Presentations

Welcome and opening with the SunSecCon team.

The classic Java mantra, "write once, run anywhere," suggested that developers should be able to rely on the JVM to handle the intricacies of different hardware environments. For all modern high level languages, we expect compilers and language runtimes to “abstract away” the hardware for application developers. However, the hardware can still impact application performance. Developers and architects should know enough about the behavior of the underlying hardware to avoid pitfalls and take advantage of opportunities to maximize performance. 
 

In this talk, you will learn about: 

- How modern CPU pipelining and memory models can impact application performance
- Why Arm64 instances typically offer the best price/performance on modern cloud platforms
- Arm64 features you can leverage to improve performance 

This session is ideal for software developers who want to understand how server architecture influences application performance, and how to make informed decisions about the underlying architecture when deploying applications to the cloud.

What is a developer platform anyway? Who should have one? What makes a good platform? How will you maintain it? Should you use Kubernetes? Vault? Mise?
Rather than recommend a specific set of technologies, this talk is about recognizing the common building blocks and best practices when building and maintaining a developer platform.
You will learn that there are common patterns and realize that you very likely already have what it takes to build a great developer platform!
 
 

Kubernetes is a popular place to run databases. The deployments increasing comes in the form of database-as-a-service platforms for developers. This talk walks through the design of a Kubernetes DBaaS, based on our real-world experience building and operating SaaS platforms for analytic databases. We cover implementing the database environment on Kubernetes, monitoring, and public APIs for developers to provision and manage databases for themselves. There's also guidance on issues like upgrade, backup, and multi-tenant operation. The talk supplies everything you need to start building a database platform of your own.

PostgreSQL 18 is currently the latest-and-greatest PostgreSQL
version to be released. This talk will take a quick look at many of the new features in this version, and why it's time to upgrade if you haven't already.

As AI agents gain the ability to plan, adapt, and even rewrite themselves, they introduce both new power and new risk to software delivery. This talk looks at real incidents and emerging research to show how polymorphic agents can reconfigure behavior, bypass constraints, and challenge assumptions about “safe” automation. Attendees will learn to recognize red flags and rethink quality in a world where tools don’t just follow instructions—they evolve.

AI coding agents can generate application code, but safely operating cloud infrastructure is a different game. This talk explores what happens when you give AI agents real infrastructure access: the patterns that work, the failures that teach you humility, and the emerging protocols that might make this actually viable.

Modern systems increasingly rely on automated pipelines to decide which alerts, logs, and signals humans actually see. When these pipelines drift, silently fail, or behave inconsistently across environments, teams lose trust fast. This talk shows how Nix can be used to make notification and alerting pipelines reproducible, auditable, and predictable, so automation doesn’t become a hidden failure point.

We explore how containers have empowered teams and transformed collaboration while also becoming an unquestioned default in many workflows. This talk reflects on where containers have genuinely improved developer experience and reliability, where we adopted them out of convenience rather than design, and how newer tools and patterns can help simplify today’s increasingly complex stacks. It invites attendees to revisit long-held assumptions with empathy, not to replace containers but to use them more intentionally, and it offers a human-centered perspective on building systems and teams that thrive.

You saw that a PR with a fix being made available to Nixpkgs. It’s approved! It’s merged! But when you run nix flake update, your changes are nowhere to be found. Where did they go?

Internet-in-a-Box (IIAB) “learning hotspots” serve dozens of countries, e.g., in remote mountain villages in India, over a local Wi-Fi hotspot, bringing Wikipedia, Khan Academy, healthcare libraries, and OpenStreetMap (OSM), all without the need for internet or a mobile data plan. Come and see the NEW IIAB Maps. Anyone can self-host and customize to the region they need—including vector tiles, mountain relief topography tiles, and satellite photo tiles—all with powerful full-text search. Our new IIAB Maps are flexible and customizable, robust, offline-first, and localizable to help almost anyone, anywhere!

Everyone wants to work on what matters most, yet many engineers struggle to see how their work aligns with company goals. In this talk, we show how radical transparency can correct organizational misalignment. By opening roadmaps, decision histories, customer feedback, and internal documents, teams and individuals gain clarity and autonomy.

We've analyzed over 1 million production K8s failures across thousands of clusters. The data reveals something striking: the vast majority of incidents fall into predictable, preventable categories. By the law of large numbers, if we address these recurring issues, we can drastically improve production reliability.

This is a hands‑on workshop showing how a browser tab can become a secure, full‑fledged development environment for open source AI. Kasm Workspaces is a container‑streaming platform that delivers Linux and Windows desktops, IDEs, and browsers straight to any modern web browser, with no local installs, VPNs, or agents required.
 

