Open Source Summit North America 2022: Full Schedule

June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

3:00pm CDT

Pre-Registration & Badge Pick-Up

Sunday June 19, 2022 3:00pm - 6:00pm CDT
JW Grand Ballroom Foyer (Level 4)

Special Events / Exhibits / Breaks

7:30am CDT

Registration & Badge Pick-up

Monday June 20, 2022 7:30am - 6:00pm CDT
JW Grand Ballroom Foyer (Level 4)

Special Events / Exhibits / Breaks

9:00am CDT

OpenSSF Day (Pre-registration Required)

OpenSSF Day is a full day of sessions, hosted by Brian Behlendorf, General Manager at the Open Source Security Foundation. Presentations will be led by working group leads who will present on subjects such as Best Practice Badges and Other Good Practices, Three Things Your Open Source Project Must Consider, and Securing Critical Projects.

The day will conclude with a panel discussion on the Future of Securing Open Source Software and you can see the full schedule on the OpenSSF Day event page.

Add OpenSSF Day to your registration now!

Monday June 20, 2022 9:00am - 5:00pm CDT
Lone Star G/H (Level 3)

Project Mini-Summits / Co-located Events

9:00am CDT

OTel Community Day North America 2022

OpenTelemetry Community Day is a time and a place for maintainers, contributors, and users of OpenTelemetry to come together and celebrate both our open source work and our successes with Observability. We are excited to host a day of community roundtables and discussion groups on OpenTelemetry itself, a flurry of lightning talks where peers have shared how they’ve been using OpenTelemetry and Observability tools, and some fantastic keynotes and maintainer discussions to help us know where we’re all going next.

Schedule: View the OTel Community Day North America 2022 schedule here !

How to Register: Pre-registration is required. To register for OTel Community Day North America 2022, add it to your Open Source Summit North America registration

For questions regarding this event, please reach out to events@cncf.io.

Monday June 20, 2022 9:00am - 5:00pm CDT
Room 303/304 (Level 3)

Project Mini-Summits / Co-located Events

12:00pm CDT

Kid's Day (Pre-registration Required)

The Linux Foundation is pleased to present our annual Kid’s Day at Open Source Summit North America 2022!

Intro to Web Design for Kids, Presented by Banks Family Tech
This course is designed for youth as an introduction to the fun and the magic of web design. Very little computer knowledge is required. The basics, typing, browsing the internet, and minor computer operation, are all your child needs to participate.

What will kids learn?

Vocabulary for coding
Knowledge of HTML structure
Knowledge of CSS structure and when to use it
How to put a website on the Internet
Apply knowledge to student’s life

Who can attend?
This workshop is appropriate for children ages 9 – 18 and is open to all children, including those of OSS attendees. All participants must abide by our Health & Safety requirements, and must be fully vaccinated to participate.

Needs?
Bring a great attitude and an open mind! Laptops and light refreshments will be provided.

Register Now for Kid's Day!

Monday June 20, 2022 12:00pm - 4:00pm CDT
Private: Participants Received Location Details via Email

Special Events / Exhibits / Breaks

2:00pm CDT

LF Edge Community Workshop [Pre-Registration Required]

LF Edge is an umbrella organization that facilitates an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system. By bringing together industry leaders, LF Edge hosts a common framework for hardware and software standards and best practices critical to sustaining current and future generations of IoT and edge devices. Fostering collaboration and innovation across multiple industries—including industrial manufacturing, cities and government, energy, transportation, retail, home and building automation, automotive, logistics and health care — that stand to be transformed by edge computing, LF Edge enables a unified community for open source edge computing. Join the workshop to learn more about the future of open edge computing.
Discussion topics include:

Project overviews
End-to-end technology Showcase
Mentorship program
Developer badging and awards

Click here to see the full agenda.

How to Register: Pre-registration is required. To register for the LF Edge Workshop add it to your Open Source Summit North America registration.

Monday June 20, 2022 2:00pm - 5:30pm CDT
Room 310/311 (Level 3)

Project Mini-Summits / Co-located Events

2:30pm CDT

Creating Inclusive Environments Workshop - Gin Pham & Landon Richie, Transgender Education Network of Texas (TENT)

Please join us at the Creating Inclusive Environments Workshop with the Transgender Education Network of Texas (TENT).

Note: Due to the level of discussion and interaction occurring during this workshop, it is not possible to deliver to a virtual audience and this session will be in-person only.

Speakers

Gin Pham

Communications and Outreach Manager, TENT

Gin Nguyên Pham is the Community Engagement Specialist for the Transgender Education Network of Texas (TENT). They formerly served as a Health Promotions Specialist at AIDS Services of Austin and The Q (2018–19). They have provided and helped build various community spaces for... Read More →

Landon Richie

Policy Associate, TENT

Monday June 20, 2022 2:30pm - 4:30pm CDT
Room 203/204 (Level 2)

Special Events / Exhibits / Breaks

Experience Level Any

4:30pm CDT

Screening of MAMA BEARS Documentary, a film by Daresha Kyi, and Q&A with Equality Texas, Transgender Education Network of Texas and local Mama Bears

We are proud to offer all attendees a special screening of MAMA BEARS, a film by Daresha Kyi.
MAMA BEARS is an intimate, thought-provoking exploration of the journeys taken by Sara Cunningham and Kimberly Shappley, two “mama bears”—conservative, Christian mothers whose profound love for their LGBTQ+ children has turned them into fierce advocates for the entire queer community—and Tammi Terrell Morris, a young African American lesbian whose struggle for self-acceptance perfectly exemplifies why the mama bears are so vitally important.

MAMA BEARS is the story of women who have allowed nearly every aspect of their lives to be completely reshaped by love. Although they may have grown up as fundamentalist Christians these two mama bears are willing to risk losing friends, family, and faith communities to keep their children safe—even if it challenges their belief systems and rips their worlds apart.

Light snacks will be provided. We will also be hosting a Q&A with several Mama Bears so you can hear about the experiences of their families directly. We will also welcome leaders from Equality Texas and the Transgender Education Network of Texas to hear what work is being done on the ground to support equality efforts in Texas.

Monday June 20, 2022 4:30pm - 6:00pm CDT
Room 201/202 (Level 2)

Special Events / Exhibits / Breaks

6:30pm CDT

Better Together Diversity Social

The Better Together Diversity Social offers the opportunity for all underrepresented minorities (including race, gender, sexual orientation, and disability) to join together to build connections to carry through the event and beyond. Our hope is that this event will help continue to increase the diversity both at the event as well as in the open source community as time goes on.

Who Can Attend?
This event welcomes our attendees that are underrepresented minorities in tech; women and non-binary, people of color, LGBTQA+, and people with disabilities. Please join us to connect and share experiences.

Is This Event Open to Allies?
Attendees of the Better Together Diversity Social are welcome to invite Allies to this event.

We encourage allies to support diversity in tech while at the event by participating in the Diversity Empowerment Summit, and by seeking out and engaging with diverse attendees onsite.

If you are interested in learning about the other ways the Linux Foundation promotes diversity and inclusion, visit our Diversity & Inclusion page.

Monday June 20, 2022 6:30pm - 8:00pm CDT
UPSTAIRS AT CAROLINE 621 Congress Avenue, Austin, TX 78701

Special Events / Exhibits / Breaks

7:00am CDT

Morning Yoga and Meditation

Begin Day 1 with a calm, energized mind by participating in the morning yoga and meditation session. The class will be led by a trained instructor and is a mindful way to start your day! Complimentary towels will be provided, or you can bring your own. Please be sure to wear comfortable, loose-fitting clothing.
There is no cost to participate and space is available on a first-come, first-served basis.

*Participants must be registered for the event, and have their event badge

Tuesday June 21, 2022 7:00am - 8:00am CDT
5th Floor Terrace

Special Events / Exhibits / Breaks

7:30am CDT

Continental Breakfast

Tuesday June 21, 2022 7:30am - 9:00am CDT
Lone Star Ballroom Foyer (Level 3)

Special Events / Exhibits / Breaks

7:30am CDT

Registration & Badge Pick-up

Tuesday June 21, 2022 7:30am - 6:00pm CDT
JW Grand Ballroom Foyer (Level 4)

Special Events / Exhibits / Breaks

8:00am CDT

First-Time Attendee Breakfast

We know what it feels like to attend a conference for the first time, and we want to help make that experience a little easier for our first-time attendees. Meet other newcomers, as well as Open Source Summit North America veterans, at this informal breakfast. In addition, pick up invaluable tips and tricks on how to best navigate the event.

*We will do our best to accommodate all interested attendees, but please note that participation is on a first-come, first-served basis.

Tuesday June 21, 2022 8:00am - 8:45am CDT
Lone Star B/C (Level 3)

Special Events / Exhibits / Breaks

9:00am CDT

Keynote: Welcome + Announcements - Robin Bender Ginn, Executive Director, OpenJS Foundation & Aeva Black, Open Source Hacker and Consent Advocate

Speakers

Robin Bender Ginn

Executive Director, OpenJS Foundation

Robin Bender Ginn is the Executive Director of the OpenJS Foundation, the neutral home to drive broad adoption and ongoing development of key JavaScript and web technologies. She has led major initiatives advancing open source technologies, community development, and open standards... Read More →

Aeva Black

Open Source Hacker, Microsoft

Aeva Black is an incurably queer geek and veteran of the first dot-com bust. Roaming between startups and Big Tech with ease, Aeva currently works in Azure's Office of the CTO and serves the open source community as the Secretary of the Board for the Open Source Initiative and as... Read More →

Tuesday June 21, 2022 9:00am - 9:10am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

9:15am CDT

Keynote: The Consequence of Success: OSS is Critical Infrastructure - Eric Brewer, Vice President of Infrastructure, Google

Widespread use of open-source software is a remarkable achievement but also creates a tremendous responsibility. How can we collectively step up to ensure OSS is worthy of the trust the world now expects and deserves? We cover a range of long-term challenges that can make a difference, including our hopes for a more sustainable future.

Speakers

Eric Brewer

Vice President of Infrastructure, Google

Eric joined Google in 2011 and leads the company’s compute infrastructure design, including Google Cloud Platform, Kubernetes and Anthos. A recent focus is security for open-source software, including supply chain risks and helping start the OpenSSF.As a researcher, he has led... Read More →

Tuesday June 21, 2022 9:15am - 9:30am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any
Session Type In-person Speaker(s)

9:30am CDT

Keynote: Linus Torvalds, Creator of Linux & Git, in conversation with Dirk Hohndel, Chief Open Source Officer, Cardano Foundation

Speakers

Dirk Hohndel

Chief Open Source Officer, Cardano Foundation

Dirk is the Chief Open Source Officer of the Cardano Foundation, focused on creating a vibrant open source third party contribution ecosystem for the Cardano infrastructure. Dirk was previously VMware’s Chief Open Source Officer, where he lead the company’s Open Source Program... Read More →

Linus Torvalds

Creator, Linux & Git

Linus was born on December 28, 1969, in Helsinki, Finland. He enrolled at the University of Helsinki in 1988, graduating with a master’s degree in computer science. His M.Sc. thesis was titled “Linux: A Portable Operating System” and was the genesis for what would become the... Read More →

Tuesday June 21, 2022 9:30am - 10:00am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:05am CDT

Keynote: Interesting Times in Secure Open Source - Todd Moore, Vice President - Open Technology and Developer Advocacy, CTO DEG, IBM

We live in interesting times. As industry and governments grapple with security and stability concerns, the dialogue across the globe has expanded to include our shared interests in open source. The thread of software and community that binds us and provides the basis for the world's computing infrastructure and applications is threatened. Together, through open source, we have forged a great boon to mankind, and together we must address the concerns of our user base and institutions. In this talk, we will not only discuss what steps we as a community must take to provide more secure code, but also about the cohesive message that we must take back to our governments and representatives to inform them of our needs and how we are responding to this challenge as a community.

Speakers

Todd Moore

Vice President – Open Technology and Developer Advocacy, CTO DEG, IBM

Todd Moore, IBM VP of Open Technology, IBM Developer and Developer Advocacy, leads the global IBM team developing open source technologies and working in open communities. Using both digital assets and face to face interaction with developers, he seeks to build developer confidence... Read More →

Tuesday June 21, 2022 10:05am - 10:20am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:20am CDT

Keynote: Leadership, Pre-Pandemic and Now - Amy Gilliland, President, General Dynamics Information Technology (GDIT) in conversation with Robin Bender Ginn, Executive Director, OpenJS Foundation

Speakers

Robin Bender Ginn

Executive Director, OpenJS Foundation

Amy Gilliland

President, General Dynamics Information Technology (GDIT)

Amy Gilliland is president of General Dynamics Information Technology (GDIT), a business unit of General Dynamics Corporation. GDIT is a $8.5B global technology enterprise with operations in 30 countries worldwide and 30,000 technologists and services professionals delivering critical... Read More →

Tuesday June 21, 2022 10:20am - 10:40am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:40am CDT

Coffee Break

Tuesday June 21, 2022 10:40am - 11:10am CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

10:40am CDT

Sponsor Showcase

This is the place to network, meet up, and learn more about companies that sponsor this event.

Tuesday June 21, 2022 10:40am - 5:35pm CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

11:10am CDT

OSPOCon Keynote: F5’s Open Source Journey - Christine Abernathy, F5, Inc.

F5, a multi-cloud application security and delivery company, recently created an OSPO to help set strategy and shepherd its participation in the open source ecosystem. This was initiated as part of a recent business transformation to expand F5’s software and cloud offerings. F5 has traditionally been open-source risk averse, and recent acquisitions that helped expand its portfolio have various degrees of maturity around open source consumption, contribution and production. This has created unique challenges and opportunities for F5’s fledgling OSPO. In this session, Christine will walk through F5’s OSPO journey as she shares the challenges they have faced. You’ll learn what they did to build out an open source strategy and hear how they answered some key questions along the way. Questions like, how do you get leadership buy-in and sponsorship? How should you guide those interested in open-sourcing and supporting a project? What policies should be in place around open source contributions? How can you put structures in place to ensure sustained open source participation? Can open source drive the cultural change you want to see? F5’s open source journey isn’t done but the hope is that this talk will provide guidance for you, wherever you may be in your OSPO journey.

Speakers

Christine Abernathy

Senior Director of Open Source, f5

Accomplished product development professional with over 25 years experience designing and implementing complex hardware and software systems for diverse industries including, social media services, computer-based systems, communication equipment, and business software and services... Read More →

F5 Open Source Journey 2022 pdf

Tuesday June 21, 2022 11:10am - 11:25am CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

Cloud Native Application Development with MicroProfile and Open Liberty - Emily Jiang, IBM

Ever wondered what is a Cloud Native Application? Is it a microservice or a monolith? oh, it must be made for Cloud? Ever Wondered how to develop a Cloud-Native Application? Come to this session to find out about what making an application Cloud-Native and then learn how to build a Cloud-Native Application using the latest MicroProfile technologies (MicroProfile 4.1 or maybe 5.0) such as Config, Fault Tolerance, Rest Client, JWT, Metrics etc. This session finishes with a live demo on developing Cloud-Native applications using MicroProfile running on Open Liberty and deploying them on k8s.

Speakers

Emily Jiang

Cloud Native Architect, IBM

Emily Jiang is a Java Champion and book author. She is Liberty Cloud Native Architect and Chief Advocate, Senior Technical Staff Member (STSM) in IBM, based at Hursley Lab in the UK. Emily is a MicroProfile guru and has been working on MicroProfile since 2016 and leads a number of... Read More →

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 310/311 (Level 3)

CloudOpen, APIs

Experience Level Entry-level
Session Type In-person Speaker(s)

11:10am CDT

How to Inject Faults into Common HTTP(S) Clients and Services - Chenxi Li, PingCAP

HTTP(S) is one of the most popular application protocols. Many well-known applications, such as Kubernetes and TiDB, heavily rely on the HTTP(s) protocol. However, HTTP connections might fail due to various faults, such as network aborts, long delays, or even man-in-the-middle attacks, causing services unavailable to users. In such cases, simulating HTTP faults with a chaos engineering tool can be extremely beneficial to ensure the robustness and resilience of the application, particularly distributed ones. In this talk, Chenxi Li will show how to implement the HTTPChaos, a chaos engineering mechanism that injects faults into common HTTP applications without any configurations. The theory and rust implementation of a transparent proxy, the hijack solution of HTTPS services on Kubernetes, and the plugins used to inject the message body as custom requirements will also be covered.

Speakers

Chenxi Li

Engineer of Chaos Mesh, PingCAP

Chenxi Li is an engineer of the Chaos Engineering team at PingCAP. He is an active participant in open-source communities, particularly in the fields of HTTP service and filesystem. He has contributed to many open-source projects, including Chaos Mesh, TiKV, TiDB, Kubernetes, and... Read More →

OSS inject faults into http pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 303/304 (Level 3)

CloudOpen, Networking

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:10am CDT

K8s in a Submarine: Optimizing Delivery for Some of the Hardest-to-reach Systems on Earth - Jeff McCoy, Defense Unicorns

In this talk, Jeff will walk through the problems faced by his team while delivering applications in K8s for the US Navy. There are many established patterns for creating clusters in air-gapped environments, so this talk will focus less on creating a cluster and more on the lifecycle for bringing software declaratively into K8s. Jeff will discuss operating an in-cluster registry, issues with HA, routing, DNS, TLS, and the Node/CRI relationship with in-cluster resources. He will also explain various methods they explored for "pushing" images into a cluster with no external registry and how various K8s distros deal with this problem. Additionally, Jeff will discuss how gitops-based deployments pose unique challenges and why they chose tools such as Gitea. Jeff will also discuss how tools such as Helm, Argo, Flux, and kubectl only address half of the problem by managing manifests and leaving the images they depend on unmanaged. He will explore ways to extract images from manifests, charts, kustomizations, and even operators in some cases. Finally, Jeff will discuss the need for predictably packaging all of these dependencies and some of the tools they evaluated for doing so before ultimately deciding to build the open-source tool, Zarf, in partnership with the US Navy.

Speakers

Jeff McCoy

Megamind, Defense Unicorns

Jeff spent 17 years in the US Air Force leading teams in tactical communications systems focusing on satellite and radio systems. While Active Duty Jeff, completed his undergrad in computer science, started a small software consulting company, and built several applications for internal... Read More →

OSS NA22 PPT Containercon K8s On A Submarine pptx

OSS NA22 PPT Containercon K8s On A Submarine pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Lone Star H (Level 3)

ContainerCon, Container Runtimes + Management + Orchestration

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

"Did You Miss My Comment or What?": Understanding Toxicity in Open Source Discussions - Courtney Miller, Carnegie Mellon University

Toxicity in open source, in pull requests, discussions, and in-person interactions, is a frequently discussed problem. Exposure to toxic interactions causes stress, reduces motivation, and may trigger disengagement, especially impacting members of underrepresented identity groups. Despite increased awareness, toxicity in open source is not well understood. Toxicity in open source differs from toxicity on other platforms like Reddit and Wikipedia and existing detection tools and intervention strategies developed there are not effective. We need to understand community dynamics and toxicity in open source to design better ways of handling and avoiding it. We conducted research collecting and analyzing a sample of toxic interactions on GitHub. We found many forms of toxicity, including many demanding and entitled requests and how communities spend substantial effort in responding. We found that many toxic comments were authored by members of the project, usually in reaction to a user’s demand or affront. Locking issues and invoking a project’s code of conduct is often effective. In this talk, we provide a road map of toxicity open source communities with the aim of helping maintainers to better understand, address, and prevent open source toxicity.

Speakers

Courtney Miller

PhD Student, Carnegie Mellon University

Hi! I'm a first-year Software Engineering Ph.D. student at Carnegie Mellon co-advised by Bogdan Vasilescu and Christian Kästner. My primary research interests are open source sustainability, open source contributor (dis)engagement, empirical software engineering research, and developer... Read More →

DidYouMissMyCommentOrWhatTalk pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 201/202 (Level 2)

Diversity Empowerment Summit, Navigating Inclusivity Roadblocks

Experience Level Senior-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

AI/ML at the Extreme Edge with WebAssembly: A Path Forward - Michael Tanenbaum, Mycelial

In his seminal speech of 2017 entitled “The End of Cloud Computing,” Andreesen Horowitz Partner Peter Levine voiced what practitioners before and since have come to appreciate with ever increasing urgency: the amount of data produced by IoT devices (the extreme Edge) far outpaces the bandwidth available to centralize that data in Cloud Native data solutions. And how can we serve our AI/ML model from the Cloud when (not if) we lose connectivity? We need to inference at the Edge, but how? How can we deliver AI/ML on devices with tiny processing power? And how can we manage the Day 2 operations of these solutions, especially as we ask AI/ML to make critical decisions impacting human health and safety? Come learn why the properties of WebAssembly (WASM) present a uniquely perfect fit for the delivery of secure AI/ML at the extreme Edge. Michael will explore a case study on delivering a Tensorflow model compiled to WASM on a highly constrained device at scale, as well as the challenges therein — using a FOSS stack. Michael will conclude with the current state-of-the-art, fast-moving areas of R&D, and areas ripe for greater community involvement as we progress into a future soon at-hand; a future where AI/ML at the extreme Edge abounds, surrounds, and (sometimes) confounds.

Speakers

Michael Tanenbaum

Co-founder/CEO, Mycelial

Michael is Co-founder and CEO of Mycelial - the Edge Native platform for distributed, local-first applications. Prior to Mycelial, Michael was Principal Solutions Engineer at Arrikto, where he co-led the On-premises SIG of the Kubeflow project. Michael joined Arrikto from Mesosphere/D2iQ... Read More →

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 205 (Level 2)

Embedded IoT, Code Footprint Minimization

Experience Level Entry-level
Session Type Virtual Speaker(s)

11:10am CDT

Introduction to Presto: The SQL Engine for Data Platform Teams - Rohan Pednekar, Ahana Cloud, Inc. & Philip Bell, Meta

Presto is an open-source high performance, distributed SQL query engine. Born at Facebook in 2012, Presto was built to run interactive queries on large Hadoop-based clusters. Today it has grown to support many users and use cases including ad hoc query, data lake analytics, and federated querying. In this session, we will give an overview of Presto including architecture and how it works, the problems it solves, and most common use cases. We'll also share the latest innovation in the project as well as what's on the roadmap.

Speakers

Philip Bell

Developer Advocate, Meta

Philip Bell works as a Developer Advocate for Meta Open Source focusing on Big Data projects including PrestoDB. Since starting at Meta, he has created content both in written and video format. Philip has worked in the Department of Defense on unmanned systems, big data, and cyber... Read More →

Rohan Pednekar

Sr Product Manager, Ahana Cloud, Inc.

Rohan Pednekar is a Product Manager at Ahana, the Presto company. He is also the Chairperson of the Presto Conformance Program. His work at Ahana is to develop open data lake analytics and he is currently focussing on performance, reliability, table formate support, and security features... Read More →

Presto Introduction for Open Source Summit Rohan Pednekar & Philip Bell.pptx pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 211/212 (Level 2)

Emerging OS Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:10am CDT

Hacking for Developers - Jarmo Lahtiranta, Insta Group

Think like a cook if you want to make good food. Think like a hacker if you want to find vulnerabilities. Easier said than done though. We'll go through what are vulnerabilities, why they exist and how the hackers typically find them. You'll also see some practical examples about SQL Injection and Remote code execution. After that we'll take a look at the kinds of tools hackers typically use. This presentation gives you a bit better look at the hacker mindset. This will help you in building more secure software and - who knows - you might end up working more with security as well.

Speakers

Jarmo Lahtiranta

Senior Cyber Security Specialist, Insta Group

Jarmo has been working in security for 7+ years. He started as an ethical hacker, moved on to work in the Finnish national CERT and is now working in product security focusing on securing products & development processes.

OS Summit 2022 NA Hacking for Developers pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Lone Star F (Level 3)

LinuxCon, Security

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:10am CDT

Automating Airflow Backfills with Marquez - Willy Lulciuc, Astronomer

As a data engineer, backfilling data is an important part of your day-to-day work. But, backfilling interdependent DAGs is time-consuming and often associated with an unpleasant experience. For example, let's say you were tasked with backfilling a few months worth of data. You’re given the start and end date for the backfill that will be used to run an ad-hoc backfilling script that you have painstakingly crafted locally on your machine. As you sip your morning coffee, you kick off the backfilling script, hoping it’ll work, and think to yourself, there must be a better way. Yes, there is, and collecting DAG lineage metadata would be a great start! In this talk, Willy Lulciuc will briefly introduce you to how backfills are handled in Airflow, then discuss how DAG lineage metadata stored in Marquez can be used to automate backfilling DAGs with complex upstream and downstream dependencies.

Speakers

Willy Lulciuc

Software Engineer, Astronomer

Willy Lulciuc is a Software Engineer at Astronomer working on observability & lineage. He makes datasets discoverable and meaningful with metadata. He co-created Marquez and is now involved in the OpenLineage initiative. Previously, he was the Founder Engineering of Datakin, a data... Read More →

Automating Airflow Backfills with Marquez pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

A CNCF Landscape Pitch Meeting - Carson Anderson, Weave

The Cloud Native Computing Landscape is vast! Really, really vast! In fact, it's so big that it can be hard to even have heard of every project. Let alone know what each of them does. The sheer number of names and concepts can be overwhelming and make it hard to even know where to start.

As of right now, there are 16 Graduated and 28 Incubating projects in the CNCF. These are the projects that have either fully reached or nearly reached the high quality, transparency, and governance standards of the organization. In this session you will get a very short introduction nearly all of them! In this rapid fire presentation, Carson will cover every single Graduated level project and most of the Incubating projects as well

You may not get deep level of understanding of any one project. But you will get enough information to know which ones interest you the most and where you want to dig deeper.

Speakers

Carson Anderson

DevX-O, Weave

Carson has a deep passion for CICD, Kubernetes, Docker, and Distributed systems. Not just for building and managing these systems, but for finding ways to make them accessible and useful. Carson loves being a cloud native and open source liaison to Weave and the hundreds of developers... Read More →

Carson Anderson CNCF Pitch Meeting pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Lone Star G (Level 3)

Open Source On-Ramp, Cloud Administration Essentials (Beginner)

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

Panel Discussion: How the Business Community is Working to Make the Open Source Software Supply Chain More Secure by Default - Jory Burson, Linux Foundation; Rao Lakkakula, JP Morgan Chase; Andrew Aitken, WiPro; Jeffrey Borek, IBM

While studies have shown that open source is not inherently more or less secure that proprietary software, the sheer volume of OSS code has created a systemic security challenge that companies of all kinds are stepping up to address. In the last year, the OpenSSF project has evolved to help harness and orchestrate these efforts. How are these companies getting involved? What kind of internal needs are they addressing, and how do they think about contributing back to the broader community? How does the OpenSSF governance structure support this? Please join us for this Governing Board Member panel discussion moderated by OpenSSF GM Brian Behlendorf to learn more about how these companies are working with the OpenSSF to advance the state of OSS security.

Moderators

Jory Burson

VP of Standards, Linux Foundation

Jory is a consultant and educator working to improve collaboration in open source and open standards communities as a member of several industry boards and standards setting organizations. She advocates for web developers at Ecma International, the OpenJS Foundation Cross Project... Read More →

Speakers

Andrew Aitken

Global Open Source Leader, Wipro

Mr. Aitken has 22 years of open source business and strategy-related experience. Andrew launched and sold his own open source startup, Olliance Consulting Group, to Black Duck Software and worked on many early OEM and ISV strategies. He has been deeply engaged with the venture community... Read More →

Jeffrey Borek

WW Program Director, Supply Chain Security & Open Source, IBM

Working to build a scalable and consistent supply chain security platform, while continuing to lead the consumption compliance Open Source Program Office (OSPO), including policy, execution and guidance. Working with IBM Government & Regulatory Affairs, Software, Systems, Cloud, Consulting... Read More →

Rao Lakkakula

Director, Product Security, JPMorgan Chase

Senior-level Security Engineering Leader with over Two decades of experience leading Global Security teams for multiple Fortune 50 companies (JPMC, Amazon, Bayer). Governing Board Member of Open Source Security Foundation (OpenSSF). Inventor of 13 US patents. Also serving on the Boards... Read More →

Tuesday June 21, 2022 11:10am - 11:50am CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Business issues driving OSSF involvement.

