Presentations

Modern systems increasingly rely on automated pipelines to decide which alerts, logs, and signals humans actually see. When these pipelines drift, silently fail, or behave inconsistently across environments, teams lose trust fast. This talk shows how Nix can be used to make notification and alerting pipelines reproducible, auditable, and predictable, so automation doesn’t become a hidden failure point.

We explore how containers have empowered teams and transformed collaboration while also becoming an unquestioned default in many workflows. This talk reflects on where containers have genuinely improved developer experience and reliability, where we adopted them out of convenience rather than design, and how newer tools and patterns can help simplify today’s increasingly complex stacks. It invites attendees to revisit long-held assumptions with empathy, not to replace containers but to use them more intentionally, and it offers a human-centered perspective on building systems and teams that thrive.

You saw that a PR with a fix being made available to Nixpkgs. It’s approved! It’s merged! But when you run nix flake update, your changes are nowhere to be found. Where did they go?

What really happens to a single INSERT in PostgreSQL once it enters the system? In this talk, we trace the complete lifecycle of one tuple as it travels through PostgreSQL’s logical replication pipeline. Starting at the executor, we watch the tuple become a WAL record, explore what changes when wal_level=logical, and reveal how the logical decoding layer reconstructs row-level changes from low-level WAL fragments. We’ll step through the inner workings of the ReorderBuffer, explain how replication slots guarantee durability, and show how output plugins convert decoded changes into a logical stream ready for subscribers.

On the receiving side, we follow the apply worker as it processes transactions, resolves ordering, handles conflicts, and replays the change into the subscriber database. By the end, you’ll have a clear mental model of each stage—from WAL generation to apply—and a deeper understanding of how PostgreSQL reliably moves data through logical replication.

Whether you run logical replication, build CDC pipelines, or simply want to understand the internals behind one of PostgreSQL’s most powerful features, this talk will give you a guided, intuitive, and highly practical look behind the scenes.

Internet-in-a-Box (IIAB) “learning hotspots” serve dozens of countries, e.g., in remote mountain villages in India, over a local Wi-Fi hotspot, bringing Wikipedia, Khan Academy, healthcare libraries, and OpenStreetMap (OSM), all without the need for internet or a mobile data plan. Come and see the NEW IIAB Maps. Anyone can self-host and customize to the region they need—including vector tiles, mountain relief topography tiles, and satellite photo tiles—all with powerful full-text search. Our new IIAB Maps are flexible and customizable, robust, offline-first, and localizable to help almost anyone, anywhere!

No one wants to be responsible for breaking the build. But what can you do as a developer to avoid being the bad guy? How can project leads enable their teams to reduce the occurrence of broken builds?
In talking within our own teams, we discovered that many developers weren’t running sufficient integration and End to End tests in their local environments because it’s too difficult to set up and administer test environments in an efficient way.
That’s why we decided to rethink our entire local testing process in hopes of cutting down on the headaches, heartaches, and valuable time wasted. Enter Kuttl. Connecting Kuttl to CI builds has empowered our developers to easily configure a development environment locally that accurately matches the final test environment without needing to become an expert CI admin themselves.
These days, we hear, “Who broke the build?” far less often and you can too!

Everyone wants to work on what matters most, yet many engineers struggle to see how their work aligns with company goals. In this talk, we show how radical transparency can correct organizational misalignment. By opening roadmaps, decision histories, customer feedback, and internal documents, teams and individuals gain clarity and autonomy.

We've analyzed over 1 million production K8s failures across thousands of clusters. The data reveals something striking: the vast majority of incidents fall into predictable, preventable categories. By the law of large numbers, if we address these recurring issues, we can drastically improve production reliability.

This is a hands‑on workshop showing how a browser tab can become a secure, full‑fledged development environment for open source AI. Kasm Workspaces is a container‑streaming platform that delivers Linux and Windows desktops, IDEs, and browsers straight to any modern web browser, with no local installs, VPNs, or agents required.
 

