Presentations

Open source now underpins nearly every modern system, but its supply chain faces growing security pressures. In this talk, Mark Russinovich outlines the key risks shaping today’s OSS landscape and presents Open Source Security Foundation (OpenSSF)’s focused priorities for strengthening the security and sustainability of open source ecosystem – from source repos to registries. Attendees will gain a clear view of where the ecosystem stands, the practical steps underway to improve resilience, and how the community can work together to raise the security baseline across open source.

This session will guide participants through the essential steps of setting up Docker on a fresh server installation. Attendees will learn how to deploy a simple application within Docker containers, link a custom domain, and secure their server with Tailscale, a modern VPN solution. By the end of the demonstration, participants will gain practical skills in application deployment and private networking, empowering them to enhance their projects and professional environments with modern technologies. Whether you’re a novice or seasoned user, this session offers valuable insights into containerization and secure application management.

Language learning apps are used by millions of people around the world. Many of these of these apps operate on a freemium model and pay for their free versions with ads. The infrastructure for these ads can possibly bleed into the infrastructure of the paid versions. This study seeks to verify, using open-source tools, that the paid versions of Duolingo, Busuu, and Memrise are not broadcasting user data to advertisers.

A hands-on guide to successful document design with Scribus, the free-software desktop-publishing application. We'll make Scribus's distinctive tools and workflows accessible to users accustomed to office suites like LibreOffice and HTML+CSS design on the web. Get started with DTP, or learn how to tackle bigger and more professional-level document design and publishing.

Leveraging LLMs (Large Langage Models)/machine learning in an embedded environment can be riddled with surprises and challenges due differences on embedded devices and expectations. This session will look at challenges encountered by an embedded developer evaluating LLMs on an embedded Linux device along with trade offs in trying to fit an open LLM on an embedded device. The challenges will be illustrated with data from different attempts attempts on embedded Linux. Combination of both hardware and software will be looked at to address the challenges.

In this talk, Joshua will share his insights and experiences with OpenTelemetry, an open-source project that offers protocols, APIs, and SDKs for collecting metrics, traces, and logs from applications and services. He will cover the comprehensive toolkit provided by the OpenTelemetry community, including language SDKs, the Collector, and the OTLP formats for metrics, traces, and logs.

He will demonstrate how to instrument and monitor a microservices application running on a Kubernetes cluster, utilizing the full potential of OpenTelemetry. Attendees will learn how to use powerful open-source tools like Jaeger and Prometheus to effectively analyze telemetry signals from their applications.

By the end of this session, attendees will have a solid understanding of how to implement OpenTelemetry in their projects, enhancing their debugging and observability practices. Join us as we delve into the world of OpenTelemetry, unlocking the capabilities of this powerful technology for your development needs.

Update your testing skills with the latest features of the NixOS Integration Test Driver! In this hands-on session, we will move beyond standard VMs to explore the new Container backend for high-speed, low-overhead testing. Learn to debug flaky tests by freezing the sandbox, utilize VSOCK for interactive shells, and set up GPU-enabled tests. Whether you are a maintainer or a DevOps engineer, you will leave with the code to build robust, cost-effective CI pipelines.

To track state-sponsored malware and combat the stalkerware of abusive partners, you need tools. Safe, reliable, and fast tools. For the dark corners of the Android ecosystem, we couldn’t find a good tool to download packages on the command-line. So we made one.

Rather than just solve our own problem, we decided to make our new tool, apkeep, generically useful for everyone. We also wanted it to be reliable, safe, and fast. So writing it in async Rust made a lot of sense, and allowed us to deploy to a wide range of architectures and platforms. But we wanted to download not only from Google Play, but other app stores as well. And supporting these often necessitated employing Android reverse engineering techniques and dynamic analysis to look at real-time traffic being sent over HTTPS.

This talk aims to introduce apkeep as a tool, explore some of the novel obstacles we faced in building out this tool, and show some of the results of those who have incorporated it into their toolboxes.

You could be watching a training video in your pajamas, but you chose to be here because you want real, lasting connections that can transform your career. In a world where AI blurs reality, face-to-face networking gives you an edge that online courses can’t match. Whether you’re an introvert or an extrovert, this session will help you set a conference goal and turn networking from daunting to delightful. We’ll cover how to keep conversations going, exit gracefully, and make connections that last, with practical tips and interactive exercises that boost your confidence and help you make the most of every event.

Some have dreamed of the day where we can plug our complex systems into stereo speakers and know when there's trouble just by listening to the result. Monteverdi is a new Open Source platform that rethinks Observability and gets us closer to the dream.

This talk is a tour of application features, the pattern matching algorithm, a modular Plugin system that enables MIDI output, the TDD-based approach in Golang, and a look at its own metrics in OpenTelemetry. Along the way we dig into technical details like using GitHub Actions with GoReleaser to publish separate objects, or how it can be extended with Plugins to employ AI. The app will be displayed live and demoed, making sound through a MIDI device and DIY setup, using live system metrics to power the music.

