Presentations

With the rise in popularity of AI applications, enterprises dive headfirst into development without having the proper foundations in place. AI workloads require heavy resource usage, and few enterprises lack robust infrastructure to handle them efficiently. These AI workloads often involve sensitive data, large-scale data movement, and high-performance compute nodes that require secure communication between components. Typical network security in Kubernetes is no longer limited to isolating services. It now includes protecting model training pipelines, securing inter-node traffic, and enforcing policies that ensure data confidentiality and compliance. The most common challenges enterprises face while developing AI applications are overprovisioning resources, an old-school infrastructure setup (a VM-only mindset), and insufficient security to prevent cybersecurity risks and protect their data. 

In this session, we’ll walk through best practices for building optimal AI infrastructure while utilizing k0rdent and Kubernetes, and also leveraging Cilium to maintain stringent data security and compliance.

We’ll cover:

• Why over-provisioning resources is such a common error with AI infrastructure, and best practices for efficient use of resources for maximum ROI.
• How to move beyond a VM-only mindset to a more modern, Kubernetes/bare-metal–aware platform that can keep up with AI teams’ needs.
• How to safeguard AI workloads without sacrificing the scalability that makes Kubernetes effective in the first place.

With proper, strong infrastructure, AI workloads will run smoothly, securely, and without the usual operational overhead. Whether you’re a platform engineer, an AIOps Engineer or someone who wants to get into AIOps, you’ll benefit from this talk on best practices for creating optimal and secure AI infrastructure. 

This session walks through how to build and train your own Small Language Model using open source tools. You'll learn how to select datasets, reuse BERT's tokenizer, design a smaller student model, and apply knowledge distillation to preserve accuracy. We'll share code, show common pitfalls, and help you deploy an efficient, real-world SLM that runs fast on modest hardware.

This session highlights our journey enabling all 3 new trends altogether, Flutter for AI Automotive experiences on RISC-V hardware. We explore the open-source components, performance optimizations, and system design needed to support responsive coming HMIs, and discuss how the community can contribute to building a fully open RISC-V AI automotive software ecosystem with Flutter popularity.

Imagine planning a trip where AI agents for flights, hotels, rental cars, and events collaborate seamlessly. Instead of repeating details across separate systems, these agents share information in real time—adjusting dates for a music festival or suggesting itinerary changes before booking. This talk explores how to create such shared multi-agent conversations using Asterisk, leveraging ConfBridge for audio mixing, AudioSocket for AI integration, and the Open Floor Protocol (OFP) for interoperability. By aligning with OFP, we enable AI agents to collaborate securely, share context, and manage interruptions, transforming digital interactions from transactional to collaborative.

LLMs enable new perspectives in the analysis of narrative text from patient level hospital data. I will show how to carefully integrate them in medically sound pipelines to perform tasks as identifying disease activity, comorbidities, and risk factors, which were traditionally done manually and can now be scaled by orders of magnitude. I will highlight the usual cornerstone steps in these pipelines, distinguish reasoning-heavy from NLP-heavy applications, and showcase the key differences to consider in public pre-trained models as Llama and GPT-OSS and open-source software as Ollama and vLLM.

If you’re a practitioner, developer, or data person, you’re probably being told to “just use AI”. But what does that actually mean?

What is “AI” really? Is it just ChatGPT, Claude, or Canva drawing pictures for you? 

This talk maps out the main building blocks of modern AI. I’ll discuss models and model architecture, training, embeddings, tokens, parameters, agents, RAG, hallucinations, “agentic” systems, and a few other terms you keep hearing.

Importantly, we’ll look at how these pieces are actually put together in real systems: where they’re genuinely useful, where they’re fragile, and where they’re oversold.

You’ll come out of the talk with a solid mental picture of how these ideas connect, what’s behind the buzzwords, and enough understanding to engage in a more informed way on your won AI journey.

Attendees will learn about QEMU user mode, how it can be used to run applications compiled for other architectures as if they were natively built for the user's platform, how to configure their systems to make executables from all architectures executable by default, and how applications can be packaged for multiple applications using QEMU.

Joshua Colp will review the project's current status, key developments, and community contributions, including recent advancements, challenges, and future directions of the Asterisk open source telephony framework.

AstriCon opens with an engaging panel discussion featuring key figures from Sangoma, the driving force behind Asterisk and FreePBX. This session will cover the significant achievements and challenges of the past year, industry trends, and exciting developments on the horizon.

The Atmosphere — built on AT — presents a new approach to social graphs. When you write data using Atmosphere APIs, such as by posting to Bluesky, that data is associated with your personal data repository. These personal data repositories can be hosted or migrated anywhere across the Atmosphere. Each Atmosphere app declares its own schema (Lexicon), and reads and writes its own set of fields. These fields can be read by any other app built on the Atmosphere, allowing users to both a) own and b) span their graphs across the network.

This talk will provide a demonstration of some fundamental AT technologies, including:

- "Sipping the Firehose" - working with the stream, a demo of creating records and have them pop right out
- “Getting backlinks with Constellation” - querying social interactions in real time, and building that data into different interfaces
- “Lexicon Authoring” - a discussion of best practices for creating additional schemas, with examples from other apps in the Atmosphere

Static analysis tools are fast, scalable, and widely used in modern software workflows, but they struggle to reason about runtime behaviors in complex embedded systems. This talk focuses on how symbolic execution can be used as a complementary technique to explore deeper execution paths and uncover subtle bugs that traditional static analysis often misses. We will explain the core concepts, key challenges like path explosion, practical mitigation strategies, and real-world case studies involving embedded Linux applications.

AI coding assistants have made engineers 10x faster, but when entire teams use them, a new problem emerges: architectural chaos. Each developer gets working code from their AI, but without shared architectural context, you end up with conflicting patterns, duplicate services, and unmaintainable systems. This talk introduces SpecMind, an open-source tool that enables spec-driven vibe coding by automatically analyzing your codebase, generating architecture documentation, and keeping design decisions aligned across your team. Learn how to maintain architectural consistency while moving fast with AI, and see a live demo of the analyze, design, and implement workflow that keeps teams building together instead of in isolation.

iptables and nftables are the standard for Linux packet filtering: well-documented and widely understood. But at high bandwidth, BPF is the fast alternative, although it means writing C and fighting the BPF verifier.

bpfilter bridges the gap: an iptables-like DSL that compiles to BPF bytecode.

This hands-on talk covers Linux filtering tradeoffs, introduces bpfilter, and demos real-world usage from writing rules to debugging.

bpftrace provides a quick and easy way for people to write observability-based eBPF programs, especially those unfamiliar with the complexities of eBPF. We always claimed bpftrace was a "high-level tracing language" for Linux even though it was missing the basic features of a language: composability, primitives to avoid code duplication, and even proper loops. It was also trailing behind the larger, upstream BPF feature set. This talk is about how we're working to transform bpftrace from a box of tools (one-liners) to a language for making new tools.

https://bpftrace.org/

Technical societies increasingly struggle with governance capture by large corporations and entrenched interests, especially in news deserts where transparency is low. This talk presents an actionable, open-governance alternative: sortition, or democratic lotteries, paired with publicly governed digital infrastructure for collective self-rule. Drawing from real-world examples (including the lottery-selected board of Democracy Without Elections and open-source governance work from MetaGov), we explore how engineering and professional organizations can use stratified random selection and participatory technology to build representative, trustworthy, transparent, and capture-resistant leadership structures. Participants will learn concrete steps to implement sortition-based boards or committees supported by legitimate, publicly governed tools.

The challenge of bridging technical divides in government is universal: modern systems exclude paper-based stakeholders, while simplified tools limit potential. In The Gambia, known as 'Africa's smiling coast', we confronted this reality head‑on: institutions with full‑blown ERPs exist alongside those relying on paper, the digital divide is stark. Discover the novel 4‑level framework, "from API to manual entry", architected as the operational blueprint for The Gambia’s National Higher Education Management Information System (HEMIS), designed to integrate all stakeholders without sacrificing capability or perpetuating inequality.