Experience Level Any
Session Type In-person Speaker(s)

11:10am CDT

Reproducible Builds: Unexpected Benefits and Problems - Bernhard M. Wiedemann, SUSE

I have now worked on openSUSE reproducible builds for 6 years and would like to share some insights on where it can help, how to best debug non-determinism and what unexpected problems showed up with reproducible-builds. I plan for a good part of Q&A + discussion at the end.

Speakers

Bernhard M. Wiedemann

Senior Software Engineer, SUSE

since 2010 Bernhard works at SUSE in Nuremberg, Germany since 2016 he developed tooling to test and verify packages. Since then he contributed more than 600 patches for reproducible-builds to upstream projects

2022 06 21 11 10 Reproducible Builds BernhardMWiedemann pdf

Tuesday June 21, 2022 11:10am - 11:50am CDT
Brazos (Level 2)

SupplyChainSecurityCon, Simplifying Verified Reproducible Builds

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:30am CDT

OSPOCon Keynote: OSPO News by TODO Group - Ana Jimenez Santamaria & Chris Aniszczyk, TODO Group

The OSPO movement is expanding across industries and regions of all types and sizes. Due to the wide range of responsibilities and ways to operate, OSPO professionals usually find it difficult when it comes to implement OSPO best practices, policies, processes, or tools for their open source management efforts.

This keynote shares an overview of the different efforts and new initiatives the TODO Group is working on during this year to help OSPOs across regions and industries and ease collaboration across communities.

Speakers

Chris Aniszczyk

CTO, Linux Foundation (CNCF)

Chris Aniszczyk is an open source executive and engineer with a passion for building a better world through open collaboration. He's currently a CTO at the Linux Foundation focused on developer relations and running the Open Container Initiative (OCI) / Cloud Native Computing Foundation... Read More →

Ana Jimenez Santamaria

OSPO Program Manager, TODO Group, Linux Foundation

Ana is the OSPO Program Manager at the TODO Group, an open-source Linux Foundation project and a group of practitioners who want to collaborate on best practices, tools, and other ways to run successful and effective Open Source Projects and Programs. Formerly she worked at Bitergia... Read More →

Tuesday June 21, 2022 11:30am - 11:50am CDT
Room 301/302 (Level 3)

OSPOCon, Plenary Session

Experience Level Any

12:00pm CDT

Key Lessons Learned from Building a Wealth Management Portal Using Cloud Native Architecture - Ankur Kumar, Publicis Sapient

This presentation shares the valuable lessons learned as part of the multi-year digital transformation journey for a large wealth management portal by applying cloud-native architecture. The journey started with a large decade-old monolith application with inflexible architecture, disintegrated user experience, vendor-dependent system architecture, higher time-to-market, and legacy technology stack. The vision was to build a modern & easy-to-use digital platform for advisors / financial professionals & their clients to collaborate better and transform the value chain. The key technology architecture principles were vendor-neutral cloud-native solution, open & standards-based integration architecture, microservices-oriented nimble architecture, and release on-demand-based deployment architecture. Additional capabilities required were quicker time-to-market, unified user experience, flexible and maintainable system architecture. Lessons learned are summarized as using Cloud-native technologies (Kubernetes, Docker, Rancher), applying Opensource solutions at a large scale (Elasticsearch, Redis, Drupal, PostgreSQL, enablement of continuous delivery using CI/CD patterns (using Jenkins, Helm), Building Microservices platform (applying Spring Boot, API-first architecture), and more.

Speakers

Ankur Kumar

Senior Director of Technology, Publicis Sapient

I am a Senior Director Technology with Publicis Sapient, a global digital consulting company, and have over 20+ years of industry experience in building end-to-end web-scale architecture for large & medium scale enterprise organizations over the years. My core competency is providing... Read More →

June 24 KeyLessonsLearned WealthManagementPortal pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 303/304 (Level 3)

CloudOpen, Architectures and Architectural Patterns

Experience Level Senior-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Sponsored Session: Introducing OpenCost - Webb Brown, Kubecost

As Kubernetes and container adoption increases within an organization, complexities around measuring and allocating cost become a business critical challenge to solve. In this session you will be introduced to the OpenCost OS project and the OpenCost spec. The goal is to inaugurate this new vendor-agnostic methodology for accurately monitoring the costs of a Kubernetes cluster and its hosted tenants to help you tackle this.

This session will formally launch OpenCost OSS to the open source community. Attendees will walk away with best practices for using this open source solution with a hands one demo to help you make sense of containers and cloud spend.

Speakers

Webb Brown

Co-founder & CEO, Kubecost

Webb Brown is Co-founder & CEO at Kubecost. He is a former PM at Google where he led teams building monitoring and performance tools. He lives in San Francisco.

OS Summit OpenCost Introduction pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 310/311 (Level 3)

CloudOpen

Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

From Monolith to Microservices: A Journey into the Mesh - Yolanda Robla Mota, Miro

The proposal of the talk is to provide an end-user oriented view about the transformation of a monolith into microservices for a certain application. It will summarize the motivations for that transformation - what drove us to embrace microservices and the benefits that is offering to us. Following advantages will be highlighted: - security - optimizing internal traffic - observability - improvements on application deployment Pain point, common caveats, difficulties for onboarding developers, and specially changing the paradigm will be topics to explore as well. Attendees will be able to understand what is a service mesh, what makes it different from an API gateway, and the advantages and constraints that it brings with it.

Speakers

Yolanda Robla Mota

Staff Software Engineer, Miro

Having more than 15 years of experience in the industry, I have long expertise in the Open Source world. I have been contributing to several projects in the OpenShift, OpenStack and Linux Foundation communities, being core committer of several projects, specially related with infrastructure... Read More →

From monolith to microservices pptx

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Lone Star H (Level 3)

ContainerCon, Observability: Metrics + Logging + Tracing + Service Mesh

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Yes There Are Differences But We Are All Human Right? - David Bevan, Collabora

How many people are there in the world? The famous book Hitchhikers guide to the galaxy may tell you the answer to life the universe and everything is 42. The answer to the population question though is 166,666,666 times more than that. There are over 7 billion of us on this planet. So why is it so hard to recruit and retain great people? Dave wants to share the secret. It’s not that hard. Collabora has seen a nearly 20% growth in the last 18 months, with Dave being one of those people to join the open-source consultancy company. Coming from a background of leadership with qualifications in mental health training and suicide prevention training and working with a diverse mix of people, Dave wants to discuss how important culture is and what the term diverse really means. One of the secrets is finding out the commonalities we all share and then building from there. In the talk, Dave will share strategies ad initiatives he has employed through workplace culture to hiring and filling the recruitment pipeline to tackle the issue of a diverse workforce

Speakers

David Bevan

Engineering People Lead Manager, Collabora

Dave is passionate about people. First and foremost, the reason he gets out of bed in the morning is to help those around him achieve their goals, aspirations and dreams. His purpose in life is to have positive interactions and to facilitate change for the better. While also having... Read More →

Yes there are differences Dave B 210622 pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 201/202 (Level 2)

Diversity Empowerment Summit, Recruiting & Retaining Diverse Talent

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

How to Leverage an Open Update Protocol to Drive Your Embedded Devices from Any Cloud OTA Provider - Anibal Portero, Pantacor

Until now, vendors struggle to provide a comprehensive end-to-end solution addressing the software OTA requirements for the connected devices ecosystem. Instead of fostering innovation, the lack of an end-to-end solution has resulted in a number of projects that live in isolation and that only solve specific parts of the OTA deployment requirements. Solutions out there today are very good at solving one end of the story or another, but not both. By decoupling the device side and the cloud side of the problem, we can ensure that our understanding of both parts is not dictated by a preconceived notion of how the other end should be. By providing a comprehensive local control protocol through lightweight Linux containers, device manufacturers can reap the benefits of a tried-and-tested embedded firmware lifecycle management engine while using their OTA backend of choice. In this talk, we discuss how to implement an OTA system client container that communicates with your cloud-based update service of choice and how you can use this with any backend to control the software and firmware lifecycles of your embedded Linux devices with Pantavisor.

Speakers

Anibal Portero

Senior Embedded Engineer, Pantacor

Aníbal Portero Hermida Embedded Engineer Geek of everything embedded Linux related. Aníbal has worked in the past on the application side of the device industry and is now applying these experiences to make embedded software development more accessible and easier for everyone. Twitter... Read More →

How to Leverage an Open Update Protocol to Drive Your Embedded Devices from Any Cloud OTA Provider pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 205 (Level 2)

Embedded IoT, OTA deployments

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Ag-Rec: Modernizing A Century-old, Agriculture Recommendations Platform Through the Agstack Open-source Consortium - Gaurav Ramakrishna & Brandy S. Byrd, IBM

For more than a century, rural farmers and communities have relied on recommendations from cooperative extension services around the globe. For many, these recommendations are a trusted source of information that could mean the difference between a successful harvest or a meager one. Rural farmers have used manuals or printed PDF files to find recommendations for increasing crops, mitigating disease, and understanding pest management. In fact, farmers commonly ride their tractors in the fields, while studying recommendations that are published by the extension service in a printed manual. As members of the Agstack consortium, Call for Code, Clemson University, and community members collaborated to develop an open-source framework that uses real data, first contributed by the Clemson Cooperative Extension Service. The Ag-Rec framework consists of a Postgres database, which will enable cooperative extension services to upload their agriculture recommendation datasets. The framework has a user-friendly interface that extension services around the world can contribute to and use to access existing data. Come join this interactive session to learn about the architecture of the framework, the APIs that drive its function, and the technology roadmap for the next version of Ag-Rec.

Speakers

Brandy S. Byrd

IBM, Software Developer

Brandy S. Byrd wears many different-colored hats that all express her personal journey, which is multifaceted and broadly scoped. She earned a Bachelor of Arts degree in English from Clemson University and a Master of Science degree in Technical Communication from N.C. State University... Read More →

Gaurav Ramakrishna

Lead Software Developer, IBM

Gaurav Ramakrishna is a Lead Software Developer with IBM Call for Code and is from Toronto, Canada. He has more than 6 years of experience working in the information technology and service industry. He is keen and enthusiastic about creating end-to-end software solutions and deploying... Read More →

AgRec NA OS Summit final pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 211/212 (Level 2)

Emerging OS Forum, New & Emerging Open Source Projects

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Build, Run, and Share Your First EBPF Program in 5 Minutes - Lin Sun, solo.io

If you are familiar with Kubernetes custom resources or custom Envoy filters, you understand how important it is to be able to extend and customize your infrastructure to meet the specific challenges of your organization. Extended Berkeley Packet Filter (or eBPF) enables developers to extend and customize the Linux kernel to quickly build performant and feature-rich functions based on their business needs. Are you interested in a crash course for eBPF? In this lightning talk, we will jump into eBPF using the new open source project BumbleBee (in the process of being donated to CNCF). Five minutes is all you need to expose rich observability data directly from the Linux Kernel, as we will explore how to build, run, and share your eBPF programs with ease.

Speakers

Lin Sun

Director of Open-Source, Solo.io

Lin is the Director of Open Source at Solo.io and a CNCF ambassador. She has worked on Istio service mesh since 2017 and serves on the Istio Technical Oversight Committee. Previously, she was a Senior Technical Staff Member and Master Inventor at IBM for 15+ years. She is the author... Read More →

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Lone Star F (Level 3)

LinuxCon, eBPF

Experience Level Entry-level
Session Type In-person Speaker(s)

12:00pm CDT

Openbytes Builds Open Dataset Standards and Schema Aiming to Bring Transformational Changes to AI by Making Open Datasets More Available and Accessible - Edward Cui, GRAVITI

High-quality data is the bottleneck of AI innovation in both enterprises and academia, a neutrally-governed open data community could be the key to solving this Community-led efforts to solve 3 critical problems in open data: 1.Dataset format: an interoperable data structure. 2.Dataset standard: unify open dataset standards in collecting, sharing and exchanging to promote open data collaboration and reduce liability risks 3.Dataset licensing: standardize data lineage and license review process to reduce contributors and distributors’ liability risks

Speakers

Edward Cui

Founder and CEO, GRAVITI

Edward Cui is the founder of Graviti, which builds the next-generation data platform enabling organizations to leverage unstructured data at scale. Edward started his AI journey during his study at UPenn, where he applied reinforcement learning to robotics. He joined Uber later and... Read More →

OpenBytes Build data Standards and schema pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Senior-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Security as Code: A DevSecOps Approach - Joseph Katsioloudes, GitHub

Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.

Speakers

Joseph Katsioloudes

Security Developer Advocate, GitHub

Joseph Katsioloudes and his team at the GitHub Security Lab work at the forefront of Open Source Security that they shape every day through research and education. Joseph chose this career path because from a very young age, security was his own way to provide ethical and dedicated... Read More →

Security as Code Joseph Katsioloudes pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Security Automation

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Panel Discussion: A How-to Guide for Contributing to Open Source as an Employee - Alyssa P Wright, Bloomberg; Duane O’Brien, Indeed; Josep Prat, Aiven; Deb Nicholson, Python Software Foundation; Richard Littauer, Open Source Collective

Lots of material has been written about contributing to open source as an individual. But, when it comes to making contributions on behalf of an employer, not much material has been available. Until now! Members of the TODO Group have drafted a new guide for company technologists who want to make upstream contributions as ‘good corporate open source citizens.’ It describes the best practices for making these contributions on company time, while also offering direction on drawing boundaries between company time and personal time. This guide is an extension of a framework established as the Principles of Authentic Participation, which was developed by a SustainOSS Working Group in 2020 in order to provide a set of signposts for how organizations of all kinds can engage with the open source community, while avoiding common misbehaviors. This guide provides individuals with support and guidance when making contributions on company time. During this panel, the authors of the TODO guide – Bloomberg’s Alyssa Wright, Aiven’s Josep Prat, and Indeed’s Duane O’Brien – will share how it came to be, discuss why they decided to kick off this initiative, what challenges they faced while writing it, and why they chose these specific principles to guide open source contributions at work.

Speakers

Richard Littauer

Community Development Manager, Open Source Collective

Richard Littauer is the Community Development Manager at Open Source Collective, as well as a member of Sustain and the host of the Sustain Podcast. As a full-stack developer and open source community consultant, he has interfaced with hundreds of different projects in dozens of communities... Read More →

Deb Nicholson

Executive Director, Python Software Foundation

Deb Nicholson is the Executive Director at the Python Software Foundation, the non-profit steward of the Python programming language. She is a free software policy expert and a passionate community advocate. After years of local organizing on free speech, marriage equality, government... Read More →

Duane O'Brien

Director of Open Source, Indeed

Duane leads the vision for open source at Indeed. He manages the people, policies, and ideas to grow open source participation within the company. He loves telling the story of open source through collaboration and conversation. Duane is a force of chaotic good using his high stats... Read More →

Alyssa Wright

Open Source Program Office Lead, Bloomberg

Alyssa leads Bloomberg’s Open Source Program Office (OSPO), which is located in the Chief Technology Office and serves as the center of excellence for Bloomberg’s engagements and consumption of open source software. When not helping define open source strategies, partnerships... Read More →

Josep Prat

Engineering Manager in Open Source, Aiven

Josep Prat is a Open Source Software Manager at Aiven and is passionate about Open Source Technologies. With a strong background in Scala and distributed systems, he contributes to several Open Source Projects like Kafka and Akka, and is a committer for Akka HTTP. In his spare time... Read More →

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 301/302 (Level 3)

OSPOCon, Developer Advocacy and Ecosystem Participation

Experience Level Any
Session Type In-person Speaker(s)

12:00pm CDT

Addressing Cybersecurity Challenges in Open Source Software - Stephen Hendrick, The Linux Foundation & Matt Jarvis, Snyk

Organizations of all sizes are heavily reliant on software, and much of that software supply chain consists of open source software components. Because of this, open source software has cybersecurity implications: the software supply chain is an attractive entry point for people and organizations interested in theft, disruption, or exploitation for economic or political gain. Join Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) as they discuss the latest OpenSSF cybersecurity research which describes where organizations are today in their cybersecurity journey and what can be done to improve the cybersecurity profile of open source software going forward.

Speakers

Matt Jarvis

Director Developer Relations, Snyk

Steve Hendrick

VP Research, The Linux Foundation

Steve Hendrick is VP of Linux Foundation Research. He has expertise in developing content and services to support product development, product positioning, marketing, business strategy, and messaging. Steve is a subject matter expert in application development and deployment topics... Read More →

OSSNA SCSC Slides v1.0 pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Brazos (Level 2)

SupplyChainSecurityCon

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Assessing the Risk of Open-source Components Using OpenSSF's Scorecard - Laurent Simon, Google & Naveen Srinivasan, Endor Labs

Open source demand continues to explode. Developers worldwide will request open-source packages, representing a 73% YoY growth in developer downloads of open source components. Yet, even though projects have their code open-source, the processes used to run, test, and maintain these are less known. For example, do you know if the log4j project has code reviews to reduce the likelihood of dangerous code being introduced in the codebase? How about the npm-color project? This lack of transparency makes it challenging for project consumers, including large companies, to assess the risk and make informed decisions about their use and maintenance of open-source components. In this talk, we will introduce a tool developed by the OpenSSF: Scorecards. Scorecards is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of a project or a dependency. Since it's v4 release in January 2022, Scorecards has been installed on over 800 GitHub repositories as of March 2022, and is recommended by the GitHub documentation to harden workflows.

Speakers

Naveen Srinivasan

OSS Contributor, Indepedent

Naveen Srinivasan is a contributor and maintainer of multiple OpenSSF projects, a member and contributor to the Sigstoreorganization, and a contributor to the SLSA code base.His contributions have earned him recognition with Google Peer Bonus awards in 2021 and 2022. He has consistently contributed to the open-source community for an extended period, with no gaps in activity for the past two years.In addition to his technical contributions, He is a sought-after speaker at conferences, discussing topics related to supply chain security and mitigating... Read More →

Laurent Simon

Engineer, Google

Laurent is a security engineer in the Open Source Security Team (GOSST) at Google. His team works in collaboration with the open-source community and the OpenSSF on novel security solutions, such as Scorecards, Allstar, Sigstore, SLSA, OSS-Fuzz, OSV, etc.

Scorecard OSS@NA pdf

Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Measuring Risk of Potential & Already-included OSS

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:40pm CDT

Lunch (Attendees on Own)

Tuesday June 21, 2022 12:40pm - 2:05pm CDT
Lunch Maps Available at the Registration Counter (Level 4)

Special Events / Exhibits / Breaks

12:40pm CDT

Women in Open Source Lunch - Sponsored by Google (Open to Women & Non-Binary Attendees)

We’d like to invite all attendees that identify as women or non-binary to join each other for a networking lunch at the event. We will begin with a brief introduction and then attendees will be free to enjoy lunch and mingle with one another. All attendees must identify as a woman or non-binary and must be registered for the conference to attend. Arlo Grey is the LINE’s lakeside restaurant by Top Chef winner, cookbook author, and Fast Foodies host Kristen Kish.

Arlo Grey is located in the LINE Hotel and is a 2-3-minute walk from the JW Marriott Austin

*We will do our best to accommodate all interested attendees, but please note that participation is on a first-come, first-served basis.

Tuesday June 21, 2022 12:40pm - 2:05pm CDT
Arlo Grey at the LINE Hotel 111 E Cesar Chavez St, Austin, TX 78701

Special Events / Exhibits / Breaks

1:15pm CDT

Ask the Expert Session with Christine Abernathy on Open Source Program Offices

Ask Christine about building and running Open Source Program Offices.

Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Christine Abernathy

Senior Director of Open Source, f5

Tuesday June 21, 2022 1:15pm - 1:35pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:15pm CDT

Ask the Expert Session with Steve Rostedt on Linux Kernel, Real Time & FTrace

Ask Steve about Linux Kernel, Real Time & FTrace.

Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Steven Rostedt

Software engineer, Google

Steven Rostedt currently works for Google on the ChromeOS baseOS performance team. He is the main developer and maintainer for ftrace, the official tracer of the Linux kernel, as well as the user space tools and libraries that interact with the Linux tracing interface. Steven is also... Read More →

Tuesday June 21, 2022 1:15pm - 1:35pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:15pm CDT

Ask the Expert Session with Steve Winslow on Open Source & Supply Chain Compliance

Ask Steve about Open Source & Supply Chain Compliance.

Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Steve Winslow

Counsel, Boston Technology Law

Steve Winslow is Counsel at Boston Technology Law. Steve advises companies on software licensing, open source software development and use, data privacy, and other legal matters involving technology transactions and commercial contracts. Steve is also a contributor to SPDX, Zephyr... Read More →

Tuesday June 21, 2022 1:15pm - 1:35pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:40pm CDT

Ask the Expert Session with Ana Jimenez Santamaria, TODO Group & Amye Scavarda Perrin, Cloud Native Computing Foundation

Ask Chris about Cloud Native Technologies & Open Source Program Offices.

Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Steven Rostedt

Software engineer, Google

Amye Scavarda Perrin

Director of Developer Programs, Cloud Native Computing Foundation

Amye is the Director of Developer Programs at the Cloud Native Computing Foundation.

Ana Jimenez Santamaria

OSPO Program Manager, TODO Group, Linux Foundation

Tuesday June 21, 2022 1:40pm - 2:00pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:40pm CDT

Ask the Expert Session with Brandon Lum on Cloud Native Security & Security Vulnerabilities

Ask Brandon about Cloud Native Security & Security Vulnerabilities

Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Brandon Lum

Software Engineer, Google

Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the... Read More →

Tuesday June 21, 2022 1:40pm - 2:00pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:40pm CDT

Ask the Expert Session with Tim Bird on Embedded Linux & Linux Kernel

Ask Tim about Embedded Linux & Linux Kernel.
Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Tim Bird

Principal Software Engineer, Sony Electronics

Tim Bird is a Principal Software Engineer for Sony Corporation, where he helps Sony improve the Linux kernel for use in Sony's products. Tim is also a member of the Board of Directors of the Linux Foundation. Tim is active in technical projects related to embedded Linux testing and... Read More →

Tuesday June 21, 2022 1:40pm - 2:00pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

2:05pm CDT

OS-Climate & SIG-SRE: Benefiting from the Operate First Community Cloud - Karsten Wade & Marcel Hild, Red Hat

What are the benefits of running a project's code in an all-open source community cloud? What happens when a community of Site Reliability Engineering (SRE) practitioners decide to Open Source their craft? How does this Operate First concept help the nascent discipline of AIOps? There are many ways the Operate First concept can improve Open Source software development via operational insights. In this session you'll learn a few of those ways through stories and demonstrations. You'll see how the OS-Climate initiative has accelerated participation in the financial community via the Operate First community cloud. You'll explore the content and material from the SIG-SRE community that lets anyone see and learn how a real production clean is run. You'll get a look behind the scenes of the Operate First project's running OpenShift-based community cloud.

Speakers

Marcel Hild

Manager, Red Hat

Marcel Hild has 25+ years of experience in open source business and development. He co-founded a Linux consulting company, worked as a freelance developer, a Solution Architect for Red Hat, and core Developer for Cloudforms, a Hybrid Cloud Management tool. Now he researches the topic... Read More →

Karsten Wade

Engineering Manager, Community Infrastructure & Platform, Red Hat

...

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 303/304 (Level 3)

CloudOpen, Infrastructure-as-Code

Experience Level Entry-level
Session Type In-person Speaker(s)

2:05pm CDT

Sponsored Session: Time Series Tech Stack for the IoT Edge - Zoe Steinkamp, InfluxData

No matter what type of IoT devices you have, or what your use case is for them, you’re going to end up producing a lot of time series data. What you use to handle it is going to be as important to your success as the code you write yourself.

This talk will evaluate the available open source tools for the collection, activation, transmission and visualization of time series data on the IoT Edge, and demonstrate how to use them, together with InfluxDB, to solve various use cases for the Internet of Things.

Speakers

Zoe Steinkamp

Developer Advocate, influxdata

My name is Zoe Steinkamp and I am a developer Advocate for influxData, after working as a front end software engineer for over eight years. In my role as a Developer Advocate, I help developers to engage with InfluxData, including our database platform, open source tools, and Time-Series... Read More →

Building an IoT App with InfluxDB, Python and Flask EDR version pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 310/311 (Level 3)

CloudOpen

Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Image Layout: Stop Putting Everything in Registries - Brandon Mitchell, BoxBoat, an IBM Company

We're starting to put everything in registries, container images, signatures, SBOMs, attestations, cat pictures, we need to slow down. Our CI pipelines are designed to pass things as directories and files between stages, why aren't we doing this with our container images? OCI already defines an Image Layout Specification that defines how to structure the data on disk, and we should normalize how this is used in our tooling. This talk looks at the value of using the OCI Layout spec, what you can do today, what issues we're facing, and a call to action for more standardization between tooling in this space.

Speakers

Brandon Mitchell

Solutions Architect, BoxBoat, an IBM Company

Brandon Mitchell is a Senior Solutions Architect for BoxBoat an IBM company, Docker Captain, OCI Maintainer, and maintainer of various OSS projects. He focuses on defining specs in OCI, improving software supply chain security, and implementing reproducible builds for container images... Read More →

presentation pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Lone Star H (Level 3)

ContainerCon, Container Images and Registries

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Intersectionality: Effectively Paving the Path Forward for DEI Communities by Partnering Together - Jennifer Madriaga, Red Hat

The Red Hat Asian Network (RHAN) is a newly created employee resource group (ERG) focusing on accelerating the advancement of Asian employees at Red Hat, building community, advocating for greater representation, championing equity, and celebrating diversity. A central part of RHAN's work focuses on partnerships with other DEI communities to further advocacy on behalf of Asian associates through intersectionality. Key partnerships have been built with groups like Blacks United in Leadership and Diversity (BUILD), Neurodiversity, Pride, and Diverse Abilities. I will share specific examples of intersectionality efforts and how this coalition-building helps further the DEI goals of individual communities as well as helps support company-wide DEI strategy and goals. We will walk through the challenges that intersectionality entails as well as the successes that make intersectionality a key part of DEI work. Among the largest projects that RHAN is involved with is a project with BUILD, which focused on collecting feedback and experiences of Black and Asian associates in collaboration with an external consultancy to provide actionable items to suggest to senior leadership.

Speakers

Jennifer Madriaga

Senior Manager, Global Community Event Strategy, Red Hat

Jennifer (Jen) Madriaga is the Senior Manager in Global Community Event Strategy at Red Hat. Jen provides event management and event marketing expertise for a variety of open source and community events. She collaborates regularly with a number of community leads, helping them and... Read More →

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 201/202 (Level 2)

Diversity Empowerment Summit, Strategies for Inclusiveness

Experience Level Any
Session Type In-person Speaker(s)

2:05pm CDT

A 'Smart Boombox' with Open Source Hardware and Software - Michael Macisaac, Individual

This presentation will describe how to create a "smart boombox" that can play music by voice command. Open-source also includes hardware. There will be discussion on woodworking, CNC machines, electronics, sound theory, Systems on Chip, GNU/Linux, distros, desktops, free and open-source media players, voice assistants, and other software. All the hardware and a small software package created by the speaker are free and open. Come listen - maybe you'll want to go home and build one!

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 205 (Level 2)

Embedded IoT, Open Hardware Support

Experience Level Mid-level
Session Type In-person Speaker(s)

2:05pm CDT

An Open Source Exploration of a Semantic Structure for Climate Accounting - Dr. Christiaan Johannes Pauw, Nova Institute & Marcus Alex-Ivan Howard

As the world accelerates towards decarbonisation, the need for climate impact accounting at scale becomes more pressing. One of the greatest challenges in this regard is the description, comparison and aggregation of impact claims due to the multitude of existing accounting and reporting standards. The reconciliation and aggregation of these claims, in the interest of climate impact “bookkeeping” at a global scale, requires a common underlying semantic structure – which currently does not exist. The Standards Working Group (Standards WG) of the Hyperledger Climate Action and Accounting Special Interest Group (CA2-SIG) aims to lay out such a semantic structure. Working from the premise that agents engage in activities that impact environments, the WG is actively searching out standards to distill their semantic structures into an ontology that most adequately describes these elements and the relationships between them. The ontology is by design open source, collaborative, dynamic and technology agnostic. The presentation will provide an overview of the WG's work to date, introduce the latest version of the basic ontology, and demonstrate the ontology's application by means of an exemplary use case.

Speakers

Marcus A. Howard

(Independent), Software Developer

Dr. Christiaan Johannes Pauw

Managing Director, Nova Institute

Dr. Pauw is the managing director of the Nova Institute, an independent not-for-profit company in South Africa. For the past two decades he has been involved in research, development, implementation, and monitoring of energy-related projects aimed at benefitting low-income households... Read More →

LFOSSNA EmergingOSF SemanticStructImpactAcc pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 211/212 (Level 2)

Emerging OS Forum, Climate & Sustainability

Experience Level Any
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:05pm CDT

BoF: Where Did You Come From, Where Did You Go? CVD and Open Source Security Research - Dr. Trey Herr & Stewart Scott, Atlantic Council

Join the Atlantic Council’s Cyber Statecraft Initiative for an early discussion on its research into the interaction between CVD laws and the international security research community. Researchers across the world contribute invaluable vulnerability and bug discoveries to open source and proprietary code, but the impact of the various legal environments in which they operate is poorly documented and even less well understood by policymakers crafting related laws. To better inform law and policy with the voices of actual developers, maintainers, and researchers, the Cyber Statecraft Initiative aims to incorporate their feedback directly into ongoing work.

Note: Due to the level of discussion and interaction occurring during this BoF, it is not possible to deliver to a virtual audience and this session will be in-person only.

Speakers

Trey Herr

Director, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council

Stewart Scott

Assistant Director, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 207 (Level 2)

Global Security Vulnerability Summit (GSVS)

Experience Level Any
Session Type In-person Speaker(s)

2:05pm CDT

Discovering Toolchains in 2022 - Victor Rodriguez, Intel

Technology based on open source evolves every year with novel ideas that break paradigms. This evolution requires the reinvention of toolchains constantly. The performance and security of a SW project could be improved (or affected) by choosing the precise configuration in the compiler, linker, or binary tools available to developers. This presentation aims to show some of the new GNU toolchain features for 2022. Among those new features to discover is the enablement of vectorized half-precision floating-point format (FP16) instructions, heavily used in Deep Learning applications. New optimizations for memory transactions using wider vector registers and the enablement of DT_RELR for x86 platforms give the developers the tools to improve memory-bound applications as well as file size. At the same time, new enhancements on the integrated static analyzer give the developer the capability to detect security bugs easily. Having a better understanding of the toolchains allows developers to showcase the best of new platform architecture technology for users’ applications as well as boost the innovation and security of incoming projects.

Speakers

Victor Rodriguez

SW engineer, Intel

Victor holds a master’s degree in computer science Victor is currently a PhD student in the area of microarchitecture computer design. Victor is a Linux developer since 2010. He began his career in the Linux kernel community as a maintainer of the board OMAP138 “Hawk board... Read More →

victor OSS NA22 PPT dm edtis pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Lone Star F (Level 3)

LinuxCon, Programming Languages and Toolchains

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Building ML Pipelines in JupyterLab Using Elyra - Without the Need to Write Code - Patrick Titzler, IBM

Whether you are just getting started in Data Science or are seasoned data scientist, JupyterLab is likely a tool you are using frequently to get work done. In this session we will introduce the Elyra visual editor extension to JupyterLab, which allows for the creation of machine learning pipelines from Jupyter notebooks and Python scripts without the need to write any code. In this session we'll demonstrate how to build and run these pipelines on Kubeflow Pipelines or Apache Airflow, and outline how to take advantage of components to perform general purpose or custom tasks.

Speakers

Patrick Titzler

IBM

Patrick Titzler is a developer advocate with the Center for Open Source Data and AI Technologies at IBM. For the past couple of years he has contributed to several Data and AI open source projects, such as Elyra (a set of AI centric extensions to JupyterLab), the Data Asset Exchange... Read More →

ossna 2022 elyra ptitzler pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Machine and Deep Learning

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Managing Your Serverless Servers, Again! - Amy Arambulo Negrette, DigitalOcean

Serverless is a rapidly evolving paradigm where once the one big product, now various providers have their own vision for what serverless should be and their products to support it including managed compute, databases, and other core services. Still, the heart of serverless architecture is using Functions as a Service to handle your logic needs. This is done by spinning up containers to run these functions on demand. For many use cases, this would be enough. Other times, you would need to manage small configurations such as time outs and memory. More often, a developer needs to use third-party libraries or a company built and maintained library. But, what else do you look out for once your function is ready to run into the wild? Be prepared to know how your tests, logs, and other necessities live. This talk will go over the current FaaS, how to use functions for your particular use case, how to find the limits of your function, and what to do once they've gone to prod. Originally presented at ServerlessConf 2019, this talk will focus less on provider specific use cases, and more how to manage the cloud function itself beyond a 'hello, world,' scenario.

Speakers

Amy Arambulo Negrette

Developer Advocate, DigitalOcean

With over ten years industry experience, Amy Arambulo Negrette has built web applications for a variety of industries including Yahoo! Fantasy Sports and NASA Ames Research Center. One of her projects modernized two legacy systems impacting the entire research center and won her a... Read More →

OSS22 ManagingServerless pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Cloud Administration Essentials (Beginner)

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Does Your OSPO Help or Hinder Contributions? - Dawn Foster, VMware

Your OSPO is probably the center of gravity for your organization’s open source efforts, and your policies and processes can help your employees contribute to open source projects or hinder them in ways that you might not expect. Do employees think of your OSPO as the “Office of No”, or do they consider you to be a strategic partner who can provide advice and help them overcome roadblocks? This talk will focus on ways to structure your OSPO and your policies to foster strategic alignment between individual employee contributors, your company, and open source communities to help all of us become more successful and productive by working together. The talk contains several major sections. * Taking a strategic approach to partnering with the rest of your organization. * Crafting OSPO policies and processes to contribute to open source projects in ways that will benefit your company, your employees, and the open source community. * Using your OSPO to help balance the triad between individual employees, your company, and communities. * Tips for being a good corporate citizen as you contribute to open source communities. The audience will walk away with practical tips about ways to use your OSPO to improve the open source experience for your employees.

Speakers

Dawn Foster

Director Open Source Community Strategy, VMware

Dawn is Director of Open Source Community Strategy within VMware’s OSPO. She is an OpenUK board member, Governing Board member / maintainer for CHAOSS, and co-chair of the CNCF Contributor Strategy TAG. She has 20+ years of experience at companies like Intel and Puppet with expertise... Read More →

OSPO Help Hinder OSSummit NA pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Lessons Learned from Automating SLSA-Compliance Evaluation - Daniel Nebenzahl, Scribe-security

SLSA (Supply-chain Levels for Software Artifacts) is a framework led by Google, that defines four levels of protection for a software supply chain, and provides guidelines on how to reach these levels. Since companies operate dynamic pipelines, there is a need to continuously measure the pipeline's security. This can be met by implementing automated SLSA-compliance evaluation. In this talk , we shall share lessons learned from our journey in implementing automation in real-world scenarios using open-source tools such as Sigstore and OPA. The lessons, conceptual and technical, shed light on the real-world details and challenges we encountered when evaluating, and automating the evaluation of SLSA compliance. Some of these lessons challenge part of SLSA requirements.

Speakers

Danny Nebenzahl

CTO, Co-founder, Scribe Security

Danny is an established expert in cyber and crypto technologies. Previously a Lieutenant Colonel in Matzov - the Israel Defense Forces cyber defense center - where he led the research division for 11 years and was responsible for developing innovative cyber technologies. He was also... Read More →

SLSA Lessons Nebenzahl 20220616 pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Brazos (Level 2)

SupplyChainSecurityCon, Countering Compromised Build System

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

SBOM Ingestion and Analysis at New York-Presbyterian Hospital - Katie Bratman & Adam Kojak, NewYork-Presbyterian Hospital

The proliferation of medical devices in healthcare environments and the reliance on third-party components in modern software design catalyzed NewYork-Presbyterian’s engagement in Software Bill of Materials (SBOM) initiatives. SBOMs provide new transparency that is essential for mitigating the risks associated with diverse software in today’s enterprise.

Organizations, regardless of size or industry vertical, require a complete inventory of software, full visibility into underlying components, and comprehensive insight into vulnerabilities. NYP has developed an open source platform that provides this essential visibility and insight.

Join this session to learn more about NYP’s use of SBOMs in action!

Speakers

Katie Bratman

Security Operations Engineer, NewYork-Presbyterian Hospital

Katie is a Security Operations Engineer for NewYork-Presbyterian Hospital and a member of the Daggerboard development team. She has worked in offensive security, incident response, vulnerability management, and security engineering. Katie applies this diverse experience and cybersecurity... Read More →

Adam kojak

SecDevOps Engineer, NewYork-Presbyterian Hospital

Adam is a SecDevOps Engineer for NewYork-Presbyterian Hospital and a member of the Daggerboard development team. His specialization in Python development and DevOps practices are broadly applied in the development, automation, and integration of Information Security applications at... Read More →

opensourcesummit daggerboard embeddedfonts pdf

Tuesday June 21, 2022 2:05pm - 2:45pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Infrastructure

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Accelerating Application Development with GraphQL Data Mesh - Tanmai Gopal, Hasura

The Data Mesh is an emerging concept focused on moving analytical data away from a monolithic data warehouse or data lake into a distributed architecture, allowing data to be shared for analytical purposes in real-time, right at the point of origin. When mixed with GraphQL, it can be a very powerful solution for some of the most pressing challenges that application developers face today. Attendees will learn about the concept of a data mesh and the benefits of using it as a solution to data and application modernization problems for both operational and analytical data. They will also learn about best practices in building, operating and maintaining an enterprise-grade data mesh architecture powered by GraphQL.

Speakers

Tanmai Gopal

CEO, Hasura

Tanmai is the CEO of Hasura.io, a company he co-founded to develop software to simplify and accelerate application development. Before Hasura, Tanmai co-founded 34 Cross, a software development and consulting company focused on web & mobile development and helping Fortune 500 companies... Read More →

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 310/311 (Level 3)

CloudOpen, Cloud-native Developer and Operator Experience

Experience Level Mid-level
Session Type In-person Speaker(s)

2:55pm CDT

Peta Scale Telemetry Backend with Opentelemetry - Kranti Vikram Anugola & Weian Deng, Walmart Global Tech

Telemetry of distributed applications deployed on a cloud has been a topic of importance across the software industry. Off late Opentelemetry has standardized way to collect metrics from distributed systems. Enriching these with standard traces, logs and events using opentelmetry libs & collectors along with open source tracing backend has helped us build telemetry backend that can handle peta scale telemetry data. In this talk we will share our experience in building and handling petascale telemetry data at scale using open source projects. We will also attempt to touch upon 1. Opensource Projects we used to build this system 2. Scale that we are able to handle 3. Cloud Storage Services that we used to build this system 4. Walmart’s OpenTelemetry adoption strategy.

Speakers

Weain Deng

Walmart Global Tech, Principal Engineer

Weian Deng is a Principal Engineer with Observability Foundation at Walmart. He is the lead for Walmart’s telemetry library development and an architect for Walmart’s Observability solutions. Weian has years of industry experiences on platform development from micro service platforms... Read More →

Kranti Vikram Anugola

Principal Engineer, Walmart Global Tech

Kranti Vikram is a Principal engineer with Observability Foundation at Walmart with microservice expertise, enjoys dealing with problems that are challenging both in their functional, non-functional requirements and focus on tackling problems related to scale, security and performance... Read More →

OSSNA2022 PetaScaleTelemetryBackendWithOtel Kranti&Weian pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 303/304 (Level 3)

CloudOpen, Observability: Metrics + Logging + Tracing + Service Mesh

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Sponsored Session: Open Source Cloud Native Storage Solutions for Stateful Applications from Dell Technologies - Rahul Sharma, Dell Technologies

Organizations are innovating with containers and Kubernetes to deliver breakthrough cloud-native applications that accelerate time to market. At the same time, cloud-native app developers, aligning with IT Ops & DevOps, need to find easy ways to automate and manage persistent storage. Container Storage Modules (CSM) extend capabilities such as provisioning, snapshots, replication, observability, authorization and resiliency to containerized workloads. CSM makes enterprise storage real, with simple, consistent integration, and automation. This session will cover different deployment models, storage options for every Kubernetes workload, and how Dell Technologies is innovating in the open source arena.

Speakers

Rahul Sharma

Product Manager for Containers, Dell Technologies

Rahul Sharma is a Principal Product Manager within the Infrastructure Solutions Group for Containers at Dell Technologies. Rahul brings over 10 years of experience in Product Strategy & Development, Technology Consulting, Risk Management, and Product Marketing. Rahul offers a unique... Read More →

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Lone Star H (Level 3)

ContainerCon

Session Type In-person Speaker(s)

2:55pm CDT

Keeping the Faith: Your Team Can Benefit from Interfaith Inclusion and Diversity - Jason Davis, Cisco Systems

When we think about purpose and fulfillment, many derive their motivation and sense of value from their faith. Whether we are talking about using more inclusive references in coding or simply understanding people of different faith, there are benefits to recognizing this affinity group. How can I share a proper salutation to a coworker during one of their observances? As a manager, what are the holidays and observances I should be mindful of when scheduling meetings, training, and travel? If your company or project team includes more than a few people you may want to consider how a strong inclusion and diversity program allows your teammates to bring their best self forward. Jason Davis leads Cisco's Interfaith Network, an HR-supported organization supporting Cisco's Inclusion and Diversity initiatives. Join Jason as he discusses the benefits and challenges of recognizing people’s diverse faiths, and how adopting a similar program can be an asset to your business.

Speakers

Jason Davis

Distinguished Engineer, Cisco Systems

Jason is a Distinguished Engineer in Cisco's DevNet organization which is focused on developer relations, network programmability evangelism and enablement. His roles are to develop strategies for Developer Relations, Network Programmability, Automation and Orchestration, and provide... Read More →

OSS NA22 KeepingTheFaith JasonDavis final pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 201/202 (Level 2)

Diversity Empowerment Summit, Navigating Inclusivity Roadblocks

Experience Level Any
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Uncovering Software Provenance in Embedded Systems - Ricardo Mendoza, Pantacor

With IoT, 5G, and embedded devices becoming a big part of everyone’s daily lives, security should be on everyone’s minds. Security and more importantly trust in our embedded devices are essential for many reasons. Embedded devices have not always had good security with the last several years seeing a significant number of high-profile hacks that could prevent people from widely adopting IoT in their homes. The federal government also signed an executive order signed last year that requires companies selling connected devices must include a SBoM. But SBoMs are only a small part of the story around keeping embedded devices secure and from a developer and operator point of view, the more important issue is knowing that what you are running and deploying are from trusted sources. In this talk, we’ll discuss the security requirements for embedded Linux devices, with a focus on origin determination and how this can (or cannot) be achieved with the existing tools and practices. We’ll then go through a use case to show how all components of an embedded device can be signed, attested and verified with the help of Pantavisor Linux’s “revisions” and then drill down on code signing, and revoking (if necessary) the provenance of malicious and unsigned code on embedded Linux systems.

Speakers

Ricardo Mendoza

CEO, Pantacor

Embedded Linux enthusiast since the early 2000s, and part of previous leadership roles on special projects at Canonical and others, Ricardo brings deep insight into the workings of the connected devices industry, with the intention of shaping the future of embedded Linux. Ricardo... Read More →

Uncovering Software Provenance in Embedded ricmm Pantacor OSS22 pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 205 (Level 2)

Embedded IoT, Ensuring users know what Software Components (at all tiers) are Included

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Panel Discussion: Aruba’s Decentralized Solution for Covid Drives Air Travel Transformation - Heather Dahl, Indicio; Yuri Feliciano, Government of Aruba & Adrien Sanglier, SITA Lab

As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as Cardea. In this session, representatives from Aruba’s government, Indicio, and SITA will discuss why they chose a decentralized approach, how they created a trusted data ecosystem, and why the ability to verify personal data without having to check in with the source of that data will transform air travel, healthcare, and tourism.

Speakers

Adrien Sanglier

Innovation Program Manager, SITA Lab

Adrien is Program Manager at SITA Lab, and runs the Blockchain & Digital Identity Research program. He brings experience developing innovations and proving new concepts on live customer environments. He is currently involved exploring the concept of self-sovereign identity for the... Read More →

Heather Dahl

CEO, Indicio

Heather is CEO of Indicio, the market leader in developing Trusted Digital Ecosystems, providing companies with the software and infrastructure needed to authenticate and exchange high-value information and develop trusted, secure relationships. Under her leadership, Indicio launched... Read More →

Yuri Feliciano

Innovation Advisor, Government of Aruba

As an appointee of the Prime Minister of Aruba, Yuri heads the Aruba eGovernment pilot project. He currently supports the government of Aruba as the innovation advisor to the Minister of Tourism and Public Health working on the Aruba Health App and the ED Card entry system. Yuri earned... Read More →

Cardea Verifiable credentials for health information go open source 2 pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 211/212 (Level 2)

Emerging OS Forum, New & Emerging Open Source Projects

Experience Level Any
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:55pm CDT

From Linux CFS Scheduler to Goroutine Scheduler: How CFS Algorithm Could Be Used in Goroutine Scheduling - Sen Han, PingCAP

An increasing number of developers are using Golang to develop network services. However, Golang’s simplicity can sometimes be a disadvantage. The scheduling algorithm of the goroutine scheduler is simply a round-robin, and its mechanism is far from complete when compared to the kernel thread scheduler. The lack of priority and fairness mechanisms makes it extremely difficult for golang applications to ensure latency quality and QoS control of critical services under high CPU usage. In this talk, Sen Han will demonstrate CPU-Worker and explain how to make goroutine a fully functional scheduler, similar to the kernel CFS scheduler. This talk will also go over the evolution of the Linux kernel scheduler, with a focus on the details of the CFS algorithm implemented by the current kernel scheduler. The goroutine scheduler of Golang will be used as an example to show the importance of a well-designed scheduler.

Speakers

Sen Han

Engineer, PingCAP

Sen Han is an engineer from PingCAP. His job includes optimizing TiDB’s performance, with a special focus on the Golang part. He is an enthusiastic open-source developer who creates libaco, a lightweight C coroutine library. Sen Han is also the author of 《Paxos Made Easy: The... Read More →

OSS NA22 Linuxcon SenHan to upload.pptx pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Lone Star F (Level 3)

LinuxCon, Scheduler

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Computer Vision to Secure Your Surroundings with AI/ML Solution Built Using Open Source Tools at the Edge - Samantha Coyle & Neethu Elizabeth Simon, Intel Corporation

Fast, low-cost edge compute is supporting the growth of IoT, AI and Computer Vision (CV) based solutions in several fields including smart city/home. Security solutions aiding situational awareness have benefits in keeping assets and the public safe. However, these solutions are increasingly difficult to develop & deploy due to resource constraints, hardware costs, and high inference loads on the edge device. Our team developed a CV based Security as a Service Smart City Solution using AI/ML. This solution provides a framework and processing pipeline for deploying AI-assisted, multi-camera Smart City Solution of vehicular and walkway traffic. The Open Source software leveraged includes: GStreamer multimedia framework, Intel Distribution of OpenVINO Toolkit, Angular UI using VideoJS, Grafana map to depict edge device locations, PostgreSQL, and EdgeX Foundry as an optional listener for inference results. The solution uses a containerized microservice-based architecture. This presentation walks through the learnings and challenges encountered during the design and implementation of this unique solution for AI at the edge for a Security as a Service solution. We will also discuss the ethical concerns that drive our moral compass in developing these types of CV solutions.

Speakers

Samantha Coyle

Software Engineer, Diagrid

Samantha Coyle is a Software Engineer at Diagrid where she develops Go microservices and enables developers to run high scale, modern applications using open-source technology. She has a history of developing computer vision based containerized applications and Go microservices for... Read More →

Neethu Elizabeth Simon

IOT/ML Senior Software Engineer, Intel Corporation

Neethu Elizabeth Simon is an IOT/ML Senior Software Engineer in the Network & Edge Group at Intel Corporation, with vast industrial experience in building CV based AI/ML solutions for retail, industrial & healthcare use cases. Recipient of 2020 Society of Women Engineers DNE Award... Read More →

OSS ComputerVision to Secure Surroundings at Edge pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, AI on the Edge

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Sponsored Session: Securing your Cloud Native Stack with Policy-as-Code and OPA - Peter ONeill, Styra

Cloud Native stacks grow ever more complicated and heterogeneous every year. In order to keep our stack secure, we either need to stay up to date on every tool we might possibly use, or introduce a policy tool designed for Cloud Native. Policy-as-Code uses the latest best practices to help you create policies that are easy to understand, centralized in your organization, and shared with all stakeholders.

Open Policy Agent (OPA) is an open source, general-purpose policy engine designed to decouple policy enforcement from your application and infrastructure. OPA comes paired with a full-featured programing language that is purpose-built for policy creation called Rego. Rego allows you to declaratively state the intent of your security policies using human-readable expressions. It comes equipped with over 150 built-in functions to handle many common data types you want to use. Together OPA and Rego allow you to supercharge your Policy-as-Code workflow in a Cloud Native way.

Join this talk to gain a general understanding of what Policy-as-Code is, how it will work with your Cloud Native stack, and why OPA and Rego are the best choices for the job.

Speakers

Peter ONeill

OPA Community Advocate, Styra

Peter ONeill is a community architect for Cloud Native Developer communities. Currently he is working as a Community Advocate for the OPA (Open Policy Agent) community. Previously, Peter has held engineering positions at both early stage startups and large scale enterprises. Some... Read More →

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Cloud Administration Essentials (Beginner)

Experience Level Entry-level
Session Type In-person Speaker(s)

2:55pm CDT

The Challenge to Build a Distributed OSPO - Norio Kobota, Sony Group Corporation

Many companies are establishing OSPOs as the core of their OSS activities in order to accelerate the favorable relationship with open source community. But at the same time many companies are facing a shortage of OSPO personnel. Solving issues surrounding OSS as a member of an OSPO requires not only a good understanding of the open source community and knowledge of software technology, but also legal knowledge such as open-source software licenses, knowledge of intellectual property such as patents and trademarks, and knowledge specific to each business unit in order to cooperate with security departments, etc. Sony has chosen to build a "DISTRIBUTED OSPO" to resolve OSS issues closer to the engineering teams; independent OSPOs are created within the business units, supported by the central OSPO. The members of the distributed OSPOs need training from the central OSPO. There are already many programs to learn legal and intellectual property knowledge for engineers and business managers. However, there are not many training programs that enable OSPO members to learn what to do when they are actually consulted about OSS issues. In this session, we introduce Sony's efforts and knowledge gained in order to develop individuals to solve issues as members of the distributed OSPO.

Speakers

Norio Kobota

Open Source Program Office, Sony

Norio Kobota is Alliance Manager in Sony. He is a chair of Open Source Software License Committee in Sony and works to improve OSS compliance and relationships with OSS communities. He is a member of the OpenChain Project Japan Working Group. And he is participating the SPDX WG and... Read More →

The Challenge to Build a Distributed OSPO pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Maslow's Hierarchy of Supply Chain Needs - Josh Bressers, Anchore

Lately everyone is talking about software supply chain security. There are many different angles and messages along with an abundance of concepts and acronyms to absorb: SBOM, SLSA, SSDF, vulnerability management, Sigstore, and reproducibility to name a few. It’s hard to know which tasks are most important when starting on a supply chain security journey. What if we discussed supply chain security in the context of Maslow’s Hierarchy of Needs? Just like Maslow’s Hierarchy of Needs teaches us, there are certain needs that must be met first. The needs at the bottom are less complex than the needs at the top. The software supply chain is no different. When we work to incorporate supply chain security into our organizations and projects the approach needs to be incremental change, there is no way we can do everything at once. Every organization is different and trying to decide what to do first can be a paralyzing decision. This session will present a new way to think about supply chain security that turns what appears to be an insurmountable challenge into clear steps. Attendees will learn how to simplify and prioritize supply chain security. Armed with that knowledge, attendees can create an action plan to make complex decisions around supply chain management.

Speakers

Josh Bressers

Vice President of Security, Anchore

Josh Bressers is the Vice President of Security at Anchore. Josh has helped build and manage product security teams for open source projects as well as several organizations. Josh’s experience includes everything from managing software supply chains, vulnerabilities, security development... Read More →

OpenSSF Maslow pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Measuring Risk of Potential & Already-included OSS

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:55pm CDT

Road to SLSA3: Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE - Parth Patel, IBM & Brandon Lum, Google

Tekton, a cloud native solution for building CI/CD systems, has made great strides in achieving SLSA Level 1 (unsigned provenance) and 2 (hosted source/build, signed provenance) with the inclusion of Tekton Chains. Part of attaining higher SLSA levels include protecting and holding the build systems we use accountable. A requirement of SLSA level 3 is non-falsifiable provenance, which states that build system provenance should not be falsifiable by build service’s users - i.e. protecting against cluster administrators. With the integration SPIFFE/SPIRE, Tekton can achieve this capability. SPIFFE/SPIRE provides Tekton with short-lived certificates (backed by workload attestation), that are used to sign build results and status updates (through the TaskRun object). This results in the ability to provide and verify provenance of the build steps, ensuring that they are cryptographically protected against edits not performed by the Tekton Trusted Computing Base (TCB). In this presentation we will show this in action and sabotage our own pipelines to visualize non-falsifiable provenance.

Speakers

Brandon Lum

Software Engineer, Google

Parth Patel

Co-Founder, Kusari

Solutions Architect with 10+ years of CyberSecurity, DevOps, Software Development and Automation experience. Parth has successfully led multiple consulting and development projects in various industries (regulated and commercial) for modernization/migration, cloud adoption and secure... Read More →

Tekton & SPIRE (1) pdf

Tuesday June 21, 2022 2:55pm - 3:35pm CDT
Brazos (Level 2)

SupplyChainSecurityCon, Countering Compromised Build System

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

3:35pm CDT

Coffee Break

Tuesday June 21, 2022 3:35pm - 4:05pm CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

4:05pm CDT

Adding OpenTelemetry to Production Apps: Lessons Learned - Dave McAllister, NGINX

Observability is increasingly important in our modern apps/cloud-native world. However, when adding observability to existing production apps, there are a number of tradeoffs in approaches and in tools. Often, these tradeoffs are an exercise in confusion, leading to decision paralysis. We took on the challenge of adding observability to NGINX MARA, investigating choices, discovering and addressing challenges while keeping to open source solutions whenever possible. You'll come away with an understanding of how the three classes of data (Metrics, Traces, Logs) work together, why we chose the solutions we used and how we extended past the normal space into health checks, introspection and core dumps. Come learn from our experience in dealing with OpenTelemetry and related tools, from traces, metrics and logs, in working with production class apps and discover what approach finally worked for us.

Speakers

Dave McAllister

Sr Technical OSS Evangelist, NGINX

Currently providing technical OSS evangelism for NGINX, Dave talks about the advantages of microservices and orchestration to solve distributed systems challenges, especially with open source. Dave has been a champion for open systems and open source from the early days of Linux to... Read More →

LF CloudOpen Lessons Learned OTel pdf

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 310/311 (Level 3)

CloudOpen, Observability: Metrics + Logging + Tracing + Service Mesh

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:05pm CDT

Throw Away Your Passwords: Trusting Workload Identity - Andrew Martin, ControlPlane

Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system?

Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:

- Introduce workload identity concepts with real-world demos and walkthroughs
- Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust
- Solve the "bottom turtle" trust bootstrap quandary
- Appraise the open source implementations and technologies available to you
- Demonstrate the bootstrap, compromise, and remediation of a Kubernetes cluster using workload identity integrations

Speakers

Andrew Martin

CEO, Control Plane

Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 303/304 (Level 3)

CloudOpen, Security/Authentication

Experience Level Mid-level
Session Type In-person Speaker(s)

4:05pm CDT

Secure Containers Deployments: Time for Refresh - Ariel Shuper, Cisco

Containers deployments contains many security-sensitive attributes (e.g. privileges, OS capabilities, filesystem access rights etc.). The default settings are quite flexible which is great for smooth deployments experience but quite challenging on the security perspective, since they provide high privileges and wide access to the OS (which enlarger the threat landscape in case of a security event). There're few mechanism, popular in Kubernetes environments to control and manage these settings. Pod Security Policies were the first mechanism that was used for this purpose and it recently was replaced by a new mechanism called Pod Security Standards that changed completely the usage model. The introduction of a new method for containers' security context is also an opportunity to rethink the overall model and suggest additional enhancements options. In this talk, I'll address few topics that should be considered with the new security model, like the usage of validating admission webhook and mutating admission webhook (the benefits and drawbacks of each option), the usage of policy-as-code options comparing OPA/Gatekeeper vs. Kyverno policy engines or just a Terraform based policies( I'll also review the available rules libraries in open source) and a GitOps deployment model

Speakers

Ariel Shuper

Cloud Security Evangelist, Cisco

Ariel works on cloud-native security solutions, leading Cisco's cloud security platform. Ariel joined Cisco following the acquisition of Portshift who was a provides of Kubernetes/Istio security platform. Working closely with cloud end users and bridging the gap with security teams... Read More →

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Lone Star H (Level 3)

ContainerCon, CI/CD + Configuration Management + Automation + GitOps

Experience Level Entry-level
Session Type In-person Speaker(s)

4:05pm CDT

Strategies for Appropriate Social Interaction - Carmen McClelland, Mod I Solutions

This presentation covers appropriate social interaction in the workplace. There will be a discussion on the importance of code switching, and the importance of thinking about who is receiving your message. Appropriate social interaction will be broken into three sections: 1. Colleague to colleague Interactions. How can you speak to your colleague about the project you are working on? What are appropriate content for emails? This section will include examples of what are socially acceptable greetings and sign offs, strategies for how to determine what information to be included in the email, and what are appropriate topics to speak with colleagues about both in person, over text, email, and over the phone. 2. Communication to management. There will be examples of email greetings, sign offs, and how to communicate to your boss efficiently. There will be examples of appropriate communication and how to ask for help when needed. 3. Communication to the layperson. How do you speak to someone who is not in your field? There will be concrete suggestions for how to change the language you use when speaking to someone who is not in your field. We will discuss the importance of readability, reducing the use of jargon, and how to feel comfortable when talking about your product.

Speakers

Carmen McClelland

Occupational Therapist, Mod i Solutions

Carmen McClelland is an occupational therapist practicing in New Mexico. She received her undergraduate degree in history from Rhodes College and her graduate degree in occupational therapy for the University of New Mexico. She has completed her Certified Aging in Place Specialist... Read More →

Linux Social Strategies Email pdf

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 201/202 (Level 2)

Diversity Empowerment Summit, Networking

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:05pm CDT

Sponsored Session: Automating the IoT with BPMN - David G. Simmons, Camunda

BPMN is often seen as boring ‘Business Speak’. In reality, it is just a way to automate things, and since it’s called the Internet of Things why not automate those things too! With an estimated 75% of IoT deployments failing to deliver on their promises (and 30% dying in the proof of concept phase) it’s clearly time to approach IoT deployments differently. It’s time to design, implement, build and deploy IoT projects from a business perspective rather than a technical standpoint.

In this talk I’ll go through a complete IoT solution in 3 iterations to show how Business Process Management platforms can quickly iterate on an IoT solution to deliver maximum benefit. Enough business-speak! I’m going to build a Skittles (candy) dispenser based on IoT and controlled by BPMN, with a little AI thrown in! I’ll run the entire demo live, so if the prospect of watching a demo fail in front of a live audience is what gets you excited, this talk is for you! It’s also for you if you’re struggling to build a business case for your IoT project.

Speakers

David G. Simmons

Principal Developer Advocate, Camunda

As the Principal Developer Advocate David finds new and innovative ways to apply Business Process Automation to new and interesting problems. He is a DevRel mentor and helps administer the DevRel Collective Slack Community. He's also trying to find ways to apply Camunda Platform to... Read More →

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 205 (Level 2)

Embedded IoT

Session Type In-person Speaker(s)

4:05pm CDT

Build a More Sustainable World Through "Call for Code with the Linux Foundation" Open Source Projects - Daniel Krook & Charles Johnson, IBM

The world is facing ever greater challenges spurred by climate change including a warming planet, more frequent and destructive disasters, and inequitable outcomes for vulnerable communities. But as this threat grows, it's matched by a fast-growing group of new problem solvers who are bringing more than just programming skills to the fight. Those developers are supported by over a dozen "Call for Code with The Linux Foundation" open source projects and a diverse community that takes on the world's greatest challenges, including disaster mitigation, economic and environmental sustainability, and racial justice. In this session, you'll learn about the framework that Call for Code uses to initiate, incubate, and deliver impact through its projects together with an ecosystem of partners. You'll also learn how you can advance any of these projects whether you are technical or not - including two new projects added in 2022 (OpenTempus and Green Farm) - and get started with your first open source contribution. Finally, you'll hear about this year's Call for Code Global Challenge which is your opportunity to build something new for the annual competition to tackle these important issues with your own cutting-edge innovation based on the latest emerging technology.

Speakers

Charles Johnson

IBM, Senior Cloud Developer, Call for Code

Charles Johnson is a Software Engineer at IBM where he develops open source software for projects in the Call for Code with The Linux Foundation umbrella.

Daniel Krook

CTO Call for Code with The Linux Foundation, IBM

Daniel Krook is a Software Engineer and Developer Advocate at IBM. He was an original catalyst behind Call for Code, a multi-year initiative that inspires developers to create sustainable software solutions to the world’s most pressing problems. As CTO, he ensures that those ideas... Read More →

OSS NA22 CFC pdf

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 211/212 (Level 2)

Emerging OS Forum, Climate & Sustainability

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:05pm CDT

Real-Time Analytics: Going Beyond Stream Processing with Apache Pinot - Rong Rong & Karin Wolok, StarTree

Apache Kafka forms the backbone of the modern data pipeline and its stream processing capabilities provide insights on events as they arrive, but what if we want to go further than this and execute analytical queries on this real-time data. The OLAP databases used for analytical workloads traditionally executed queries on yesterday's data with query latency in the 10s of seconds. The emergence of real-time analytics has changed all this and the expectation is that we should now be able to run thousand of queries per second on fresh data with query latencies typically seen on OLTP databases. This is where Apache Pinot comes into the picture. Apache Pinot is a realtime distributed OLAP datastore, which is used to deliver scalable real time analytics with low latency. It can ingest data from streaming sources like Kafka, as well as from batch data sources (S3, HDFS, Azure Data Lake, Google Cloud Storage), and provides a layer of indexing techniques that can be used to maximize the performance of queries. Come to this talk to learn how you can add real-time analytics capability to your data pipeline.

Speakers

Karin Wolok

Head of Developer Community, StarTree

Karin is Head of Developer Marketing and Community for StarTree, a start-up founded by the original creators of Apache Pinot. From a B.A. in broadcasting and a background in major entertainment and event production companies, she started exploring tech fields and discovered her love... Read More →

Rong Rong

Software Engineer, StarTree

Rong is a software engineer from StarTree. He is passionate about building data analytics, machine learning & stream processing platforms; and hacking on various OSS frameworks and tools. Prior to StarTree, Rong worked as software engineer in Facebook, Uber and LinkedIn; and practiced... Read More →

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Mid-level
Session Type In-person Speaker(s)

4:05pm CDT

GitHub's Data Story: Open Source at the Home for Open Source - Natalie D'Adamio & Ashley Wolf, GitHub, Inc.

In 2021, GitHub formally established its own Open Source Program Office (OSPO). One of the first challenges we faced was creating data-driven metrics around GitHub’s participation in open source. With the goal of researching and developing products and services that help the open source community be successful, we sought out to make this easier for us and for the community. We present the results of an extensive analysis of GitHub’s dataset of millions of open source projects. Using GitHub’s own organization as an example, we propose a quantitative framework for how OSPOs can understand the three main verticals of their open source ecosystem: consumption of open source, contribution to open source, and publication of open source. We highlight how organizations can use this framework to derive data-driven recommendations for improving their relationship with open source. And how GitHub leveraged these metrics to establish a data-driven OSPO.

Speakers

Ashley Wolf

Director, Open Source Programs, GitHub

Ashley Wolf is the Director of Open Source Programs at GitHub. She runs initiatives and programs to empower developers to be successful with open source. She is also passionate about helping companies participate in the open source community. Prior to joining GitHub, Ashley led the... Read More →

Natalie D'Adamio

Data Analyst, GitHub, Inc.

Natalie is a Data Analyst at GitHub and partners with teams like the Open Source Program Office (OSPO) to establish successful data-driven initiatives. She traded in her aviation-telecom background to pursue a role in helping improve developer experience for GitHub. Natalie is passionate... Read More →

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Entry-level
Session Type Virtual Speaker(s)

4:05pm CDT

Authenticating Supply-chain Metadata: Building Remote Code Attestations on GitHub - Asra Ali & Laurent Simon, Google

Remote code attestation is a security property that allows one party (the prover) to prove to another (the verifier) that a piece of code was run, and that the results produced by the run are genuine and have not been tampered with. By attending this talk, attendees will learn how to leverage new GitHub features to add integrity protection to the results of their workflows, enabling software consumers to make risk-based decisions based on authenticated supply chain metadata. This new technique takes advantage of two newly added GitHub features, reusable workflows and OpenID Connect (OIDC), to achieve software-based attestations. We will demonstrate this technique with real-world applications, including: 1. Binary or package integrity: Ensuring no backdoors are inserted at compile time by an attestation of source and build process for integrity. 2. Data integrity: Verifying that OpenSSF's Scorecard data created via the Scorecard's GitHub action can be safely consumed by the community. 3. Authenticated requests: Ensuring integrity of GitHub's new Dependencies API, which lets developers upload their own dependency snapshot to improve the built-in GitHub's dependency graph feature.

Speakers

Laurent Simon

Engineer, Google

Asra Ali

Senior Software Engineer, Google

Asra is Software Engineer on the Google Open Source Security Team (GOSST) where she works on projects like Sigstore. She’s a maintainer of Sigstore’s Rekor, and The Update Framework’s go-tuf implementation. In previous times, she worked on Envoy, fuzzing, and privacy-preserving... Read More →

Authenticating supply chain metadata pdf

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Ensuring users know what Software Components (at all tiers) are Included

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:05pm CDT

GitBOM: Repurposing Git’s Graph for Supply Chain Security & Transparency - Aeva Black, Microsoft & Ed Warnicke, Cisco Systems

What if we could know the complete and reproducible artifact tree for every binary executable, shared object, container, &etc – including all its dependencies – and you could efficiently cross-reference that against a database of known vulnerabilities *before* you deploy? If you had had that information, could you have remediated Log4Shell faster? Might it even help open source maintainers identify at-risk dependencies sooner? If you're thinking, "this sounds too good to be true - what's it going to cost?", then we really hope you’ll join us because we believe this should be an automatic part of open source build tools. In this talk, Aeva and Ed will share why they're so excited about GitBOM and explain what it is (hint: it's not git and it's not an SBOM). If the demo gods are willing, they will show you how you can generate a GitBOM with a simple command-line tool, and explain why you won't have to. Finally, if you want to add support for GitBOM to your favorite tool or language, this talk will give you enough information to get started.

Speakers

Ed Warnicke

Distinguished Engineer, Cisco Systems

Ed Warnicke is a Distinguished Engineer at Cisco Systems. He has been working for two decades in many areas of networking and Open Source. Ed is currently a co-founder of and active contributor to the OmniBOR and Network Service Mesh projects. Ed has a masters in Physics (String Theory... Read More →

Aeva Black

Open Source Hacker, Microsoft

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Brazos (Level 2)

SupplyChainSecurityCon, Ensuring users know what Software Components (at all tiers) are Included

Experience Level Entry-level
Session Type In-person Speaker(s)

4:05pm CDT

Tutorial: Getting Started with Kubernetes - Kim Schlesinger & Mason Egger, DigitalOcean

Kubernetes is everywhere you look in technical blog posts, tech twitter and job descriptions, but if you have never used it before, how do you get started? In this session, Mason Egger and Kim Schlesinger will help you deploy a containerized Python application to a Kubernetes cluster and along the way show you how Kubernetes provides a scalable, resilient, and codified way to deploy applications. You will learn about how to use the command line tool kubectl to interact with a Kubernetes cluster, how Deployments and Services are the building blocks of deploying containers in Kubernetes and some high-level information about how Kubernetes is designed. This tutorial is for the Kubernetes-curious as well as anyone who would like a refresher on Kubernetes basics.

Speakers

Mason Egger

Gretel.ai, Lead Developer Advocate

Mason is currently the Lead Developer Advocate at Gretel where he specializes in synthetic data, data privacy, and Python. Prior to his role at Gretel he was a Developer Advocate at DigitalOcean and an SRE helping build and maintain a highly available hybrid multicloud PaaS. He is... Read More →

Kim Schlesinger

Developer Advocate, DigitalOcean

Kim Schlesinger is a teacher and technologist. She is currently a Developer Advocate at DigitalOcean, and before that she was an SRE at Fairwinds. Kim has given talks at KubeCon + CloudNativeCon North America, SRECon, LISA, DevOps Days Rockies and Develop Denver.

2022 OSS Getting Started K8s pdf

Tuesday June 21, 2022 4:05pm - 5:35pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Cloud Administration Essentials (Beginner)

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:55pm CDT

Scale Kubernetes to Manage 60K Nodes Through Architectural Extension - Ying Huang & Ying Xiong, Futurewei Technologies

With the increasing adoption of Kubernetes in public and private clouds, large enterprises are looking for solutions that scale a single cluster to tens of thousands of nodes, primarily for simplified operations. In this talk, they will present a mechanism that extends Kubernetes architecture to manage a cluster of 60K nodes. This architectural extension shards Kubernetes cluster into two partitions. One partition, called Tenant Partition, manages customer related objects such as deployments, pods, services, endpoints, etc. The other partition, called Resource Partition, manages non-customer objects such as nodes. They will also present and analyze the performance test results, compare the solution with Kubernetes community version in multiple dimensions. Future works that extend the architecture to manage even larger Kubernetes clusters will also be discussed.

Speakers

Ying Xiong

Technical VP and Head of Cloud Lab, Futurewei Technologies, Inc.

20+ Years of ICT, Cloud, Open Source Strategy/Operations/Governance/Compliance (patent, trademark, license, copyright), Business Development, Product Management/Marketing, Partnership Strategy/Recruitment/Management/GTM, Technology Evangelism, Developer Relations, Enterprise Sales... Read More →

Ying Huang

Principal Cloud Software Architect, Futurewei Technologies

Ying is a principal cloud software architect at FutureWei Technologies. She is the leading architect of open source project Centaurus/Arktos, an Kubernetes extension project. Previously, she worked at Microsoft Azure and Amazon.

Scale Kubernetes to manage 60K Nodes through Architectural Extension YX YH consolidated pptx

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Room 303/304 (Level 3)

CloudOpen, Open Cloud Infrastructure

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:55pm CDT

Sustainability the Container Native Way - Huamin Chen, Red Hat & Chen Wang, IBM

Do you want to help combat climate change? Are you concerned with the electricity cost of your Kubernetes clusters? Then join our efforts to manage energy efficiency on Kubernetes clusters. Currently, the energy consumption metrics are only available at node levels. There is no way to obtain container-level energy consumption. Autoscalers and schedulers really need pod-level metrics data in order to obtain energy savings from resizing or migrating containers. We present Kubernetes-based Efficient Power Level Exporter (Kepler) and its integration with Kubernetes. By leveraging eBPF programs, Kepler probes per container energy consumption related system counters and exports them as metrics. These metrics help end users observe their containers’ energy consumption and allow cluster admins to make intelligent decisions on achieving energy conservation goals. We demonstrate that the Kepler can be easily integrated into Prometheus and the existing dashboard.

Speakers

Chen Wang

Research Staff Member, IBM Research

Chen Wang is a Research Staff Member at the IBM T.J. Watson Research Center. Her interests lie in Kubernetes, Container Cloud Resource Management, Cloud Native AI systems, and applying AI in Cloud system management. She is an open-source advocate, a Kubernetes contributor, and a KubeCon... Read More →

Huamin Chen

Sr. Principal Software Engineer, RedHat

Dr. Huamin Chen is a passionate developer at Red Hat' CTO office. He is one of the founding members of Kubernetes SIG Storage, member of Ceph, Knative, and Rook. He previously spoke at KubeCon, OpenStack Summits, and other technical conferences.

Sustainability the Container Native Way Huamin Chen, Red Hat & Chen Wang, IBM.pptx pdf

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Lone Star H (Level 3)

ContainerCon, Observability: Metrics + Logging + Tracing + Service Mesh

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:55pm CDT

BoF: Advancing Diversity and Inclusion: The Open Source Way - Demetris Cheatham, GitHub & Hilary Carter, The Linux Foundation

To truly advance diversity, equity and inclusion (DEI), stakeholders from across the open source software ecosystem must come together transparently and collaboratively as a community. But first, we have to start with the data. Last year, the Linux Foundation completed the 2021 Open Source Diversity, Equity, and Inclusion Survey. Almost 1 in 5 survey respondents agreed with the statement “they did not feel welcome in open source.”

Come hear from Hilary Carter, VP of Research, Linux Foundation and Demetris Cheatham, Senior Director, Diversity and Inclusion Strategy, GitHub and creator of All In, an open source community whose mission is to advance DEI in open source. During this fireside chat, they will discuss the goals of the survey, what we learned, the challenges that still persist, and what we all can do, individually and collectively to create a more inclusive open source for all.

Speakers

Demetris Cheatham

Sr. Director, Diversity, Inclusion + Belonging, GitHub

Demetris Cheatham is the Senior Director for Diversity, Inclusion and Belonging Strategy at GitHub where she leads a diversity and inclusion strategy focused on four key pillars: People/HR, Platform, Philanthropy and Policy. Beyond strategy development and execution, she spends her... Read More →

Hilary Carter

SVP Research & Communications, The Linux Foundation

Hilary Carter is SVP of Research and Communications, supporting the development of open source research projects and publications at the Linux Foundation. As a writer, researcher, and program leader, Hilary has produced decision-useful insights and world class communications that... Read More →

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Room 201/202 (Level 2)

Diversity Empowerment Summit

Experience Level Any
Session Type In-person Speaker(s)

4:55pm CDT

Level-Up Embedded Development with WebAssembly - Gerred Dillion, Mycelial

The environment of modern embedded development is the richest it has ever been - there is a massive ecosystem of hardware, tools, and software for creating devices that bring unprecedented computing power everywhere. With this rise, growing pains are becoming evident in this industry. Creators need more hardware than ever, but face shortages throughout the supply chain, making reliance on particular sensors, ICs, and system-on-chips brittle for businesses. Teams need more embedded software than ever, but struggle to find the software developer expertise they need to create products that span from embedded development to backend services.

Enter WebAssembly. Originally created for near-native performance in the browser, WebAssembly creates a fixed point between languages that compile to it and runtimes - from browsers to embedded systems - that run it. This talk will introduce the post-browser WebAssembly ecosystem, benefits of WebAssembly to embedded products, present an application running the same code on different hardware, and discuss ongoing open source efforts in the WebAssembly space to make embedded software more accessible and solve tight coupling between hardware and software - all within 64MHz of CPU, 128KB of RAM, and 512KB of flash.

Speakers

Gerred Dillon

CTO, Mycelial

Gerred Dillon is the CTO of Mycelial, bringing the advantages of Cloud Native to the edge and embedded space. In the past, he has worked as an engineering leader and developer on Kubernetes, Cloud Native application development and networking. Additionally, he is a contributor to... Read More →

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Room 205 (Level 2)

Embedded IoT, Open Hardware Support

Experience Level Entry-level
Session Type In-person Speaker(s)

4:55pm CDT

Building a Standards-based Open Ecosystem for DPU/IPU Technologies - Kris Murphy, Red Hat; Dan Daly, Intel & Paul Pindell, F5 Networking

A new class of cloud and datacenter infrastructure referred as Data Processing Unit (DPU) or Infrastructure Processing Unit (IPU) is emerging into the marketplace. Organizations value having a well-balanced and optimized infrastructure across their data centers and the hybrid cloud and would like to utilize this new infrastructure, creating an opportunity to develop a fully programmable open source-based model across software and hardware devices. To help facilitate that development and create a vibrant ecosystem, Open Programmable Infrastructure (OPI) project was created. The objective of the project is to foster a community-driven, standards-based, open ecosystem for next generation architectures and frameworks based on IPUs, DPUs, or even switches. Explore the OPI community first hand by joining us at this session and hear from your peers in the industry, learn about future plans for this community and better understand how you could participate and contribute.

Speakers

Paul Pindell

Principal Architect, F5

Paul is a Principal Architect for F5, working in Business Development, tasked with overseeing the technical partnerships across F5’s product portfolio. Keynote and breakout speaker most recently at Red Hat Tech Exchange Seoul, Summits, Forums, as well as, at six US VMworld conferences... Read More →

Dan Daly

Software Architect, Intel

Dan Daly is a Software Architect in the Intel Connectivity Group and focuses on architecture for enabling re-programmable infrastructure spanning across cloud and edge deployments. He is a lead architect for the End-to-End Network Applications Team and is helping to define the software... Read More →

Kris Murphy

Senior Principal Software Engineer - Computational Infrastructur, Office of CTO, Red Hat

As part of Red Hat’s Office of the CTO, Kris Murphy helps drive strategy for emerging technologies that may impact Red Hat’s market. Her current focus areas are computational infrastructure and next generation hardware and architectures.Headshot: already in the system

OPI @ Open Source Summit pdf

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Room 211/212 (Level 2)

Emerging OS Forum, New & Emerging Open Source Projects

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:55pm CDT

Democratizing Deep Learning at Scale with Horovod - Nicolas Castet, Nvidia & Travis Addair, Predibase

Deep learning is pushing the limits of what AI can do: from natural language processing to computer vision and autonomous vehicles. Scaling deep learning to multiple GPUs and multiple machines has become critical to reduce training time and solve ever bigger problems. Horovod is a popular open source framework to distribute and scale the training of TensorFlow, PyTorch, and MXNet models. On the verge of the Horovod's v1.0 release, we look back at Horovod's journey and the lessons learned putting deep learning training in production; from its open source debut in 2017, to its presence in every DL ecosystem since joining the Linux Foundation. We will explain the motivations and key innovations that fueled the development of Horovod and achieved new records in deep learning performance benchmarks. Finally, we'll walk through practical examples to demonstrate how you can scale your models to train on hundreds of GPUs with Horovod, and explain how Horovod fits into production ML workflows running on diverse platforms such as Kubernetes, Spark, Ray, and Slurm.

Speakers

Travis Addair

CTO, Predibase

Travis Addair is co-founder and CTO of Predibase, a data-oriented low-code machine learning platform. Within the Linux Foundation, he serves as lead maintainer for the Horovod distributed deep learning framework and is a co-maintainer of the Ludwig automated deep learning framework... Read More →

Nicolas Castet

Senior Deep Learning Engineer, Nvidia

Nicolas Castet is a senior deep learning engineer at NVIDIA focusing on deep learning training at scale as part of the DL framework group. He is a TSC member and a contributor to the open source framework Horovod. In the past, he works on streamlining distributed deep learning at... Read More →

OSS 2022 Democratizing deep learning at scale with Horovod pdf

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Machine and Deep Learning

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:55pm CDT

Sponsored Session: Software Supply Chain Threat Landscapes: A Moving Target - Brian Fox, Sonatype

There are growing numbers of organized attackers whose sole focus is exploiting vulnerabilities in open source ecosystems, frequently by making their malware appear legitimate. Security and development teams need to understand the cascading impacts and changing landscapes of these exploitations, and put developer-first security tools in the hands of developers everywhere.

Speakers

Brian Fox

Cofounder & CTO, Sonatype

Co-founder and CTO, Brian Fox is a Governing Board member for the Opensource Security Foundation, a member of the Apache Software Foundation and former Chair of the Apache Maven project. As a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin... Read More →

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Brazos (Level 2)

SupplyChainSecurityCon

Session Type In-person Speaker(s)

4:55pm CDT

What Makes A Build Reproducible? - Rose Judge & Joshua Lock, VMware

Truly reproducible builds are an essential part of securing the software supply chain. They ensure that software vendors know exactly what’s being shipped and can quickly pinpoint vulnerable components and remediate fixes in light of a vulnerability or exploit. For open source projects, they allow our users to verify that the built artifacts match the source code in the repository. Reproducible builds also enable software vendors to confidently ship code without having to assess and verify third party dependency build process trustworthiness. The term “reproducible builds”, however, is overloaded with definitions and expectations for behavior. So what exactly makes a build reproducible? There’s at least three ways to define it: 1) Deterministic build process; 2) Artifacts that can be recreated; and 3) Binary, or bit-for-bit, reproducible. For each of these common definitions of “reproducible build” this talk will propose an alternative term and explore the supply chain security implications of the definition. We hope this talk will motivate audience members to work towards reproducible builds but at least should help understand why reproducible builds matter.

Speakers

Rose Judge

Senior Open Source Engineer, VMware

Rose Judge is a Senior Open Source Engineer at VMware where she co-maintains Tern, an open source container inspection tool that generates container SBOMs. Additionally, she is the chair of the Linux Foundation’s Automating Compliance Tooling Technical Advisory Council and regularly... Read More →

Joshua Lock

Open Source Architect, Verizon

Joshua is Open Source Architect in Verizon's Open Source Program Office where he leads efforts to improve consistency around how Verizon uses open source. As part of his work at Verizon he works upstream on software supply chain security standards and tools; he is a steering committee... Read More →

What Makes a Build Reproducible pdf

Tuesday June 21, 2022 4:55pm - 5:35pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Simplifying Verified Reproducible Builds

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

4:55pm CDT

Tutorial: Building an EBPF Swiss Knife from OSS - Val Pliskin & Amit Slavin, Seekret

Recently, eBPF has emerged as one of the most trending and promising technologies to answer a various number of existing dev problems. But is it possible to utilize eBPF without becoming a Linux Kernel expert? It is, thanks to OSS! In this session, Val will go over a few OSS tools powered by eBPF to demonstrate how real world problems can be solved using existing OSS tools. Pliskin has selected some popular open source projects to go over today in order to showcase how this theory can be put into practice.

Speakers

Amit Slavin

Seekret

Val Pliskin

CTO, Seekret

Val Pliskin is the CTO & Co-Founder of Seekret, a Tel Aviv-based startup in the API observability space. As an alumni of Israel’s prestigious 8200 unit and a vulnerabilities researcher for one of the largest cybersecurity companies in the world, Val brings a strong technological... Read More →

eBPF Swiss Knife OSS Summit 2022 pdf

Tuesday June 21, 2022 4:55pm - 6:15pm CDT
Lone Star F (Level 3)

LinuxCon, eBPF

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

6:00pm CDT

Attendee Reception at Stubb's Bar-B-Q (Open to All Attendees)

Come eat, drink, mix and mingle with your fellow attendees as we kick off Open Source Summit North America 2022 at Stubb’s Bar-B-Q! Attendees will enjoy delicious Texas BBQ, live entertainment, and possibly a few surprises. Stubb’s Bar-B-Q is an iconic landmark in the historic Red River Live Music District, not only famed for its legendary food but also as one of the main live music destinations in the city. You won’t want to miss this!

Stubb’s is a 15-minute walk from the JW Marriott Austin, and limited transportation will be provided.

Tuesday June 21, 2022 6:00pm - 9:00pm CDT
Stubb's Bar-B-Q 801 Red River St, Austin, TX 78701

Special Events / Exhibits / Breaks

6:45am CDT

5K Fun "Run"

Don’t forget to pack your running gear because the Fun “Run” is on! This activity is great for all fitness levels as there will be (3) pace groups: walking, jogging, and a running group.

Our local guides will take you past some of Austin’s famous landmarks including the legendary Littlefield Building, the Driskill Hotel, the Capitol Building, Governor’s mansions, and through the flowing streets of Austin via the Bermond and Robertson family historic district. You’ll see why Austin is the Live Music Capital of the world and then we’ll end with passing by the Congress Street “bat bridge,” home to the largest bat colony in the world.

There is no cost to participate and space is available on a first-come, first-served basis.
Meet at 6:45am; Activity from 7:00 – 8:00am

*Participants must be registered for the event, have their event badge, and will be required to provide their own running attire and water.

Wednesday June 22, 2022 6:45am - 8:00am CDT
JW Marriott Lobby (Ground Floor)

Special Events / Exhibits / Breaks

7:30am CDT

Continental Breakfast

Wednesday June 22, 2022 7:30am - 9:00am CDT
Lone Star Ballroom Foyer (Level 3)

Special Events / Exhibits / Breaks

8:00am CDT

Registration & Badge Pick-up

Wednesday June 22, 2022 8:00am - 6:00pm CDT
JW Grand Ballroom Foyer (Level 4)

Special Events / Exhibits / Breaks

9:00am CDT

Keynote: Kevin Jakel, Founder + Chief Executive Officer, Unified Patents; Hilary Carter, Vice President of Research and Michael Dolan, Senior Vice President & General Manager of Projects, The Linux Foundation

Speakers

Mike Dolan

Senior Vice President & General Manager of Projects, The Linux Foundation

Michael Dolan is SVP and GM of Projects at the Linux Foundation supporting open source projects and legal programs He has set up and launched hundreds of open source and open standards projects covering technology segments including networking, virtualization, cloud, blockchain, Internet... Read More →

Hilary Carter

SVP Research & Communications, The Linux Foundation

Kevin Jakel

Founder and CEO, Unified Patents, LLC

Wednesday June 22, 2022 9:00am - 9:40am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

9:45am CDT

Keynote: Jennings Aske, Senior Vice President & Chief Information Security Officer, NewYork-Presbyterian Hospital

Speakers

Jennings Aske

Senior Vice President & Chief Information Security Officer, NewYork-Presbyterian Hospital

Jennings R. Aske is Senior Vice President, Chief Information Security Officer for NewYork-Presbyterian. In this role, he is responsible for leading the hospital's information security and business continuity programs, as well leading the Medical Staff Office. Mr. Aske joined NewYork-Presbyterian... Read More →

Wednesday June 22, 2022 9:45am - 10:00am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:05am CDT

Keynote: The Future of Open Source is Trust - Arun Gupta, Vice President & General Manager, Open Ecosystem Initiatives, Intel Corporation

It’s no longer enough for code to be elegant, ingenious, and useful: especially now, it needs to be safe. Our software supply chain must be safe and verifiable. For developers to use open-source code, they must be able to trust where that code came from and how secure it is. For open source to flourish, we all need to be able to trust our open ecosystem – top to bottom and end to end. A leader in open source from the beginning, Intel has continuously worked to strengthen and grow the future of open source. We work with standards, tools, and processes to create trusted expectations in the software, products, and services we deliver. Learn about our efforts and how we can build trust in the open ecosystem together.

Speakers

Arun Gupta

Vice President & General Manager, Open Ecosystem Initiatives, Intel Corporation

Arun Gupta is vice president and general manager of Open Ecosystem Initiatives at Intel Corporation. As an open source strategist, advocate, and practitioner for nearly two decades, Arun has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace... Read More →

Wednesday June 22, 2022 10:05am - 10:10am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:10am CDT

Keynote: A Love Letter to Open Source: A Look at The Past Ten Years - Melissa Smolensky, Vice President, Corporate Marketing, GitLab

There is undeniable power when people get together to enact change. In the past ten years open source software has disrupted entire industries, created plumbing that drives the Internet and helps power almost every company that has an online presence. The fact that we can each contribute to the future is inspiring. This talk will look at how open source communities have come together over the past ten years to get us where we are today. Specifically I'll talk about OpenStack, CoreOS, Kubernetes and GitLab, touch upon the many flavors of open source, and highlight community moments that have brought people together in a common mission.

Speakers

Melissa Smolensky

Senior Director, Corporate Marketing, GitLab

Wednesday June 22, 2022 10:10am - 10:30am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:30am CDT

Coffee Break

Wednesday June 22, 2022 10:30am - 11:00am CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

10:30am CDT

Sponsor Showcase

This is the place to network, meet up, and learn more about companies that sponsor this event.

Wednesday June 22, 2022 10:30am - 6:30pm CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

11:00am CDT

Beyond the Monkeys: Chaos Engineering on the Cloud - Bella Wiseman & Sindhuja Durai, Goldman Sachs

Well-maintained applications have thorough unit tests, integration tests and performance tests. Despite this coverage, production incidents still occur due to infrastructure failures, network faults, or unexpected traffic patterns. These failures cannot be covered with traditional test suites. In this session, we will share how we adopted the open source Chaos Toolkit to test the resilience of an application on AWS. We will discuss design decisions on entitlements, project structure, and cloud architecture that we consider when building out a chaos test suite.

Speakers

Sindhuja Durai

Vice President, Goldman Sachs

Sindhuja is part of Consumer CICD team driving Chaos Engineering adoption. Previously she was the technical architect of the Chaos Engineering team, focused on improving resilience of applications across the firm by driving adoption of the chaos testing practices. Sindhuja is passionate... Read More →

Bella Wiseman

VP/Software Engineer, Goldman Sachs

Bella Wiseman grew up listening to her mother expound on garbage collection algorithms and Algol thunks over the dinner table. Bella is now an engineer and leader at Goldman Sachs. Bella has a decade of experience crafting sustainable, well-designed software for fintech, and enjoys... Read More →

Open Source Summit Chaos Engineering pptx

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 310/311 (Level 3)

CloudOpen, Chaos Engineering

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:00am CDT

Server-side Wasm Applications: Replacing Docker with WASI - Colin Murphy, Adobe

Adobe makes use of Wasm in its flagship web browser-based products including Photoshop, Lightroom, and Acrobat. This past year it has explored potential use cases for Wasm in the datacenter with wasmCloud. Of particular interest were the potential performance, cost, security, and compliance benefits. Wasm and WASI have many potential advantages over Docker and standard web frameworks in these areas, but what needs to be done to realize those benefits at Adobe? This presentation begins with a summary of Adobe's current use cases for Kubernetes, including areas in which server-side Wasm could offer significant benefits. It then proceeds to an exploration of Wasm/WASI platforms, compelling features of the technology for Adobe, and a demonstration of proofs of concept. It concludes with future looking platform requirements and how Adobe expects to take advantage of this technology at scale moving forward.

Speakers

Colin Murphy

Sr Software Engineer, Adobe

Colin Murphy is a senior software engineer at Adobe. He is working on upcoming products for Creative Cloud Web. Prior to his current role, he was responsible for infrastructure of Adobe Document Cloud microservices, including Adobe Sign and Acrobat Web. He has been responsible for... Read More →

Replacing Docker with WASI murphy wasmday [Autosaved] pdf

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 303/304 (Level 3)

CloudOpen, WebAssembly

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:00am CDT

Keeping Your Open Source Community Accessible to All - Treva Williams, Open Infrastructure Foundation

As community builders & maintainers, it is our job to attract & retain highly engaged, passionate contributors, but sometimes in our haste to drive up engagement we overlook small details that can have a huge negative impact on participation, such as overly technical descriptions of projects, incomplete or out-of-date documentation, or lack of accommodation for the differently abled. So how do we make sure that our projects are truly “open” to all who wish to participate? Incorporating small changes into workflows such as creating glossaries, mentorship programs or just setting up an auto-responder can make all the difference in the world when it comes to building & maintaining an active community. Join this presentation to hear how the first-hand experiences of a tailor-turned-Dev Advocate now managing communities of their own has shaped their method for Developer Relations, & how these methods can be incorporated into your projects to attract & retain diverse, active contributors.

Speakers

Treva Williams

Senior Consultant, Pink Penguins

Treva Nichole Williams is a Red Hat certified Linux, OpenStack, & OpenShift sysadmin, instructor, & dedicated Open Source evangelist. Before venturing into the field of online learning, Treva spent 5 years managing Rackspace’s multi-region, multi-tenant public cloud infrastructure... Read More →

Keeping OSS available to all pdf

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 205 (Level 2)

Community Leadership Conference, Community Management

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:00am CDT

Powering Observability with Simple, Sharable, EBPF Programs - Lin Sun, solo.io

Have you tried to create and run your own eBPF programs? There are many popular frameworks out there for this exact purpose, and yet they still feel very complex. All of these frameworks require writing both user space, and kernel code. In this talk, we will present an innovative method to enable you to easily create, run, and share your eBPF programs without writing any user-space code. We will use the new open source bumblebee project (in the process of being donated to CNCF) to harness Linux Kernel’s observability data. With live-coding, we will explore what is happening to give you an understanding of how it works to write and run your eBPF program without writing your own user-space code with bumblebee.

Speakers

Lin Sun

Director of Open-Source, Solo.io

Wednesday June 22, 2022 11:00am - 11:40am CDT
Lone Star H (Level 3)

ContainerCon, Observability: Metrics + Logging + Tracing + Service Mesh

Experience Level Entry-level
Session Type In-person Speaker(s)

11:00am CDT

All About That BoM, ‘bout That BoM - Melba Lopez, IBM

Lessons learned about building Software Bill of Material (SBOM) for 1800+ products. Will discuss common roadblocks everyone is familiar with: People, Process, and Technology.

Speakers

Melba Lopez

STSM - Supply Chain Security, IBM

Melba is a lead for the SLSA Positioning Special Interest Group (SIG) and is a Senior Technical Staff Member (STSM) at IBM. She has over 15 years of industry experience, has a Master's in Cybersecurity, and is the Lead Product Security Architect for Supply Chain Security at IBM.

OSS NA 2022 All about that Bom pdf

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 211/212 (Level 2)

Critical Software Summit, Best Practices for Improving Software Transparency with SBOMs

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:00am CDT

Status of Embedded Linux - Tim Bird, Sony Corporation

In this talk, Tim will give an overview of issues in the Linux in the embedded space that have come about in the past year. Tim will discuss recent developments in the Linux kernel that are of interest to embedded developers, covering such topics as filesystems, networking, tracing, and real-time. He will also discuss security, testing, and other technical topics. Tim will also talk about community and industry news related to Linux in embedded systems, including the status of major processor vendors, and projects at the Linux Foundation, and other relevant community projects. It is hoped that through this talk, developers can learn about changes to the kernel, or initiatives in the industry that might be of benefit for their own embedded Linux development.

Speakers

Tim Bird

Principal Software Engineer, Sony Electronics

Status of Embedded Linux 2022 06 pdf

JJ79 Embedded Linux Community Update 2022 06 pdf

Wednesday June 22, 2022 11:00am - 11:40am CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Trends and Future Direction

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:00am CDT

Krepair: Automatically Repairing .config Files to Cover Patches - Paul Gazzillo & Necip Yildiran, University of Central Florida

The kernel receives thousands of patches per month, with recent major releases containing well over ten thousand. Testing a patch means first building the affected source code. But using an arbitrary configuration file provides no guarantee of build coverage. defconfig only builds around 15% of the patches contained in v5.13. allyesconfig provides high coverage, but incurs higher build times (three hours for allyesconfig vs. 20 minutes for defconfig on a commodity desktop). Moreover, allyesconfig kernels are less suited for run-time testing due to their size, and they preclude combinatorial configuration testing, e.g., with randconfig. The speakers' approach, krepair, automatically repairs a configuration file to ensure high patch coverage while retaining most settings from the original configuration file. This allows testers to build the patch without sacrificing tests for a variety of hardware and software configurations. Our evaluation on thousands of real patches shows that krepair finds repairs to allnoconfig and defconfig that change only a couple hundred options on average, achieving patch coverage comparable to allyesconfig which, in contrast, requires enabling over ten thousand additional options. The talk will also demonstrate using the free and open-source tool.

Speakers

Necip Yildiran

University of Central Florida, Graduate Research Assistant

Necip Yildiran is a PhD candidate in Computer Science in his final year at University of Central Florida. He received his BSc in Computer Engineering from Middle East Technical University in Ankara, Turkey. His research interests include software engineering, visualization, and security... Read More →

Paul Gazzillo

Assistant professor, University of Central Florida

Paul Gazzillo is an Assistant Professor of Computer Science at University of Central Florida. His research aims to make it easier to develop safe and secure software, and it spans programming languages, security, software engineering, and systems. Projects include program analysis... Read More →

OSS NA 2022 06 22 Krepair Gazzillo Yildiran pdf

Wednesday June 22, 2022 11:00am - 11:40am CDT
Lone Star F (Level 3)

LinuxCon, Programming Languages and Toolchains

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:00am CDT

ETL - Extract Trino Load - A Case for Trino as a Batch Processing Engine - Andrii Rosa, Starburst Data

Trino is a relatively new name in the open source space that was formerly known as the PrestoSQL. Trino is very well known for fast adhoc and exploratory workloads on data lakes and heterogeneous data sources. When you want to provide your data scientists with the ability to query across your data landscape by joining live operational data with historical data, Trino is the state-of-the-art. Trino and Presto were initially built to replace Hive workloads at Facebook and handled massive petabyte-scale batch workloads. Yet across the board, Trino was not being widely adopted as a batch ETL engine to solve these workloads. As it turns out, one of the features that drive Trino's incredible speed was forgoing failure recovery measures to buy faster queries. In practice, many desire the opportunity to have the system running the query to facilitate the recovery from failures. The Trino community has banded around supporting native granular failure recovery to improve resiliency in the event of a failure. This brings Trino to a new frontier by enabling both exploratory and failure recovery for long-running workloads so that engineers and analysts do not have to shift between systems to run their queries.

Speakers

Andrii Rosa

Software Engineer, Starburst Data

Trino maintainer and distributed systems enthusiast. Currently working at Starburst on expanding Trino capabilities to better support long running, resource intensive queries that are common in ETL space. Previously worked at Facebook on Presto on Spark technology to support petabyte... Read More →

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Senior-level
Session Type In-person Speaker(s)

11:00am CDT

Panel Discussion: A Decade of Open Source in China - Insights Report with Chinese OSPO's Best Practices - Xiaoya Xia & Wei Wang; ECNU; Richard Sikang Bian, Ant Group; Rong Wang, Alibaba Group

Open-source development and the overall OSS ecosystem in China have enjoyed rapid growth in the past 10 years. We observed high-quality, fast-growing repositories as well as the explosive increase of total active developers. The total number of Chinese developers on GitHub has been ranked 2nd globally. Among all the players, contributions from the big companies are not to be ignored. Those companies have experienced growing pain and they gradually realized the importance of having an Open Source Program Office (OSPO). OSPO is not only a governance entity to ensure compliance and safety of OSS, but also a strategic initiative that could lead to competitive advantages. This speech is based on GitHub open-source data metrics and analysis. The findings cover both macro and micro perspectives, presenting a global trend of the overall OSS development. Moreover, the study shares first-hand experiences of how Chinese enterprises (such as Alibaba) pragmatically participate in building OSS communities. The speech also shares Alibaba OSPO and Ant Group OSPO’s best practices of spearheading OSS strategy, governance, and community management. We hope more companies would see the irreplaceable benefits of OSPO in healthy and sustainable open source development.

Speakers

Xiaoya Xia

Ph.D. Student, ECNU

Xiaoya is a Ph.D. student at East China Normal University, Shanghai, China. The main research focus is open source community health and sustainability. She is an active member of CHAOSS community and one of the initiators of CHAOSS China community.

Richard Sikang Bian

Lead Technical Strategist, Ant Group

Richard Sikang Bian is currently working at Ant Group’s Technical Strategic Development team. As an engineer by training, Richard was an ex-Square, ex-Microsoft seasoned software engineer who had been living in the States for 10+ years before joining Ant Group.Richard’s current... Read More →

Rong Wang

Alibaba Group, Operations Manager

Rong Wang is a skillful operation manager of the Alibaba Open Source Program Office.

Wei Wang

Professor, ECNU

Wang Wei is a full-time researcher and doctoral supervisor of the School of Data Science and Engineering, East China Normal University. He is the director of the National Computer Science Education Research Center, and the founder of X-lab, Vice Chairman of Kaiyuanshe, Senior Member... Read More →

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Entry-level
Session Type Virtual Speaker(s)

11:00am CDT

Dear Security, Compliance, and Auditors, We’re Sorry. Love, DevOps. - Bill Bensing, Red Hat

Stop it with the DevSecAuditComplianceOps buzzwords within the software supply chain. Let’s simply talk about Modern Governance. Great software supply chain hygiene requires governance. Governance stinks because we do it wrong. I promise to give you the means to go from commit to production with 100% no-human-hands. All while meeting visibility, security, compliance, and audit requirements without fail. Modern Governance applies to standard line-of-business software, machine learning, edge, IoT, and any other software artifact. DevOps solved the Developer and Operators conflict. It forgot other essential folks of the delivery lifecycle: Security, Compliance, and Audit. It's also missing the newest entrant, Software Supply Chain Management. We will talk about Modern Governance. Modern Governance resolves governance toil with a software engineering approach. It is no different than applying Site Reliability Engineering (SRE) principles & practices to the dull, mundane, and toil-ridden governance processes.

Speakers

Bill Bensing

Managing Architect, Red Hat

Bill Bensing has driven a tech-fueled world since discovering Notepad. He teaches organizations to create inclusive environments that allow anyone to develop software. Bill prides himself on building Shadow IT organizations. He believes a healthy Shadow IT presence drives real Business-IT... Read More →

We're Sorry. Love, DevOps Open Source Summit 2022 Bill Bensing pdf

Wednesday June 22, 2022 11:00am - 11:40am CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Measuring Risk of Potential & Already-included OSS

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:00am CDT

Sponsored Session: Malicious Package Trends Compared With Malware Evolution - Daniel Elkabes, MEND

Malicious actors upload their packages into our community package managers on a daily basis. Not surprisingly, malware found in package managers often shares characteristics with malware found elsewhere in cyberspace, providing a valuable learning opportunity. Daniel will analyze those similarities, as well as digging into key differentiators found in open-source-based malware. By comparing the latest tactics and techniques used with malicious packages to the overall evolution of general malware, he will forecast likely future developments for this area and will conclude by a review of key tactics to combat this growing threat and draw tactical lessons from security solutions built for general malware.

Speakers

Daniel Elkabes

Vulnerability Research Team Leader, MEND

Daniel Elkabes is a security researcher, team leader, speaker, and cybersecurity thought leader. Daniel has led multiple projects, building research labs that provided outstanding delivery while experiencing exponential growth.

Malicious Package Trends Compared With Malware Evolution Daniel Elkabes, MEND pptx

Wednesday June 22, 2022 11:00am - 11:40am CDT
Brazos (Level 2)

SupplyChainSecurityCon

Session Type In-person Speaker(s)
Session Slides Attached Yes

11:00am CDT

Tutorial: Cloud Native Building Blocks: An Interactive Envoy Proxy Workshop - Jim Barton & Adam Sayah, solo.io

Envoy Proxy is a foundational layer for many of the innovations propelling the Kubernetes community, including service meshes and cloud-native API gateways. But many engineers understand it only as a black-box, hidden by simplifying levels of abstraction. The purpose of this workshop is to provide a hands-on workshop that will bridge those gaps in Envoy understanding. Participants will explore first principles regarding Envoy architecture, filter chains, and a day-in-the-life of a request. Users will then put those principles to work interactively. Every participant will have access to a computing environment via their web browsers to a Kubernetes K3s platform provisioned with Envoy and supporting tools. From there, users will explore the life of a request through a maze of transforms, custom processing with WebAssembly, and request routing. They will further learn to employ standard Envoy tools like metrics, access logging, and the Tap filter to solve real-world problems.

Speakers

Adam Sayah

Field Engineer, solo.io

Adam Sayah is Field Engineer at Solo.io, a company specializing in open source and enterprise software for application networking from the edge to service mesh. At Solo.io, Adam helps organizations build and operate robust cloud-native architecture. Prior to Solo.io, Adam held software... Read More →

Jim Barton

Field Engineer, Solo.io

Jim Barton is a Field Engineer for Solo.io whose enterprise software career spans 30 years. He has enjoyed roles as a project engineer, sales and consulting engineer, product development manager, and executive leader of tech startups. Prior to Solo, he spent a decade architecting... Read More →

Envoy Workshop OSS NA22 pdf

Wednesday June 22, 2022 11:00am - 12:30pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Cloud native Essentials

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Cloud Native My Camel: from Low Code to Pro Code, inject Serverless and Cloud Native Goodness Into Your App Dev with Apache Camel - Michael Costello, Red Hat

With the rise of cloud native architectures, cloud services, and increasing needs for rapid application development the need for integration has become front and center in our race to the cloud. Apache Camel 3 in combination with its Kubernetes native accompaniment integration platform as a service Camel-K presents a low code to pro code vision of this integration layer in our cloud native architectures by exploiting underlying cloud native Kubernetes capabilities. Featuring low code cloud connectors (via Apache Camel Kamelets), serverless capabilities via Knative, native Service Mesh integration, as well as standard IPaas capabilities such as a cloud native build system, governance capabilities, and a polyglot Apache Camel DSL, Camel-K presents a cloud native integration platform as a service that ensures our race to the cloud doesn't turn into a series of native to that cloud deployments but the cloud native goodness that enables our enterprises. All that with a revamped, and expanded set of Apache Camel 3 components that allows pro-code cloud native application deployments to deliver best in class service integration. In this talk, we'll demonstrate these capabilities, discuss cloud native architectures, and discuss emerging needs of our cloud native deployments.

Speakers

Michael Costello

Senior Architect, Red Hat

https://mike-costello.github.io/about/ Mike has spent the last 2 decades in the enterprise integration space. Beginning with his love for J2EE, emerged a love for Service Oriented Architecture and as the years carried on his romance with MicroServices and cloud native distributed... Read More →

Mike Costello.OSS NA22.FINAL pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 310/311 (Level 3)

CloudOpen, Architectures and Architectural Patterns

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Your Own Little HA Cloud at the Edge (or at Home) - Stephane Graber, Canonical Ltd.

Who wouldn't want to own their own little cloud, running only their own instances on their own hardware, yet still benefiting from a highly available environment including distributed storage and networking. This is what we'll be exploring in this talk, combining LXD as a self-hosted mini-cloud with CEPH for storage and OVN for network. That combination allows for a fully redundant deployment on as little as 3 machines and can run hundreds or thousands of containers or virtual machines, be managed from anywhere and run just about any workload you can think of (GPU and all included). Whether you want something like this as a homelab running on some Raspberry Pis or running it in a co-location facility with a few small servers or deploying it at the edge, you always get the same thing, something which feels like a cloud but that you fully own and can easily reshape to your liking. This talk will start by going over what LXD, CEPH and OVN are, how they can work together to provide a highly available deployment on as little as 3 machines and then will go over how to actually deploy this in just a few minutes on low cost hardware.

Speakers

Stephane Graber

Project leader for LXD, Canonical Ltd.

Stéphane Graber is the upstream project leader for LXC and LXD at Canonical and a frequent speaker and track leader at events related to containers and Linux. Stéphane is a longtime contributor to the Ubuntu Linux distribution as an Ubuntu core developer and previous Ubuntu technical... Read More →

OSSNA 2021 Your Own Little HA Cloud at the Edge (or at Home) pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 303/304 (Level 3)

CloudOpen, Open Cloud Infrastructure

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Remote Doesn’t Mean Distant - Managing Teams Effectively from Different Geographies - David Bevan, Collabora

Dave Bevan manages 29 people Across 13 different countries Across 7 different time zones. Dave also only speaks one language. I guess we should wish him luck. Yet within his first 6 months at Collabora, feedback he is receiving includes being the best manager these 29 people have ever had. This is a man, supporting software engineers with no idea of the difference between pipewire and pipecleaner and who thought mixing wine and a computer together was a bad idea and only knew of the wine that could be drunk from the glass or the bottle. Dave will talk about forming relationships quickly with people in a remote environment and share strategies and encourage discussion on how you can do this as well. Dave will talk about initiatives he has introduced not only to help him connect with people remotely but also to encourage and build a sense of team and belonging within his team of engineer’s. It’s not about technical expertise, its not about being fluent in a specific language, and as much as it pains Dave to admit, its not even about wine (although if you see him at the bar feel free to buy him a class), it’s about genuinely being interested and genuinely caring in people. As a leader within the community, Dave hopes you care enough to come and join the conversation.

Speakers

David Bevan

Engineering People Lead Manager, Collabora

Remote doesnt mean distant Dave B 220622 pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 205 (Level 2)

Community Leadership Conference, Remote Team Management and Methods

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Containers Security Layers and How Not to Break them - Aviv Sasson, Palo Alto Networks

Containers are glorified by the fact that no one can escape them, and frankly - escaping containers is a tricky and complex task that is impossible in most scenarios. Many security layers restrict the container in order to prevent an escape. But what are those layers? How do they work? What are their defaults? Can we modify them? Should we? This session will present the Linux kernel features and mechanisms that make up those layers, including Capabilities, Seccomp, SELinux, and AppArmor. It will discuss how container runtimes implement them to create a security stack that keeps the container tamed and whether if it is possible to modify them for specific use cases while explaining the security risks of such actions.

Speakers

Aviv Sasson

Security research team lead, Palo Alto Networks

Aviv Sasson is a security research team lead in Palo Alto Networks under Prisma Cloud, specializing in cloud, network, and application security. He started his career in the Israeli intelligence forces and continued to work in the cyber security industry. In his current role, he looks... Read More →

OSS NA 2022 pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Lone Star H (Level 3)

ContainerCon, Security/Authentication

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Automotive Ethernet: Future of Connected Vehicles - Ravi Dineshbhai Patel & Sriranjani P, Samsung Semiconductor India R&D

The trend of connected and autonomous vehicles is becoming hot which requires integration of more number of sensors and controllers in the vehicle. This in turn requires proper communication infrastructure which supports bandwidth, latency, reliability and real time data. There are different protocols like CAN, Flexray, LIN, etc. are available but automotive ethernet is emerging to overcome other protocol’s limitations. This session talks about the need of automotive ethernet over other protocols and motivation behind it, how it is different from the normal ethernet and why normal ethernet cannot be used in automotive domain. The session will discuss the detailed overview of automotive ethernet including frame format, types of automotive ethernet and its supported protocols. The session will talk about the current support of automotive ethernet in the Linux like: • Time Sensitive Networking (TSN) using Precision Time Protocol (PTP) • PHY support like 100BASE-T1, 1000BASE-T1 etc. At the end, the discussion on the possible shortfalls and alternatives of automotive Ethernet will be covered.

Speakers

Sriranjani P

Samsung Semiconductor India R&D, Associate Staff Engineer

Sriranjani has 4 years of experience in Embedded Industry, currently working as Associate Staff Engineer in Samsung Semiconductor India R&D. She is contributing in Linux device driver development and testing focusing on Connectivity IPs mainly Ethernet and CAN. She is also working... Read More →

Ravi Dineshbhai Patel

Staff Engineer, Samsung Semiconductor India R&D

Ravi Patel is a Staff engineer at Samsung Semiconductor India R&D and having 7 years of experience in the embedded software industry and currently working in connectivity group. He previously worked on Bluetooth Low Energy and has experience in Linux Kernel, U-Boot and Arm Trusted... Read More →

OSS ELC 2022 Automotive Ethernet pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Network and Wireless Technologies in Embedded Systems, Linux in Automotive

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:50am CDT

Shhh - Stop Sharing Secrets, a Secure Mindset for Embedded Development - Andy Doan & Ricardo Salveti, Foundries.io

I recently posted a support question to a major cloud provider to see how my embedded devices could securely connect with their private container registry. The answer - create a file with a username/password on each device. We can do better. We deserve better. Security for embedded products is complicated. There are multiple layers and dimensions so that "security" can't be turned into a simple one paragraph answer. However, if we step back to some first principles, we can create a mindset and approach for building secure embedded products. This talk will cover ways to secure an embedded device. Hardware Security Modules(HSMs) and what they can do secure communication to the cloud will play a staring role. Topics like x509 PKI basics and ECIES encryption for securing data on devices will be covered as well. In the end, you'll be armed with some tricks to make your embedded product a little more secure.

Speakers

Ricardo Salveti

Principal Engineer, Foundries.io

Ricardo has over 14 years of experience developing Linux Embedded products, working for companies such as IBM, Nokia (INdT), Canonical and Linaro prior to Foundries.io. Ricardo has extensive experience working with kernel, bootloader, security, Android BSP/HAL, Debian/Ubuntu and OpenEmbedded/Yocto... Read More →

Andy Doan

Principal Engineer, Foundries.io

Andy has spent the last 20 years working on both embedded and backend systems. He started embedded work on IBM BladeCenter firmware before moving to Linaro to lead teams including the LAVA test framework. Andy previously worked as a technical lead at Canonical, building CI systems... Read More →

Shhh, stop sharing secrets! ELC2022 pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Security

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Lightning Fast Java Application Startup Using Checkpoint/Restore with Eclipse OpenJ9 - Thomas Watson, IBM

In serverless environments it is desirable to have applications that can startup very quickly. Very fast startup can enable scale to zero when deploying applications to Kubernetes with technologies like Knative. Many popular Java frameworks have looked to using native compilation using GraalVM with the Substrate native compiler to achieve very fast startup. For many Java applications compiling to native is quite difficult and often times not possible without large amounts of effort. In this talk Tom will discuss another approach that uses Linux Checkout/Restore (CRIU). CRIU is a feature on Linux that enables a snapshot of a running application to be taken. This snapshot can be restored very quickly from the point the snapshot was taken. One advantage of this approach is that once the application is restored it is business as usual for the application. All the functionality of a normal Java environment are available to the application once it is restored. No additional changes should be necessary for the application to take advantage of the instant on functionality provided by CRIU. Tom will discuss the work the Eclipse OpenJ9 and Open Liberty projects are doing to safely be able to use Checkpoint/Restore for achieving "instant on" for Java Applications.

Speakers

Thomas Watson

Senior Software Engineer, IBM

Thomas Watson has 20 years experience contributing to and leading various open source projects at the Eclipse and the Apache Foundations. His current focus includes development of the Open Liberty project, moving the Eclipse Jakarta and Eclipse OSGi specifications forward as well... Read More →

OSS NA22 Linuxon LightningFastJava pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Lone Star F (Level 3)

LinuxCon, Checkpoint/Restart

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Evolution of Milvus Cloud-Scalable Vector Database - Charles Xie & Frank Liu, Zilliz

The total amount of digital data generated worldwide is increasing at a rapid rate. Simultaneously, approximately 80% (and growing) of this newly generated data is unstructured data - data that does not conform to a table- or object-based model. Examples of unstructured data include text, images, protein structures, geospatial information, and IoT data streams. Despite this, the vast majority of companies and organizations do not have a way of storing and analyzing these increasingly large quantities of unstructured data. Embeddings - high-dimensional, dense vectors which represent the semantic content of unstructured data - can remedy this. Armed with this knowledge, it's clear that the mobile/IoT era necessitates a new type of cloud-native, fully distributed database purpose-built to store, search, and index large quantities of embedding vectors: Milvus.

In this presentation, we'll introduce the design of Milvus 2.0 - the world's most popular open-source vector database trusted by over 1000 organizations. Milvus 2.0 represents a complete paradigm shift in the underlying vector database architecture - cloud-native, horizontally scalable, and fully distributed. We will also briefly discuss the evolution from Milvus 1.0 to 2.0 and share various real-world use cases and applications.

Speakers

Charles Xie

CEO, Zilliz

Charles Xie is the founder and CEO of Zilliz, and the inventor of the Milvus vector database system. He is currently a board member of LF AI & Data Foundation, and before that he served as the board's chairperson in 2020 and 2021. Prior to Zilliz, Charles was a founding engineer of... Read More →

Frank Liu

Director of Operations & ML Architect, Zilliz

Frank Liu is the Director of Operations and ML Architect at Zilliz with over 8 years of industry experience in machine learning and hardware engineering. Prior to joining Zilliz, Frank co-founded an IoT startup based in Shanghai and worked as a ML Software Engineer at Yahoo in San... Read More →

2022 oss milvus pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

The TRUE Cost of Open Source - Suzanne Ambiel, VMware

The True Cost of Open Source - and how OSPOs can help As companies increase their use of open source - or, more likely, increase their awareness of their actual use of open source, greater scrutiny and investment is paramount. In many organizations today, open source software is often the last in line for investment: as a “free” resource, it doesn’t rise to level of budgetary impact and influence that it should. And the data shows that while the consumption of open source is rising the contribution activity is flat to declining. This presentation will use common economic theory to unveil some of the challenges of open source: including the free rider problem, the paradox of value, and the tragedy of the commons. We’ll look at how OSPOs can help an organization elevate the strategic significance of open source, and influence investment in key projects. The advice in this presentation will help you move your open source participation from a passive, ad-hoc consumption model to one that’s more strategic and future forward. Learn how to justify open source participation to strike a good balance between your business needs and the needs of the open source community. (Note this presentation will focus on the role of OSPOs, less on project health)

Speakers

Suzanne Ambiel

Director, Open Source Marketing & Strategy, VMware

Suzanne is the Director of Open Source Marketing and Strategy at VMware working side by side with VMware's OSPO. A 12-year veteran of VMware, Suzanne began her journey in open source with the inception of VMware's OSPO team. She's presented at Open Source Summit, Linux Foundation... Read More →

OpenSource Summit2022 Austin pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

Going Beyond Metadata: Why We Need to Think of Adopting Static Analysis in Dependency Tools - Joseph Hejderup, TU Delft | Endor Labs

Plugins to package managers such as cargo audit, npm audit, and dependency bots such as Dependabot or Renovate primarily rely on making recommendations to developers by analyzing build manifests in projects. Metadata analyses (or dependency tree analyses) are typically insufficient for making quick decisions on whether a project is affected, for example, by a security or performance bug. Much effort goes into testing and manual code reviews to determine whether a project is affected---not many analysis looks into how projects "actually use" their dependencies at the source code level. As more and more dependency-analysis-based projects are looking to integrate some form of static analysis in their products, we will in this talk focus on the challenges of incorporating static analysis: cases where it is helpful and not helpful, practical examples demonstrating substantial differences between metadata and static analysis, and what new "powers" static analysis brings to package repository-level analytics.

Speakers

Joseph Hejderup

Software Engineer, Endor Labs

Part-time developer, part-time PhD student, full-time enthusiast in developing and researching techniques that makes package management system more intelligent and resilient against supply chain problems! Joseph Hejderup (Software Engineer at Endor Labs & PhD student at Delft University... Read More →

beyond metadata hejderup ossna22 pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Countering use of a bad dependency

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:50am CDT

How Do We Rank Project Risk? - Jacques Chester, Shopify

Somewhere, right now, out there in the world, lurks libnebraska*. To most of us it seems innocuous and maybe even irrelevant. But it turns out to be on the critical dependency path for massive swathes of software worldwide. If a vulnerability affects libnebraska, or someone malicious takes control of it, we're all in a world of hurt.

How can we identify libnebraska? How can we estimate its risks? How can we classify projects into Alpha and Omega categories? Who should make these identifications and estimates? How should they do it?

In this talk, Jacques will discuss various methods for integrating the information that can be found in expert opinions. As an adjunct to data-driven methods, aggregation of expert opinions may be vital to identifying and protecting the next libnebraska.

* https://xkcd.com/2347/

Speakers

Jacques Chester

Senior Staff Software Developer, Shopify

Jacques is a Senior Staff Software Developer in Shopify's Ruby Dependency Security team under the Ruby & Rails Infrastructure group. He leads work on upstream and community improvements to supply chain security, with a focus on the Ruby ecosystem. Previously he worked in cloud native... Read More →

Jacques Chester How Do We Rank Project Risk SupplyChainSecurityCon 2022 pdf

Wednesday June 22, 2022 11:50am - 12:30pm CDT
Brazos (Level 2)

SupplyChainSecurityCon, Measuring Risk of Potential & Already-included OSS

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:30pm CDT

Lunch (Attendees on Own)

Wednesday June 22, 2022 12:30pm - 1:45pm CDT
Lunch Maps Available at the Registration Counter (Level 4)

Special Events / Exhibits / Breaks

1:45pm CDT

Creating an Open Source Fraud Risk Management System in Order to Close the Financial Inclusion Gap - Greg McCormick, Sybrin Systems (PTY) Ltd., Mojaloop Foundation

Fraud is expensive for everyone, but seriously detrimental to those in the financial inclusion gap. Fraud Risk Management Systems are expensive, so, they aren’t used where they are needed the most. Can a reliable and safe Fraud Risk Management system be built entirely with open source products? Can the solution itself be open source? This talk will discuss: - The scale up and scale down challenge - How do you build an open source system that stops fraud, money laundering and terrorist financing and not expose to fraudsters how to defeat the system? - Recommended Use Cases • Algorithmic system not an AI black box • The stack and architectural design. • Brief recorded demo. • Performance Optimizations.

Speakers

Greg McCormick

Chief Strategic Business Development Officer, Sybrin Systems (PTY) Ltd., Technical Governing Board Delegate (Mojaloop Foundation), Sybrin Systems (PTY) Ltd., Mojaloop Foundation

Greg McCormick, Sybrin Systems Chief Strategic Development Officer, is a 30 year tech industry veteran having founded various companies, been involved in turnarounds and at the corporate level. Starting out as a network engineer, developer, and architect he has held various roles... Read More →

Mojaloop Presentation OSS 2022 Greg McCormick 2 pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 310/311 (Level 3)

CloudOpen, Cloud Native Storage

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

1:45pm CDT

OpenSearch Helps You to Adopt a Friend - Laysa Uchoa, Aiven

OpenSearch is a community-driven, open-source fork of Elasticsearch and Kibana. Developers who are curious about how search in OpenSearch works will be welcome in this session. Finding a four-pawed friend to adopt can be challenging. If you live in a small flat, you may have some requirements regarding the size of pet you can accommodate. But can OpenSearch assist you in this search? We will try! In this talk, we will learn how to write and run search queries on our OpenSearch cluster with the purpose to find your future friend. We will cover the most common queries from term-level, full-text queries and boolean queries. We will be playing with an interesting pet dataset and the Python OpenSearch client.

Speakers

Laysa Uchoa

Staff developer advocate, Aiven

I'm a developer working towards a more diverse and fun Python community by organizing Pyladies Munich Chapter. My passion for sharing knowledge and OSS has led me to work as developer advocate for Aiven. I help users understand databases and do cool things with them. Besides Python... Read More →

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 303/304 (Level 3)

CloudOpen, Storage and Databases

Experience Level Mid-level
Session Type Virtual Speaker(s)

1:45pm CDT

Personnel Chaos Engineering and Building a Resilient Organizational Structure - Jennifer D Bergstrom, Parsons

Chaos Engineering is a strategy used by many in the technology industry to validate the resiliency and fault tolerance of their software and infrastructure as code solutions. However, Chaos Engineering is valuable as a tactic across more than simply the software and infrastructure of systems running in production. Chaos Engineering can also be used to test the security of systems and the resiliency of corporate personnel structures, processes, and tools. During this presentation, Jenn will walk through the history of Chaos Engineering and present examples of experiments that can be used to test an organization's resiliency. Just as deliberate injection of failure states into an operational environment can have unexpected ripple effects, injection of failure states into an organization's staffing profile, processes, and tooling can as well. How resilient is your corporate structure? Does it contain key personnel that are single points of failure? How can a corporation build a more resilient organizational profile without adding unnecessary expense and personnel redundancy? Jenn will talk about strategies to mitigate single points of failure within an organization without driving up cost.

Speakers

Jenn Bergstrom

Senior Director, Parsons Fellow, Parsons

Jenn is a Parsons Fellow, recognized for expertise in Chaos Engineering, Multi-Cloud Architectures, and DevSecOps. She has over 15 years experience in the software industry, the past 5 of which have been focused on Cloud and DevSecOps solutions. Jenn cares deeply about increasing... Read More →

PersonnelChaosEngineeringJune2022 v3 pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 205 (Level 2)

Community Leadership Conference, DevOps Culture

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

1:45pm CDT

Kubernetes is Your Cloud Control Plane - Josh Gavant, Red Hat

Kubernetes accelerates app development by providing a standard interface for managing compute, network and storage in any cloud or datacenter. But the promised value of cloud computing depends on more than these; developers need higher-level services too, like databases, streams, buckets, identities, monitors and pipelines. And so Kubernetes' next act is to deliver high-level capabilities on any underlying provider via the same consistent interfaces used for compute, network and storage. That is, soon every dependency of your app will be described and managed by Kubernetes resources and their controllers.

In this session we'll describe how the Kubernetes API and custom resource definition emerged as an open standard for describing cloud infrastructure, services and apps. We'll discuss paradigms and frameworks used to build and manage controllers for these resources and compare and contrast types published by several providers, like Strimzi's KafkaTopic, cert-manager's Certificate or a DynamoDB Table. We'll demonstrate conventions emerging from projects like Crossplane and Operator Framework to provide consistency and simplicity for developers and operators of custom resources. And we'll review common problems that Kubernetes resource providers must handle, such as publishing connection secrets and managing controller provisioning and updates.

Speakers

Josh Gavant

Solution Architect, Red Hat, Inc.

Josh has worked on cloud, Kubernetes and DevOps since their inception some 15 years ago. He has managed products and services for cloud developers; architected cloud solutions for businesses; and himself engineered such solutions. Today he advocates for cloud users as a member of... Read More →

Kubernetes is Your Cloud Control Plane pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Lone Star H (Level 3)

ContainerCon, Infrastructure

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

1:45pm CDT

Panel Discussion: Enabling Linux in Safety Applications - Jeffrey Osier-Mixon & Gabriele Paoloni, Red Hat; Kate Stewart, The Linux Foundation; Elana Copperman, Mobileye; Philipp Ahmann, Robert Bosch GmbH; Paul Albertella & Milan Lakhani, Codethink

Meeting business and safety objectives while building safety critical applications is a huge challenge for any industry, particularly those who have not had previous experience with open source and Linux. ELISA's charter is to help industries navigate technical and non-technical challenges in order to bring the benefits of open source to safety applications and help organizations provide the rigor needed for certification. This panel features ELISA working group leads who will share their vision of making Linux a prominent player for FuSa applications in several industries. Join us to learn more about the project and how you can contribute to the community's overall success. Panelists: Gabriele Paoloni, Red Hat (ELISA board chair) Kate Stewart, Linux Foundation (ELISA Executive Director) Paul Albertella, CodeThink (Open Source Engineering Process) Elana Copperman, Intel (Linux Features) Philipp Ahmann, ADIT (Automotive) Milan Lakhani, Codethink (Medical Devices) Moderator: Jeffrey Osier-Mixon, Red Hat (ELISA Ambassador)

Speakers

Paul Albertella

Consultant, Codethink

Paul Albertella is a consultant at Codethink, with more than 30 years of experience in the automotive, semiconductor and mobile device sectors. He's passionate about software engineering processes and the role that open source software and communities are playing in their evolution... Read More →

Milan Lakhani

Software Engineer, Codethink Ltd

Software engineer and safety consultant at Codethink with experience with React, Python, R, C and Java and have completed a Machine Learning course in Matlab. Interested in safety, medical devices, the kernel and new technology.

Philipp Ahmann

Product Manager - Embedded Open Source, Robert Bosch GmbH

Philipp Ahmann is a technical business development manager at Robert Bosch GmbH with focus on Open Source activities. He represents the ELISA project of the Linux Foundation as technical steering committee chair and leads the automotive as well as systems work group. He has more than... Read More →

Elana Copperman

Safety Software Architect, Mobileye

Elana Copperman, PhD is a System Safety Architect at Mobileye (part of Intel). She provides support for designing safety features in Mobileye products, including system boot; drivers; automotive control units; and Linux infrastructure. Before working at Mobileye, she worked as a Security... Read More →

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Kate Stewart is Vice President of Dependable Embedded Systems at the Linux Foundation. She works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched... Read More →

Jeffrey Osier-Mixon

Senior Principal Community Architect, Red Hat

Jeffrey "Jefro" Osier-Mixon is a Senior Principal Community Architect within the Office of the CTO at Red Hat, focusing on the automotive and energy industry verticals. A 30-year industry veteran, he previously worked with RISC-V, LF Energy, Yocto Project, Zephyr Project, and Project... Read More →

Gabriele Paoloni

Open Source Technical Leader (FuSa), Red Hat

Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat where he defines best methodologies and requirements to qualify Linux for functional safety usage.

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 211/212 (Level 2)

Critical Software Summit, Safety Considerations when Developing Products based on OS Projects

Experience Level Any
Session Type Virtual Speaker(s)

1:45pm CDT

Lessons Learned Supporting Nearly 200,000 IoT Devices - Marc Pous, Balena.io

Deploying IoT devices in bulk, and then managing and maintaining that fleet of devices is hard work! At Balena, our customers do that everyday, and when they run into trouble, we do our best to help and support them. As a result, we’ve seen firsthand (many times over now!) how projects can succeed, or fail. In this talk, we’ll capture some of the best practices and lessons we’ve learned over the years, helping customers deploy and maintain fleets of hundreds, thousands, and tens of thousands of Edge and IoT devices. Specifically, we’ll discuss and explain some FleetOps strategies we’ve seen be successful, we’ll cover some basic connectivity choices and best practices for IoT devices, talk about storage media and SD Card corruption, and finish up with a quick discussion of hardware selection (which can be quite challenging with the current Chip Shortage and Supply Chain issues) based on anticipated workload and environmental constraints such as power, size, and thermal considerations. We'll be sure to leave plenty of time for questions and discussion, because attendees will likely have some stories of their own to share.

Speakers

Marc Pous

IoT Giant & Developer Advocate, balena.io

Marc is currently the balena.io Developer Advocate. Former co-founder of the IoT platform startup. He has more than 15 years of experience connecting things to the Internet. Marc is a co-founder of the IoT Coffe Talk and member of the Internet of Things Council. He is also responsible for managing the IoT comm... Read More →

OSS NA22 EmbeddedLinuxConference Lessons learned supporting nearly 200k iot devices.pptx pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Practical Experiences and War Stories

Experience Level Any
Session Type Virtual Speaker(s)
Session Slides Attached Yes

1:45pm CDT

Tools and Techniques to Debug an Embedded Linux System - Sergio Prado, Embedded Labworks

There are several techniques to debug an embedded Linux system that can be applied in both user space and kernel space. Depending on the problem, you may need different tools, like addr2line for crash dump and kernel oops analysis, GDB for interactive (remote) debugging, ftrace for kernel tracing, valgring to catch memory-related issues, strace/ltrace for user space applications tracing, perf/gprof for application profiling, etc. In this talk, we will learn how these and many other tools and techniques can be applied to improve the quality and find/fix bugs faster on an embedded Linux system.

Speakers

Sergio Prado

Consultant & Trainer, Embedded Labworks

Sergio Prado has been working with embedded systems for more than 25 years, providing consulting and training services for companies worldwide. He also writes on his blog at sergioprado.blog and contributes to several free and open-source projects, including Buildroot, Yocto Project... Read More →

slides debugging pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Build Systems & Embedded Distributions & Development Tools

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

1:45pm CDT

Postmortem Analysis with Kexec/kdump and Ftrace - Steven Rostedt, Google

There are times when the system panics and the cause is very hard to diagnose. Running a trace can help you find what lead up to the bug, but the problem now remains to be extracting the tracing data. The command ftrace_dump_on_oops can trigger the tracing data to spit out over the console, but there may be some scenarios which may make that not possible. The crash may be from a customer, and all you can get is the core dump from it. Kexec/kdump along with the crash utility can produce a lot of information to help diagnose a cause of a kernel crash. But few people know that there's a plugin that allows you to extract the ftrace buffers and create a trace.dat file that trace-cmd and KernelShark can read. This talk will go over how to extract the ftrace ring buffer from a Linux kernel core dump from crash, and use it to debug the cause of the panic. It will also describe various issues that can arise in trying to accomplish this (as crash is fragile with the constantly changing kernel) and the ways to mitigate those problems.

Speakers

Steven Rostedt

Software engineer, Google

Postmortem Kexec, Kdump and Ftrace pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Lone Star F (Level 3)

LinuxCon, Tracing

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

1:45pm CDT

Mitigating Bias in Models with SHAP and Fairlearn - Sean Owen, Databricks

Issues of "fairness" in machine learning are rightfully at the forefront today. It's not enough to have an accurate model; practitioners increasingly need to assess when and why a predictive model's results are unfair, often to groups of people. While much has already been said about detecting unfairness or bias, relatively less attention has been given to what to do about it. My model output is "unfair"; now what? This session will examine how open source tools like SHAP and Microsoft's Fairlearn can be used to actually correct for model bias. It will also discuss what "fair" even means and the tradeoffs that different answers imply. In the accompanying technical demo, these tools will be used, along with xgboost and MLflow, to show how two different mitigation strategies can be retrofit to modeling pipelines.

Speakers

Sean Owen

Principal Solutions Architect, Databricks

Sean is a principal solutions architect helping lead machine learning and data science at Databricks. He is an Apache Spark committer and PMC member, and co-author Advanced Analytics with Spark. Previously, he was director of Data Science at Cloudera and an engineer at Google.

Mitigating Bias in ML with SHAP and Fairlearn pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Trusted and Responsible AI

Experience Level Mid-level
Session Type In-person Speaker(s)

1:45pm CDT

Sponsored Session: Consumers to Contributors - Open Source as a Competitive Advantage - Brendan O'Leary, GitLab

Open Source software is ubiquitous and impossible to ignore. Most every company will utilize open source software and it can become your biggest asset or the cause of the biggest problems. Most of the time, we consume open source without really considering the long-term impact on our business. So why would a business, enterprise, or organization decide to become a Contributor instead of just a Consumer?

In this talk, we'll look at some of the biggest success stories in enterprise open source software partnerships - as well as some of the cautionary tales. The more an organization is involved in co-creating the open source packages they use, the more both the organization and the open source project benefit.

This session is for everyone: open source maintainers, OSPO leaders, or just open source advocates in large enterprises. At the end of our session, you'll be able to articulate the tangible and emergent benefits organizations and enterprises gain when they stop just consuming open source software and instead embrace "Everyone can contribute."

Speakers

Brendan O'Leary

Staff Developer Evangelist, GitLab

Brendan O'Leary is a Staff Developer Evangelist at GitLab, the DevOps platform, and a governing board member at the Cloud Native Computing Foundation and advisor to various startups. He has a passion for software development and iterating processes just as quickly as we iterate on... Read More →

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Lone Star G (Level 3)

Open Source On-Ramp

Session Type In-person Speaker(s)

1:45pm CDT

The SPDX License List: What, Why and How - Steve Winslow, Boston Technology Law

If you've developed or used any open source code, you've probably encountered the challenges of understanding and tracking which licenses apply to that code. If you've done so in recent years, you've probably also encountered identifiers from the SPDX License List, a community-curated list of licenses regularly seen in collaborative development. In this talk, Steve will explain what the SPDX License List is, what purposes it serves, and how newly-submitted licenses are evaluated for inclusion on the list. The talk will not focus on interpreting licenses or analyzing how to comply with them. Rather, it will discuss the nuances of how the SPDX License List is maintained and developed, so that projects, downstream users and OSPOs can appropriately use it for the benefit of their ecosystems.

Speakers

Steve Winslow

Counsel, Boston Technology Law

2022 06 22 SPDX License List Steve Winslow pdf

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 301/302 (Level 3)

OSPOCon, Compliance and Legal

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

1:45pm CDT

Kubernetes Risk Assessment: Time to Go One Level Deeper - Ariel Shuper, Cisco

At present, the common Kubernetes risk assessment framework is based on the popular CIS benchmarks for Kubernetes. This framework consists of a comprehensive set of tests covering all the Kubernetes elements' configuration. But the framework doesn't go deeper than the security configurations of the various elements. Real attacks can start by multiple elements expanding beyond security misconfigurations. Moreover, in the popular managed Kubernetes services (e.g., EKS, AKS or GKE), running these tests can be challenging. Hence, there's a need for an additional risk-assessment framework that can go deeper than the Kubernetes configurations, verifying that all other attack methods, steps, and stages are covered. This talk will show a new industry-driven framework led by MITRE crafting an ATT&CK matrix for containers/Kubernetes, which consist of tactics and techniques used in real attacks

Speakers

Ariel Shuper

Cloud Security Evangelist, Cisco

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Measuring Risk of Potential & Already-included OSS

Experience Level Mid-level
Session Type In-person Speaker(s)

1:45pm CDT

Sponsored Session: The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack - Jossef Harush Kadouri, Checkmarx

While commercial supply chain attacks are becoming more manageable, security teams have a much harder time with open-source software supply chains. This session will provide an attacker's perspective of open-source flows and flaws and dive into several unique supply chain weaknesses. Demos will show the ease of conducting different attacks and provide a perspective on defeating them as defenders.

Speakers

Jossef Harush Kadouri

Head of SCS Engineering, Checkmarx

Jossef loves contributing to the open-source community, and he's ranked in the top 1% on Stack Overflow. Jossef co-founded Dustico in 2020, a software supply chain security company acquired by Checkmarx in 2021, and priorly worked for several cybersecurity companies. Jossef and his... Read More →

Wednesday June 22, 2022 1:45pm - 2:25pm CDT
Brazos (Level 2)

SupplyChainSecurityCon

Session Type In-person Speaker(s)

2:00pm CDT

Speed Mentoring (Pre-registration Required)

Are you looking to grow your technical skills, get more involved in an open source community, or tackle a career-change? Whether you’re new or not so new to open source, we invite you to register to attend our Speed Mentoring event. You’ll have the chance to meet with several experienced mentors across many communities, from Linux and container technology to cloud and networking, for an inside perspective on advancing your career. Speed networking and mentoring will have career, technical and community tracks.

SIGN UP TO BE A MENTOR

SIGN UP TO BE A MENTEE

*You must be registered and attend this event in-person to participate.

Wednesday June 22, 2022 2:00pm - 3:45pm CDT
Room 402/403 (Level 4)

Special Events / Exhibits / Breaks

2:35pm CDT

Deep Dive on Real World Use Case in Capitalone on Serverless and How It Enables Its Partner's Redemption Capability - Gokul Prabagaren & Nagesh Kumar Vinnakota, Capital One

Capital One is first U.S Bank to exit out of on-prem legacy data centers. On this journey of adopting public cloud for our workloads,we have gone thro' a massive tech transformation across enterprise. Since 2020 all our workloads are running in public cloud. This talk will focus on one of such real customer use-case where we have adopted completely serverless pattern for one of partner's quartely redemption process. We will touch upon on our use-case and how it really benefits from serverless pattern. This can be helpful for organization or teams who are in similar journey

Speakers

Gokul Prabagaren

Engineering Manager, Capital One

Engineering Manager at CapitalOne. First Programming Language Personally : Basic First Programming Language Professionally : Java 1.4 on Sun Solaris Latest Stint : Running Apache Spark in Centos VMs and helping team deliver business value Speaker at IndyCloudConf2020, Spark AI Summit... Read More →

Nagesh Kumar Vinnakota

Engineering Manager, CapitalOne

Engineering Manager at CapitalOne.

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 310/311 (Level 3)

CloudOpen, Serverless and Functions-as-a-Service

Experience Level Mid-level
Session Type In-person Speaker(s)

2:35pm CDT

Turning Users Into Advocates, at Scale - Karin Wolok, StarTree

In the open source data space, having a friendly and engaged community behind your product is almost table stakes in 2022. But encouraging those community members to advocate for the product is a challenge on its own. People aren't going to promote something just because they've been asked to do so, they need to feel a deep affinity for it. If the community becomes part of their identity and who they are, it will be hard to stop them spreading the word! For the last 5 years I've been building programs that turn the most engaged users into advocates, first at Neo4j for the graph database community, and now at StarTree where we're building a community of real-time analytics enthusiasts. In this talk we'll cover strategies and tactics on how to build a program to encourage your users to advocate and how to do it at scale. I'll share the things that have worked (and those that haven't!) and you'll be left with some key takeaways that you can use to build your own community of advocates.

Speakers

Karin Wolok

Head of Developer Community, StarTree

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 205 (Level 2)

Community Leadership Conference, Advocacy and Evangelism

Experience Level Any
Session Type In-person Speaker(s)

2:35pm CDT

Sharing is NOT Caring: Stop Sharing Your Kubernetes Cluster Credentials - Leigh Capili & Nigel Brown, VMware

Attention Kubernetes admins! That kubeconfig your developer just downloaded has credentials that can compromise not just their system but potentially your entire Platform! Stop taking the risk and switch to using kubeconfigs that can be securely distributed to users. In this talk, we will discuss how an open source solution, Pinniped, helps solve your problem of secure kubeconfig generation. Pinniped kubeconfigs can be safely distributed as they don't have any user specific credentials. But users have authentication requirements beyond just safe kubeconfig generation, such as seamless cluster access without having to login multiple times a day, support for multiple clouds provider access, and the ability to integrate with various identity providers. In our session, we will deep dive into the architectural components of Pinniped and explain how they help solve the authentication challenges for Kubernetes users.

Speakers

Nigel Brown

Senior Developer Advocate - Cloud Native, Open Source, Intuit

Nigel is a Senior Developer Advocate at Intuit based in Austin, Texas. They were drawn to the craft of software engineering because of the agency it provides people to create and interact with worlds of their own making. They focus on Cloud Native technologies and their passions in... Read More →

Leigh Capili

Staff Developer Advocate, VMware

Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. He has a background in building software to manage infrastructure. Leigh contributes to Kubernetes and Flux and is frequently working on his next software demo. He also co-maintains Ignite... Read More →

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Lone Star H (Level 3)

ContainerCon, Security/Authentication

Experience Level Entry-level
Session Type In-person Speaker(s)

2:35pm CDT

Using FOSS as Part of a System Safety Mechanism - Paul Albertella, Codethink

Applying functional safety practices to free and open source software (FOSS) can seem challenging, because the communities that develop it very rarely exhibit all of the processes that safety standards expect. We can still make a case for using FOSS in a safety context, however, provided that we can control how we consume and construct it, specify its role and responsibilities, analyse the associated risks and specify how these are mitigated. As part of our ongoing work to accomplish this for systems based on Linux, Codethink have been investigating the range of safety-related responsibilities that FOSS might have in a system and how these may be defined or realised through interactions with other components, both hardware and software. An interesting example, which illustrates these interdependencies, relates to software safety mechanisms that are intended to mitigate random hardware failures. Arm have developed a software test library (STL) to provide this kind of mechanism for their processors. With Arm's support, Codethink have been integrating this for a Linux-based OS and testing it on the Raspberry Pi 4. We describe the challenges we encountered, the approach we took for integration and what we discovered in the process.

Speakers

Paul Albertella

Consultant, Codethink

Using FOSS as part of a system safety mechanism (final) pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 211/212 (Level 2)

Critical Software Summit, Safety Considerations when Developing Products based on OS Projects

Experience Level Mid-level
Session Type Virtual Speaker(s)

2:35pm CDT

Delving into the Linux Boot Process for an ARM SoC - Ajay Kumar & Thiagu Ramalingam, Samsung

Ever wondered how you push a button and swiftly you are being taken to the Phone login screen, or the Linux desktop? The modern Linux system is no less than IronMan, and the transition from the start button to home screen is as exciting as IronMan suit up scene. All the Linux action takes place on a battleground called "Main Memory" which is initialized by the bootloader. The bootloader also loads and sets up the preface for the Linux image to boot. Like the IronMan suit is different for different type of crisis situation, the Linux Image indeed wears a different suit based on the "Device Tree Blob(dtb)". We shall see how much support Linux offers in describing and parsing the dtb. We shall discuss when and how the dtb is parsed, and the sequence that follows. Like the core of the IronMan suit powers the Ironman, we shall witness how multiple cores that runs a Linux system are initialized and powered up in the Linux. After the cores are fully powered up, we shall prepare the Armory Systems to fire. Here we discuss the initialization of other subsystems in Linux like timers, clocks, pinmux, and the serial console. Post the system H/W initialization, what follows are the user processes which draw the required home screen and the IronMan suit up is deemed to be complete!

Speakers

Ajay Kumar. R. S

Senior Staff Engineer, Samsung

Over a decade+ experience with Embedded system software and Linux driver development concentrated on various multimedia technologies like DRM, V4L2, Display, Camera, GPU, etc. Contributed to mainline u-boot and Linux community

Thiagu Ramalingam

Associate Technical Director, Samsung Semiconductor India Research

Over 15 year experience with board bring-up on different Application Processors and custom SOCs. Professed in memory technologies like GDDR, LPDDR, DDR and storage technologies.

OSS ELC NA 2022 Delving into the Linux boot process for an ARM SoC pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Linux in Devices

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:35pm CDT

How to Choose a Software Update Mechanism for Embedded Linux Devices - Leon Anavi, Konsulko Group

Atomic software system update of an embedded Linux device has always been an important part of any product, especially nowadays with the existing large fleets of connected devices and Internet of Things. There are several different widely used in the industry approaches: A/B updates with dual redundant scheme, delta updates, container-based updates and combined strategies. Open source technologies such as Mender, RAUC and libostree based solutions implement these strategies and provide tools to manage updates of multiple devices. What are the advantages and disadvantages? How to choose an appropriate open source solution for a specific project? This session explores a number of different open source Linux software update technologies with practical examples for integrating them using the Yocto Project and OpenEmbedded. In order to better understand the strengths and weaknesses of each technology, we deep dive in various use cases. The talk is appropriate for anyone with basic knowledge about Linux. It will hopefully help managers, engineers and developers better understand the technical challenges and the available open source solutions with which to overcome them easier and faster so that they can focus on the unique core features of their products.

Speakers

Leon Anavi

Senior Software Engineer, Konsulko Group

Leon Anavi is an open source enthusiast and a senior software engineer at Konsulko Group. He is an active contributor to various Yocto/OpenEmbedded meta layers, Automotive Grade Linux (AGL) and many other open source projects. His professional experience includes web and mobile application... Read More →

leon anavi software updates pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Build Systems & Embedded Distributions & Development Tools

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:35pm CDT

Kubernetes Network Policy Enforcement in XDP without IP Translation - Hong Chang, Futurewei Technologies, Inc & Xiaoning Ding, ByteDance (Tiktok)

Network policies in Kubernetes extensively rely on pod labels in order to provide flexible access control rules for network connectivity between pods. However, traditional label->IP translation based approach isn’t efficient enough to support cloud environment needs where pods rapidly come and go. In this talk, Hong and Xiaoning introduce an efficient network policy enforcement mechanism implemented in XDP. In the Linux kernel, eBPF/XDP is a fast-growing technology which enables examining and filtering packets at the NIC driver level. Their proposed solution achieves O(1) time complexity by judiciously making use of various eBPF map hash-tables. They do this by employing a mechanism to label packets using GENEVE options. This eliminates the cost of label->IP translation policy updates because pod packets with identical labels are subject to identical policies regardless of the pod IPs. They conclude the talk with a demo of their work. Cloud providers are looking for ways to increase performance and efficiency. Their work addresses this ask. They are hoping that with more community involvement, there are opportunities to evolve this new idea further and solidify the overall solution by collaboratively working together in the open source community.

Speakers

Xiaoning Ding

ByteDance (Tiktok), Engineering Manager

Xiaoning Ding is an engineering manager in ByteDance(Tiktok). He is leading the research and development projects about cloud infrastructure, including large-scale computing clusters and cloud networking. Xiaoning previously worked at Microsoft and Futurewei, and has a PhD in Computer... Read More →

HONG CHANG

Senior Staff Software Development Engineer, Futurewei Technologies, Inc

Hong Chang is a Senior Staff Software Engineer in Futurewei. He is major contributor to open source project Mizar, a high scale and high performance cloud network. Hong previously worked at Microsoft.

Label Based Network Policy pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Lone Star F (Level 3)

LinuxCon, Networking

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:35pm CDT

Table Formats Change Everything (By Not Changing Anything) - Ismaël Mejía, Microsoft

Table Formats like Delta Lake and Apache Iceberg are recent storage specifications to handle slow-changing collections of files in distributed systems. They are rapidly gaining adoption by bringing new superpowers to the data engineering toolkit. In this talk, Ismaël will introduce and explain how table formats work and how features like versioning, schema evolution, time travel, and scalable metadata have positive consequences on many of the systems of the Data+AI ecosystem. From scalable metadata handling to incremental and faster data updates as well as reproducible data for AI training and inference.

Speakers

Ismaël Mejía

Senior Cloud Advocate, Microsoft

Ismaël Mejía is a Senior Cloud Advocate at Microsoft working on the Azure Data and AI team. He has more than a decade of experience architecting systems for startups and financial companies. He has been recently focused on distributed data frameworks, he is an active contributor... Read More →

Table Formats OSS NA Summit 2022 Ismael Mejia pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:35pm CDT

Open Source Licenses: Why they Matter and Why You Should Care - Jeff Shapiro, The Linux Foundation

Open source software is not "open" unless it has a license that says you can use, modify, or redistribute it. This presentation will give a comprehensive overview of what an open source license is, the different types of licenses in common use, and why they are important. In addition, you will gain an understanding of how to develop software with multiple licenses (including open source and proprietary code) and identify conflicts between licenses. We will also talk about considerations for choosing a license appropriate for your project's use case. Most important, we will answer the question: "What is all this license stuff about anyway, and why should I care?" This session is suitable for anyone who is new to open source, curious about software licensing, and includes those who already have some knowledge but want a deeper level of understanding of how licenses interact. The presenter has over 10 years of experience in software auditing, open source license scanning, and training developers in OSS license compliance.

Speakers

Jeff Shapiro

License Scanning Manager, The Linux Foundation

Jeff Shapiro is the license scanning manager for The Linux Foundation. He has 30 years of experience in the software industry, including 10 years in software auditing, open source scanning, and training developers in OSS license compliance. Jeff has been using SBOMs since before they... Read More →

Open Source Licenses pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Linux Administration Essentials (Beginner)

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:35pm CDT

Using OpenSSF's Allstar to Secure Your Organizations GitHub Repositories - Jeff Mendoza, Google

OpenSSF's Allstar is a tool for administrators of GitHub organizations to help improve the security posture of their repositories. While GitHub provides some security settings at the organization level, such as 2-factor authentication requirement, other settings are only at the repository level, such as branch protection settings. Fortunately Allstar is able to scale setting enforcement across many repositories in a large organization. This talk will cover the security best practices that are baked-in to Allstar, and the configuration of those practices to allow defining a custom security policy that can fit the needs of various organizations. Policy enforcement actions will be covered, including notification, and direct setting remediation. Finally, it will cover what is next for Allstar, and ideas for future security policies.

Speakers

Jeff Mendoza

Software Engineer, Google

Jeff is a software engineer on Google's Open Source Security Team. He is focused on supply chain security and securing Google's GitHub repositories. Jeff is a long time FOSS enthusiast, and enjoys cycling and classic video games in his spare time.

Using OpenSSF Allstar to Secure Your Organizations' GitHub Repositories pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 301/302 (Level 3)

OSPOCon, Hosting Projects and Communities

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:35pm CDT

Managing Application Level SBOMs with Ortelius - Tracy Ragan, DeployHub

SBOMs, or Software Bill of Material reports, are finally being recognized for their importance in hardening cyber security. They play a crucial role in building transparency into the binary objects we deliver to our end users. Most of us think of an SBOM at the application level. In a microservice implementation, we generate the SBOM at the service level. This presentation will review how Ortelius, incubating at the Continuous Delivery Foundation, provides SBOMs aggregated at the ‘logical’ application level, with versioning. In addition to SBOMs, Ortelius also aggregates application level licensing and CVE reports providing the insights needed to build trust into the supply chain across the organization. Ortelius's architecture will be reviewed, showing how its versioning and dependency engine tracks updates to a container registry, which triggers the creation of new service and application versions, with continuous SBOM updates.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

Tracy is the CEO and Co-Founder of DeployHub. She is an expert in software supply chain management and pipeline DevOps practices with a hyper-focus on microservices and cloud-native architecture. She served on the OpenSSF Governing Board as a General Member Representative and on the... Read More →

OpenSourceSummit SupplyChainCon TracyRagan pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Ensuring users know what Software Components (at all tiers) are Included

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:35pm CDT

Panel Discussion: Summing Up the Summit: OpenSSF’s May 2022 Gathering and Action Plan - Dr. Trey Herr & Amelie Koran, Atlantic Council; Brian Behlendorf & David Wheeler, OpenSSF

Join representatives from the Atlantic Council’s Cyber Statecraft Initiative and OpenSSF for a discussion about the summit held by OpenSSF in Washington DC on May 12 and 13, assembling representatives from industry and government to develop its mobilization plan for better securing the open source ecosystem. This discussion will pay special attention to attitudes toward and progress on open source software security in the federal government and the input of developers and maintainers to the OpenSSF summit and mobilization plan.

Speakers

David A. Wheeler

Director of Open Source Supply Chain Security, Linux Foundation

Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on developing secure software include "Secure Programming HOWTO", the Open Source Security Foundation (OpenSSF) Secure Software Development Fundamentals Courses, and "Fully... Read More →

Brian Behlendorf

Managing Director, Open Source Security Foundation, The Linux Foundation

Brian Behlendorf is the General Manager for the Open Source Security Foundation (OpenSSF), an initiative of the Linux Foundation, focused on securing the open source ecosystem. Brian has founded and led open source software communities and initiatives for more than 30 years, first... Read More →

Trey Herr

Director, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council

Amelie Koran

Nonresident Senior Fellow, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Room 303/304 (Level 3)

SupplyChainSecurityCon

Experience Level Any
Session Type In-person Speaker(s)

2:35pm CDT

What Role Do Package Registries Have in Securing the Supply Chain? - Justin Colannino & Margaret Tucker, GitHub

This interactive session will discuss the important role of package registries in securing the open source software supply chain, as well as best practices and guiding principles for a secure package registry ecosystem. Maintainers have been managing risk in their ecosystems since the start and are the first line of defense for ecosystem code quality. But package registries also have a responsibility to protect developers depending on their package ecosystem and, ultimately, the end-users of the software. This responsibility to maintain safety and reliability must be balanced against the freedom and creativity of package maintainers whose skill, innovation, and gumption allow others to accomplish great things.

Speakers

Margaret Tucker

GitHub, Policy Analyst

Margaret Tucker is a Policy Analyst at GitHub working on issues including intermediary liability, copyright, and open source security policy. Prior to joining GitHub, Margaret was a Policy Fellow serving the Office of Science and Technology Policy and also worked as a Research Associate... Read More →

Justin Colannino

Director, Developer Policy and Counsel, GitHub

Justin has a decade of experience representing clients at the intersection of free & open source software communities and for-profit enterprises. At GitHub, he works advocating for developers' ability to innovate, collaborate, and have equal opportunity. At Microsoft, he is part of... Read More →

Linux Summit Principles for Safer Developer Ecosystems.pptx (1) pdf

Wednesday June 22, 2022 2:35pm - 3:15pm CDT
Brazos (Level 2)

SupplyChainSecurityCon, Package registry security and stewardship

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

3:15pm CDT

Coffee Break

Wednesday June 22, 2022 3:15pm - 3:45pm CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

3:45pm CDT

Open Source BPM Comparison - Andrew Bonham, Capital One

Workflow is a capability commonly needed across large organizations today. Open Source Business Process Management (BPM) solutions are a powerful tool to automate business processes in the cloud. They bring together business and technical experts to collaborate and create industry standard modeling notation known as BPMN. BPM tools then bring the BPMN to life by being able to execute the BPMN in an process engine. But which open source project should you choose? jBPM, Activity, Camunda, Flowable? It can be a confusing landscape as things are constantly changing and many of the products forked off of each other at one point in time. Come join us in this talk to get clarity on the BPM landscape. We will evaluate each open source project on key dimensions in a compare and contrast format. You will learn more about open source BPM, how you can use it in the cloud, and which BPM project you should use for your next workflow problem.

Speakers

Andrew Bonham

Senior Director, Senior Distinguished Egineer, Capital One

Andy Bonham is a Senior Distinguished Engineer at Capital One with over 20 years of experience building real-time high-transaction decisioning and workflow applications. His application architecture areas of expertise include microservices, reactive architecture, case management... Read More →

openSourceBPM bonham.pptx pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 310/311 (Level 3)

CloudOpen, Business Process Management

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

3:45pm CDT

Panel Discussion: Marketing is Essential (and Not Sleazy) for Open Source Projects - Emily Omier, Emily Omier Consulting, LLC; Jana Iris, PlanetScale; Matt Yonkovit, Percona; Nithya Ruff, Amazon

The word ‘marketing’ has a bad reputation in the open source world, but if you want to gain traction and build a community of engaged users and contributors, people need to know your project exists — in other words, marketing. Regardless of your project’s goals or your project’s current size, marketing is critical for continued growth and adoption, both to get people to discover your project, understand what your project does, onboard new users and increase engagement among existing users. Authentic marketing should never feel sleazy, and there’s no reason open source maintainers can’t borrow marketing ideas from the for-profit world when spreading the word about their projects. In this panel, Emily Omier, Jana Iris, Nithya Ruff, and Matt Yonkovit will discuss marketing and community building strategies and how they can be applied to open source software. Attendees will learn how to apply these strategies to their own projects, taking into account their goals for the project, skill sets and resources at their disposal.

Speakers

Nithya Ruff

Head, Amazon OSPO, Amazon

Nithya Ruff is the Head of Amazon’s Open Source Program Office. Open Source has proven to be one of the world’s most prolific enablers of innovation and collaboration and Amazon’s customers increasingly value open source innovation and the and cloud’s role in helping them... Read More →

Matt Yonkovit

Head of Open Source Strategy, Percona

Matt is currently working as the Head of Open Source Strategy (HOSS) for Percona, a leader in open source database software and services. He has over 15 years of experience in the open source industry including over 10 years of executive-level experience leading open source teams... Read More →

Emily Omier

Positioning consultant, Emily Omier Consulting, LLC

Emily Omier is a positioning consultant who helps open source startups accelerate revenue and community growth by clarifying the project and product's market category, unique value in the market and target user audience. She hosts The Business of Open Source podcast and writes a blog... Read More →

Jana Iris

Investor, TQ Ventures

For 15 years now, Jana has been an early employee of high-growth DevTool startups, including Engine Yard, StackMob, New Relic, HashiCorp, and now PlanetScale, where she leads their developer marketing and community efforts. Prior to joining PlanetScale, Jana was at HashiCorp for almost... Read More →

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 205 (Level 2)

Community Leadership Conference, Advocacy and Evangelism

Experience Level Any
Session Type In-person Speaker(s)

3:45pm CDT

Application AutoScaling Through Elastic Kubernetes POD - Cathy Zhang & Theresa Shan, Intel

Application autoscaling refers to the operation of automatically adjusting the number of running application containers to meet the traffic demand. In the current K8S design, each application container runs inside its dedicated runtime environment POD. Scaling the application containers means creating/deleting more PODs which results in high latency and slow response. This talk presents a new approach to support application autoscaling. Rather than spawning a new pod, the new approach replicates one or more new application containers inside an existing Kubernetes POD and automatically adjusts the resource boundary of the POD. This avoids the cold startup latency associated with creating a new POD, thus greatly increasing the scaling speed. We will share how we enhance Kubernetes Vertical POD Autoscaler to support this new approach.

Speakers

Theresa Shan

Intel, Senior Software Engineer

Xumei(Theresa) Shan has more than ten years' experience in Cloud infrastructure and platform. She has a Master degress in Computer Science. She works as a senior cloud engineer and a technical lead in cloud native field at Intel with rich experience in container runtime, kubernetes... Read More →

Cathy Zhang

Senior Principal engineer, Intel

Cathy is a senior principal engineer at Intel, spearheading the development of high-performance cloud native SW stacks and solutions. She is responsible for shaping the company's cloud-native strategy and roadmap, and driving the company-wide contributions to CNCF projects/TAGs/WGs... Read More →

ApplicationAutoscalingThruElasticK8sPod OSS NA22 pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Lone Star H (Level 3)

ContainerCon, Container-Native Virtualization

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

3:45pm CDT

Xen in Safety-Critical Systems - Stefano Stabellini, AMD & Bertrand Marquis, Arm

Xen Project is a static partitioning hypervisor for embedded deployments (industrial, medical, etc.) Xen enforces strong isolation between domains so that one cannot affect the execution of another. Features such as cache coloring reduce interference and improve interrupt latency and determinism. A real-time workload can run alongside a more complex guest. But can it be used in safety-critical environments? The Xen hypervisor has a microkernel design: services and tools are non-essential and run in unprivileged VMs, while the core is less than 50K LOC. This architecture lends itself well to safety-critical applications as only the core is critical and needs to go through the certification process. This presentation will describe the activities of the Xen FuSa SIG (Special Interest Group) to make Xen easier to safety-certify. It will go through the aspects of Xen that pertain safety and it will explain how to set up a mixed-criticality system with Xen. The talk will discuss the challenges of making an Open Source project safety-certifiable and the progress that the Xen community made so far in the areas of documentation and requirements, MISRA-C code compliance, and interference reduction.

Speakers

Bertrand Marquis

Principal Software Engineer, ARM

Bertrand Marquis is an experienced embedded software developer and architect with 20 years of experiences in safety certified RTOS and hardware virtualization. He worked on PikeOS, an embedded certified RTOS made by the company Sysgo AG, for 15 years.In 2019 Bertrand joined Arm where... Read More →

Stefano Stabellini

Fellow, AMD

Stefano Stabellini is a Fellow at AMD, where he leads system software architecture and the virtualization team. Previously, at Aporeto, he created a virtualization-based security solution for containers and authored several security articles. As Senior Principal Software Engineer... Read More →

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 211/212 (Level 2)

Critical Software Summit, Sandboxing and Code Isolation Techniques

Experience Level Mid-level
Session Type Virtual Speaker(s)

3:45pm CDT

Finding the Path from Embedded to Edge using Product Lines - Steffen Evers, Bosch.IO & Philipp Ahmann, Robert Bosch GmBH

Linux is used for many embedded device classes today. However, it is increasingly desirable to connect these devices with each other and with the cloud. Embedded container technology can be used to make this easier by merging server/cloud and embedded technologies. However, it also leads to more challenges e.g. in respect to security, safety, traceability, and SBOMs. Using Linux across multiple device classes and product lines, and adding cloud technology, causes the complexity and efforts to explode.

In this talk, we describe how Bosch, and others, use embedded containers and "reference systems" to avoid redundant work and get a large number of embedded projects under control.

A reference system is an adjustable compilation of tools along with a pre-configured bundle of packages for a common use case and defined set of devices. This reuse significantly reduces development and maintenance costs, and speeds up the time to market. In this way, reference systems can form the base for your product lines.

Bosch uses the in-house Debian-based embedded distribution “APERTIS” as the basis for several reference systems, e.g. for automotive infotainment systems. In doing so we push as many efforts as possible from individual projects into Apertis, as the meta-layer. Thereby, the users can focus more on the actual functionality and applications. e.g. one issue that we have addressed in the context of software management is the handling of GPL-3 in embedded devices. Another topic has been mainline support for kernel drivers.

We are looking for other interested parties and their ideas to jointly face shared challenges in the open source space.

Speakers

Steffen Evers

Director Open Source, Bosch.IO GmbH

Steffen Evers is director open source at Bosch.IO. He supports Bosch business units on strategy, community work, software management, and compliance processes in the area of OSS. For 20 years, Steffen has promoted open source development and supported various companies in the use... Read More →

Philipp Ahmann

Product Manager - Embedded Open Source, Robert Bosch GmbH

ELC Austin 2022 06 22 path from embedded to edge pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC)

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

3:45pm CDT

What's New in Buildroot? - Thomas Petazzoni, Bootlin

Buildroot is an embedded Linux build systems, which automates the process of building a cross-compilation toolchain, a root filesystem with a custom selection of libraries and applications, a kernel image as well as bootloader images. It is a popular alternative to Yocto/OpenEmbedded or OpenWrt, appreciated by its users and community for its simplicity. Developed by an active community, Buildroot is constantly evolving, and after an introduction to Buildroot, this talk will provide an update on the changes and improvements that have been integrated over the past two years. This will help both newcomers to discover Buildroot, and existing users to get a good understanding of the latest improvements.

Speakers

Thomas Petazzoni

Bootlin

Thomas Petazzoni is co-owner and CEO of Bootlin, an Embedded Linux consulting company providing engineering services and training services.

petazzoni buildroot whats new pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Build Systems & Embedded Distributions & Development Tools

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

3:45pm CDT

Lessons Learned Creating A Robust, Hardened, Kernel Driver for A Hardware Device - Fiona Trahe & Adam Guerin, Intel Corp.

While evolving from an initial skeleton driver for one Intel QuickAssist device to a more robust and feature-rich driver that handles multiple device generations, we've learned a lot. In this presentation we will focus on recent multi-faceted work we've done to ensure the robustness, security and reliability of the driver. From fuzzing to injecting errors, from threat modelling to secure code reviews, we'll share information about the tools and methods used, mistakes made and lessons learned.

Speakers

Fiona Trahe

Senior Software Engineer, Intel

Having come from a varied software engineering background Fiona Trahe now focuses on open source software. A key contributor to DPDK’s compressdev and cryptodev APIs, she won a DPDK Innovation award in 2018. As maintainer of the Poll Mode Driver for Intel QuickAssist she evolved... Read More →

Adam Guerin

Device Driver Engineer, Intel Corp.

Adam has been a Device Driver Engineer for the Intel® QuickAssist upstreaming team since graduating college in 2020. Since joining Intel Adam has amassed knowledge on upstreaming activities and Linux Kernel development, continuing to learn and bring more to the team as his experience... Read More →

Linuxcon NA 2022 pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Lone Star F (Level 3)

LinuxCon, Linux Kernel Development (Advanced & Beginner)

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

3:45pm CDT

Panel Discussion: How Open Source Helps DataOps - David Radley & Cheranellore Vasudevan, IBM; Mandy Chessell, Egeria; Dan Wolfson, Pragmatic Data Research Ltd.

DataOps is a set of practices that aims to deliver trusted and business-ready data to accelerate the journey to build AI-powered applications. The DataOps Committee in LF AI & Data is is a global group that consists of participants from various geographies focussing on: Identify Projects and tools in DataOps Space and get the community exposed to how these DataOps tools work together and where to use in the pipeline (with pros and cons). Exposure to industrial approaches for dataset metadata management, governance, and automation of flow. Understand usage of DataOps tools and practices through industrial use cases (by domain). Identify gaps in the use case implementation and discuss solutions to bridge the gap. Exposure to tools and technologies that can help control the usage of data and securely access it across the enterprise in a cloud-native platform. Provide an opportunity for committee members to perform research in the DataOps space. Educate the community about new developments in the DataOps space. The panelists are available to answer questions on this mission and how open source projects including Egeria and OpenLineage can support these practises

Moderators

Cheranellore Vasudevan

IBM

Cheranellore (Vasu) Vasudevan is currently working as a Senior Technical Staff Member(STSM) in the Global Chief Data Office (GCDO). His current focus is on Technical Vitality andMarketplace Strategy in the Global Chief Data Office of IBM. He has over 35 years of industryexperience... Read More →

Speakers

Mandy Chessell

Egeria Project Lead

David Radley

Egeria maintainer@IBM, IBM

David is an open source developer and advocate in the IBM UK Hursley lab. He has over 30 years of experience in IT, with the last 15 years in Information Management and Analytics. In his role, David promotes and develops metadata driven approaches to underpin analytics and governance... Read More →

Dan Wolfson

founder of Pragmatic Data Research Ltd., Pragmatic Data Research Ltd.

Dan is a founder of Pragmatic Data Research Ltd. - a consultancy specializing in accelerating digital transformations through innovative data architectures and governance. Dan retired from IBM as a Distinguished Engineer and Director/CTO in the Weather Business Solutions group of... Read More →

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Entry-level
Session Type Virtual Speaker(s)

3:45pm CDT

Peeling Back the Layers of Storage - John Hawley, VMware

Linux has a myriad of storage options, and a number of layers that can be built one on top of another, to form some very robust, but potentially very complex, stacks that provide the entirety of the storage system. My intention is to work my way up from the most basic storage layer, physical storage, and explain what options there are from basic single disk and a file system type systems, to a full layered look at a system with raided disks, ssd caching, deduplication, all the way up through file systems in user space. This is specifically targeted as a high level overview of the systems involved, block, volume, and filesystems but it's also intended to go over some more complex systems, and how to achieve things like on the fly disk compression, deduplication, and give an overview of the different technologies available to achieve similar ends.

Speakers

John Hawley

Open Source Developer, VMware

John 'Warthog9' Hawley led the system administration team on kernel.org for nearly a decade, leading a team including four other administrators. His other exploits include working on Syslinux, OpenSSI, a caching Gitweb, and patches to bind to enable GeoDNS. He's the author of PXE... Read More →

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, Linux Administration Essentials (Beginner)

Experience Level Entry-level
Session Type Virtual Speaker(s)

3:45pm CDT

Building an Open Source Community from the Ground Up: Red Hat’s Game Industry Community of Practice - Ruth Suehle, Red Hat

Building a community is fundamentally about recognizing a group of people with underserved needs and the common thread of interest and passion that engages them. Red Hat is home to more than 50 Communities of Practice (CoPs): internal communities where associates from many differing roles and departments collaborate on technical, task-related, or vertical-centric topics. One is the Gaming CoP, focused on the video game industry (which is not historically a deep user of or contributor to open source), but more broadly, the interactive entertainment and simulation industries from animation and film to robotics and AI. We’ve built an open source arcade, hosted livestreams and podcasts, created demos, and engaged hundreds of colleagues with open source through a shared love for gaming. Join Gaming CoP leader Ruth Suehle to learn about building influence in an industry that has low open source familiarity or trust, the current state of open source in game development, and how to build an open community of practice in your company. If you heard this talk at OSS 2021, return to hear about a new year of growth, adjusting to change, and the lessons learned.

Speakers

Ruth Suehle

Director, Community Outreach, Open Source Program Office, Red Hat

Ruth Suehle is Director of Community Outreach in Red Hat’s Open Source Program Office. She is also executive vice-president of the Apache Software Foundation, co-chair of the Free and Open Source Software SIG in the International Game Developers Association (IGDA), and governing... Read More →

Building a community from the ground up Gaming CoP (OSS 2022) pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 301/302 (Level 3)

OSPOCon, Hosting Projects and Communities

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

3:45pm CDT

Purl and Vers: The Mostly Universal Package URL and Version Ranges Identifiers for Dependencies and Vulnerabilities - Philippe Ombredanne, AboutCode and NexB & Hritik Vijay, Independent

Because no tech stack is an island running on a single programming language and in a single package ecosystem, we need a way to talk about packages and their versions across ecosystems. purl and vers are an attempt to solve this problem and express package dependencies and vulnerabilities using a common language among multiple tools, SBOM formats and tech stacks. We will present Package URL, a way to reference packages across ecosystems which is emerging as a de-facto standard identifier for open source software packages. And we will introduce a new universal notation for package version ranges, such as used when resolving package dependencies as in "I require package foo, version 2.0 or later versions" and referencing affected vulnerable package versions as in "vulnerability CVE-123 affects package bar, version 3.1 and version 4.2 but not version 5". These two mini standards pave the way towards (mostly) universal FOSS package naming and versioning for dependency resolution and vulnerability ranges references; and are emerging as essential to reliably process vulnerability data in the software supply chain.

Speakers

Hritik Vijay

Student

Hritik Vijay is a computer science student and a Google Summer of Code participant and a mentor. He helps build and co-maintain Vulnerablecode which is an open source code and data vulnerability database and is the master of Univers, a version comparison library.

Philippe Ombredanne

nexB co-founder and CTO, AboutCode and nexB Inc.

Philippe Ombredanne is a passionate FOSS hacker and contributor on a mission to make it easier and safer to reuse FOSS code. He is the maintainer of ScanCode, the industry standard license detection tool, the creator of Package-URL, and the co-maintainer of VulnerableCode, an open... Read More →

2022 06 LF OSSNA purl vers pdf

2022 06 LF OSSNA purl vers odp

2022 06 LF OSSNA purl vers pptx

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon, Ensuring users know what Software Components (at all tiers) are Included

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

3:45pm CDT

Sponsored Session: Because Security Matters: Securing Your Open Source Supply Chain - Aaron Conklin & Don Vosburg, SUSE

As network and application security capabilities continue to improve, the software supply chain is becoming a viable threat vector. This session will present an overview of the threat landscape and provide a case study in how SUSE moved to secure its part of the open source codebase. Delve into the implications of the most common software security certifications and how they shaped SUSE’s people, processes, and tools on our journey towards supply chain security for open source.

Speakers

Don Vosburg

Product Manager, SUSE

Don Vosburg has been in the IT industry for over 30 years in a variety of roles.For the last 18-plus years he has been at SUSE, where his passion is open source software. Don’s real-world Linux experience spans a broad set of platforms, hypervisors, and clouds. Currently he is Product... Read More →

Aaron Conklin

Product Manager, SUSE

I am a product manager in SUSE’s Solutions group, responsible for managed service providers and integrators. A recent addition to the SUSE organization, I’ve spent the last 25 years developing products and delivering services at MSPs throughout Texas.

OSS NA22 Supply Chain SUSE pdf

Wednesday June 22, 2022 3:45pm - 4:25pm CDT
Brazos (Level 2)

SupplyChainSecurityCon

Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

5 Open Source Security Tools All Developers Should Know About - Ran Regenstreif, Jit

The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls built - and the great part? It’s easily achievable through open source tooling. In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, that will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that comes with time, as well as increased experience with your deployments, stacks, and security posture. Code examples & demos will be showcased as part of this session.

Speakers

Ran Regenstreif

Engineering Team Lead, Jit

Ran Regenstreif is a team leader at Jit, the Continuous Security platform for developers. Ran has more than a decade of experience in engineering management roles in leading technology companies. Having gotten started in the 8200 Unit of the IDF Intelligence Corps, he was on the founding... Read More →

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 310/311 (Level 3)

CloudOpen, Open Cloud Infrastructure

Experience Level Entry-level
Session Type In-person Speaker(s)

4:35pm CDT

JavaScript in WebAssembly? Why and How - Michael Yuan, WasmEdge

As WebAssembly (WASM) is adopted in cloud-native applications, there are increasing demands to support JavaScript applications and libraries in WASM. That allows WASM runtimes, such as WasmEdge, to run serverless functions written in JavaScript and Node.js APIs. WasmEdge first wraps the C-based QuickJS interpreter in a Rust crate, and then compile it to WASM. The Rust crate allows developers to extend and enhance the JS interpreter to support ES6, CommonJS, and even NPM modules. It also enables developers to implement JavaScript APIs in Rust to improve performance. At deployment, WasmEdge can run as a secure container in k8s pods itself, as opposed to the heavyweight "Linux container + guest OS + node + v8" stack of JS tooling. Michael will walk you through the technical challenges and solutions to run JavaScript in WASM in this talk. Michael will present performance benchmarks and demonstrate complete examples running React SSR and Tensorflow inference in JS serverless functions.

Speakers

Michael Yuan

Maintainer, WasmEdge

Dr. Michael Yuan is a maintainer of the WasmEdge project and a co-founder of Second State. He is the author of 5 books on software engineering published by Addison-Wesley, Prentice-Hall, and O’Reilly. Michael is a long-time open-source developer and contributor. He had previously... Read More →

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 303/304 (Level 3)

CloudOpen, WebAssembly

Experience Level Entry-level
Session Type In-person Speaker(s)

4:35pm CDT

Developer Experience: How to Conquer the Hearts of Developers - Elena Lape, Holographic Inc.

Developer Experience (DX) describes how developers feel using or building a software product. It’s a combination of building seamless onboarding processes, intuitive features, self-guided documentation, clear support paths, and its surrounding community. In a world where developers choose tools based on fellow developer endorsements rather than a list of advertised features, creating a pleasant DX is everything. Great DX makes a developer associate the tool with her own successes, recommend it to her peers, and make her want to contribute to making the tool even more useful. In contrast, rumors of poorly documented, unintuitive tools spread like wildfire. Without a careful DX strategy, projects and products risk being forgotten. In this session, you’ll learn what makes a developer product or an open source project truly stand out in a sea of others. You’ll witness a number of real-life examples of good vs. bad DX practices, and create a checklist to help you improve the satisfaction of your users and contributors. Lastly, you’ll be introduced to the tools and metrics you can use to measure your Developer Experience.

Speakers

Elena Lape

Co-Founder, Holographic, Inc.

Elena helps develper tool companies win the hearts of developers. As a developer experience consultant and an open source engineer, Elena is an expert at building technical communities, creating powerful developer relations strategy, and organizing large scale tech events & hackathons... Read More →

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 205 (Level 2)

Community Leadership Conference

Experience Level Any
Session Type In-person Speaker(s)

4:35pm CDT

Sponsored Session: I Deleted 78% of my Redis Containers, and they Still Run! - Rajeev Thakur & Vinod Gupta, RapidFort

Do you use Redis, NGNX, and MySQL? If so, you probably have thousands of vulnerabilities and are shipping them into production environments. Yet out of 500 packages in open-source containers, you may only use 100 software packages, needlessly introducing risk into prod. In this session, Rajeev and Vinod will discuss the open-source project: Community Images. They will walk you through the process used to analyze and harden the containers and discover an easy way to remove vulnerabilities and shrink your container footprint. You’ll also learn how the open-source community can participate in the project.

Speakers

Rajeev Thakur

CTO, RapidFort

Rajeev is the CTO of RapidFort and is based in Silicon Valley. A DevOps and cybersecurity veteran, he has built and delivered mass scale systems for Palo Alto Networks, F5 Networks, and others.

Vinod Gupta

Senior Director of Engineering, RapidFort

Vinod is the Senior Director of Engineering with RapidFort responsible for the community products. With experience in both enterprise and consumer tech at Apple, NextDoor, Nutanix, and others, he combines technical and user experience to drive customer adoption.

OSS Community Images 4 pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Lone Star H (Level 3)

ContainerCon

Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Protect Your Application, Not the Network. Add Zero Trust Superpowers to Your Critical Applications and Systems - Clint Dovholuk, NetFoundry

Applications are the new edge and zero trust is the security industry’s latest hot buzzword. Most solutions are closed source and try to protect the network. Securing the network isn't enough. Adding zero trust directly to your app is the future and the best way to keep your mission-critical systems secure and running. Zero trust overlay networking can be embedded into your application making the security of the network entirely irrelevant - the isolated application will have zero trust of the internet, local and host OS network. In this session you will: • learn some core tenants of zero trust and how it's different from current network security • see what it means to embed zero trust into your app and why it's the future for application security • discover the superpowers your app gains by simply incorporating zero trust into your app

Speakers

Clint Dovholuk

Developer Evangelist, NetFoundry

Clint Dovholuk, Zero Trust Advocate and Senior Director Software Engineering, NetFoundry, has spent over 20 years developing applications at the forefront of connectivity, using Java for 15+ of those years. Prior to NetFoundry, Clint led multiple development teams in a variety of... Read More →

AppEmbeddedZeroTrust OSS pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 211/212 (Level 2)

Critical Software Summit, New practices to isolate critical software

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Case Study: Switching from Asymmetric to Symmetric Software Updates - Jeff Pautler, NI

This talk will take a practical look at one transition from an asymmetric to symmetric software update mechanism. Requirements include fail-safe updates, a writable data partition, support for changing files in the update images, and the preservation of configuration information across updates. These requirements led to several interesting aspects of the design. Topics will include an overview of asymmetric and symmetric software updates, the use of the open-source RAUC project to build and apply updates, and the use of the OverlayFS union mount filesystem to combine a fixed boot image and a writable data partition.

Speakers

Jeff Pautler

Principal Software Engineer, NI

Jeff was a long-time Windows developer before finding his way to Linux. He is currently employed by NI where he works on the Real-Time OS team and helps maintain the NI Linux RT distribution used on NI's embedded and real-time products.

Case Study Switching from Asymmetric to Symmetric Software Updates pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Practical Experiences and War Stories

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Tips, Tricks, and Gotchas for Linux Real-Time Tuning - Gratian Crisan, NI

Transforming a general purpose OS and general purpose hardware into a real-time system can at times appear like a dark art. Linux offers a myriad of options, tools, interfaces, and knobs that can be used to control and monitor application latencies. This presentation will cover Gratian's experience using Linux (PREEMPT_RT) for over a decade on real-time systems and some of the tips, tricks, and gotchas learned along the way. He will cover some of the useful configuration knobs and tools of the trade used to detect problem spots, monitor, and improve scheduling latencies. Gratian will talk about how sometimes, in chasing the lowest latency possible, you have to do away with safety nets and disable things like rt throttling, memory over-commit, swap to disk, power management, various watchdogs/lockup-detectors, and yes *shudder* even security mitigations. He will also cover some of the more extreme use cases where isolating a CPU core and spinning in a tight polling loop with scheduler ticks disabled is what you have to do to get the lowest latency possible. Gratian will also talk about some of the gotchas that you might encounter along the way: misbehaving clock sources, hardware and firmware induced latencies, problematic locks, and how futexes might be the root of all evil.

Speakers

Gratian Crisan

Principal Software Engineer, NI

Gratian has been playing around with Linux since 1999 among other embedded and real-time OSes. He is currently employed by NI (formerly National Instruments) on the Real-Time OS team, where he troubleshoots RT problems and is the main maintainer for the PREEMPT_RT based Linux kernels... Read More →

Tips Tricks Gotchas Linux RT Tuning pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Real-Time Linux - Performance / Tuning / Use

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Keylime: Bootstrap and Maintain Trust on the Edge, Cloud, and IoT - Lily Sturmann & Michael Peters, Red Hat

Security is an ever-greater concern, while more critical workloads are running in the cloud than ever before. This raises questions: Is it possible to verify that only approved software is running on servers? To ensure a cloud node is booted with the right kernel options? To prevent tampering of virtual machines on a public cloud? And is it possible to do all of this remotely and at scale, using open source solutions? Yes: Keylime is a CNCF sandbox project encompassing all of these goals. Leveraging two foundational security technologies, hardware Trusted Platform Modules (TPMs) and the Linux Integrity Measurement Architecture (IMA), Keylime has the capability to act as the bridge between these technologies and real-world deployments both large and small, offering remote attestation of both a machine's boot state and software running after boot. This session will cover how Keylime brings together TPMs and IMA, adds continuous remote attestation, and enables configurable automatic revocation actions after a compromise. The session will also discuss how to leverage Keylime with Kubernetes deployments, and Keylime's shift to Rust for a smaller footprint that works in more diverse environments. Find out how Keylime provides a compelling security story for Cloud and Edge.

Speakers

Michael Peters

Principal Engineer, Red Hat

Michael Peters is a Principal Engineer in Emerging Technologies in Red Hat's Office of the CTO. He is a senior systems engineer and programmer with an emphasis on DevOps, Security, and Operability and is one of the current maintainers of the Keylime project. His experience in both... Read More →

Lily Sturmann

Senior Software Engineer, Red Hat

Lily is a senior software engineer at Red Hat in the Office of the CTO in Emerging Technologies. She has primarily worked on security projects related to remote attestation and confidential computing, and more recently on securing the software supply chain. She has spoken at numerous... Read More →

Keylime OSSummit 2022 v 2.0 pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Lone Star F (Level 3)

LinuxCon, Security

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Delta Lake: Diving into Data Lakes Without the Downsides - Kelly O'Malley, Databricks

By 2025 we’re estimated to generate 463 exabytes worth of data every day (weforum). With the advent of big data technologies over the last few years we’re in a better place than ever to make use of this data: build models, create dashboards. Still, 463 exabytes has a lot of zeros - fast compute engines can only get us so far if we can’t get to that data to begin with. Data lakes have been a step in the right direction; however, data lakes love to turn into data swamps. Today’s talk will discuss a solution: Delta Lake. Delta provides an open-source framework on top of a data lake that enables massive scalability while preventing garbage data from breaking downstream systems. We’ll start with the construction of Delta Lake: how it builds on parquet, and how compute engines like Spark, Trino, and Flink can interact with its transaction log to process massive amounts of metadata. We’ll also discuss how that transaction log can be used to “travel through time” while maintaining ACID guarantees on tables backed by Delta. Concerned about bad writes? Delta schema enforcement (and evolution) capabilities can handle that. Finally, we’ll wrap up with what’s coming to Delta Lake in the world of data skipping (after all, the fastest way to process data is to not touch it to begin with).

Speakers

Kelly O'Malley

Sr Solutions Architect, Databricks

Kelly is a Sr Solutions Architect at Databricks where she helps her customers architect and implement Big Data pipelines, with a focus on Apache Spark and the surrounding ecosystem. She's seen firsthand the impact new tools in the big data open source space have made in the past few... Read More →

Delta Lake pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 408/409 (Level 4)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

The Culture of DevOps for Secure Environments - Rob Slaughter, Defense Unicorns

Dr. Rob Slaughter has spent most of his career transforming how software is delivered to some of the most secure and important systems in the world. Having spent over a decade in the US Air Force, his work along with many others, have altered the Department of Defense from an organization that performed software updates once every few years, to an organization (that at least for some) can deliver multiple times a day. These systems determine life or death, in a VERY real way, and represent some of the most critical systems on the planet. After working with dozens of different software organizations focused on critical systems, a common thread appeared. The defining characteristic of teams that had found success and the teams that never would, wasn't specific details about their tech stack. It was culture. In this talk, Rob will share his insights and lessons learned from transforming highly regulated and secure environments, and propose a new DevOps Culture framework that shows how focusing on daily habits mapped to an organization's mission/vision and business model (Fly Wheel) is can fundamentally transformation any organization into a thought leader in DevOps.

Speakers

Rob Slaughter

CEO, Defense Unicorns

Dr. Rob Slaughter is passionate about open source software for critical infrastructure. He is an Air Force veteran and the co-founder of the Air Force’s Platform One and Space CAMP software factories as well as a number of other innovative organizations now well-known across the... Read More →

DevOps Culture pptx

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Lone Star G (Level 3)

Open Source On-Ramp, DevOps Culture

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Goldman Sachs' Open Source Program Office - One Year In - Robert Underwood, Goldman Sachs

Goldman Sachs launched its first Open Source Program Office in August 2021. Fresh off that launch, we spoke at last year's OSPOCon about what it took to build the momentum and support needed to launch an Open Source Program Office in a company like ours operating in highly regulated environment. Fast forward one year. What progress have we made? What obstacles have we faced and overcome? What remain? Where has our journey gone from a tooling and platforms perspective? Policy and program? Content and Community? Join Rob Underwood, Goldman's Global Program Lead for Open Source as he discusses: 1. Initiatives to improve developer ergonomics for open source contribution as well as associated policy development around CLAs and personal projects. 2. New reporting and analytics capabilities, along with related efforts to assess and track the ROI of open source 3. Efforts to build further internal and external awareness of GS' open source initiative - our program office, projects we've contributed, projects to which we contribute, foundations we support, and the developers who contribute - internal and external 4. How open source is being used to drive talent attraction and retention 5. Our evolving strategy for integrating open source related into developer development learning paths

Speakers

Robert Underwood

Global Program Lead, Open Source, Goldman Sachs

Rob Underwood (Twitter: @brooklynrob) is the Global Program Lead for Open Source at Goldman Sachs. Previously Rob served as Chief Development Officer of FINOS, the Fintech Open Source Foundation. While at FINOS Rob led the open sourcing of Legend, Goldman Sachs' data modeling platform... Read More →

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Mid-level
Session Type In-person Speaker(s)

4:35pm CDT

Github Actions Security Landscape - Alex Ilgayev & Ronen Slavin, Cycode

Github Actions, the recent (from 2018) CI/CD addition to the popular source control system, is becoming an increasingly popular DevOps tool mainly due to its rich marketplace and simple integration. As part of our research of the Github actions security landscape, we discovered that in writing a perfectly secure Github actions workflow, several pitfalls could cause severe security consequences. Unless the developers are proficient in the depths of Github best-practices documents, these workflows would have mistakes. Such mistakes are costly - and could cause a potential supply-chain risk to the product. During the talk, we’ll walk you through our journey on how we found and disclosed vulnerable workflows in several popular open-source tools, delved into Github actions architecture to understand the possible consequences of these vulnerabilities, and present what could be the mitigations for such issues.

Speakers

Ronen Slavin

Cycode, CTO

Ronen Slavin is Chief Technology Officer and co-founder of Cycode with expert knowledge in cybersecurity. Previously, he was the CTO and co-founder of Filelock that uniquely developed a solution to protect data even after a breach has occurred. Fileock was acquired by Reason Software... Read More →

Alex Ilgayev

Head of Security Research, Cycode

Alex Ilgayev is a security researcher specializing in software supply chain security vulnerabilities. At Cycode, he is responsible for hunting down security issues and researching possible mitigations. Before that, Alex led the malware research team at Check Point Research, where... Read More →

Github Actions Security Landscape OSS pdf

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Brazos (Level 2)

SupplyChainSecurityCon, Countering Compromised Build System

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

4:35pm CDT

Google SLSA & NIST SSDF: Emerging Software Supply Chain Security Best Practices - Tony Loehr, Cycode

The severity and frequency of software supply chain attacks have increased significantly. How should software teams react to these new threats? Several new frameworks are emerging. At the behest of an executive order from the Whitehouse, The National Institute of Standards and Technology (NIST) created the NIST Secure Software Development Framework (SSDF) with robust guidance on securing the software supply chain. Similarly, Google has also released the Supply chain Levels for Software Artifact (SLSA) framework for ensuring software supply chain and build integrity.

While there is some overlap, NIST tends to focus on the “what” and Google SLSA focuses on the “how.” Combined, these two frameworks make an excellent roadmap on securing software supply chains. Yet, this combined roadmap is still not without security gaps. This presentation will compare and contrast NIST SSDF and Google SLSA:

Introduction & the rise of software supply chain attacks
NIST SSDF
Google SLSA
Comparing SSDF & SLSA
Covering gaps
Demo
Q&A

Speakers

Tony Loehr

Developer Advocate, Cycode

Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective... Read More →

OpenSSF SLSA & NIST SSDF (Frameworks Presentation) pptx

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 203/204 (Level 2)

SupplyChainSecurityCon

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

5:15pm CDT

Sponsor Showcase Booth Crawl & Onsite Attendee Reception (Open to All Attendees)

Everyone is invited to join their fellow attendees after sessions conclude for drinks, canapés, networking, and the opportunity to check out the latest and greatest sponsor products and technologies!

Wednesday June 22, 2022 5:15pm - 6:45pm CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

6:30pm CDT

Security Acronym Social Event (Open to SupplyChainSecurityCon, Critical Software Summit & Global Security Vulnerability Summit Attendees)

Those who are attending SupplyChainSecurityCon, Critical Software Summit, and Global Security Vulnerability Summit are invited to this special reception located at Pelon’s Tex-Mex! Located in the historic Red River Live Music District, Pelon's is famous for its homemade margaritas, delicious Southwestern Mexican food, and also has a mezcal bar as well. The spacious multi-level patio is home to one of the oldest living oak trees in Austin!

Pelon’s is a 15-minute walk from the JW Marriott Austin, and limited transportation will be provided.

Wednesday June 22, 2022 6:30pm - 9:30pm CDT
Pelon's Tex-Mex 802 Red River St, Austin, TX 78701

Critical Software Summit Global Security Vulnerability Summit (GSVS) SupplyChainSecurityCon Special Events / Exhibits / Breaks

6:45am CDT

Pedicab Mural & Selfie Tour (Pre-registration Required)

Get ready to travel all over Downtown, East, and South Austin stopping for selfies at over 30 murals. Our guides will take you to the popular murals as well as the hidden gems including the ‘I love you so much’, ‘Greetings from Austin’ postcard, ‘Willie for President’ mural, and many more.

There is no cost to participate, but space is limited so reserve your spot now!

*Participants must be registered for the event and have their event badge

Thursday June 23, 2022 6:45am - 8:30am CDT
JW Marriott Lobby (Ground Floor)

Special Events / Exhibits / Breaks

7:30am CDT

Continental Breakfast

Thursday June 23, 2022 7:30am - 9:00am CDT
Lone Star Ballroom Foyer (Level 3)

Special Events / Exhibits / Breaks

8:00am CDT

Registration & Badge Pick-up

Thursday June 23, 2022 8:00am - 6:00pm CDT
JW Grand Ballroom Foyer (Level 4)

Special Events / Exhibits / