Presentations

Scaling a telephony platform to handle tens of thousands of concurrent calls is a complex challenge for any deployment. This session shares real-world experiences from ASTPP, an open source billing and routing platform, highlighting strategies for high concurrency, load balancing, monitoring, and maintaining resilience under heavy traffic. Attendees will walk away with practical, transferable insights that can be applied to Asterisk, FreePBX, or other open source telephony platforms.

You may well have heard of Second Life at some point, the virtual world that launched to the public in mid-2003, but you might be surprised to learn that it's still around, more than two decades later. As a longtime SL Resident, I think that its staying power can be attributed at least partially to the open sourcing of its viewer code (the client software) back in early 2007.

In this presentation, I'll take you through a concise history of Second Life and how it evolved, from its beginnings to the open-sourcing of the viewer and finally to more recent efforts to simplify contributions, with a look at the role of the "third-party viewers" as well (one of these, Firestorm, is vastly more popular these days than the company's official viewer). We'll also examine some of the lessons that Second Life's development might have for other virtual world platforms, starting with related projects like OpenSimulator (and LibreMetaverse) and expanding outward to include the so-called metaverse more broadly.

Secure boot has been around for many years now, having been introduced into the UEFI spec in 2006.  It is one of those things that tends to be turned off when installing Linux. There are different opinions around secure boot and whether it solves a problem or not. It is becoming more common for environments to require keeping secure boot turned on. Secure boot is not going away in the near future. It is now being used in the cloud. We need to get to know our frenemy.

Millions of financial events. Zero room for error. Learn how template-driven prompt engineering turns noisy cloud transaction streams into explainable, policy-safe automation, faster incident triage, smarter anomaly detection, instant schema-drift recovery, and audit-ready trails.

In this session, we will share the methodology, toolchains, and collaborative workflows that make this possible, including the use of simulation platforms, pre-silicon verification environments, and CI/CD integration for early kernel testing. Attendees will learn how these efforts accelerate software-hardware co-design, reduce bring-up cycles, and ensure that by the time silicon arrives, the kernel is already upstream-ready.

Many cloud products have security as an afterthought.  What if you put security first?  From hand-held to stored data?  And did it all with Open Source? And made it quantum proof?

Set up an agentic loop to program the firmware in a microcontroller or SBC. Shorten the research and development cycle by extending your basic electronics knowledge to solve real world problems. Concepts demonstrated with Gemini-CLI, RAG, MCP, but applies to many stacks.

What if your SQL queries could process data as it happens instead of after it's stored? Apache Flink speaks SQL fluently, but it's not a database – think of it as a conductor orchestrating endless streams of data rather than a librarian managing stored records.

This session bridges the gap between traditional SQL and stream processing. We'll explore:

•  Flink SQL in Action: How familiar operations like SELECT, JOIN, and GROUP BY work on infinite data streams, plus temporal joins, time windows, and watermarks
   
• Table API: Programmatic control with declarative simplicity, bridging SQL and complete programming flexibility
• Flink AI: Real-time feature engineering and model inference on streaming data using SQL-like patterns
   
• Real-World Patterns: Fraud detection during transactions, live analytics dashboards, and event-driven architectures"
   
• Perfect for developers and data engineers ready to make their queries travel through time! 

Ever want to dig into Tailscale but haven't had time? If that's you, then join us in this workshop where you will learn the basics of Tailscale and get some hands-on experience deploying Tailscale into cloud resources on AWS. Participants will learn how to deploy Tailscale locally and into an AWS environment using infrastructure-as-code (Terraform, OpenTofu, etc.).  You will also learn how to configure Tailscale for various use cases like Subnet Routing and Exit Nodes, as well as implement fine-grained access controls with Tailscale ACLs and Grants, and lastly learn how to integrate Tailscale with AWS services (like RDS databases) for secure private access over the public internet by leveraging WireGuard under the hood, powered by Tailscale.

Hardening a Linux system is straightforward in concept and surprisingly complex in practice. Most teams rely on Ansible playbooks, custom scripts, and manual STIG checklists that are difficult to maintain, hard to audit, and prone to drift over time.

This workshop takes a practical, side-by-side look at Linux hardening: we start with a fresh Rocky Linux install and walk through the manual hardening process — SSH configuration, kernel tuning, password policy, SELinux, and compliance frameworks like DISA-STIG and CIS. We then explore what Rocky Linux from CIQ — Hardened (RLC-H) delivers out of the box: kernel runtime guards, hardened memory allocation, pre-remediated compliance images, Secure Boot, and commercially backed CVE remediation — by design, not by configuration.

This is not a lecture. Attendees of all experience levels are welcome, and those with deep security backgrounds are especially encouraged to bring their perspective. The goal is an honest conversation about where the traditional DIY approach holds up, where it falls short, and what a purpose-built hardened distribution changes.

No CIQ Portal access required. All hands-on exercises use community Rocky Linux.

As NixOS evolves from a passionate community project into a globally adopted platform, strong governance and clear vision are essential. Join leaders from the NixOS Foundation and the Steering Committee for an insider’s look at how we’re:

Structuring for Sustainability
Scaling Collaboration
Thinking through the future of security

“Taxonomy for Agent Systems (T4AS)” introduces a simple but powerful way to tame today’s chaotic landscape of AI agents. Steve Vitka presents T4AS as a reference architecture that cleanly separates three roles: the Agent (“strategist” that plans but never acts), the Workflow (“general” that orchestrates tools), and the Workspace (“battlefield” where certified tools and APIs actually run). By enforcing these boundaries, T4AS turns ad‑hoc agent stacks into secure, auditable, and composable systems rather than brittle prompt‑spaghetti.
 

