Open Source Summit Europe 2024

Creating and maintaining a safety critical project comes with a lot of challenges. A central issue is keeping your documentation, starting from planning and guideline documents, down to requirements, safety analysis, reviews and tests, consistent and up to date. These artefacts often have their own lifecycle and are natively managed in different tools, with usually great traceability capabilities regarding dependencies between these artefacts as long as you stay within one tool or within a (usually propriety) tool family of one single tool vendor. Currently the resulting traceability gaps between these tools are handled either by the popular engineering tools like MS Excel or methods like “search for identical names”, depending highly on manual maintenance.

Using SPDX relationships, the upcoming Safety Profile in SPDX 3.1 will provide a model to represent all these dependencies as a knowledge model that can be used both to analyse possible impacts after a change (be it because of a security update or functional variants of your product), provide evidence of completeness and compliance as a Safety SBOM or simply keep track of your product variants.

Most embedded development boards can run Linux from traditional distros like Debian to custom Yocto systems. But have you ever wondered what it would take to run Android Open Source Project (AOSP) on these developer boards? Well, wonder no more. This talk will walk you through it. Using a ARM based Texas Instruments evaluation board as example, we will start from TI's Yocto SDK then download AOSP and study all the changes needed in order to boot to the Android home screen. We will cover: - Bootloader (U-Boot) modifications required for Android boot flow - Linux kernel versus Android Common Kernel (ACK) - User space changes - Android's build system - Additional changes to add more advanced features

The "Key Findings from the World of Open Source: Europe Spotlight" panel will present and discuss the latest trends in the OSS landscape in Europe. The discussion will kick off with the presentation of novel findings from the "World of Open Source: Europe Spotlight" report, highlighting the need for openness in AI, the significance of OSS security, and the role of OSS as digital public goods. Anna Hermansen and Adrienn Lawson from LF Research will present the most salient quantitative insights from the Linux Foundation's annual World of OSS survey, segmented for Europe, then Mirko Boehm and Cailean Osborne from LF Europe will share qualitative insights from expert interviews. The findings provide a multifaceted understanding of the European open-source ecosystem and its future potential. A community expert will join the panel to provide an additional perspective on the findings. Attendees are encouraged to participate in this engaging discussion about the major trends shaping the OSS landscape in Europe. The panel will offer valuable insights for developers, businesses, and policy makers alike, and provide a forum for exchanging ideas on the future of OSS in Europe.

In Safety Critical applications it is mandatory to ensure Sw Requirements traceability to Sw Specifications, Test Cases, Test Results, Bugs and more.
The process leading to this goal is usually complex and time-consuming and it is essential to understand the state step by step and highlight what remains to be done.
Moreover, for the intrinsic nature of a software project, we need to ensure traceability and test verification following any evolution in the ecosystem of the project.

BASIL The FuSa Spice, is an open source sw that provides a quality management solution aimed to address the above mentioned challenges for SW developments that are code driven and equally for the ones requirements driven.

We will see how to implement in BASIL Sw Requirements traceability to the source Code and to existing upstream Test Cases, how to execute them, how to navigate Test Results and artifacts and how to link failures to a bug in a bug tracking system.

We will also go into the details of a pipeline implementation based on the BASIL HTTP Api to understand how changes in one or more work items can be managed through automation with the goal of implementing a continuous certification framework.

In this talk we will give you a comprehensive overview of the complex task of building a high-performance DC vehicle charging station. We will show you how the EVerest project addresses a diverse set of challenges across all areas of the required software stack. EVerest abstracts away the complexities of reliably communicating with vehicles of all makes and models to enable successful charging sessions with robust implementations of the relevant communication protocols, such as ISO 15118-2/20 and DIN 70121 including Plug & Charge. Communication with backend systems of different providers can be achieved through the OCPP 2.0.1 and 1.6 standards. We will also explain how error handling and reporting are managed in a system running a diverse set of EVerest modules. Additionally we will discuss our strategy for generating comprehensive documentation for a project that spans multiple actively developed repositories. EVerest is an Apache 2.0 licensed project within LF Energy. It was initiated by PIONIX GmbH to support the electrification of the mobility sector.

Once in a while, new processor architectures show up -- aarch64, RISC-V, Loongarch, Elbrus -- and more to come. Getting Linux distributions - especially those using binary packages - up on them has traditionally been difficult, but it doesn't have to be. For the new OpenMandriva RISC-V port, we have automated the process in a way that will also work for other new architectures (or even other core changes like spins using a different libc). This talk introduces the pitfalls and the Open Source tools we've used to overcome them.