From scrappy sysadmins and early SRE teams to DevOps and today’s platform engineering wave, this talk traces how operations have evolved—and why the next frontier is treating your platform as a real internal product for developers. This talk will unpack what a modern platform actually is (and isn’t), show how ideas like Team Topologies, golden paths, and “glue as a service” fit together, and share concrete strategies for success: adopting a product mindset, obsessing over developer experience, measuring with DevEx/DORA-style signals, and ruthlessly stripping away incidental complexity so autonomous teams can move faster with less coordination. You’ll leave with a practical mental model and a set of patterns you can apply immediately to build a better loop between developers, platform, and the business. 

PlanetScale for Postgres is a database as a service, launched in July of 2025, composed largely of open source materials. In this talk, we'll discuss how we approached this project, what factors informed our technology choices, some of the nuances and sharp edges we've encountered because of those choices, and some interesting ways that we've stitched these components together into a cohesive system.

Discover how to transform Asterisk into a real-time Voice AI platform by integrating SIP telephony, WebRTC, and OpenAI Realtime. This session will showcase a low-latency, secure architecture for conversational intelligence, including a live demo of Voice AI handling calls, generating structured data, and integrating STIR/SHAKEN for secure communications. Key takeaways include building scalable Voice AI systems, securing SIP/AI architecture, and creating call management dashboards with summaries and analytics.

Modern softphones have gone beyond user interfaces and SIP endpoints, becoming distributed, fault-tolerant communication systems designed for global scale. As organizations adopt hybrid Asterisk environments, there's a need for scalable softphone architectures connecting WebRTC, SIP, mobile, and AI platforms.

This session will use SIPERB as a case study to explore the challenges and patterns of building a large-scale softphone platform. We’ll examine the backend ecosystem, including SIP proxies and media relays, and explain why scalability and interoperability are crucial from the start.
You'll learn to build a reliable softphone for browsers and mobile devices, using modern WebRTC architectures to keep your Asterisk core lightweight and secure. We'll also demonstrate how a standards-based, event-driven architecture allows integration with platforms like WhatsApp and OpenAI for AI analysis and cross-platform communication.

Erlang's Open Telecom Platform (OTP) was originally built for telecom, yet modern SIP stacks in the BEAM ecosystem are still hard to find. In this talk, Brandon shares how he’s designing his Elixir telecom stack, Parrot Platform, to be both easy to build and scale. Learn how the Membrane framework handles media, how pattern matching simplifies call routing, and how Elixir’s foundation enables efficient scaling.

As organizations adopt generative AI, platform teams must support multi-node inference, GPU-based model serving, and growing API sprawl while keeping the developer experience simple. This session explores Kubernetes-native approaches like kserve, high-throughput frameworks like vLLM, and gateways like LiteLLM for standardized model access. Attendees will learn concrete patterns for supporting AI at scale while preserving the principles that made their platforms successful.

This session presents a practical blueprint for building a SageMaker-like AI Factory using only upstream open source projects. 

We walk through a complete architecture that combines Kubernetes, Kubeflow, MLflow, KServe, vLLM, and a modern Cloudscape-based console, secured with Keycloak and FreeIPA for enterprise-grade IAM and SSO. 

On the data side, we leverage Ceph, Apache Iceberg/Hudi, Kafka, Spark/Flink, and Feast to create a robust lakehouse and feature platform. We then show how to orchestrate the full ML lifecycle—from data ingestion and feature engineering to training, model registry, deployment, monitoring, and cost visibility—using GitOps, Prometheus/Grafana, OpenCost, and policy-as-code. 

Attendees will leave with a clear, vendor-neutral reference architecture and a concrete checklist of upstream components to assemble their own open, portable, and sovereign AI Factory across on-prem, cloud, and edge environments.

The Open Floor Protocol (OFP) is an open standard (Linux Foundation AI & Data) enabling heterogeneous conversational agents to interoperate via universal JSON message formats—Conversation Envelopes. This talk introduces OFP's core components: Envelopes, Dialog Events, and Assistant Manifests. I'll demonstrate advanced use cases (delegation, mediation, orchestration, discovery) and Beaconforge—an open-source Python framework for building OFP-compliant agents—with practical multi-agent collaboration examples.

With the recent improvements to Asterisk's ARI and the introduction of chan\_websocket, it's easier than ever to build your voice services with Asterisk. You can now build a complete solution, including control and audio, using only websockets. This talk covers how these new features are designed to work together to make Asterisk the go-to platform for your IP telephony services.

Have you ever taken a course on Computer Networks or Operating Systems? If so, there's a very high likelihood that your coursework was based on books by Doug Comer. is a Distinguished Professor of Computer Science and professor of electrical and computer engineering at Purdue University in the US. Beginning in the late 1970s he started his continuing research into TCP/IP, which has earned him international fame in the field of Computer Science and computer networking. Doug is probably responsible for educating the vast majority of network and operating system engineers in the world today. And SCaLE is proud to announce that Doug will be keynoting at our 23rd Edition in Pasadena, in March 2026.

CloudNativePG is an open-source Kubernetes operator for PostgreSQL, which has officially been accepted into the Cloud Native Computing Foundation (CNCF) Sandbox.

CloudNativePG manages the full lifecycle of PostgreSQL clusters, configured with a primary/standby setup using native streaming replication for high availability. It is fully declarative and Kubernetes-native. The operator avoids StatefulSets, managing Pods and PersistentVolumeClaims directly. This gives it granular control over storage, instance lifecycle, and automated failover procedures.

We will cover its core design philosophy and key features—including automated deployment, self-healing, and integrated backup/recovery. We will also demonstrate how easy it is to spin up, manage, and scale robust PostgreSQL clusters using CloudNativePG.

Recently, several open source companies attracted a lot of attention after their announcements of license changes. Not surprisingly, these shifts sparked backlash from open source enthusiasts, prompting some to create community-driven forks under open source foundations.

Now there is growing skepticism toward (single) company backed open source projects, with many arguing that open source projects should be run by neutral foundations to prevent future bait-and-switch tactics. In this session, we'll explore if a foundation is always the right model for open source projects. 

Step into the world of stream processing, where events arrive sporadically and timing matters.

This talk explores managing the journey and lifetime of an events during stream processing. We will discuss data events from ingestion to output and examine what happens along the way.

Using a movie theater metaphor, we will explain key ideas like time windows, late arrivals, and dead letter queues. The talk connects high-level concepts to practical implementation notes. You will leave with a clear and useful mental model for working with real-time data.

Over the past few years, OCI containers and Kubernetes have become the backbone of Meta’s open-source cloud infrastructure. This talk explores the complexities of safely running containers inside containers (“nested containers”) without root privileges. It demystifies OCI container internals, highlights the latest open-source advancements enabling rootless deployments, and addresses the unique challenges posed by nested environments. Through production case studies, it shares lessons for secure, efficient container-in-container deployments.

This talk will discuss different ways to crack passwords. There will be a brief history of how passwords are hashed, how hashing works, how long a password should be, how to pick a good password, password managers, and defense against passwords being cracked.

Three ways to crack passwords will be described. Custom open source tools I wrote to help manage password cracking will be described.

I will discuss statistics on 1 billion passwords I have found including password length, use of different character classes such as all lowercase, all uppercase and more. Password patterns will be discussed.

