Presentations

Static analysis tools are fast, scalable, and widely used in modern software workflows, but they struggle to reason about runtime behaviors in complex embedded systems. This talk focuses on how symbolic execution can be used as a complementary technique to explore deeper execution paths and uncover subtle bugs that traditional static analysis often misses. We will explain the core concepts, key challenges like path explosion, practical mitigation strategies, and real-world case studies involving embedded Linux applications.

AI coding assistants have made engineers 10x faster, but when entire teams use them, a new problem emerges: architectural chaos. Each developer gets working code from their AI, but without shared architectural context, you end up with conflicting patterns, duplicate services, and unmaintainable systems. This talk introduces SpecMind, an open-source tool that enables spec-driven vibe coding by automatically analyzing your codebase, generating architecture documentation, and keeping design decisions aligned across your team. Learn how to maintain architectural consistency while moving fast with AI, and see a live demo of the analyze, design, and implement workflow that keeps teams building together instead of in isolation.

iptables and nftables are the standard for Linux packet filtering: well-documented and widely understood. But at high bandwidth, BPF is the fast alternative, although it means writing C and fighting the BPF verifier.

bpfilter bridges the gap: an iptables-like DSL that compiles to BPF bytecode.

This hands-on talk covers Linux filtering tradeoffs, introduces bpfilter, and demos real-world usage from writing rules to debugging.

bpftrace provides a quick and easy way for people to write observability-based eBPF programs, especially those unfamiliar with the complexities of eBPF. We always claimed bpftrace was a "high-level tracing language" for Linux even though it was missing the basic features of a language: composability, primitives to avoid code duplication, and even proper loops. It was also trailing behind the larger, upstream BPF feature set. This talk is about how we're working to transform bpftrace from a box of tools (one-liners) to a language for making new tools.

https://bpftrace.org/

Building a powerful open source brand isn’t about marketing hype. It’s about principles. This session unpacks how transparent values, genuine community engagement, and a user-first mindset create lasting trust and loyalty. Drawing on DBeaver’s evolution from a 2010 hobby project to a tool with over 10 million users, discover how prioritizing help over hype, collaborating openly with users, and fostering a likable, responsible voice transforms contributors into ambassadors and positions open source projects for sustainable commercial success... without sacrificing community goodwill.

Technical societies increasingly struggle with governance capture by large corporations and entrenched interests, especially in news deserts where transparency is low. This talk presents an actionable, open-governance alternative: sortition, or democratic lotteries, paired with publicly governed digital infrastructure for collective self-rule. Drawing from real-world examples (including the lottery-selected board of Democracy Without Elections and open-source governance work from Metagov), we explore how engineering and professional organizations can use stratified random selection and participatory technology to build representative, trustworthy, transparent, and capture-resistant leadership structures. Participants will learn concrete steps to implement sortition-based boards or committees supported by legitimate, publicly governed tools.

The challenge of bridging technical divides in government is universal: modern systems exclude paper-based stakeholders, while simplified tools limit potential. In The Gambia, known as 'Africa's smiling coast', we confronted this reality head‑on: institutions with full‑blown ERPs exist alongside those relying on paper, the digital divide is stark. Discover the novel 4‑level framework, "from API to manual entry", architected as the operational blueprint for The Gambia’s National Higher Education Management Information System (HEMIS), designed to integrate all stakeholders without sacrificing capability or perpetuating inequality.

From scrappy sysadmins and early SRE teams to DevOps and today’s platform engineering wave, this talk traces how operations have evolved—and why the next frontier is treating your platform as a real internal product for developers. This talk will unpack what a modern platform actually is (and isn’t), show how ideas like Team Topologies, golden paths, and “glue as a service” fit together, and share concrete strategies for success: adopting a product mindset, obsessing over developer experience, measuring with DevEx/DORA-style signals, and ruthlessly stripping away incidental complexity so autonomous teams can move faster with less coordination. You’ll leave with a practical mental model and a set of patterns you can apply immediately to build a better loop between developers, platform, and the business. 

PlanetScale for Postgres is a database as a service, launched in July of 2025, composed largely of open source materials. In this talk, we'll discuss how we approached this project, what factors informed our technology choices, some of the nuances and sharp edges we've encountered because of those choices, and some interesting ways that we've stitched these components together into a cohesive system.

