Presentations

This Kubernetes workshop provides a practical introduction to container orchestration fundamentals. Using Kind (Kubernetes in Docker) and Docker Desktop, participants will build their own local Kubernetes cluster and deploy their first applications. Through hands-on exercises, you will learn core concepts including pods, deployments, services, and basic networking. No prior Kubernetes experience required. By the end of this session, you will understand Kubernetes architecture, master essential kubectl commands, and have a working local development environment you can continue using after the workshop. Perfect for developers, DevOps engineers, and anyone curious about container orchestration.

This is a deep‑dive workshop on how to run Personal AI on infrastructure you actually control. KwaaiNet is Kwaai’s sovereign AI network: a distributed compute and storage layer that turns everyday devices into an OpenAI‑compatible “AI cloud” where users keep their own keys, data, and rewards instead of handing everything to centralized platforms.
 

Unlocking the full potential of AI starts with your data, but real-world documents come in countless formats and levels of complexity. This session will give you hands-on experience with Docling, an open-source Python library designed to convert complex documents into AI-ready formats. Learn how Docling simplifies document processing, enabling you to efficiently harness all your data for downstream AI and analytics applications.

Learn how to configure, use, and abuse long-range, cheap communication devices through Meshtastic, without a license! Talk to friends, control remote devices, gather remote sensor data - all at low power use, low cost, with encryption. This 4 hour, hands-on workshop session requires pre-registration (with your conference registration). The required $80 registration fee pays for the starter device attendees will configure and keep.

We will explore how this technology can be used for red-teaming, considering that the bad guys are already looking for ways to exploit this new and fantastic technology. As part of this exercise, you will hack a remote system miles away using your LoRa node!

An ideal home lab is remotely-accessible, security hardened and tested, and wholly relies on an open-source technology stack. In this workshop, you will get hands-on training on using open source technology–from hypervisor to web app–to self-host your own home lab. The workshop will walk you through network design, architecture, and security, including firewall configuration and DNS sinkholing; using Docker and Docker Compose; remote administration tools and methods; remote web app access with mandatory two-factor authentication; single sign on integration with internal and external services; certificate authority management for mTLS through OpenSSL and Step CA; an introduction to SSH certificate authorities; and network mapping and security testing. Participants will come out of this workshop with the hands-on experience, knowledge and resources to successfully self-host their own secure Linux-based home lab. This workshop will require the participant to be comfortable in the Linux command line and be familiar with basic IPv4 concepts.

This practical lab moves beyond security theory to provide ready-to-use configuration files and deployment examples for building a robust, attestable, and compliance-ready RHEL environment. Participants will master advanced security controls and gain immediately applicable skills on the subjects of SELinux, Keylime, and USBGuard.

Swift isn't just for iOS anymore—it's a powerful, memory-safe systems language that's gaining traction in Linux server environments. In this hands-on workshop for Linux developers, we'll build a production-ready REST API while exploring why Swift's combination of compile-time safety, modern concurrency, and C++-level performance, without garbage collection, makes it compelling for Linux services. You'll learn how Swift integrates with familiar Linux workflows, from package management to containerization, and leave with a working API ready to deploy on your favorite Linux distro. No prior Swift experience required—just bring your laptop with Swift installed and ready to code.

You know that feeling when you get a Christmas Tree report from your vulnerability scanner... What IF you could make all those vulnerabilities disappear?

In this hands on workhop we'll see how 5000 container vulnerabilities disappear with a snap of a finger, but they'll still be there. Learn how it's possible!

Modern observability requires correlating metrics, logs, and traces—but many teams struggle with vendor lock-in or complex self-hosted infrastructure. This advanced workshop teaches production-ready observability using open-source CNCF standards.

You'll instrument a microservices application on Kubernetes using OpenTelemetry, the vendor-neutral observability framework. Through four hands-on modules, you'll collect and correlate all three pillars: metrics (Prometheus), logs (OpenSearch), and distributed traces (OpenSearch trace analytics).