This session is a presentation of Data4Citizen, the new disruptive Open Data Platform used by Governments to deploy Open Data Portals, powered by AI and LLM This session explians how Data4Citizen can help users to value the public data, anywhere - anytime, through easy-to-use interfaces and AI companions

Data4Citizen provides more than a simple data catalog, with modules and tools to create maps, interactives Dashboards, etc

API Priority and Fairness (APF) is a core feature in Kubernetes designed to protect the API server from overload and ensure critical requests are processed even during high traffic. It works by classifying, prioritizing, and managing inbound API requests using a flow control mechanism.

Disappointed by per-minute pricing and the risks of sending HIPAA data to public APIs, StratusTalk decided to build their own AI receptionist. By embedding the agent directly into their Asterisk/FreePBX offering, they gave it the same tools a human receptionist uses: call transfers, intercom, outbound dialing, and more.  In this talk, Jeff will walk you through their design decisions, their Kubernetes-based solution, and show you live demos of it in action.

At the request of a translation company commissioned by the French government under immigration law, we developed a system that can find a translator among the 125 languages offered in less than 5 minutes, involving Asterisk, an AGI server, AMI connection, an IVR, and other tools.

DevOps has a notoriously steep learning curve. Getting started in the field can feel like being dropped in a foreign country without the ability to understand *anything* about the language. 

A language is more than just the syntax and semantic rules of the words themselves. It also encompasses the shared culture of the speakers. With the proliferation of programming languages as well as the deeply held cultural beliefs of the community, it's easy to see that learning DevOps is like trying to learn a foreign language.

I will review five foundational hypotheses from the field of Second Language Acquisition and relate these hypotheses back to the world of DevOps. DevOps practitioners, trainers, tool builders, and learners should all come away with useful insights to apply to their practice. 

In this talk, we’ll describe a production-grade NLP pipeline that processes millions of pieces of social media content across TikTok, YouTube, and Instagram using Ray and GPU acceleration. Learn how we use Ray's distributed computing model to orchestrate scalable embedding generation, sharded batch writes to Qdrant for vector search, and end-to-end pipeline tracking with Snowflake.

Artificial Intelligence is an overhyped distraction, except for what it can do for you when using MySQL. AI is strong in he pattern matching area, which means it is great with SQL syntax and examining DDL metadata. This session will cover basic prompting, using AI to repair or augment existing queries, and developing new schemas. And you can write queries in English (or French, or German, or Italian) instead of SQL, saving you a lot of time determining which tables need to be joined where. SO, yes, you do need an AI Assistant to get the maximum out of your MySQL instances, and this session will show you how to do it.

Building systems that respond reliably to specific changes in distributed data is harder than it should be. This session introduces Drasi, a CNCF Sandbox project that simplifies change-driven design by codifying continuous query and reaction patterns. We’ll show how Drasi helps developers declare which data changes matter and automatically trigger the right downstream updates- no polling loops or custom glue code required.

Beyond everyday scenarios like keeping services and dashboards in sync, Drasi also supports AI-driven workloads where fresh data is critical. From updating embeddings to refreshing model inputs, Drasi ensures AI systems stay aligned with the latest state of the world.

You will learn the fundamentals of change-driven architecture, see Drasi in action, and walk away with practical patterns you can apply in your own distributed or AI-powered systems.

Disks fail, RAM runs short, software breaks, and human error strikes, and data loss follows fast. This talk presents a direct recovery path built on concrete steps used in production: detect corruption through log checks and checksum validation, stop the service to contain further damage, restore from backups that pass verification, use point in time recovery to reach a clean state, extract readable tables when backups fall short, keep pg_resetwal as a last resort when no clean recovery remains, and strengthen the cluster with routine checksums, tested backups, WAL archiving, and replicas that support failover. The session focuses on reliable commands, clear failure patterns, and practical actions applied without guesswork.

Recent security updates to Linux, such as the new Systemd Unified Kernel Image rely on the discrete or firmware integrated TPM (Trusted Platform Module) to verify boot and release secrets securely. However, there are many known attacks against the TPM chip itself. We will discuss the newly upstreamed Linux Kernel TPM security patches, which not only provide a basis for securely communicating with the TPM but also provide a novel defences against a wide variety of TPM based attacks by using a unique (to Linux) null key scheme. This talk will cover what TPM based attacks are (including interposer attacks), how the Trusted Computing Group expects you to tell you're talking to a real TPM and how you can communicate with it securely and use its policy statements to govern key use and release. We will then move on to how the new Linux Kernel patches extend this and can be leveraged to validate the TPM on every boot and continually monitoring it for any TPM interposer substitutions in real time.  The new TPM trust verification tools are available under LGPL as ancillary tools in the upser space openssl tpm engine project.

CNPG-I (CloudNativePG Interface) is an open-source solution for extending Postgres in Kubernetes through a powerful plugin system. In this talk, we will dive into how these plugins work with the CloudNativePG Project in Kubernetes and walk through the creation and deployment of Postgres clusters with a custom plugin. By the end of the presentation, attendees will have a foundational understanding of how to use CloudNativePG along with CNPG-I plugins to deploy and expand their Postgres database solutions in Kubernetes.

What happens when you’re a volunteer-run academic event with almost no budget, but need to support thousands of concurrent users? We decided to embrace the home-lab mindset and scale it to the extreme. In this talk, we’ll share how we transformed the home lab mindset into competition-grade infrastructure powering events like WRCCDC, PRCCDC, many others. Using second hand hardware and resources, we’ll walk through our migration from VMware and a SAN to an entirely open-source stack built on Proxmox and TrueNAS, and how we replaced Active Directory with authentik + LDAP to eliminate licensing and increase flexibility. Along the way, we’ll cover the planning, hardware challenges, licensing challenges, design tradeoffs, training, and scalability lessons learned while running production infrastructure in a purely volunteer environment. If you are an educator and trying to string together a learning space for students or if you’ve ever wondered how far you can stretch open-source tools this is the talk for you.

You enter the call (or conference room) where you are greeted by some higher level executives and members of your Infrastructure team. They have been tasked with bootstrapping the company's IT Infrastructure and start building new resources with IaC. Luckily for you (or not), you have experience with this and are eager to prove your worth and show that DBAs can do more than yell at your poorly configured query or that you are using ORMs. While this situation happens to many of us, I rarely hear about the struggles folks have trying to implement a stateful resources (databases) in a stateless in environment consisting of stateless resources. 

For your pleasure and amusement, I plan to walk you through my experience implementing this exact task and align the different phases of the implementation with Dr. Kübler-Ross’s five stages of grieving. Sit back and enjoy a few laughs, memes, and positive outlook on how we continue to create more gray area in daily work.

Learn what changed in FreePBX 17 and see what's in store for FreePBX 18 as we continue to enhance the code base for the premier, most widely deployed open source telephone system in the world. Highlights include more robust deployment methods, new configuration visualization tools, and several AI enhancements to make technical PBX administration tasks easier—freeing you up to focus on big picture problem solving within your organization.

The most dangerous phrase in the English language is ‘We’ve always done it that way.‘” Grace Hopper spent 60 years fighting this mentality. Today’s developers sneering at “AI slop” and rolling their eyes at “vibe coding” are repeating history—the same engineers who said COBOL would never catch on. You’re about to find out why Amazing Grace wouldn’t hire them—and why you shouldn’t either.

In fact, every time you prompt Claude to write code, you’re witnessing the future Grace Hopper predicted in 1955 and throughout her career. Admiral Hopper carried 11.8-inch wires to make nanoseconds tangible. Today, she’d carry LEGO bricks to explain how AI transforms thoughts into code at light speed.

The progression is clear:

• Punch cards → Assembly → COBOL → Modern frameworks → Natural language

We’ve reached Hopper’s vision: human language as the primary computer interface.

For years, DevOps improved delivery speed, automation, and feedback loops, which were effective until they began to fail. As the stacks expanded into microservices and multi-cloud environments, the alert stream evolved into a firehose. While additional dashboards and stricter thresholds enabled teams to respond more quickly, they did not stop recurring problems or decrease the overall noise. The solution was not “more tools.” It was a playbook update. That update starts with the basics of clean data, consistent tagging, reliable telemetry, clear ownership, and real SLOs. Once the foundation is in place, apply AIOps where it excels.

