming language into the Linux kernel development process. The panelists, representing various kernel subsystems, discuss the technical and cultural hurdles, the benefits of Rust's safety guarantees, and the importance of improving kernel documentation and maintenance. back to top

Keynote: The Community of Intelligence - Bryan Che, Chief Strategy Officer, Huawei The speaker discusses the importance of the open-source community in addressing the challenges and opportunities presented by AI technology. He highlights various open-source ecosystems and collaborations that Huawei is involved in, including AI communities, regulatory bodies, and global initiatives, emphasizing the need for collective effort to harness the potential of AI while mitigating its risks. back to top

Keynote: How openEuler is Powering Tomorrow's AI/Smart Infrastructure - Xinwei Hu, Chairman of op... The keynote discusses how openEuler, a community-driven operating system, is powering the future of AI and smart infrastructure. The speaker highlights openEuler's converged container stack, heterogeneous OS support, and efforts to address the challenges of AI infrastructure, emphasizing the project's growth, global collaboration, and embedded solutions. back to top

Keynote: Welcome Back - Gabriele Columbro, Executive Director, Fintech Open Source Foundation (FI... This video is a keynote address by Gabriele Columbro, the Executive Director of the Fintech Open Source Foundation (FINOS), at a conference. The keynote covers upcoming events and activities at the conference, including a diversity lunch, ask-the-expert sessions, and an attendee reception, as well as an introduction to the next speaker, Omar Mossad, who will discuss how open source can drive the United Nations' sustainable development goals. back to top

Keynote: Introducing Hedera's Next Generation in Open Source - Dr. Leemon Baird, Co-Founder Hedera The video introduces Hedera's new open-source initiative, Hyro, which aims to create an independent, community-driven platform for the development and governance of Hedera's blockchain technology. The speaker invites the audience to get involved in the Hyro project, highlighting the various ways they can contribute, from participating in discussions to becoming maintainers and leaders of the project. back to top

Networking

VirtIo-Net PCIe Function Using Linux PCI Endpoint Framework - Shunsuke Mie, IGEL Co., Ltd. This presentation discusses the implementation of a VirtIO-Net PCIe function using the Linux PCI Endpoint Framework. The presenter introduces the VirtIO and Linux PCI Endpoint Framework, and then proposes a new driver architecture that addresses the issues with previous proposals, enabling efficient communication between two hosts over PCI. back to top

Multi-Cloud Global Content Distribution at Cloud Native Speeds - Jiri Kremser & Yury Tsarev This presentation discusses the open-source project Kubernetes Global Balancer (KGB), which provides a cloud-native solution for global content distribution and traffic steering across multiple cloud providers and on-premises environments. The project aims to solve the challenges of global server load balancing in a vendor-neutral, API-driven, and Kubernetes-native manner, offering features such as regional failover, load spreading, and geolocation-based content distribution. back to top

Data Networks Neutrality with OpenConfig: Unveiling Challenges and Practical... - Alfonso Rosas This talk explores the challenges and practical applications of data network neutrality using the OpenConfig initiative. The speaker discusses model-driven programmability, the Yang modeling language, and the benefits and limitations of the OpenConfig approach in real-world network management scenarios. back to top

Demystifying CNI Writing a CNI from Scratch - Filip Nikolic, Isovalent This talk demystifies the container network interface (CNI) by walking through the process of writing a CNI from scratch. The presenter explains the role of the CNI in container networking, its interaction with the container runtime interface (CRI), and demonstrates how to create a simple CNI implementation using Bash scripts. back to top

Lightning Talk: Implementing the Precision Time Protocol (PTP) in the Zephyr Proj... Adam Wojasiński The presentation discusses the implementation of the Precision Time Protocol (PTP) in the Zephyr Project. It covers the need for precise time synchronization, an overview of the PTP protocol, and the details of the Zephyr implementation, including the next steps for further development. back to top

Building a Hypervisor Firewall with nftables and Rust - Stefan Hanreich, Proxmox Server Solutions The talk explores the use of nftables, a unified interface for netfilter functionality, and Rust to build a hypervisor firewall. The speaker discusses the key features of nftables, such as its data structures and concatenations, and demonstrates how Rust can be used to dynamically generate and manage nftables rules in a hypervisor environment. back to top

Zephyr LPWAN Connectivity Options and When to Choose Them - Jordan Yates, Embeint This presentation explores the various low-power wide-area network (LPWAN) connectivity options available in the Zephyr operating system, including IP networking, Bluetooth Low Energy, LoRa, and IEEE 802.15.4. The speaker discusses the trade-offs between these technologies in terms of range, data rate, power consumption, and deployment requirements, providing guidance on when to choose each option based on the specific requirements of the application. back to top