Modern softphones have gone beyond user interfaces and SIP endpoints, becoming distributed, fault-tolerant communication systems designed for global scale. As organizations adopt hybrid Asterisk environments, there's a need for scalable softphone architectures connecting WebRTC, SIP, mobile, and AI platforms.

This session will use SIPERB as a case study to explore the challenges and patterns of building a large-scale softphone platform. We’ll examine the backend ecosystem, including SIP proxies and media relays, and explain why scalability and interoperability are crucial from the start.
You'll learn to build a reliable softphone for browsers and mobile devices, using modern WebRTC architectures to keep your Asterisk core lightweight and secure. We'll also demonstrate how a standards-based, event-driven architecture allows integration with platforms like WhatsApp and OpenAI for AI analysis and cross-platform communication.

Modern SRE work depends on knowing what resources exist across clouds and services, how they are configured, and how they change, but that data is often scattered across tools and systems. This talk shares how we built a unified, continuously updated cloud inventory using CloudQuery to normalize cloud and SaaS data into relational tables. We will explain how we integrated the framework into our infrastructure, extended it with custom plugins, and applied the resulting visibility to incident response, investigations, capacity reviews, and broader reliability practices. Attendees will learn practical approaches for building an internal asset inventory, scaling it in production, and using shared data to improve reliability and collaboration across SRE, Product, and GRC teams.

As organizations adopt generative AI, platform teams must support multi-node inference, GPU-based model serving, and growing API sprawl while keeping the developer experience simple. This session explores Kubernetes-native approaches like kserve, high-throughput frameworks like vLLM, and gateways like LiteLLM for standardized model access. Attendees will learn concrete patterns for supporting AI at scale while preserving the principles that made their platforms successful.

This session presents a practical blueprint for building a SageMaker-like AI Factory using only upstream open source projects. 

We walk through a complete architecture that combines Kubernetes, Kubeflow, MLflow, KServe, vLLM, and a modern Cloudscape-based console, secured with Keycloak and FreeIPA for enterprise-grade IAM and SSO. 

On the data side, we leverage Ceph, Apache Iceberg/Hudi, Kafka, Spark/Flink, and Feast to create a robust lakehouse and feature platform. We then show how to orchestrate the full ML lifecycle—from data ingestion and feature engineering to training, model registry, deployment, monitoring, and cost visibility—using GitOps, Prometheus/Grafana, OpenCost, and policy-as-code. 

Attendees will leave with a clear, vendor-neutral reference architecture and a concrete checklist of upstream components to assemble their own open, portable, and sovereign AI Factory across on-prem, cloud, and edge environments.

The Open Floor Protocol (OFP) is an open standard (Linux Foundation AI & Data) enabling heterogeneous conversational agents to interoperate via universal JSON message formats—Conversation Envelopes. This talk introduces OFP's core components: Envelopes, Dialog Events, and Assistant Manifests. I'll demonstrate advanced use cases (delegation, mediation, orchestration, discovery) and Beaconforge—an open-source Python framework for building OFP-compliant agents—with practical multi-agent collaboration examples.

With the recent improvements to Asterisk's ARI and the introduction of chan\_websocket, it's easier than ever to build your voice services with Asterisk. You can now build a complete solution, including control and audio, using only websockets. This talk covers how these new features are designed to work together to make Asterisk the go-to platform for your IP telephony services.

Nix users often need to do non-trivial computations at evaluation time like parsing YAML, but the Nix language lacks the performance and conveniences of general purpose languages. In this talk, we propose adding a function `builtins.wasm` that lets users execute WebAssembly code during evaluation. These functions are pure, can be written in many languages, and are fast. We'll also discuss other WASM uses in Nix, like platform-independent derivations.

As much as we need to and should support students with adopting new technologies such as AI, educators are being thrown into the deep end and expected to swim with very little instruction or support. From working with educators while at GitHub and as part of Internet-in-a-Box (IIAB), it is clear that we ask much of our teachers. They are expected to learn not only basic computing and software development, but also version control, collaborative software development, and now, how to teach about and with AI. This is daunting anywhere and even more daunting in the developing world where experienced mentors and resources can be scarce.