In this three-hour workshop (with time for plenty of Q&A!), Joe Thompson walks you through container images from their most primitive forms through building modern OCI images, explaining concepts along the way. As you work through the exercises, we'll discuss the effects of different build techniques and styles on maintainability, deployment and security, and you'll learn about image basics like layers, tags, and signatures as well as more nuanced concepts like strategies for determining how to build and use your own base images while allowing for effective use of tools like image security scanners. Whether you're a beginner to containers or an experienced builder who wants to further explore the details most build tools abstract away, this workshop will have something for you.

Kubernetes Cluster API (CAPI) has emerged as the standard for declarative, GitOps-driven management of Kubernetes clusters. In this session, we will peel back the layers of the CAPI to reveal how its core controllers, webhooks and CRDs work together to reconcile your desired cluster state. You’ll discover how Machine and Infrastructure Providers translate high-level specifications into real infrastructure—whether on AWS, Azure, vSphere or even bare-metal. We’ll examine the mechanisms that enable automated cluster creation, scaling and rolling upgrades, and explore health-checking machines so that failures are detected and remediated automatically. By the end of the session, you will understand why Cluster API is far more than a collection of CRDs, and you will leave with concrete examples and code snippets ready to integrate into your CI/CD pipelines, empowering you to manage production-grade clusters with confidence and precision.

We'll also scratch the surface of next steps on enabling true platform engineering utilizing CAPI and its friends in the ecosystem.

In this hands-on workshop, participants will learn the theory behind ClusterAPI and gain real hands-on experience via a pre-created lab environment. To complete the lab exercises, you'll only need your browser.

This Kubernetes workshop provides a practical introduction to container orchestration fundamentals. Using Kind (Kubernetes in Docker) and Docker Desktop, participants will build their own local Kubernetes cluster and deploy their first applications. Through hands-on exercises, you will learn core concepts including pods, deployments, services, and basic networking. No prior Kubernetes experience required. By the end of this session, you will understand Kubernetes architecture, master essential kubectl commands, and have a working local development environment you can continue using after the workshop. Perfect for developers, DevOps engineers, and anyone curious about container orchestration.

This is a deep‑dive workshop on how to run Personal AI on infrastructure you actually control. KwaaiNet is Kwaai’s sovereign AI network: a distributed compute and storage layer that turns everyday devices into an OpenAI‑compatible “AI cloud” where users keep their own keys, data, and rewards instead of handing everything to centralized platforms.
 

Unlocking the full potential of AI starts with your data, but real-world documents come in countless formats and levels of complexity. This session will give you hands-on experience with Docling, an open-source Python library designed to convert complex documents into AI-ready formats. Learn how Docling simplifies document processing, enabling you to efficiently harness all your data for downstream AI and analytics applications.

Learn how to configure, use, and abuse long-range, cheap communication devices through Meshtastic, without a license! Talk to friends, control remote devices, gather remote sensor data - all at low power use, low cost, with encryption. This 4 hour, hands-on workshop session requires pre-registration (with your conference registration). The required $80 registration fee pays for the devbox base station device attendees will configure and keep.

We will explore how this technology can be used for red-teaming, considering that the bad guys are already looking for ways to exploit this new and fantastic technology. As part of this exercise, you will hack a remote system miles away using your LoRa node!

An ideal home lab is remotely-accessible, security hardened and tested, and wholly relies on an open-source technology stack. In this workshop, you will get hands-on training on using open source technology–from hypervisor to web app–to self-host your own home lab. The workshop will walk you through network design, architecture, and security, including firewall configuration and DNS sinkholing; using Docker and Docker Compose; remote administration tools and methods; remote web app access with mandatory two-factor authentication; single sign on integration with internal and external services; certificate authority management for mTLS through OpenSSL and Step CA; an introduction to SSH certificate authorities; and network mapping and security testing. Participants will come out of this workshop with the hands-on experience, knowledge and resources to successfully self-host their own secure Linux-based home lab. This workshop will require the participant to be comfortable in the Linux command line and be familiar with basic IPv4 concepts.

This practical lab moves beyond security theory to provide ready-to-use configuration files and deployment examples for building a robust, attestable, and compliance-ready RHEL environment. Participants will master advanced security controls and gain immediately applicable skills on the subjects of SELinux, Keylime, and USBGuard.