Zephyr Network Subsystem Status and Overview - Jukka Rissanen, Nordic Semiconductor The presentation covers the current status and overview of the Zephyr Network Subsystem, including supported features, protocols, and services. It also discusses upcoming improvements and the involvement of the developer community in the project. back to top

Let Them Eat CAKES: A Sweet Dive Into a Modern Cloud Networking Stack - Krisztian Fekete, Solo.io This talk explores a modern cloud networking stack called 'CAKES', comprising several open-source projects like Cilium, Ambient, Kubernetes, Envoy, and Spire. The speaker highlights how these components can work together to provide a unified and consistent platform for application networking, addressing challenges faced during cloud migrations and enabling platform engineering practices. back to top

Deep Dive Into Traefik 3.0 - Emile Vauge, Traefik Labs The speaker provides a deep dive into Traefik 3.0, the latest version of the popular open-source reverse proxy and load balancer. He discusses new features such as integration with OpenTelemetry for observability, support for the Gateway API in Kubernetes, and the integration of WebAssembly (Wasm) for customizable plugins, highlighting the performance improvements and the focus on a smooth migration path from previous versions. back to top

Observability

Learning from Firefighters to Improve Systems Reliability - Kerim Satirli, HashiCorp This talk explores lessons that can be learned from firefighting practices to improve systems reliability. The speaker highlights the importance of strong communication, well-defined incident response protocols, and a culture of preparedness in building resilient systems. back to top

Lightning Talk: With Great Traces Comes Great Costs: How to Reduce That Bill? -Prashansa Kulshrestha This talk explores the challenges of distributed tracing and the associated costs, particularly as a system scales. The speaker shares their journey of experimenting with different sampling techniques, using custom sampling algorithms and open-source tools like the OpenTelemetry Collector, to reduce the tracing bill without compromising observability. back to top

Mastering Windows Monitoring in Kubernetes Environments - Mansi Kulkarni & Kanika Rana, Red Hat This talk explores the challenges of monitoring Windows nodes and containers in Kubernetes environments, and presents solutions using the Prometheus monitoring framework. It discusses the recent addition of Windows host process containers and how they simplify the deployment of monitoring tools like the Windows exporter. back to top

Panel Discussion: eBPF: A New Era in Cloud Infrastructure Tools - Liz Rice, Isovalent; Frederic... This panel discussion explores the capabilities and use cases of eBPF, a powerful kernel subsystem that enables dynamic and efficient infrastructure tools. The panelists discuss the performance benefits, operational challenges, and future developments of eBPF, highlighting its growing adoption in cloud-native environments and the opportunities for further innovation and contributions to the open-source ecosystem. back to top

Lightning Talk: Cognitive and SelfAdaptive System for Distributed Tracing - Susobhit Panigrahi This talk presents a cognitive and self-adaptive system for distributed tracing that aims to overcome the limitations of traditional sampling-based approaches. The system uses a tail-based sampling approach driven by a semi-supervised learning algorithm to intelligently retain traces of interest, helping enterprises effectively root-cause issues in complex, distributed systems. back to top

Traceability and Automation Examples With Basil - Luigi Pellecchia & Gabriele Paoloni The presentation discusses Basil, an open-source software quality management tool that helps manage requirements, test specifications, and traceability in open-source software development. It also introduces KSN, a tool that can reverse-engineer the Linux kernel's binary image to provide a static view of the code and its interactions, which can be useful for safety analysis and testing. back to top

Panel Discussion: Powering Innovation through Open Source: The OpenSearch Story - Anandhi Bumstead The panel discussion explores how open source projects, particularly OpenSearch, empower innovation by fostering trust, community collaboration, and feature-rich platforms that benefit businesses of all sizes. The panelists share their organizations' experiences in contributing to and leveraging open source technologies to drive digital transformation and address critical business needs. back to top

Advanced System Profiling Tracing and Trace Analysis with Perfetto - AnnaLena Marx & Stefan Lengfeld The talk provides an overview of the Perfetto tool, a powerful system profiling and tracing solution that works across various platforms, including Linux and Android. The presenters discuss the tool's features, such as recording traces, adding custom trace events, and analyzing the collected data using the Perfetto UI and command-line tools, highlighting its benefits for developers and system administrators. back to top

Multi-tenant Logging with Opentelemetry Collector - Sándor Guba, Axoflow The presentation discusses a multi-tenant logging solution using the OpenTelemetry Collector in a Kubernetes environment. The key aspects covered include the challenges of logging in a dynamic Kubernetes cluster, the benefits of the OpenTelemetry protocol, and the introduction of the Telemetric Controller, a Kubernetes operator that provides isolation and access control for log data. back to top