Migrating existing services to OpenTelemetry is rarely just a “drop-in” change—especially when you’re trying to standardize across teams with different stacks, maturity levels, and release rhythms. This talk covers the practical challenges we hit while moving to OpenTelemetry at scale, and how we addressed them with a home-grown, self-service solution built on Pulumi.

Cloud-Native platforms are exponentially scaling across clusters, clouds, and teams. Enforcing consistent policies and resilient operations becomes a critical challenge for platform teams. In this session, we explore how Kyverno, combined with ClusterAPI and k0rdent enables secure, declarative governance without the complexity of admission webhooks or custom tooling. 

Through real-world examples, we demonstrate how this integration powers developer self-service, enforces platform standards, supports AI/ML workloads, and reduces operational overhead showcasing policy-driven platform engineering done right.

The storage directory settings in systemd help define where services store their data. Two important features have been implemented for these directories. The first one is id-mapped mounts, which is a filesystem feature that allows a mount namespace to show a different UID than what is stored on a file. Storage directories now support id-mapping, so that the files within the mount namespace of a service defined with DynamicUser=yes are owned by its unprivileged UID/GID. The second feature is storage quota support. Storage limits can now be defined in terms of percentages or absolute values to enforce quotas on the consumption of State, Cache, and Logs directories. These features enhance the security and resource management of systemd services.

Arm64 instances offer the best price/performance on every cloud these days, but application migration can be a bit scary for the uninitiated. This presentation will walk you through the basics of why and how to migrate applications to multi-architecture Kubernetes clusters.  

In this presentation, we will run through the basics of how to start running your Kubernetes applications on hybrid arm64 and x86 clusters, including:  

- Why add Arm64 compute nodes to your Kubernetes clusters?
- Building multi-arch container manifests
- Workload placement and orchestration in Kubernetes
- Easing migration with continuous delivery patterns 

By the end of this presentation, you will have the confidence to build and run your own applications on the fastest growing architecture for cloud deployments.

SLAC National Lab uses particle accelerators to run the world's most powerful X-ray laser. We also process Vera C. Rubin Observatory images - the largest-ever astronomy dataset. This talk is an infrastructure-focused introduction to Scientific Computing. Learn about how open source is at the core of how we collect, store, and process data for cutting-edge scientific research.

I never had a need for home automation, until I got a cabin in the woods. I wanted a simple camera security system, sensors, and other automation so I could monitor my cabin when I wasn't there, and tell whether I remembered to lock the door! I wanted control over my personal data, so I went with Home Assistant, open source home automation software that's easy to use, can run from a Raspberry Pi, doesn't depend on cloud services, and has wide compatibility with home automation hardware.

In this talk I will explain how I set up Home Assistant to monitor my cabin including camera security, remote sensors, and how to set up alerts to keep me up to date on the family of foxes that visit my property.

Doc Searls, co-founder of Customer Commons and lead of the IEEE P7012 “MyTerms” effort, explains how machine-readable personal privacy terms can flip the script so sites accept user-set terms, replacing opaque cookie banners with true first-party control.

AI stacks look like the perfect use-case for Nix: Massively multiplying dependency matrices, double-digit-GB OCI images, tedious, Sisyphean build → push → pull → test loops. In ML/AI dev, "It runs" literally means "It runs … on this machine." So … why aren't more ML teams using Nix? This talk is a field guide to the logistics and sociotechnics of what it takes to make Nix happen in AI. Its point of departure is the following question: "Why do we ship what we ship the way we ship it? Either Nix fits the conveyor belt people already ship on, or ML teams learn a new way to build → ship → deploy software. So what will it take to fit Nix to this conveyor belt?

Nix builds hermetic binaries, but they are prisoners of the store. Running them on standard Linux distros usually ends in a cryptic "file not found" error. In this talk, we perform live surgery on ELF binaries to make them truly portable. We explore using patchelf to rewrite dynamic loaders, convert absolute paths to portable $ORIGIN lookups, and even patch Python interpreters to load system libraries. Join us to learn the dark arts of binary relocation.

At Anthropic, developers expect Nix builds to Just Work on their K8s dev environments. But Nix's builds demand sandboxing support.
This is the war story of "just" enabling sandboxing: upgrading K8s, deploying user namespaces, monkey-patching container runtimes, and rearchitecting our Docker stack.
 

PlanetNix Unconference space

NixOS has always locked you into Linux, but what if you could run NixOS on a FreeBSD file server, an OpenBSD firewall, or even an ancient NetBSD VAX? For the past several years we've been working on NixBSD, which gives you all the declarative and reusable configuration features of NixOS on another operating system.

Incremental per-translation-unit build graphs in native nix, leveraging experimental dynamic derivations, ca-derivations, and nix-ninja.

The DGX Spark is a desktop AI workstation. NixOS provides a great user experience for installing, configuring and running AI workflows on it easily.

This joint talk by DeepComputing and the NixOS community shares the journey of bringing NixOS to RISC-V as the architecture becomes first-class for Linux. We cover the vision for a fully open, reproducible ecosystem, the current RISC-V status in Nixpkgs/NixOS—from bootstrap work to the first successful port on DeepComputing hardware—and the roadmap ahead, including device support, upstream needs, testing, and community collaboration.