PostgreSQL has had integrated full-text search since version 8.3 (and before that using the tsearch2 extension)… that's over 17 years of searching. New technologies have emerged since then to make searching a large corpus of text even more efficient, accurate, and useful.

This talk dives into new extensions and methods of doing full-text search: New algorithms like BM25, new approaches like pgvector, and how to combine them to create hybrid search methods.

GenAi for the GenX guy is a talk about how being a member of the forgotten apathetic generation has led to a healthy distrust of GenAI. 

Multi-tenant Kubernetes with GPU sharing can unlock serious efficiency for AI workloads—but only if you design it with security and performance in mind. In this session, we’ll walk through how to give multiple teams their own “cluster-like” experience while safely sharing GPU resources underneath. We’ll cover open source tools like KAI Scheduler and vCluster, plus how to plug in external systems for secrets and dynamic access control to keep the environment both scalable and secure.

Organizations have invested in GPU resources that can do all kinds of cool new things. And they learned from the last 10 years of security practice, right? Right!?! Oh, no.

This talk will cover the new threat landscape, real-world attack vectors, and practical approaches to securing GPU infrastructure before your expensive compute cluster becomes someone else's cryptomining operation. And this is why security professionals will have a job for the next 10 years.

Kubernetes governance tools are powerful, but they often operate too late in the software delivery lifecycle—usually in CI/CD or at admission control. By the time a misconfiguration is caught, developers have already pushed code, reviewers must intervene, and pipelines waste costly compute.

In this talk, I introduce Guardon, a lightweight, local-first browser extension that brings Kubernetes guardrails directly to developers while they edit YAMLs in GitHub or GitLab. Guardon performs instant, offline validation of multi-document YAML files, imports Kyverno policies, and surfaces real-time guidance—all before a pull request is even created.

We’ll explore how this browser-native approach shifts compliance further left than existing tools, reduces friction for developers, and enables DevOps and platform teams to enforce organizational best practices without slowing teams down. This session includes a live demo, architectural breakdown, and insights into the future of developer-first Kubernetes security.

In the observability space, many assume that OpenTelemetry Collector performance scales linearly—until it doesn't. This talk reveals the critical performance limits that practitioners encounter in real-world deployments, especially at scale, and highlights the blind spots that traditional telemetry metrics often miss.

We demonstrate how to diagnose and prevent high-throughput pipeline failures using latency histogram analysis, external HAProxy sidecars, and advanced profiling. These insights benefit both collector developers and platform engineers who manage telemetry pipelines across organizations.

Wouldn't it be great if we could provision entire systems, VMs, and edge devices as easily as we build and deploy application containers to Kubernetes?  This would make it possible to make lightweight single-purpose systems, while using our favorite CI/CD tools and even IDEs.  Well, we can do that  now, thanks to bootc.  In this talk, the speaker will walk you through creating a bootc container image for a full system, testing it, and then provisioning that image to a portable computing device. 

Generic fitness apps give generic advice. I wanted a running coach that actually knew my training: my long runs, my recovery patterns, even my bad habits. So I built one: a Slack bot that pulls data from Strava, Coros, Peloton, and my own chat logs, feeds it into an open weight LLM running on Groq, and gives me personalized guidance for pocket change.

The bigger idea is simple: this isn’t really about running. It’s about building personal software that understands your life in a way generic apps never will.

As an app developer, my goal is to serve my users. I may love my tech stack, but secretly, I am terrified of the data layer.

These days we have more and people building apps and the database is only given the thought of a prompt or simple setup. The database should be loved and enjoyed, not feared. In this talk, I'll share how approachable PostgreSQL can be for app developers using the tools that we know and love, like ORMs and AI.

Learn how to securely and efficiently install Asterisk and FreePBX using declarative, idempotent instructions stored in a version-controlled cloud-init.yaml file. This approach minimizes arbitrary commands, reduces risks of command injection and privilege escalation, and ensures validation and error handling through cloud-init. In this session, we’ll walk you through a cloud-init.yaml configuration for installing FreePBX with robust management and security best practices.

The Apereo Foundation supports the development and sustainability of open source software in higher education through a global, community-led model. Indeed, several Apereo projects enjoy 20+ years of success. This session introduces Apereo’s evolving approach and roles in fostering open technologies that power critical academic services, research computing, and administrative systems, including authentication/authorization, online learning, video capture and editing, calendaring, scheduling, and registration, as well as data management. Attendees will learn how Apereo supports projects through granting and corporate funding, incubation and health metrics, community development and management, unique to higher education, but applicable to any open source community of practice. Specific initiatives, such as Apereo Micro-Conferences as an awareness and engagement strategy, and the emerging “Community as a Service” model toward self-sustainability, will be introduced.

This talk presents a multikernel Linux architecture where multiple independent Linux kernel instances execute on a single machine with kernel-enforced resource partitioning. Unlike previous replica-based multikernel design, our isolation-based design addresses dynamic resource management through device tree based allocation and Linux hotplug operations. We discuss the architectural design, implementation leveraging existing kernel infrastructure: kexec, device tree, hotplug subsystems. Use cases include AI agent sandbox, zero-downtime kernel updates and automatic crash recovery with backup kernel. This design maintains full Linux compatibility while providing strong isolation without virtualization overhead.

FreePBX is a key component of many VoIP deployments, making its security essential. This session covers real-world vulnerability discovery, responsible disclosure, and remediation based on Horizon3.ai's research.

Join Cindy Cohn, Executive Director of the Electronic Frontier Foundation for a SCaLE 2026 keynote presentation.

Join Mark Russinovich, CTO, Azure for a SCaLE 2026 keynote presentation.

Unlocking the full potential of AI starts with your data, but real-world documents come in countless formats and levels of complexity. This session will give you hands-on experience with Docling, an open-source Python library designed to convert complex documents into AI-ready formats. Learn how Docling simplifies document processing, enabling you to efficiently harness all your data for downstream AI and analytics applications.

Language learning apps are used by millions of people around the world. Many of these of these apps operate on a freemium model and pay for their free versions with ads. The infrastructure for these ads can possibly bleed into the infrastructure of the paid versions. This study seeks to verify, using open-source tools, that the paid versions of Duolingo, Busuu, and Memrise are not broadcasting user data to advertisers.

Learn how to configure, use, and abuse long-range, cheap communication devices through Meshtastic, without a license! Talk to friends, control remote devices, gather remote sensor data - all at low power use, low cost, with encryption. This 4 hour, hands-on workshop session requires pre-registration (with your conference registration). The $75 entry fee pays for the starter device attendees will configure and keep.

When ClickHouse Cloud was launched - we still had Persistent Volume Claims (PVCs) backed by EBS (and other equivalent) volumes to store critical metadata in the hot path. We did not have true separation of Compute and Storage. 

Over the course of the last few years, we have been slowly but surely working our way to remove this limitation. This talk is the culmination of everything that was done - important fixes in the Core database as well as the cloud database Operator - to finally get rid of those volumes. Now when we allocate database server pods in the cloud - there are no Network Block Volumes attached to them. 

This talk documents the challenges of implementing such a critical feature in the journey of a cloud database, as well as the subsequent migration of customers in this cloud to this mode of operation. We will cover important topics such as S3-based Storage Engine, Catalog and S3-Plain Re-writable Disks as well as the Kubernetes Operator changes to enable these features in the Cloud.

In this talk, Joshua will share his insights and experiences with OpenTelemetry, an open-source project that offers protocols, APIs, and SDKs for collecting metrics, traces, and logs from applications and services. He will cover the comprehensive toolkit provided by the OpenTelemetry community, including language SDKs, the Collector, and the OTLP formats for metrics, traces, and logs.