Navigating the Open Source Observability Landscape - Dotan Horovits, CNCF Ambassador This talk provides an overview of the open source observability landscape, focusing on key projects like OpenTelemetry, Prometheus, Jaeger, and OpenSearch. The speaker discusses the different signals, functionalities, and trade-offs of these tools, and offers guidance on how to navigate the vast ecosystem to find the right fit for your organization's observability needs. back to top

Dude, Where’s My Error?: How OpenTelemetry Records Errors, and Why It... Adriana Villela & Reese Lee The talk explores how OpenTelemetry, an open-source observability framework, handles and records errors across different programming languages and observability backends. It demonstrates how the same error can be expressed differently in various observability platforms, highlighting the importance of understanding the data model and capabilities of each backend. back to top

Open Source

Open Source at a Crossroads - Michael Meskes, NetApp The presentation explores the evolution of open-source business models, highlighting the challenges and opportunities faced by companies as open-source software becomes more widely adopted, particularly in the cloud computing landscape. The speaker discusses the importance of building strong open-source communities to ensure the sustainability and continued development of open-source projects, rather than relying on proprietary approaches that can limit innovation and user choice. back to top

What Was Life Like Before Open Source? - Dave Stokes, Percona This talk provides a historical perspective on the computing landscape before the rise of open-source software. It highlights the challenges of proprietary systems, vendor lock-in, and the lack of interoperability, which were prevalent in the pre-open-source era, and how the emergence of Unix, Linux, and the open-source movement revolutionized the industry. back to top

Keynote: OpenSearch, Innovation and Community - Carl Meadows, Director of Product for Amazon Open... The keynote presentation provides an overview of the OpenSearch project, a community-driven open-source search and analytics platform. The speaker discusses the project's history, the key components of the platform, the diverse use cases it supports, and the recent advancements and community contributions that have shaped its development. back to top

You Never Know When You Need a Fork - Madelyn Olson, AWS, Viktor Söderqvist, Ericsson The video discusses the forking of the open-source project Redis, which switched to a non-open-source license in 2022. The presenters, Madelyn Olson from AWS and Viktor Söderqvist from Ericsson, describe the events leading to the fork, the creation of the new project Valky under the Linux Foundation, and the challenges and successes of the forking process. back to top

The Challenges of Public Code: Building an Open Source Culture at BBC - Tom Sadler & David Buckhurst This talk explores the challenges and strategies of building an open source culture within a large public organization like the BBC. The speakers discuss the BBC's experience with embracing open source, participating in open source communities, and creating their own open source portfolio, highlighting the unique considerations and obstacles they've faced as a publicly-funded institution. back to top

Panel Discussion: Global and Regional Ope... - Xiaoya Xia & Richard Bian, Anni Lai, and Willem Jiang This panel discussion explores the global and regional trends in open source adoption and participation, particularly in the era of AI. The panelists share insights on the unique challenges faced by the Asia-Pacific region, such as cultural differences, language barriers, and the need for building trust and connections in the virtual space, and discuss strategies and practices to better integrate with the global open source ecosystem. back to top

Policy

Panel: Why Open Source AI Matters for Europe - Justin Colannino, Sachiko Muto, Stefano Maffulli... The panel discusses the importance of open source AI for Europe, the policy challenges and exceptions around open source AI in regulations like the EU AI Act, and the efforts by organizations like the Open Source Initiative and Linux Foundation to define and promote open source AI principles and frameworks. back to top

Power Management

Linux Power Management Features, Their Relationships and Interactions - Théo Lebrun, Bootlin The talk covers Linux power management features, particularly system-wide suspend and runtime power management, their relationships, and the challenges they pose. The speaker discusses the various suspend types, the device callbacks involved, and the platform-specific nature of power management, highlighting the need for understanding the underlying system behavior. back to top

Scaling

Your K8s Infinity Gaunlet: The Marvel of KEDA and Cluster-API for Infinite Scale - Scott Rosenberg This talk explores the powerful combination of Cluster API and KEDA for enabling infinite scalability of Kubernetes clusters. It discusses how Cluster API provides a declarative and extensible way to manage Kubernetes clusters across multiple infrastructures, while KEDA allows for proactive, event-driven autoscaling of workloads and even the Kubernetes clusters themselves. back to top

Extract Dependency Data on Scale with Renovate - Sebastian Poxhofer, N26 The talk discusses how to extract dependency data at scale using the Renovate tool. It covers the challenges of managing dependencies across various package managers and infrastructure-as-code tools, and how Renovate's features, such as custom data sources and reports, can help address these challenges. back to top