In this three-hour workshop (with time for plenty of Q&A!), Joe Thompson walks you through container images from their most primitive forms through building modern OCI images, explaining concepts along the way. As you work through the exercises, we'll discuss the effects of different build techniques and styles on maintainability, deployment and security, and you'll learn about image basics like layers, tags, and signatures as well as more nuanced concepts like strategies for determining how to build and use your own base images while allowing for effective use of tools like image security scanners. Whether you're a beginner to containers or an experienced builder who wants to further explore the details most build tools abstract away, this workshop will have something for you.

Kubernetes Cluster API (CAPI) has emerged as the standard for declarative, GitOps-driven management of Kubernetes clusters. In this session, we will peel back the layers of the CAPI to reveal how its core controllers, webhooks and CRDs work together to reconcile your desired cluster state. You’ll discover how Machine and Infrastructure Providers translate high-level specifications into real infrastructure—whether on AWS, Azure, vSphere or even bare-metal. We’ll examine the mechanisms that enable automated cluster creation, scaling and rolling upgrades, and explore health-checking machines so that failures are detected and remediated automatically. By the end of the session, you will understand why Cluster API is far more than a collection of CRDs, and you will leave with concrete examples and code snippets ready to integrate into your CI/CD pipelines, empowering you to manage production-grade clusters with confidence and precision. In this hands-on workshop, participants will learn the theory behind ClusterAPI and gain real hands-on experience via a pre-created lab environment. To complete the lab exercises, you'll only need your browser.

This Kubernetes workshop provides a practical introduction to container orchestration fundamentals. Using Kind (Kubernetes in Docker) and Docker Desktop, participants will build their own local Kubernetes cluster and deploy their first applications. Through hands-on exercises, you will learn core concepts including pods, deployments, services, and basic networking. No prior Kubernetes experience required. By the end of this session, you will understand Kubernetes architecture, master essential kubectl commands, and have a working local development environment you can continue using after the workshop. Perfect for developers, DevOps engineers, and anyone curious about container orchestration.

This is a deep‑dive workshop on how to run Personal AI on infrastructure you actually control. KwaaiNet is Kwaai’s sovereign AI network: a distributed compute and storage layer that turns everyday devices into an OpenAI‑compatible “AI cloud” where users keep their own keys, data, and rewards instead of handing everything to centralized platforms.
 

Unlocking the full potential of AI starts with your data, but real-world documents come in countless formats and levels of complexity. This session will give you hands-on experience with Docling, an open-source Python library designed to convert complex documents into AI-ready formats. Learn how Docling simplifies document processing, enabling you to efficiently harness all your data for downstream AI and analytics applications.

Learn how to configure, use, and abuse long-range, cheap communication devices through Meshtastic, without a license! Talk to friends, control remote devices, gather remote sensor data - all at low power use, low cost, with encryption. This 4 hour, hands-on workshop session requires pre-registration (with your conference registration). The required $80 registration fee pays for the devbox base station device attendees will configure and keep.

We will explore how this technology can be used for red-teaming, considering that the bad guys are already looking for ways to exploit this new and fantastic technology. As part of this exercise, you will hack a remote system miles away using your LoRa node!

This practical lab moves beyond security theory to provide ready-to-use configuration files and deployment examples for building a robust, attestable, and compliance-ready RHEL environment. Participants will master advanced security controls and gain immediately applicable skills on the subjects of SELinux and USBGuard.

An ideal home lab is remotely-accessible, security hardened and tested, and wholly relies on an open-source technology stack. In this workshop, you will get hands-on training on using open source technology–from hypervisor to web app–to self-host your own home lab. The workshop will walk you through network design, architecture, and security, including firewall configuration and DNS sinkholing; using Docker and Docker Compose; remote administration tools and methods; remote web app access with mandatory two-factor authentication; single sign on integration with internal and external services; certificate authority management for mTLS through OpenSSL and Step CA; an introduction to SSH certificate authorities; and network mapping and security testing. Participants will come out of this workshop with the hands-on experience, knowledge and resources to successfully self-host their own secure Linux-based home lab. This workshop will require the participant to be comfortable in the Linux command line and be familiar with basic IPv4 concepts.

Swift isn't just for iOS anymore—it's a powerful, memory-safe systems language that's gaining traction in Linux server environments. In this hands-on workshop for Linux developers, we'll build a production-ready REST API while exploring why Swift's combination of compile-time safety, modern concurrency, and C++-level performance, without garbage collection, makes it compelling for Linux services. You'll learn how Swift integrates with familiar Linux workflows, from package management to containerization, and leave with a working API ready to deploy on your favorite Linux distro. No prior Swift experience required—just bring your laptop with Swift installed and ready to code.

You know that feeling when you get a Christmas Tree report from your vulnerability scanner... What IF you could make all those vulnerabilities disappear?

In this hands on workhop we'll see how 5000 container vulnerabilities disappear with a snap of a finger, but they'll still be there. Learn how it's possible!