He will demonstrate how to instrument and monitor a microservices application running on a Kubernetes cluster, utilizing the full potential of OpenTelemetry. Attendees will learn how to use powerful open-source tools like Jaeger and Prometheus to effectively analyze telemetry signals from their applications.

By the end of this session, attendees will have a solid understanding of how to implement OpenTelemetry in their projects, enhancing their debugging and observability practices. Join us as we delve into the world of OpenTelemetry, unlocking the capabilities of this powerful technology for your development needs.

Cloud-Native platforms are exponentially scaling across clusters, clouds, and teams. Enforcing consistent policies and resilient operations becomes a critical challenge for platform teams. In this session, we explore how Kyverno, combined with ClusterAPI and k0rdent enables secure, declarative governance without the complexity of admission webhooks or custom tooling. 

Through real-world examples, we demonstrate how this integration powers developer self-service, enforces platform standards, supports AI/ML workloads, and reduces operational overhead showcasing policy-driven platform engineering done right.

SLAC National Lab uses particle accelerators to run the world's most powerful X-ray laser. We also process Vera C. Rubin Observatory images - the largest-ever astronomy dataset. This talk is an infrastructure-focused introduction to Scientific Computing. Learn about how open source is at the core of how we collect, store, and process data for cutting-edge scientific research.

I never had a need for home automation, until I got a cabin in the woods. I wanted a simple camera security system, sensors, and other automation so I could monitor my cabin when I wasn't there, and tell whether I remembered to lock the door! I wanted control over my personal data, so I went with Home Assistant, open source home automation software that's easy to use, can run from a Raspberry Pi, doesn't depend on cloud services, and has wide compatibility with home automation hardware.

In this talk I will explain how I set up Home Assistant to monitor my cabin including camera security, remote sensors, and how to set up alerts to keep me up to date on the family of foxes that visit my property.

It all started with a website and a refusal to spend a dollar as a grad student. This talk traces the evolution from a student portfolio to a full self-hosted ecosystem with Media to personal AI tools and periodic social media backups all running with stubbornness on second-hand hardware without a static IP. Explore the journey: one-day wins with dynamic DNS, multi-year setups with backups, monitoring, and home automation. My network and security failures and how you should avoid them on your server. Whether you’re curious or deep in self-hosting, discover what outages teach, how communities support, and open source empowers. No budget for all this? No problem.

From raw earth to homestead living - house and farm. This is what's possible with the Open Source eco system developed by Marcin Jakubowski; refined and built by him and his Open Source community. 

Build a home from raw materials using only Open Source hardware!

This talk will give the Who, What, When, Where and Why of using Open Source Software, Open Hardware and Open Data in the learning and teaching of "computers".

The speaker will use his and other people's paths of learning about computers, from the days of "data processing" with plugboards and punched cards to wire wrapping of electrical components to perforated boards to modern-day Raspberry Pi and Arduinos.   From "computer black magic" to "computer science".

However this talk will not just be about the past, but the future.

It is not enough to teach students how to use software to solve their problems, but also how the software solves those problems and how to make that software solve those problems even better.   Something that can only be done with Open Source, Open Hardware and using Open Data.

The speaker will outline several programs that are Open and Free for collaboration to produce teaching materials for all, even for self teaching.

As we all know, the best way to learn something is to teach it to other people.

When we designed the OpenWrt One, the OpenWrt build system allowed us to easily create a self-contained source tarball that included everything needed for GPL and other compliance purposes. We'll briefly explore a bit of build system history and how it got us the OpenWrt One sources before opening up discussion on how these features vary across build systems, and how we can achieve similar "ease of compliance" with GPL, FCC, CRA, and other agreements or regulations that are most efficiently handled early in the device development process, and are largely in the build system's purview.

ClickHouse operates Postgres logical replication for CDC at massive scale, replicating 200+ TB monthly across 300+ customers. This talk shares how we scaled logical decoding to production, including key optimizations, operational lessons, and how we run replication reliably with Kubernetes and deep observability.

This session aims to cut through the acronyms and introduce beginning developers to the concepts of object relational mappers (ORMs) and entity relationship diagrams (ERDs).  ORMs are programming tools that aim to bridge the gap between objects in programming languages and how relational databases store data in a normalized table format.  ERDs aim to visualize the structure of databases and can also create SQL code from a visual format.  Seeing these tools together helps make both click and can help developers leverage each for different use cases.

AI (i.e. ML with better compute) is here to stay - there’s no denying that. But AI's capacity to provide genuine contributions is debatable - especially for open source projects. Projects are seeing a flood of AI-generated issues and pull requests, yet they lack the crucial human elements of context, intent, and accountability that open source thrives on. This isn't just a minor annoyance; it poses a direct threat to the sustainability of beloved projects and the maintainers who tirelessly support them.

The time to address AI in your CONTRIBUTING.md file is now. But what does that look like? How do we establish clear ground rules for AI-driven contributions (because not all are bad)? How do we define what a “meaningful contribution” is in today’s landscape, and how do we enforce the guidelines? This talk will put forward some thoughts and ideas for what a playbook might look like for your specific project, and some guidelines which can help ensure we embrace these new tools, while still keeping the spirit of open source intact.

Planograms translate market research and category rules into shelf-ready product-placement diagrams—but generating them usually requires tedious manual work and more caffeine than should be legal. This talk walks through a proof-of-concept system that uses AWS services, open-source components, and agentic LLM workflows to automatically convert merchandising knowledge into structured planogram descriptions suitable for a marketing professional's final touches. We’ll explore the architecture, the prompt engineer, the agent design that make the outputs reliable, and how open formats keep the workflow portable and extensible. Attendees will leave with practical patterns for building real-world, AI-driven automation with AWS services and open source.

I’ve spent years trying to bring open-source software into my community college classes, and it’s been a mixture of successes, failures, and challenges. I’ll share some of the early attempts, such as trying to run courses using Linux and scaring a few administrators in the process. How I was often told to teach a “real” language instead of PHP or Python, and how MySQL quietly became the workhorse of several of my courses. And now the MySQL class is one of the required classes for our new Bachelors of Data Analytics and Programming degree.

Easy-to-deploy, open source PostgreSQL function that provides a prioritized list of actions to improve database stability and performance. Inspired by Brent Ozar's FirstResponderKit for SQL Server, pgFirstAid is designed for everyone to use—not just DBAs! Get actionable health insights from your PostgreSQL database in seconds.

https://github.com/randoneering/pgFirstAid

This presentation offers an in-depth analysis of Flatcar Linux, a container-optimized operating system, within the context of cloud-native environments. It begins with an overview of cloud-native Linux distributions, highlighting the evolution and importance of container-focused operating systems. The session introduces Flatcar Linux, discussing its origins, acceptance into the Cloud Native Computing Foundation (CNCF) as an incubating project, and its core features such as immutability, atomic updates, and container-native design.
After covering Flatcar, I explore Kairos, as immutable option at the edge, and I show a comparison of alternatives like Fedora CoreOS, Talos, Suse elementary.
Also, this session argues that managing the node OS immutably is key to platform reliability. We compare traditional distros vs. container-specific immutable OSes. We describe examples like AWS Bottlerocket, Flatcar Container Linux, and Talos Linux.
Such OSes mount a read-only root filesystem, disable SSH, and update by swapping entire node images (dual-disk atomic updates with rollback).
In the demo, I upgrade a cluster’s OS by applying a new immutable image spec and watching nodes reboot harmlessly. I highlight how this approach eliminates config drift and patches servers in one shot, aligning with best practices that a minimal, read-only host has a “much smaller attack surface”.