Evolving GitOps: Harnessing Kubernetes Resource Model for 5G Core- Ashan Senevirathne & Joel Studler The presenters discuss evolving GitOps by leveraging the Kubernetes resource model to dynamically assemble configurations for a 5G core network, addressing challenges such as complexity and lack of abstraction. They showcase two approaches using Ansible and a Kubernetes operator, highlighting the need for a mature, Kubernetes-native tool to enable this dynamic configuration management. back to top

Security

Sponsored Session: Solving for the Cloud Native Security Paradox - Robert Sirchia, SUSE The talk discusses the challenges of cloud-native security and how SUSE is addressing them by providing secure base container images, development containers, and application containers. The speaker also highlights SUSE's efforts to contribute to open-source projects and leverage tools like dependency bots and vulnerability scanning to improve the security of the software supply chain. back to top

Lightning Talk: Fort Kairos: A New Dawn for Secure Linux in Untrusted Environments - Mauro Morales This lightning talk introduces Fort Kairos, a secure Linux solution for untrusted environments, which leverages trusted boot, secure boot, TPM-based measurement, and encryption to ensure the integrity and confidentiality of Linux systems at the edge. The speaker discusses the technical details of the solution and highlights its flexibility, ease of use, and open-source nature, making it a promising option for secure Linux deployments in challenging environments. back to top

Securing Data-in-Transit with Wireguard for Kubernetes Cluster - Dhiraj Sehgal & Davide Sellitri The presentation discusses the use of Wireguard, a lightweight and performant tunneling protocol, for encrypting data-in-transit in Kubernetes clusters. It highlights the benefits of Wireguard, such as its simplicity, cross-platform compatibility, and the Calico-specific implementation that automates the configuration and management of Wireguard across the cluster. back to top

Keynote: The Security Symphony - Emily Fox, Security Lead for Emerging Technologies & Security Co... The speaker proposes a theory that the structure of a symphony mirrors the evolution of security in technology. She explores how elements of access control, verification, communal security, and good engineering practices can be applied to emerging technologies like artificial intelligence to ensure security rises with the tide of innovation. back to top

Keynote: Improving OSS Security Through Collaboration - Ryan Waite, Open Source Strategy and Incu... The speaker discusses Microsoft's initiatives to improve open-source software (OSS) security through collaboration, including the Secure Future Initiative, GitHub Dependabot, Copacetic, and the Open Source Security Foundation (OSSF). He emphasizes the importance of securing the OSS supply chain and introduces the Supply Chain Integrity Transparency and Trust (SKIT) project, which aims to create a transparent and scalable architecture to improve supply chain security. back to top

Challenges and Innovations Towards Spatial Safety in the Linux Kernel - Gustavo A. R. Silva This talk explores the evolution of hardening techniques in the Linux kernel, focusing on challenges and innovations related to spatial safety, particularly around array bound checking. The presenter discusses the development of fortified versions of functions like memcpy, the use of compiler features like __builtin_object_size and __builtin_dynamic_object_size, and the introduction of new attributes like __counted_by__ to improve the security of the kernel. back to top

Application of the Upcoming SPDX Safety Profile - Nicole Pappler, AlektoMetis.com This talk discusses the application of the upcoming SPDX Safety Profile, which aims to address the traceability and documentation challenges in functional safety. The speaker highlights the need for a standardized approach to managing safety-critical software components, drawing parallels to the well-established practices in mechanical safety, and proposes the use of SPDX relationships to automate and streamline the safety case documentation process. back to top

Why Quantum Safe Encryption Is the Next Y2K and How to Be Prepared - Joe Winchester, IBM The talk discusses the threat of quantum computing to current encryption methods, and the need to develop quantum-safe encryption algorithms to protect data in the future. The speaker outlines the history of cryptography, the principles of quantum computing, and the efforts by organizations like NIST and the Linux Foundation to create and implement new encryption standards to mitigate the risks posed by quantum computers. back to top

Fine-Grained Policies RBAC with OpenFGA - José Carlos Chávez, Okta The presentation discusses the limitations of existing access control mechanisms and introduces Open FGA, a cloud-native authorization system based on the Relationship-Based Access Control (ReBAC) model. Open FGA aims to provide a flexible, scalable, and human-readable approach to authorization, enabling consistent access control across distributed applications and enabling audit and observability capabilities. back to top

