Open Source Summit Europe 2024

Those who forget history are doomed to repeat it at a much higher price tag. In these days of new restrictive licenses, It may help those who have grown up with open-source get a quick history lesson on what life was like back in the day when you bought everything - hardware, software, manuals, training - from a sole vendor. Interoperability was minimal, code sharing between different hardware brands was next to impossible, and a manufacturer's new line of products could instantly reduce your investment to zero value. Then came Unix (and later Linux), TCP/IP, and the revolution that produced our current outlook on software and systems. Help keep open-source from slipping away by understanding what we once endured and what many have to suffer through again.

For the first time in history almost everyone uses open source, albeit often without getting the benefits of free software. Open source has accomplished unparalleled success in the IT industry, but with success comes challenges and risks. Over recent decades we have seen business models change while the industry and the users found the best ways to use open source. With software as a service we now see a fairly new but very successful approach, that goes hand in hand with open source, but is not without issues. This presentation will walk the audience through different approaches of monetizing and developing open source and examine the consequences of SaaS models for the open source ecosystem, both for business models and software development It will also point out how recent developments show the resilience of the Open Source world.

Software supply chain attacks are on the rise, but what does that really mean for you and your organization? The recently discovered xz backdoor serves as a stark reminder of the potential nightmares lurking in compromised software supply chains. Have you found yourself wondering about incidents like SolarWinds, Log4Shell, and now the xz backdoor, and why they caused such a commotion? If you've been left scratching your head, thinking "Isn't this just an issue for big tech companies?", this session is for you. In this talk, we will explore software supply chain security and explore why it's important for organizations of all sizes. Through real-world case studies, including a deep dive into the xz backdoor, attendees will understand the risks and potential consequences of supply chain attacks. The session will not be all doom and gloom, however. The presenter will introduce attendees to the Open Source Security Foundation (OpenSSF)'s Sigstore project, which is making supply chain security more approachable and accessible.

No one wants to be responsible for breaking the build. But what can you do as a developer to avoid being the bad guy? How can project leads enable their teams to reduce the occurrence of broken builds? In talking within our own teams, we discovered that many developers weren’t running sufficient integration and End to End tests in their local environments because it’s too difficult to set up and administer test environments in an efficient way. That’s why we decided to rethink our entire local testing process in hopes of cutting down on the headaches and valuable time wasted. Enter Kuttl. Connecting Kuttl to CI builds has empowered our developers to easily configure a development environment locally that accurately matches the final test environment — without needing to become an expert CI admin themselves. These days, we hear, “Who broke the build?” far less often — and you can too!

In the realm of data network management, OpenConfig emerges as a beacon of vendor-neutrality, promising a standardised, model-driven approach to managing network device structures and services. However, the journey towards achieving seamless vendor-neutral operations is a bit more tricky when put into practice. Join us as we navigate the maze of OpenConfig, uncovering its promises, pitfalls, and pragmatic applications based on personal experiences in the network programmability industry. We will explore together the present and future of OpenConfig, along with its practical usage in orchestrators and beyond.

“Everything is a file” or, more precisely, “Everything is a file descriptor”: this statement alone shows the importance of the storage stack under Linux. To ensure that data can be accessed reliably and efficiently regardless of the selected file system and the actual physical storage location, numerous layers in the Linux kernel interlock seamlessly: Virtual File System (VFS), page cache, block layer with different I/O schedulers, so-called “stackable devices” such as device mappers and drivers are the most important components involved. Using the “Linux Storage Stack Diagram”, Werner explains this architecture clearly with the help of several concrete examples. He explains the different areas of the VFS (block-based, network, stackable, pseudo and special purpose file systems) and also goes into detail about the functionality and application areas of various file systems such as ext4 or btrfs. Werner then shows how the resulting BIOs (block I/Os) are processed by the block layer and I/O schedulers (and optionally via stacked devices) before they finally reach the device drivers and physical storage devices. Join this talk and understand how storage works in Linux :-)