As AI systems become more complex, developers are discovering that the database, not the model, is the real foundation of reliable AI. In this talk, I'll explore how Postgres can function as a full AI application server by combining Retrieval-Augmented Generation (RAG) with the Model Context Protocol (MCP).

We’ll walk through a real implementation: ingest pipelines, vector search, metadata ranking, caching, provenance tracking, and LLM tool-calling, all powered by Postgres. Then we’ll expose those capabilities over MCP so LLMs can safely query, transform, and orchestrate data.

The result: an end-to-end AI system where your RAG, your tools, your transforms, your logs, and your automation all live in Postgres.

PostgreSQL, maintained as an open source project, is an ideal database for teaching relational theory and demonstrating database internals. However, so far, few academic institutions have adopted PostgreSQL for their educational needs.

One of the goals of Prairie Postgres NFP, a Midwest non-profit, is to bridge the gap between Industry and Academia with the help of PostgreSQL. We advocate for using PostgreSQL in data management courses and invite students and faculty to participate in PostgreSQL conferences and meetups.

In this talk, we will share our successes in this journey and highlight the problems we are still trying to solve.

Various PostgreSQL community members attend SCaLE and are willing to meet with attendees and answer any questions. Many aspects of the community are covered: User groups, conference organization, core development, exhibitions, advocates and more! Please come and ask any questions!

A full PostgreSQL training day adjacent to the SCaLE LA event. 6 hours total, running for a full day as a single track (with 90 minute lunch break). Attendees can attend some or all of the event. Aimed both at new Postgres users and those migrating from other db systems. 

Power imbalances are everywhere, including in our OSS projects. Corporations hold power over projects that result in relicensing, forks, and other disruptions. This talk will cover these power dynamics and suggest steps that we can take to make better decisions about which OSS projects to embrace.

If you've ever had an application that needed hundreds (or thousands) (or tens of thousands) of connections to postgres, then you've probably needed a connection pooler. And if you've ever used PgBouncer as your connection pooler, you may have run into some challenges, or problems, or confusing behaviors, or all of the above.

In this talk, we will cover what can go wrong, how to fix problems, and how to monitor to keep your database, clients, and DBAs happy.

What if I told you there's a way to spot memory leaks, CPU bottlenecks & performance regressions—before your users feel them?

And if I told you it works across every runtime, in production, with zero instrumentation & near-zero overhead?

And if I told you almost no one is doing it?

Profiling has finally joined metrics, logs & traces as the 4th core signal in OTel. But while the spec is ready, most stacks—and teams—aren’t. Enter eBPF: the missing piece that makes continuous, runtime-agnostic profiling not just possible, but practical.

Can Prometheus help take care of your pet? In this talk, we’ll explore how to use simple IoT devices and open source tools Prometheus and Grafana to monitor your pet’s activities in real-time.

This session will demonstrate how observability can go beyond servers and improve the lives of our four-legged friends.

We’ll cover using off-the-shelf components that can send data to Prometheus and react to alerts, visualizing water consumption and door use trends in Grafana, and alerting when something looks unusual.  We’ll review the architecture and see a live demonstration of this stack (hardware and software) in action!

Recent enhancements to ARI with bidirectional communication over WebSocket have greatly simplified integration with external components, such as real-time billing engines. These components can now function almost like internal modules of Asterisk.
In this talk, we’ll explore the seamless integration between the CGRateS Billing Framework and Asterisk using the new bidirectional ARI, showing you how to build your own real-time billing system for your Asterisk setup.

As organizations rapidly integrate Large Language Models (LLMs), traditional WAFs and static analysis tools fail to catch probabilistic threats like prompt injection and jailbreaking. This session moves past theory into practical defense for engineers using LLMs. We will dissect the "AI Attack Surface" and demonstrate how to use open-source tools like Garak and PyRIT to automate Red Teaming. Attendees will learn architectural patterns for "Guardrails," methods to prevent "confused deputy" attacks, and techniques to verify model supply chain integrity. Leave with a blueprint for securing your AI workloads today.

Picture this: you're managing dependencies across 1,300+ repositories, security vulnerabilities pile up faster than dishes in a university dorm, and developers spend more time updating package.json than building features. That was us at Grafana Labs. 

What started as "let's try this [Renovate](https://github.com/renovatebot/renovate) thing" became a full automation and o11y adventure. 

If you're wondering whether large-scale dependency automation is worth it, this talk provides the roadmap we wish we'd had.

Akash network is an open source project which lets users run their containers across a global set of compute providers.  It's the middle layer inbetween people who need compute resources (buyers) and people willing to sell access to their compute resources (suppliers).  Anyone can participate on either side, with a net result of less waste of idle compute resources on the supplier side, and lower costs on the buyer side.

The "unit of compute" is a buyer-provided container, and the length of time that container needs to be used to complete its task.  Buyers include enthusiasts who just want to run a minecraft server all the way up to professional compute jobs such as training an LLM.

The supplier can be a professionally-supported server in a datacenter with dedicated GPUs, all the way down to a spare home computer running in a home environment.

Akash network is the coordinator inbetween, and it utilizes a blockchain for compute commitments, checksums, and payments between suppliers and buyers of compute.

Sagebrush Standards is an open-source computable contract format designed to improve access to justice by making legal services more efficient and accessible. Developed in collaboration with Neon Law Foundation and UNLV Law School, this project demonstrates the power of starting simple with YAML and Markdown, then incrementally adding structured rules to create deterministic legal workflows. In this talk, we'll explore how our approach—building from plain text formats familiar to any developer—has evolved into a comprehensive system featuring client questionnaires, automated document generation, and AI-compatible legal templates. You'll learn how open source principles applied to legal technology can dramatically reduce service delivery time while expanding access to justice, and see real-world examples of how structured data formats can transform traditionally manual processes into scalable, automated solutions that serve more people more effectively.

Scaling a telephony platform to handle tens of thousands of concurrent calls is a complex challenge for any deployment. This session shares real-world experiences from ASTPP, an open source billing and routing platform, highlighting strategies for high concurrency, load balancing, monitoring, and maintaining resilience under heavy traffic. Attendees will walk away with practical, transferable insights that can be applied to Asterisk, FreePBX, or other open source telephony platforms.

An ideal home lab is remotely-accessible, security hardened and tested, and wholly relies on an open-source technology stack. In this workshop, you will get hands-on training on using open source technology–from hypervisor to web app–to self-host your own home lab. The workshop will walk you through network design, architecture, and security, including firewall configuration and DNS sinkholing; using Docker and Docker Compose; remote administration tools and methods; remote web app access with mandatory two-factor authentication; single sign on integration with internal and external services; certificate authority management for mTLS through OpenSSL and Step CA; an introduction to SSH certificate authorities; and network mapping and security testing. Participants will come out of this workshop with the hands-on experience, knowledge and resources to successfully self-host their own secure Linux-based home lab. This workshop will require the participant to be comfortable in the Linux command line and be familiar with basic IPv4 concepts.

In this session, we will share the methodology, toolchains, and collaborative workflows that make this possible, including the use of simulation platforms, pre-silicon verification environments, and CI/CD integration for early kernel testing. Attendees will learn how these efforts accelerate software-hardware co-design, reduce bring-up cycles, and ensure that by the time silicon arrives, the kernel is already upstream-ready.

Many cloud products have security as an afterthought.   What if you put security first?  From hand-held to stored data?  And did it all with Open Source? And made it quantum proof?

Swift isn't just for iOS anymore—it's a powerful, memory-safe systems language that's gaining traction in Linux server environments. In this hands-on workshop for Linux developers, we'll build a production-ready REST API while exploring why Swift's combination of compile-time safety, modern concurrency, and C++-level performance, without garbage collection, makes it compelling for Linux services. You'll learn how Swift integrates with familiar Linux workflows, from package management to containerization, and leave with a working API ready to deploy on your favorite Linux distro. No prior Swift experience required—just bring your laptop with Swift installed and ready to code.