In this presentation, we present how an analysis of companies and technical trends can lead to the formation of group-wide community and participation in open source alliance organizations. We analyzed companies and technological trends in the related technology area to clarify the situation around the company direction from top-level executives. As a result, we identified important foundations and open source projects in which companies in the related technology area were actively involved. These projects are also important for the Sony Group business. However, due to the diverse nature of Sony's business entities, the organization responsible for video production was unaware of the significance within Sony group, even though they were aware of the trends in OSS and the importance for their own business. In contrast, the organization in the electronics field lacked awareness of video production trends. We tailored the analysis results to each organization and communicated them accordingly. This explanation led to valuable insights for each tech executive, resulting in the formation of group-wide community and participation in a related alliance organization.

In this session, the status of the elinux wiki will be discussed, along with ideas for expanding and updating the content for the site. The elinux wiki has served as a resource for embedded Linux developers for almost 18 years. The wiki contains a lot of great material, including slides and videos for almost every embedded Linux Conference. In this session, Tim will discuss the wiki, and we'll brainstorm ideas for rejuvenating the site, and utilizing it as an effective community resource. Rewards will be available if you make an edit to the wiki during the BOF!! Let's work together to improve this valuable resource!

Three years have passed since the issuance of the U.S. Executive Order (EO #14028), the adoption of SBOM in Japan has gradually progressed. Japanese companies are learning the minimum elements of SBOM which was published by NTIA, and are converting to a development process that takes automated SBOM generation into account. In July 2023, the Ministry of Economy, Trade, and Industry (METI) published a guide on the introduction of SBOM for software management, then the second version is scheduled to be released this summer. In addition, in April 2024, Nikkei Computer, a prominent Japanese computer magazine, published a less than 20-page special feature on SBOM in its opening issue. In this session, Ayumi Watanabe, a Japanese SBOM evangelist and an advisor to METI's SBOM PoC project, will discuss the status of SBOM in Japan, including the content of METI's guidelines, and the maturity and challenges of SBOM implementation in Japanese companies.

Over the past 6 years, the African tech ecosystem has seen significant interest and participation in global open source projects through communities like Open Source Community Africa and Python groups. According to the GitHub 2023 Octoverse report, Nigeria is a hot spot for OSS adoption and technological advancement with a 45% year-over-year growth rate. This talk will explore the importance of Open Source in Africa's development and success. We will discuss Africa's current state, its challenges, and how Open Source can be used as a tool for development, innovation, and collaboration. Through success stories and real-world examples, we will highlight the impact of Open Source on Africa's development and the opportunities it presents for the future.

Client server computing relies on encryption algorithms to ensure that data sent across networks cannot be read, or faked, by untrusted parties. This is the rock on which financial computing works in a business to customer environment, as well as how data at rest is protected from malicious prying eyes reading our personal data. This talk will cover the basics of how Diffe-Hellman encryption works, how symmetric and asymetric keys operate, as well as how all of this will soon become unsafe because of quantum computing. As well as showing the audience the basics (no maths degree required) this talk will show how quantum safe encryption is able to address this, and how folks can get wise and get started.

As the complexity of software ecosystems continues to grow, the need for transparency and security in software components becomes increasingly critical. Software Bill of Materials (SBOMs) has emerged as a pivotal tool in understanding and managing software dependencies, vulnerabilities, and compliance. However, despite its growing adoption, several open questions remain regarding the creation, distribution, and practical use of SBOMs. This presentation aims to pose these questions and discuss the challenges faced by the industry.

Mentorship is key to bringing new people into your open source communities. There are large programs (Google Summer of Code, Outreachy) and many smaller programs that have successfully integrated new contributors into open source communities making them long term contributors. In this panel we’re going to discuss some of the things you need to think about when creating a new mentorship program (single or multi-community). From how to find the right mentors, have great beginner documentation ready, set expectations, where to advertise your program and plenty of time for Q&A.

DAMON is a Linux kernel subsystem for efficient data access monitoring that has been integrated into the mainline since v5.15. The subsystem has been further developed into an access-aware system operating engine. In addition, userspace tools for DAMON have been developed to provide a human-friendly interface and additional userspace capabilities. Several major Linux distributions now offer DAMON-enabled kernels and user-space tool packages. Of course, not all use cases for DAMON are known, but the DAMON maintainer has been privileged to hear about some interesting and creative uses of DAMON from several people who primarily use DAMON for memory efficiency in their prototypes, researches, and products. In this talk, we'll give a brief introduction to the practical benefits and unique internal mechanisms that DAMON provides, with live demos of key features. We'll then detail real-world examples of DAMON use in prototypes, researches, and products. Finally, we'll show you how you can join the project community for participating to the development or get help. The rest of the talk will be followed by a Q&A.

Mentorship plays a crucial role in creating a diverse and inclusive tech community that empowers the next generation of developers. In this talk, we will explore the benefits of mentorship and practical advice for anyone who is interested in becoming a mentor.

We will discuss the importance of creating a supportive and inclusive environment for mentorship and share tips for building strong mentor-mentee relationships.

By encouraging mentorship in tech, we can create a more inclusive and supportive community that fosters growth and development for everyone involved. Join us and let's empower the next generation of developers through mentorship!