Open Source Summit Europe 2024

There isn’t one way to build your career in open source as there are a variety of roles beyond writing code and many different routes into those roles. It’s also important for individuals to chart their own path that aligns with their unique experience and interest. In this panel discussion, panelists will share how they got started in their career and their journey over the past two decades. For people looking for jobs in open source, we’ll discuss what we look for in candidates and why it’s not necessary to check all the boxes in job descriptions. We’ll also talk about challenges in balancing your day jobs vs. open source activities during your career, and how to navigate challenges in corporate environments, for instance tying your open source accomplishments or impacts to your company evaluation process so that your growth outside your org is also recognized internally. In addition, we’ll also delve into other challenges and opportunities of an open source career that range from dealing with impostor syndrome, DEI (Diversity, Equity, and Inclusion) challenges, exploring open source communities for self growth, and more.

Whether you're new to Kubernetes or a seasoned veteran, understanding the details of Pod creation and networking is essential. This talk unravels the intricacies of Kubernetes networking by building the simplest of CNIs (Container Network Interface) from scratch. A CNI plugin is a crucial component, enabling communication between containers in a Kubernetes cluster. In just a few lines of code, we'll explore the creation of Pods, how they are assigned IP addresses, and the role of virtual Ethernet pairs in connecting them to the broader cluster. Gain practical insights into real-world scenarios, discover the significance of CNIs in the CNCF and understand why it's fundamental for any engineer operating Kubernetes. This talk equips you with practical knowledge to navigate Kubernetes networking with confidence by empowering attendees with essential CNI concepts and providing a clear understanding of its role in shaping the containerized world.

Client server computing relies on encryption algorithms to ensure that data sent across networks cannot be read, or faked, by untrusted parties. This is the rock on which financial computing works in a business to customer environment, as well as how data at rest is protected from malicious prying eyes reading our personal data. This talk will cover the basics of how Diffe-Hellman encryption works, how symmetric and asymetric keys operate, as well as how all of this will soon become unsafe because of quantum computing. As well as showing the audience the basics (no maths degree required) this talk will show how quantum safe encryption is able to address this, and how folks can get wise and get started.

Embark on an adventure to explore the essentials of artificial intelligence (AI) models by the metaphor of training dragons. This presentation will explore the core processes involved in developing AI models: - Collecting Data: Like dragons that grow stronger by consuming diverse gems, AI models require various data to develop robust capabilities. - Training: Learn how training your dragon to react to different scenarios mirrors the training of AI models to make decisions based on data. - Testing and Validation: Similar to testing a dragon's skills in new environments, AI models are validated against unseen data to ensure reliable performance. - Tuning and Improvement: Discover how refining a dragon's abilities when facing new challenges parallels optimizing AI models to enhance their effectiveness. This session will provide a clear introduction to AI model creation, development, and refinement, making it ideal for those new to the field. Participants will leave with a solid grasp of how AI models are built and trained.

Developers interested in making their first contributions to open source communities often aren’t sure where to start - what community is a good fit, will the community be interested in their ideas, how do they take that first step into a community? You have learned some basics about open source but where do you put those coding skills to work and find cool open source communities doing interesting work you care about? For 20 years Google Summer of Code has helped bridge this gap for over 20,000 beginners to open source (students, young professionals, career switchers, etc.) and helped them find over 1,000 welcoming communities prepared to mentor them as they start their open source journey. Many mentorship programs (Outreachy, LFX) are designed to bring new contributors into the open source ecosystem to keep diverse perspectives coming into OSS. Learn about GSoC and other programs that you can join to put into practice the OSS skills you have been learning.

Part art, part science, prompt engineering is the process of crafting input text to fine-tune a given large language model for best effect. Foundation models have billions of parameters and are trained on terabytes of data to perform a variety of tasks, including text-, code-, or image generation, classification, conversation, and more. A subset known as large language models are used for text- and code-related tasks. When it comes to prompting these models, there isn't just one right answer. There are multiple ways to prompt them for a successful result. In this workshop, you will learn the basics of prompt engineering, from monitoring your token usage to balancing intelligence and security. You will be guided through a range of exercises where you will be able to utilize the different techniques, dials, and levers illustrated in order to get the output you desire from the model. Participants of this workshop will be equipped with a comprehensive understanding of prompt engineering along with the practical skills required to achieve the best results with open source large language models.

AI is "the" hot new thing. But what's AI got to do with databases? As it turns out, quite a lot. The right database can help your application, business, or customer get more out of AI, faster. What's more, the right database can even make the AI models themselves work better. This workshop will show you how all of this works through a hands-on experience with an "AI-native" database. AI-native databases are designed to empower builders and developers to build AI-powered tools. You will see how they enable better search, integrate with generative AI models, and improve generative models' capabilities. You will be getting hands-on experience with the key pieces of technology, like vector indexes, vector and hybrid search, retrieval augmented generation, and multi-tenancy. Even better, this will use an open-source stack for everything from embeddings, to a vector database and a language model. So join us to learn how to give your app AI superpowers.