As recently as 2015, Alex Balashov was on record saying that SS7 and TDM steadfastly remain as the essential building blocks of a reliable PSTN, and that the triumphant proclamations of IP peering were something of a laughingstock, or at least premature.  Well, the much-vaunted move to IP peering in the core of the PSTN itself has finally happened, and has been rapidly gaining steam in the last 5-10 years. The ILEC tandems do not play the role they once did, and the landscape is shifting rapidly.

AI is changing how we communicate with technology. We're moving away from old-school IVR systems and toward smart, context-aware voice conversations. This session will explore how modern AI models make natural, real-time conversations possible, automate high-volume calling workflows, and improve the customer experience—all with a human-like touch.
You'll leave with a clear understanding of the underlying technology, its current industry applications, and the practical challenges organizations face when adopting AI-driven voice systems. We'll also discuss the ethical considerations and best practices for deploying these technologies responsibly and at scale.

Ever wondered how MySQL and MariaDB handle the myriad internal temporary tables they create to process your queries? This session pulls back the curtain on this often-overlooked aspect of database performance. 

Prepare to have your assumptions challenged as we delve into the baffling behavior of MySQL's TempTable storage engine. We'll analyze the key configuration variables and internal mechanisms that influence this crucial decision.

Through practical examples and insightful explanations, you'll gain a deeper understanding of:

- When are internal temporary tables used
- How MySQL and MariaDB choose the storage engine
- The specific triggers and thresholds that cause MySQL engine to move data to disk and the performance impact
- Practical tips and configuration adjustments to optimize temporary table usage and avoid unexpected disk I/O.

Whether you're a seasoned DBA, a curious developer, or anyone interested in the inner workings of MySQL and MariaDB, this session will equip you with valuable knowledge to better understand and optimize your database performance.

Attendees will learn about the history of censorship evasion throughout the development of the internet, the current state of internet censorship and evasion tactics around the world, and the future of evasion methods to protect the free and open Internet.

“If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.” – Steve Morgan, Editor-in-Chief of Cybercrime magazine

 On average, companies experience about 21 to 24 days of downtime after a ransomware attack, highlighting the significant impact of such incidents on business operations. Everyday technology is advancing at a faster rate than we can educate the general population. If a HongKong bank can be convinced to wire transfer 35 million dollars by a deep fake how do we protect grandma? Most people under 35 get their news and information from TikTok and social media platforms. How do we educate and safe guard the future?

There has been a lot of confusion about the role of open source in generative AI, as the focus has been mainly on Large Language Models (LLMs) and whether or not those models meet the definition of "open source".

But like most emerging technology in the past twenty years, open source software will form the basis for getting the most value out of generative AI. From vector databases to inference engines to the "chunking" of data for consumption by Retrieval Augmented Generation (RAG), the role of open source can not be overstated.

This talk will present some interesting open source projects that exist in tandem with LLMs to extract the most value from LLMs and giving users greater control over their data.

AI can now listen to your keyboard and guess what you're typing. This session shows how deep learning models can reconstruct text from keystroke sounds, then breaks down how these attacks work and how to defend against them. It's a live, hands-on look at the thin line between innovation and exploitation in modern AI security. Bring your curiosity and maybe a little paranoia.

Linux has evolved a lot over the past 30 years. Distributions were created as opinionated starting points for general usage, but the advent of containers changed what was required and expected. CoreOS pushed the limits of what a server distribution should be, and those limits continue to be refined with more special purpose options.

While many of these next generation distros have similar characteristics they're not all the same. Justin will provide an overview of the current landscape of immutable distributions and what sets each one apart, and what they have in common.

A deep dive into the Iceberg open table format, examining the rationale for its creation, internal mechanics, and advanced capabilities. Drawing from years of production experience, this talk offers both theoretical foundations and practical insights for engineers considering adopting Iceberg.

We will discuss ACE’s (Analytics Center of Excellence) framework for government transparency, detailing how they use tools like Python for shared analysis, GitHub for collaborative code and methodology sharing, and the Justice Hub for public data dissemination. This commitment to open-source not only fosters trust but also directly enables reproducible, high-impact policy analyses, offering a replicable model for other large-scale government data initiatives. The Analytics Center of Excellence (ACE) within the Los Angeles County CEO’s office maintains partnerships with local criminal justice agencies, making information and methodology publicly accessible. This model is underpinned by an open-source mindset. 

The Postgres write-ahead log, or WAL, is basically a change-log for the database.  It enables several important Postgres features:  crash recovery, point-in-time recovery, and binary and logical replication.  This talk explains what is stored in the WAL, how binary and logical replication work, and how replication slots track replication progress.
 

Running infrastructure for the Python community means monitoring millions of requests. See how we leverage self-hosted infrastructure to minimize cost while obtaining real benefit into our applications.

Calculators are intuitive, right? Punch in some numbers on the number pad, choose an operation, and the answer appears. But it wasn't always this way. One hundred years ago, an antique mechanical calculator's UI was completely different depending on what company made it. Calculators directly exposed the mechanical mechanisms underneath, with few abstractions and little regard to ease-of-use. If you sat in front of one today and I asked you to perform basic arithmetic, you'd probably couldn't do it without a manual, and that knowledge probably wouldn't transfer to a different calculator.

If you've ever introduced someone to Linux for the first time, this might sound familiar. Fragmented, inconsistent UI, and applications that only barely hide their underlying code structure behind their interfaces mean a steep learning curve for new users. In this talk I will dive into the rich history of mechanical calculator UI, and draw parallels with modern Linux applications. The past, present, and future of calculator UI provides a roadmap FOSS would be wise to follow.

Asterisk is a powerful and flexible communications engine—but how well does it perform under pressure? In this session, we’ll take a deep dive into the performance characteristics of Asterisk from a deep technical perspective, exploring how it handles real-world workloads, what bottlenecks can arise, and how to identify and resolve them. You’ll learn about key metrics to monitor, implementation suggestions, and configuration strategies that can help when you hit a wall and want to try to improve performance.

Unlocking the full potential of AI starts with your data, but real-world documents come in countless formats and levels of complexity. This session introduces Docling, an open-source Python library designed to convert complex documents into AI-ready formats. Learn how Docling simplifies document processing, enabling you to efficiently harness all your data for downstream AI and analytics applications.

Robert will demonstrate how they used the Claude API to create a natural language interface for simple FreePBX configuration requests as proof of concept (POC). He will also discuss plans to expand this functionality for the Tekmetric Phones service, with the goal of reducing the workload on support staff.

Follow along as we deep dive into a real-world transaction wraparound incident, discuss recent Postgres innovations, and explore features like index de-duplication and autovacuum enhancements designed to help eliminate the problems. We'll talk about how to optimize your Postgres environment and make a strong case why upgrading might just eliminate your XID wraparound risks.

A vCon (virtualized conversations) is a standardized, machine-readable container for data from any type of human conversation, such as a phone call, video conference, or chat. Developed by the IETF, it standardizes how conversational data, including audio, video, text, metadata, and attachments, is collected, stored, and shared across different systems. Attend this session to get an overview of this area, the possibilities and security implications. We'll also look at a couple of ways to have Asterisk create vCons for you.

When I first started learning Vitess, I quickly realized how much it could do beyond just scaling MySQL — from built-in high availability and transparent query routing to online schema changes and resharding. In this session, I’ll share what I’ve discovered as a newcomer exploring Vitess, how easy it is to get started, and why it’s becoming a go-to open-source solution for running MySQL at scale.

What do looms, Linux, and open-source communities have in common? More than you might think. This talk uncovers the surprising computational depth of textiles where patterns function like algorithms, fabrics behave like data structures, and some of the earliest programmable machines were built.