Practical Application of Verified Boot - Rouven Czerwinski, Pengutronix e.K. The talk covers the practical challenges of implementing verified boot, a security feature that ensures the integrity of the boot process. The speaker discusses the complexities of key management, device provisioning, and handover processes, emphasizing the importance of thorough documentation and planning to ensure the long-term maintenance and security of verified boot systems. back to top

Demystifying Secure Application Communication with Zero Trust and Istio Without Sidecars - Lin Su... The presentation discusses the importance of secure application communication in a cloud-native environment, emphasizing the need for trustable identity, confidentiality, and data integrity. The speaker demonstrates how Istio's ambient mode and Waypoint proxy can be leveraged to achieve secure communication using Mutual TLS without the need for sidecar deployment, and how to implement fine-grained access control policies to deny or allow specific traffic flows. back to top

Exploration of Compliance Governance Based on Operating Systems - Zheng Zhenyu & Liu Yanfei This talk explores the challenges and solutions in compliance governance for open-source operating systems, focusing on the experiences of the OpenEuler community. It highlights the development of robust infrastructure, processes, and community engagement to address license compliance, supply chain security, and CVE management, ultimately achieving certifications such as ISO 18974 and ISO 5230. back to top

SBOM Implementation Reality - the SPDX Lite Profile for First Step - Norio Kobota & Takashi Ninjouji This talk discusses the SPDX Lite profile, a subset of the SPDX specification, which was developed by the Open Chain Japan community to address the practical challenges of SBOM implementation. The presenters outline the design principles and data structure of SPDX Lite, and highlight the importance of considering various industry guidelines and regulations when implementing SBOM solutions. back to top

What's Happening in Japan? the Current Situation of SBOM - Ayumi Watanabe, Hitachi Solutions Ltd This talk provides an overview of the current situation of Software Bill of Materials (SBOM) in Japan. The speaker discusses the Japanese government's initiatives to promote the use of SBOM, including the release of a practical SBOM guideline, and highlights the challenges and opportunities for Japanese companies in adopting SBOM. back to top

SBOM Open Questions - Alexios Zavras, Intel The video discusses the open questions and challenges surrounding Software Bill of Materials (SBOM), including the scope of SBOM, what to include, visibility, delivery, and legal implications. The speaker highlights the need for more industry-wide discussions and consensus on addressing these operational and policy decisions to ensure interoperability and adoption of SBOM practices across the software supply chain. back to top

The Cyber Resilience Act: Navigating Its Impact on Yocto-Based Products - Julien Bernet, Witekio The presentation discusses the impact of the Cyber Resilience Act (CRA), a new European regulation, on Yocto-based products. It highlights the key requirements of the CRA, such as security risk assessment, vulnerability management, and mandatory reporting of security incidents, and proposes methodologies for addressing these requirements in the context of Yocto-based product development. back to top

Tutorial: Securing Access to and from Remote Systems with WireGuard and Linux - Alex Feiszli, Net.. The tutorial covers securing access to remote systems using WireGuard and Linux. The speaker demonstrates setting up a WireGuard server, forwarding traffic to a local network, and configuring peer-to-peer connections, as well as discussing the limitations of WireGuard and tools like NetMaker that can help manage these configurations at scale. back to top

Linux Sandboxing with Landlock - Mickaël Salaün, Microsoft The talk discusses Linux sandboxing with Landlock, a new access control system for Linux that allows developers to create secure sandboxes for their applications to protect against exploitable bugs and vulnerabilities. The speaker outlines the limitations of existing solutions like VMs and containers, and explains how Landlock provides a flexible and dynamic way to enforce security policies at the application level. back to top

Licensing Support by Build Systems and What Remains To Be Done - Jan Altenberg The presentation covers the licensing support provided by build systems, such as Yocto and Debian-based distributions, in creating the necessary compliance materials. It highlights the gaps in the information provided by these build systems and the manual work required to ensure complete and accurate licensing information. back to top

Coping with Zero Days with Cilium Tetragon - Liz Rice, Isovalent This talk introduces Tetragon, a runtime security observability and enforcement tool built on top of eBPF technology. Tetragon enables users to detect and respond to zero-day vulnerabilities by monitoring kernel events and enforcing policies to prevent exploitation. back to top

Preparing Zephyr for Safety Element out of Context Certification - Nicole Pappler, AlektoMetis.com This presentation outlines the approach taken by the Zephyr project to prepare for Safety Element out of Context (SEooC) certification. The key focus areas include creating system and software specifications, establishing safety claims and traceability, and building a comprehensive documentation and review process to meet the requirements of functional safety standards like IEC 61508. back to top