The workshop uses AWS managed services (Managed Prometheus, Managed Grafana, OpenSearch Service) for convenience, but all patterns apply to self-hosted deployments. You'll configure OpenTelemetry collectors with SigV4 authentication, build unified dashboards correlating metrics-logs-traces, and analyze service maps for performance bottlenecks.

Leave with working Kubernetes configurations, Grafana dashboards, and practical experience implementing CNCF-standard observability that avoids vendor lock-in.

Session Details

Duration: 120 minutes (or trim to 90 minutes for core modules 1-4)

Audience Level: Advanced (Level 400)

Prerequisites: Kubernetes experience required. Familiarity with kubectl, AWS CLI, and basic observability concepts (metrics/logs/traces)

“I’m not a supplier!” open source maintainers correctly say. When a large company comes in making unfunded demands, it drives volunteer maintainers away. But supply chain attacks are a reality and they don’t just affect megacorps. As an open source maintainer, you have a supply chain, too.

Improving your security improves safety for everyone. But how can volunteer maintainers who aren’t security experts do this work? This talk introduces easy practices and tools to address common software supply chain concerns. Attendees will also learn how to address supply chain and regulatory concerns from their downstreams.

Many teams ship ambiguous, poorly defined telemetry that hides errors, fuels tribal knowledge, and slows down troubleshooting. This session shows how to design clear, consistent telemetry signals and validate them automatically. Drawing on OpenTelemetry Semantic Conventions, it covers practical patterns for naming metrics, spans, events, and their attributes, recording error information, plus a live demo of Weaver - a tool developed by OpenTelemetry community for documenting and enforcing telemetry schemas. These practices work just as well for Prometheus and legacy systems, proving how consistent, validated telemetry boosts reliability and cuts cognitive load.

Zero Trust isn’t a product, it’s a design approach. And Linux admins already have everything they need to build a Zero Trust environment using entirely open-source tools. In this session, we’ll walk through practical, upstream-friendly ways to modernize access control without buying anything new. We’ll cover centralized identity using FreeIPA/SSSD, SSH certificate authorities to eliminate long-lived keys, group-based sudo rules, host-based access control, network segmentation, and how SELinux fits into a Zero Trust model. You’ll leave with concrete, copy-and-paste examples and a clear roadmap for making your Linux fleet more secure, more manageable, and far less dependent on “trusting the network.” This is Zero Trust for real-world sysadmins - practical, deployable, and 100% open source.

LinkedIn recently migrated its production Apache Pinot fleet from on-premises bare-metal hardware to Kubernetes with zero downtime. This tech talk will explore the technical journey, focusing on design choices, the challenges and trade-offs faced, and a balance of building custom tools versus leveraging existing solutions.

Key highlights include availability zone-aware data shard placement, automated OLAP table migrations with Airflow and Temporal, performance testing, pre- and post-migration validations, and disruption management. Lessons learned and valuable strategies for ensuring uninterrupted service-level objectives (SLOs) will also be shared.

What actually happens between a `git commit` and running Pods? In this session, Leigh will trace the instructions that make up a GitOps reconciliation.

We will peel back the layers of Flux's architecture, exploring:

- Native Go SDKs (no fork/exec) and `controller-runtime` queues
- API Machinery internals like Server-Side Apply, Resource Versions, and etcd
- Performance tuning using the Flux Operator dashboard

This session will be a fun, deep adventure. Come read some code with us!

Precision medicine is constrained by two major data interpretation bottlenecks: the “Millions-to-one” challenge of filtering millions of genomic variants from next-generation sequencing to identify a single causative variant for molecular diagnosis reporting, and the “Words-to-terms” challenge of transforming unstructured clinical jargon into standardized, interoperable ontology terms. We present two novel Generative AI (GenAI) frameworks addressing these challenges. Both systems integrate contextual information with knowledge from curated medical databases and real-time web data. Evaluation using both open-source Kimi 2 and closed-source Gemini-2.5-pro yielded similarly accurate results.