Attendees will leave with a new understanding of how deeply computation is rooted in craft and why the cultural values of repairability, transparency, and user modification link weavers and open-source developers across centuries. If you’ve ever wanted to see computation from a completely different angle, this talk will change how you think about both craft and code.

Tired of sky-high logging costs and vendor lock-in, ZipRecruiter migrated from Logz.io to Grafana Loki. This talk shares the real challenges, unexpected pitfalls, and hard-won victories from our journey. Learn what worked, what didn't, and what we wish we'd known before starting. From sizing clusters and dealing with cardinality explosions to convincing skeptical engineers, we cover the messy reality behind the marketing slides. You'll leave with practical insights and battle-tested strategies for running Loki at scale.

Ever been curious how those weather forecasts you get on your phone and on the news are created? Welcome to the wonderful world of chemical transport models (CTMs), the largely open source software behind modern weather and air-quality prediction. Modeling agencies and numerous state and local environmental offices rely on systems like the Weather Research and Forecasting model with Chemistry (WRF-Chem) and the Unified Forecast System (UFS) to simulate how gases, particles, and meteorological conditions evolve in the atmosphere. UFS provides large-scale, global weather analyses and forecasts that supply essential boundary and initial conditions, while WRF-Chem couples weather dynamics with detailed chemical processes to resolve regional air quality with high spatial precision. Together, these models allow weather agencies, and now you, to translate complex atmospheric science into the clear, timely information that allows us to anticipate rain, model winds, or predict pollution events using our trusty Linux machines. Come learn how WRF-Chem works: how to customize it to run over your area, the kinds of openly available inputs it uses to establish initial and boundary conditions, and examples of how the generated predictions compare to real-world outcomes.

Kubernetes is a popular place to run databases. The deployments increasing comes in the form of database-as-a-service platforms for developers. This talk walks through the design of a Kubernetes DBaaS, based on our real-world experience building and operating SaaS platforms for analytic databases. We cover implementing the database environment on Kubernetes, monitoring, and public APIs for developers to provision and manage databases for themselves. There's also guidance on issues like upgrade, backup, and multi-tenant operation. The talk supplies everything you need to start building a database platform of your own.

PostgreSQL 18 is currently the latest-and-greatest PostgreSQL
version to be released. This talk will take a quick look at many of the new features in this version, and why it's time to upgrade if you haven't already.

The open-source AI ecosystem is growing fast, with thousands of pre-trained and fine-tuned models readily available for reuse. This accessibility also introduces inherited risks, including data poisoning, backdoors, and model tampering that can propagate silently through the AI supply chain. This talk explores how Artificial Intelligence Bills of Materials (AIBOMs) can provide visibility, accountability, and better security practices for open-source AI, helping developers and organizations trust what they build on.

No one wants to be responsible for breaking the build. But what can you do as a developer to avoid being the bad guy? How can project leads enable their teams to reduce the occurrence of broken builds?
In talking within our own teams, we discovered that many developers weren’t running sufficient integration and End to End tests in their local environments because it’s too difficult to set up and administer test environments in an efficient way.
That’s why we decided to rethink our entire local testing process in hopes of cutting down on the headaches, heartaches, and valuable time wasted. Enter Kuttl. Connecting Kuttl to CI builds has empowered our developers to easily configure a development environment locally that accurately matches the final test environment without needing to become an expert CI admin themselves.
These days, we hear, “Who broke the build?” far less often and you can too!

Everyone wants to work on what matters most, yet many engineers struggle to see how their work aligns with company goals. In this talk, we show how radical transparency can correct organizational misalignment. By opening roadmaps, decision histories, customer feedback, and internal documents, teams and individuals gain clarity and autonomy.

We've analyzed over 1 million production K8s failures across thousands of clusters. The data reveals something striking: the vast majority of incidents fall into predictable, preventable categories. By the law of large numbers, if we address these recurring issues, we can drastically improve production reliability.

In this three-hour workshop (with time for plenty of Q&A!), Joe Thompson walks you through container images from their most primitive forms through building modern OCI images, explaining concepts along the way. As you work through the exercises, we'll discuss the effects of different build techniques and styles on maintainability, deployment and security, and you'll learn about image basics like layers, tags, and signatures as well as more nuanced concepts like strategies for determining how to build and use your own base images while allowing for effective use of tools like image security scanners. Whether you're a beginner to containers or an experienced builder who wants to further explore the details most build tools abstract away, this workshop will have something for you.

Modern observability requires correlating metrics, logs, and traces—but many teams struggle with vendor lock-in or complex self-hosted infrastructure. This advanced workshop teaches production-ready observability using open-source CNCF standards.

You'll instrument a microservices application on Kubernetes using OpenTelemetry, the vendor-neutral observability framework. Through four hands-on modules, you'll collect and correlate all three pillars: metrics (Prometheus), logs (OpenSearch), and distributed traces (OpenSearch trace analytics).

The workshop uses AWS managed services (Managed Prometheus, Managed Grafana, OpenSearch Service) for convenience, but all patterns apply to self-hosted deployments. You'll configure OpenTelemetry collectors with SigV4 authentication, build unified dashboards correlating metrics-logs-traces, and analyze service maps for performance bottlenecks.

Leave with working Kubernetes configurations, Grafana dashboards, and practical experience implementing CNCF-standard observability that avoids vendor lock-in.

Session Details

Duration: 120 minutes (or trim to 90 minutes for core modules 1-4)

Audience Level: Advanced (Level 400)

Prerequisites: Kubernetes experience required. Familiarity with kubectl, AWS CLI, and basic observability concepts (metrics/logs/traces)

“I’m not a supplier!” open source maintainers correctly say. When a large company comes in making unfunded demands, it drives volunteer maintainers away. But supply chain attacks are a reality and they don’t just affect megacorps. As an open source maintainer, you have a supply chain, too.

Improving your security improves safety for everyone. But how can volunteer maintainers who aren’t security experts do this work? This talk introduces easy practices and tools to address common software supply chain concerns. Attendees will also learn how to address supply chain and regulatory concerns from their downstreams.

Many teams ship ambiguous, poorly defined telemetry that hides errors, fuels tribal knowledge, and slows down troubleshooting. This session shows how to design clear, consistent telemetry signals and validate them automatically. Drawing on OpenTelemetry Semantic Conventions, it covers practical patterns for naming metrics, spans, events, and their attributes, recording error information, plus a live demo of Weaver - a tool developed by OpenTelemetry community for documenting and enforcing telemetry schemas. These practices work just as well for Prometheus and legacy systems, proving how consistent, validated telemetry boosts reliability and cuts cognitive load.

Zero Trust isn’t a product, it’s a design approach. And Linux admins already have everything they need to build a Zero Trust environment using entirely open-source tools. In this session, we’ll walk through practical, upstream-friendly ways to modernize access control without buying anything new. We’ll cover centralized identity using FreeIPA/SSSD, SSH certificate authorities to eliminate long-lived keys, group-based sudo rules, host-based access control, network segmentation, and how SELinux fits into a Zero Trust model. You’ll leave with concrete, copy-and-paste examples and a clear roadmap for making your Linux fleet more secure, more manageable, and far less dependent on “trusting the network.” This is Zero Trust for real-world sysadmins - practical, deployable, and 100% open source.

Precision medicine is constrained by two major data interpretation bottlenecks: the “Millions-to-one” challenge of filtering millions of genomic variants from next-generation sequencing to identify a single causative variant for molecular diagnosis reporting, and the “Words-to-terms” challenge of transforming unstructured clinical jargon into standardized, interoperable ontology terms. We present two novel Generative AI (GenAI) frameworks addressing these challenges. Both systems integrate contextual information with knowledge from curated medical databases and real-time web data. Evaluation using both open-source Kimi 2 and closed-source Gemini-2.5-pro yielded similarly accurate results.