Get a tour of the build system we're building for Shopify's "World" Monorepo. Tectonix is Nix plumbing that assembles git sparse-checkouts, the NixOS module system, and a whole pile of supplemental tools into a working Nix-based monorepo.

The recent open sourcing of Apple Containerization Framework and container Tooling projects enable developers to create and run Linux container images directly on their Mac in a way that focuses on security and privacy. In this talk we’ll talk about the container CLI tool and how it utilizes Containerization to provide simple yet powerful functionality to build, run and deploy Linux containers on Mac. We’ll talk about the architecture, why we wrote the framework and tool in Swift, what future development looks like for Kubernetes use cases, and how the community can get involved.

As recently as 2015, Alex Balashov was on record saying that SS7 and TDM steadfastly remain as the essential building blocks of a reliable PSTN, and that the triumphant proclamations of IP peering were something of a laughingstock, or at least premature.  Well, the much-vaunted move to IP peering in the core of the PSTN itself has finally happened, and has been rapidly gaining steam in the last 5-10 years. The ILEC tandems do not play the role they once did, and the landscape is shifting rapidly.

Ever looked inside /nix/store and felt immediate confusion? You aren't alone. For many, the "magic" of Nix is hidden behind cryptic hashes and the mysterious "derivation." This talk strips away the jargon to explain how Nix actually works using a simple metaphor: a giant, immutable LEGO set. We’ll explore how Nix builds software in total isolation, why your system can’t "break" like traditional distros, and how every package is just a recipe waiting to be snapped into place.

Ever wondered how MySQL and MariaDB handle the myriad internal temporary tables they create to process your queries? This session pulls back the curtain on this often-overlooked aspect of database performance. 

Prepare to have your assumptions challenged as we delve into the baffling behavior of MySQL's TempTable storage engine. We'll analyze the key configuration variables and internal mechanisms that influence this crucial decision.

Through practical examples and insightful explanations, you'll gain a deeper understanding of:

- When are internal temporary tables used
- How MySQL and MariaDB choose the storage engine
- The specific triggers and thresholds that cause MySQL engine to move data to disk and the performance impact
- Practical tips and configuration adjustments to optimize temporary table usage and avoid unexpected disk I/O.

Whether you're a seasoned DBA, a curious developer, or anyone interested in the inner workings of MySQL and MariaDB, this session will equip you with valuable knowledge to better understand and optimize your database performance.

Attendees will learn about the history of censorship evasion throughout the development of the internet, the current state of internet censorship and evasion tactics around the world, and the future of evasion methods to protect the free and open Internet.

“If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.” – Steve Morgan, Editor-in-Chief of Cybercrime magazine

 On average, companies experience about 21 to 24 days of downtime after a ransomware attack, highlighting the significant impact of such incidents on business operations. Everyday technology is advancing at a faster rate than we can educate the general population. If a HongKong bank can be convinced to wire transfer 35 million dollars by a deep fake how do we protect grandma? Most people under 35 get their news and information from TikTok and social media platforms. How do we educate and safe guard the future?

Nix gives you all the primitives you need to have robust and scalable builds, except the actual build distribution piece. In this talk we will cover what Nix does right for distributed builds, what options you have to implement build distribution, and how the project could fill this gap.

“The Path to Robust deAGI” asks what it would take to build artificial general intelligence that is both powerful and structurally aligned with human flourishing—not just steered by after‑the‑fact safety patches. Ben Goertzel, CEO of SingularityNET and a founding member of the Artificial Superintelligence (ASI) Alliance, will outline how a decentralized, token‑coordinated ecosystem—combining ASI:Chain, Hyperon AGI, and community‑owned GPU clouds—can prevent AGI from being captured by any single corporation or state.
 

I got tired of babysitting my AI coding assistant. Every five minutes: "Should I continue?" So I built the "Ralph Wiggum Loop," named after a Simpsons character. It's a loop that feeds a PROMPT.md file to Claude Code until everything works as defined. Failure becomes feedback. Each crash teaches the next iteration.

Using this technique, I built a complete serverless URL shortener on AWS by letting AI iterate against Pulumi's pass/fail deployment criteria. 

I'll share how this autonomous loops work and how you can use it too.

AI can now listen to your keyboard and guess what you're typing. This session shows how deep learning models can reconstruct text from keystroke sounds, then breaks down how these attacks work and how to defend against them. It's a live, hands-on look at the thin line between innovation and exploitation in modern AI security. Bring your curiosity and maybe a little paranoia.

Linux has evolved a lot over the past 30 years. Distributions were created as opinionated starting points for general usage, but the advent of containers changed what was required and expected. CoreOS pushed the limits of what a server distribution should be, and those limits continue to be refined with more special purpose options.

While many of these next generation distros have similar characteristics they're not all the same. Justin will provide an overview of the current landscape of immutable distributions and what sets each one apart, and what they have in common.

A deep dive into the Iceberg open table format, examining the rationale for its creation, internal mechanics, and advanced capabilities. Drawing from years of production experience, this talk offers both theoretical foundations and practical insights for engineers considering adopting Iceberg.