SCA for Containers: The Good, the Bad, and the Truth - Arun Azhakesan & Philippe Ombredanne The presenters discuss the challenges and limitations of software composition analysis (SCA) for container images, highlighting issues with tool accuracy, package identification, and license detection. They emphasize the need for a community-driven approach to establish reliable ground truths and improve the overall quality and reliability of SCA data. back to top

Secure and Encrypted Boot in Zephyr RTOS - Parthiban N, Linumiz The talk presents a secure and encrypted boot process for the Zephyr RTOS, using the MCUBoot bootloader to establish a chain of trust from the root of trust in the ROM. It discusses how MCUBoot can be used to sign and verify the integrity of the Zephyr image, as well as options for protecting the public key used in the verification process. back to top

"Here Is a Clean Section of the Beach" - Proactively Auditing Op... - Munawar Hafiz & Michael Winser The video discusses a proactive approach to auditing and improving the security of open-source software supply chains, led by Alpha Omega and Open Refactory. The key focus is on identifying and addressing vulnerabilities and bugs in dependencies before they become known issues, to provide organizations more time to react and mitigate risks. back to top

Policing Open-Source Projects at Scale - Thomas Neidhart, Eclipse Foundation This talk presents a scalable approach to policing open-source projects by the Eclipse Foundation, which involves using a custom configuration management system built on JSON.NET to automate the enforcement of security best practices across a large number of repositories. The system allows for transparent and collaborative management of repository settings, as well as the implementation of custom policies to address specific security concerns. back to top

Capslock: Escaping Bad Dependencies - Jess McClintock, Google The talk introduces a capability-based model for understanding and managing software dependencies, highlighting the risks posed by the complex and often opaque nature of transitive dependencies. The speaker presents the Capslock tool, which analyzes Go packages to identify the capabilities (such as file system or network access) present in both direct and indirect dependencies, enabling developers to make more informed decisions about the dependencies they use. back to top

Sponsored Session: Confidential Computing - New Capabilities for New Workloads - Mike Bursell This talk provides an overview of confidential computing, a technology that protects data in use by performing computation in a hardware-based trusted execution environment. It discusses the benefits of confidential computing, such as ensuring the integrity, confidentiality, identity, and uniqueness of workloads, and explores various use cases, including in AI, finance, and web3 applications. back to top

Sponsored Session: Application Security is a Community Effort - Fernando Diaz, GitLab The presentation discusses the benefits of open-source communities in enhancing application security through collaboration, transparency, and continuous improvement. It highlights the importance of knowledge sharing, tool development, and active participation in security communities to drive innovation and reduce costs. back to top

Planning for Retirement: How Can We Prepare for Software’s... - Victoria Ontiveros & Justin Murphy The presenters discuss the challenges of managing end-of-life and end-of-support software, particularly in the context of open-source software. They propose a collaborative approach to define common terminology and leverage existing transparency tools to address this growing problem across proprietary and open-source software ecosystems. back to top

Panel Discussion: Improving the Software Supply Chain Security - Tom Hennen, Michael Lieberman... The panel discussion explores the progress made in improving software supply chain security, highlighting key initiatives and technologies like SBOM, dependency graphs, and integrity protections. The panelists discuss the challenges of adoption, the need for better tooling and education for developers, and the importance of industry collaboration to tackle this complex issue. back to top

Measuring Security Risk: Community Engagement Is the Best Mitigation - Deb Nicholson The speaker discusses the importance of community engagement as a key mitigation strategy for managing security risks in open-source software projects. She emphasizes the need for active communication, collaboration, and involvement with the upstream project maintainers and ecosystem to proactively identify and address potential issues before they become critical. back to top

Enhancing Artifact Security with GitHub’s Build Provenance... - Fredrik Skogman & Radoslav Dimitrov The presentation discusses how GitHub's Build Provenance feature, which leverages open-source technologies like SLSA and Sigstore, can enhance artifact security by automatically generating and signing build metadata. The speaker also demonstrates how the open-source platform Minder can be used to create and enforce policies to verify the integrity of these artifacts at scale. back to top

Securing Workloads with Transaction Tokens and Minicloak - Dmitry Telegin, Backbase The video discusses a solution to secure workloads using transaction tokens and Minicloak, a plugin for the open-source identity management system Keycloak. The speaker presents the challenges of using external access tokens for service-to-service communication and introduces the concept of transaction tokens, which provide a more secure and standardized approach to authorization within a zero-trust environment. back to top

Back to Security Basics: Evaluating, Consuming, and Contributing Open Source... - Katherine Druckman The speaker discusses the challenges of consuming open-source software, emphasizing the need to evaluate project health, governance, maintenance, and community engagement. She highlights tools and community efforts, such as the Open Source Security Foundation, that aim to make the process of securely using open-source software more accessible and collaborative. back to top

Lightning Talk: Digital Sovereignty at Risk - Opportunities for Intervention - Kay Hartkopf The talk discusses the opportunities and challenges for strengthening digital sovereignty in Europe. It highlights various initiatives and measures taken by the German government, such as the Sovereign Tech Fund, Open Code platform, and government cloud strategy, to address the risks of geopolitical instability, reliance on non-European technology providers, and data sovereignty. back to top

Bringing Existing Open-Source Code into MISRA Compliance - Roberto Bagnara The presentation discusses the challenges and strategies involved in bringing existing open-source code, such as the Xen hypervisor, into compliance with the MISRA coding standard, which is crucial for safety-critical systems. The speaker highlights the importance of tailoring the MISRA guidelines, leveraging continuous integration, and fostering collaboration between the open-source community and safety-critical development practices. back to top

Advancing Transparency and Security in Software: A Deep Dive Into SPDXv3 - Alexios Zavras, Intel This talk provides a comprehensive overview of the SPDX (Software Package Data Exchange) specification, focusing on its evolution from version 2 to version 3. The speaker discusses the key changes, including the shift to a graph-based data model, the introduction of profiles for different areas of interest, and the growing ecosystem of tools supporting the specification. back to top

Open Source Compliance Management - Removing the Thorn from... Eleftheria Stefanaki & Jimmy Ahlberg This talk explores how open source compliance management, facilitated by the Open Chain standard, can help bridge the gap between the open source and intellectual property (IP) communities within organizations. The presenters discuss the importance of aligning these two groups, fostering understanding, and leveraging open source and IP strategies to drive business success. back to top

Cloud Native Threat Intelligence for... Constanze Roedig, Tobias Grantner, Lukas Mahler & Josef Taha This talk presents a cloud-native threat intelligence framework that combines attack trees, observability, and AI-assisted analysis to proactively identify and mitigate security risks in Kubernetes clusters. The framework enables defenders to visualize attack paths, calibrate their defenses, and measure real-world threats, ultimately empowering them to focus on the most relevant security concerns. back to top

Open Source and IP Departments: Risk Containment and Portfolio Management - Shane Coughlan The talk discusses the challenges and strategies for open-source advocates to effectively communicate with IP departments within organizations. It highlights the importance of understanding the different goals and perspectives of these two groups, and proposes a nuanced approach to align open-source initiatives with IP risk management and portfolio management. back to top

Keynote: Securing the Software Commons: Standards, Automation, and AI for a Resilie... Abhishek Arya This keynote discusses a comprehensive approach to securing the software commons, focusing on three key elements: standards, automation, and AI. The speaker highlights the importance of creating common usable standards, building an integrated security platform that automates developer workflows, and leveraging AI to accelerate security innovation and efficiency. back to top

Enhancing Kernel Functional Safety Analysis with KS-nav - Alessandro Carminati & Gabriele Paoloni The presentation introduces KS-nav, a tool that can reverse engineer the Linux kernel binary image to provide a static view of the code and its interactions. The tool aims to enhance kernel functional safety analysis by highlighting critical subsystems, function calls, and global/static data access, which can be useful for safety analysis, testing, and impact assessment of kernel patches. back to top

Standardization

Towards Open Source-Compatible Standards - Tobie Langel, UnlockOpen The video discusses the need for open-source compatible standards, exploring the historical context of standardization, the business models of standard organizations, and the interplay between standards and legislation. The presenter proposes a concerted industry-wide effort to develop a new cross-organizational initiative that promotes open-source compatible standardization, drawing on existing frameworks like Open Stand and the Open Source Initiative's requirements for software. back to top

Standards

Creating Standards - From Writing a Spec to Obtaining ISO Status - Shane Coughlan The video describes how the OpenChain project, which started as an open-source community addressing the challenge of managing open-source software in supply chains, was able to evolve from a de facto industry standard into an ISO standard through a collaborative and transparent process. The key to their success was a clear focus on addressing a specific problem, building a community of stakeholders, and working closely with standardization bodies to ensure their solution aligned with existing standards. back to top

Storage

Linux Storage Stack Explained - Werner Fischer, Thomas-Krenn.AG This presentation provides a comprehensive overview of the Linux storage stack, covering the virtual file system, block-based file systems, the device mapper, and the multi-queue architecture. The speaker delves into the various layers and components of the storage stack, highlighting the flexibility and performance optimizations available in the Linux ecosystem. back to top

MicroCeph: Simplifying Storage - Peter Sabaini, Canonical MicroCeph: Simplifying Storage is a presentation by Peter Sabaini from Canonical, which introduces MicroCeph, a single-package Ceph storage cluster solution that simplifies the deployment and operation of Ceph clusters, making it accessible for testing, lab installations, and smaller use cases. The presentation covers the architecture, scalability, and integration of MicroCeph with various cloud platforms, as well as upcoming features like disaster recovery and hardware acceleration. back to top

DAMON Recipes: Ways to Save Memory Using a Linux Kernel Subsystem in the Real World - SeongJae Pa... This talk presents Damon, a Linux kernel subsystem for monitoring memory access patterns, and discusses three real-world use cases: access profiling and optimization, proactive memory reclamation for cloud services, and memory management for CXL-based memory systems. The talk highlights how Damon can be leveraged to optimize memory usage and performance in various scenarios. back to top

Sustainability

Doing for Sustainability, What Open Source Did for Software - Asim Hussain, Green Software Founda... This talk discusses the importance of measurement and transparency in driving sustainability, drawing parallels to how open source has transformed the software industry. The speaker proposes a framework called 'Impact Framework' that enables open and verifiable reporting of the environmental impact of software, with the goal of incentivizing investment in efficiency through measurement standards. back to top

Civil Infrastructure Platform: Empowering Sustainable Living with Industrial... Yoshitake Kobayashi The video discusses the Civil Infrastructure Platform (CIP), an open-source project that aims to establish a foundation for secure, reliable, and long-lasting industrial infrastructure systems. CIP addresses key challenges such as extended product lifecycles, increasing cyber threats, and the need for cyber resilience, by providing a super long-term supported Linux kernel, reference implementations, and guidelines for aligning with security standards. back to top

Why Both Open Source and Africas Future Successes Are Intertwined - Peace Ojemeh & Ruth Ikegah This talk highlights the intertwined nature of open source and Africa's future success, emphasizing the vibrant talent pool and growth potential of the African tech ecosystem. The speakers share insights on initiatives like Outreachy and GitHub's All In Africa program that are fostering diversity, inclusion, and capacity building in the open source community across the continent. back to top

Keynote: Open Source as a Key Driver for Delivering on the UN Sustainable Dev Goals - Omar Mohsine This keynote explores how open source can be a key driver for delivering on the UN Sustainable Development Goals (SDGs). The speaker highlights the UN's efforts to embrace open source, including the adoption of an open source strategy, the creation of initiatives like 'Mind the Open Source Gap', and the organization of events like 'Open Source Planet for Good' to foster a global open source community working towards the SDGs. back to top

Lightning Talk: Using Zephyr to Power the Sustainable Cloud - Dan Kalowsky, Ampere Computing The speaker discusses how Ampere Computing uses the Zephyr RTOS to power their sustainable cloud solutions, highlighting the challenges they face in maintaining reproducible builds for their custom ARM-based chips. The talk covers the importance of Zephyr's build system, the challenges with C language, device tree, and software versions, as well as some non-obvious issues they encountered related to log debugging and the 'is_enabled' macro. back to top

Developing Wildlife Camera Traps with Zephyr RTOS - Alex Bucknall, Arribada Initiative This presentation discusses the development of wildlife camera traps using the Zephyr RTOS, with a focus on a project to monitor seagrass decline in Bermuda. The speaker highlights the benefits of Zephyr, such as its modular design, sensor API, and power management features, which have been crucial in creating a flexible and cost-effective camera platform for conservation efforts. back to top

Lightning Talk: The Government and the Art of Infrastructure Mainte... - Powen Shiah & Mirko Swillus The Sovereign Tech Fund, a German government-funded organization, aims to sustainably strengthen the open-source ecosystem by focusing on security, resilience, and technological diversity. The fund provides various mechanisms, including a general investment fund, a bug resilience program, and a fellowship for maintainers, to support the development, improvement, and maintenance of critical open-source infrastructure. back to top

How the Linux Foundation accelerates contributions, innovation and collaboration | Hilary Carter The Linux Foundation's efforts to accelerate contributions, innovation, and collaboration in the open source community are highlighted. Key announcements include the formation of the Open Search Software Foundation, new member benefits for mitigating patent threats, and the launch of the LF Decentralized Trust Foundation to advance blockchain and distributed ledger technologies. back to top

European companies have started to realize that open source is a critical component of innovation The Linux Foundation Europe has been growing rapidly, with 173 members and 5 projects, and has been actively engaging with the European Union on policy work related to software regulation. The organization aims to reduce friction for open source projects with strong European participation and provide opportunities for hosting projects in Europe, using Euros as the primary currency, and accessing European public funding. back to top