Wikipedia, GitHub, and arXiv show us that free and open access can be transformative and lower barriers of access to entry to new skills and careers. We will share educational experiences with GitHub, Internet-in-a-Box, and AI and our work to provide online and offline tooling and content to remote regions worldwide. A model of federated ecosystems can empower educators, learners, and community organizers everywhere, turning passive learners into active creators in the AI era.

Whether you're a fresh graduate or a career transitioner, breaking into tech can feel like getting stuck in an infinite loop: 
while need_job:
   if not have_experience:
       need_job = True 

In this talk, I’ll share how I demonstrated my value to potential employers - and got noticed - by transforming my personal blog into a living portfolio that showcased more than just my burgeoning technical skills.

Attendees will learn how to check their own boxes by showing off transferable skills, creating visible proof of competence, and highlighting how their learning process can be a strength rather than a limitation. I’ll discuss the practical steps I used to craft my blog to meet my needs as a career transitioner and how I positioned my seemingly-unrelated skills - like copywriting and photography - as useful and relevant to my development as a programmer. My blog got me noticed at networking events, served as a talking point in interviews, and bolstered my confidence. I’ll give attendees the tools to develop their own strategy to break the cycle and land their first job in tech.

Kwaai's Call to Action for Personal AI

CloudNativePG is an open-source Kubernetes operator for PostgreSQL, which has officially been accepted into the Cloud Native Computing Foundation (CNCF) Sandbox.

CloudNativePG manages the full lifecycle of PostgreSQL clusters, configured with a primary/standby setup using native streaming replication for high availability. It is fully declarative and Kubernetes-native. The operator avoids StatefulSets, managing Pods and PersistentVolumeClaims directly. This gives it granular control over storage, instance lifecycle, and automated failover procedures.

We will cover its core design philosophy and key features—including automated deployment, self-healing, and integrated backup/recovery. We will also demonstrate how easy it is to spin up, manage, and scale robust PostgreSQL clusters using CloudNativePG.

Recently, several open source companies attracted a lot of attention after their announcements of license changes. Not surprisingly, these shifts sparked backlash from open source enthusiasts, prompting some to create community-driven forks under open source foundations.

Now there is growing skepticism toward (single) company backed open source projects, with many arguing that open source projects should be run by neutral foundations to prevent future bait-and-switch tactics. In this session, we'll explore if a foundation is always the right model for open source projects. 

“Confidential Vector Search: Knowledgebase Homomorphic Encryption” introduces a practical path to RAG systems that can search sensitive embeddings without ever revealing them. Building on the SIAM study “Maturing Homomorphic Encryption (HE) to Enable Privacy Preserving Vector Search,” Sulimon Sattari will unpack how techniques like dimensional scrambling, noise injection, CKKS, and chaotic mapping can be combined with new schemes such as DIEHARD and ROME to preserve inner products while keeping queries and documents encrypted.
 

Step into the world of stream processing, where events arrive sporadically and timing matters.

This talk explores managing the journey and lifetime of an events during stream processing. We will discuss data events from ingestion to output and examine what happens along the way.

Using a movie theater metaphor, we will explain key ideas like time windows, late arrivals, and dead letter queues. The talk connects high-level concepts to practical implementation notes. You will leave with a clear and useful mental model for working with real-time data.

“Consent Chain: Towards MyTerms” explores how we can finally escape cookie banners and move to user‑set, cryptographically provable privacy terms. Drawing on his work at Kasm, Jaymes Davis will unpack the ConsentChain model shown in this session’s poster: users define a universal privacy profile once; a browser plugin then auto‑negotiates consent with websites and records a tamper‑proof hash of the agreement on a public blockchain, giving enterprises auditable compliance while eliminating banner fatigue for individuals.
 

Over the past few years, OCI containers and Kubernetes have become the backbone of Meta’s open-source cloud infrastructure. This talk explores the complexities of safely running containers inside containers (“nested containers”) without root privileges. It demystifies OCI container internals, highlights the latest open-source advancements enabling rootless deployments, and addresses the unique challenges posed by nested environments. Through production case studies, it shares lessons for secure, efficient container-in-container deployments.