In the cloud native era systems are getting ever more dynamic and complex. With containers and microservices architecture, monitoring and troubleshooting systems is more challenging than ever before. The open source community has risen up to the challenge and has delivered solutions that fit modern environments. Established open source projects such as Prometheus and the ELK Stack have gathered massive adoption, while new projects keep emerging and uncovering yet untapped possibilities such as continuous profiling and eBPF. Alongside tools, open standards, such as OpenMetrics and OpenTelemetry, are emerging to converge the industry and prevent vendor lock-in. Goodness, it’s hard to keep track of all that goodness. In this talk Horovits will talk about the recommended open source tools and standards for observability (looking also beyond logs, metrics and traces), and how to combine them to help you achieve effective observability in your environment.

No one wants to be responsible for breaking the build. But what can you do as a developer to avoid being the bad guy? How can project leads enable their teams to reduce the occurrence of broken builds? In talking within our own teams, we discovered that many developers weren’t running sufficient integration and End to End tests in their local environments because it’s too difficult to set up and administer test environments in an efficient way. That’s why we decided to rethink our entire local testing process in hopes of cutting down on the headaches and valuable time wasted. Enter Kuttl. Connecting Kuttl to CI builds has empowered our developers to easily configure a development environment locally that accurately matches the final test environment — without needing to become an expert CI admin themselves. These days, we hear, “Who broke the build?” far less often — and you can too!

Those who forget history are doomed to repeat it at a much higher price tag. In these days of new restrictive licenses, It may help those who have grown up with open-source get a quick history lesson on what life was like back in the day when you bought everything - hardware, software, manuals, training - from a sole vendor. Interoperability was minimal, code sharing between different hardware brands was next to impossible, and a manufacturer's new line of products could instantly reduce your investment to zero value. Then came Unix (and later Linux), TCP/IP, and the revolution that produced our current outlook on software and systems. Help keep open-source from slipping away by understanding what we once endured and what many have to suffer through again.

For the first time in history almost everyone uses open source, albeit often without getting the benefits of free software. Open source has accomplished unparalleled success in the IT industry, but with success comes challenges and risks. Over recent decades we have seen business models change while the industry and the users found the best ways to use open source. With software as a service we now see a fairly new but very successful approach, that goes hand in hand with open source, but is not without issues. This presentation will walk the audience through different approaches of monetizing and developing open source and examine the consequences of SaaS models for the open source ecosystem, both for business models and software development It will also point out how recent developments show the resilience of the Open Source world.

Software supply chain attacks are on the rise, but what does that really mean for you and your organization? The recently discovered xz backdoor serves as a stark reminder of the potential nightmares lurking in compromised software supply chains. Have you found yourself wondering about incidents like SolarWinds, Log4Shell, and now the xz backdoor, and why they caused such a commotion? If you've been left scratching your head, thinking "Isn't this just an issue for big tech companies?", this session is for you. In this talk, we will explore software supply chain security and explore why it's important for organizations of all sizes. Through real-world case studies, including a deep dive into the xz backdoor, attendees will understand the risks and potential consequences of supply chain attacks. The session will not be all doom and gloom, however. The presenter will introduce attendees to the Open Source Security Foundation (OpenSSF)'s Sigstore project, which is making supply chain security more approachable and accessible.

In the realm of data network management, OpenConfig emerges as a beacon of vendor-neutrality, promising a standardised, model-driven approach to managing network device structures and services. However, the journey towards achieving seamless vendor-neutral operations is a bit more tricky when put into practice. Join us as we navigate the maze of OpenConfig, uncovering its promises, pitfalls, and pragmatic applications based on personal experiences in the network programmability industry. We will explore together the present and future of OpenConfig, along with its practical usage in orchestrators and beyond.

“Everything is a file” or, more precisely, “Everything is a file descriptor”: this statement alone shows the importance of the storage stack under Linux. To ensure that data can be accessed reliably and efficiently regardless of the selected file system and the actual physical storage location, numerous layers in the Linux kernel interlock seamlessly: Virtual File System (VFS), page cache, block layer with different I/O schedulers, so-called “stackable devices” such as device mappers and drivers are the most important components involved. Using the “Linux Storage Stack Diagram”, Werner explains this architecture clearly with the help of several concrete examples. He explains the different areas of the VFS (block-based, network, stackable, pseudo and special purpose file systems) and also goes into detail about the functionality and application areas of various file systems such as ext4 or btrfs. Werner then shows how the resulting BIOs (block I/Os) are processed by the block layer and I/O schedulers (and optionally via stacked devices) before they finally reach the device drivers and physical storage devices. Join this talk and understand how storage works in Linux :-)