Swift isn't just for iOS anymore—it's a powerful, memory-safe systems language that's gaining traction in Linux server environments. In this hands-on workshop for Linux developers, we'll build a production-ready REST API while exploring why Swift's combination of compile-time safety, modern concurrency, and C++-level performance, without garbage collection, makes it compelling for Linux services. You'll learn how Swift integrates with familiar Linux workflows, from package management to containerization, and leave with a working API ready to deploy on your favorite Linux distro. No prior Swift experience required—just bring your laptop with Swift installed and ready to code.

You know that feeling when you get a Christmas Tree report from your vulnerability scanner... What IF you could make all those vulnerabilities disappear?

In this hands on workhop we'll see how 5000 container vulnerabilities disappear with a snap of a finger, but they'll still be there. Learn how it's possible!

Modern observability requires correlating metrics, logs, and traces—but many teams struggle with vendor lock-in or complex self-hosted infrastructure. This advanced workshop teaches production-ready observability using open-source CNCF standards.

You'll instrument a microservices application on Kubernetes using OpenTelemetry, the vendor-neutral observability framework. Through four hands-on modules, you'll collect and correlate all three pillars: metrics (Prometheus), logs (OpenSearch), and distributed traces (OpenSearch trace analytics).

The workshop uses AWS managed services (Managed Prometheus, Managed Grafana, OpenSearch Service) for convenience, but all patterns apply to self-hosted deployments. You'll configure OpenTelemetry collectors with SigV4 authentication, build unified dashboards correlating metrics-logs-traces, and analyze service maps for performance bottlenecks.

Leave with working Kubernetes configurations, Grafana dashboards, and practical experience implementing CNCF-standard observability that avoids vendor lock-in.

Session Details

Duration: 120 minutes (or trim to 90 minutes for core modules 1-4)

Audience Level: Advanced (Level 400)

Prerequisites: Kubernetes experience required. Familiarity with kubectl, AWS CLI, and basic observability concepts (metrics/logs/traces)

“I’m not a supplier!” open source maintainers correctly say. When a large company comes in making unfunded demands, it drives volunteer maintainers away. But supply chain attacks are a reality and they don’t just affect megacorps. As an open source maintainer, you have a supply chain, too.

Improving your security improves safety for everyone. But how can volunteer maintainers who aren’t security experts do this work? This talk introduces easy practices and tools to address common software supply chain concerns. Attendees will also learn how to address supply chain and regulatory concerns from their downstreams.

Many teams ship ambiguous, poorly defined telemetry that hides errors, fuels tribal knowledge, and slows down troubleshooting. This session shows how to design clear, consistent telemetry signals and validate them automatically. Drawing on OpenTelemetry Semantic Conventions, it covers practical patterns for naming metrics, spans, events, and their attributes, recording error information, plus a live demo of Weaver - a tool developed by OpenTelemetry community for documenting and enforcing telemetry schemas. These practices work just as well for Prometheus and legacy systems, proving how consistent, validated telemetry boosts reliability and cuts cognitive load.

Zero Trust isn’t a product, it’s a design approach. And Linux admins already have everything they need to build a Zero Trust environment using entirely open-source tools. In this session, we’ll walk through practical, upstream-friendly ways to modernize access control without buying anything new. We’ll cover centralized identity using FreeIPA/SSSD, SSH certificate authorities to eliminate long-lived keys, group-based sudo rules, host-based access control, network segmentation, and how SELinux fits into a Zero Trust model. You’ll leave with concrete, copy-and-paste examples and a clear roadmap for making your Linux fleet more secure, more manageable, and far less dependent on “trusting the network.” This is Zero Trust for real-world sysadmins - practical, deployable, and 100% open source.

LinkedIn recently migrated its production Apache Pinot fleet from on-premises bare-metal hardware to Kubernetes with zero downtime. This tech talk will explore the technical journey, focusing on design choices, the challenges and trade-offs faced, and a balance of building custom tools versus leveraging existing solutions.

Key highlights include availability zone-aware data shard placement, automated OLAP table migrations with Airflow and Temporal, performance testing, pre- and post-migration validations, and disruption management. Lessons learned and valuable strategies for ensuring uninterrupted service-level objectives (SLOs) will also be shared.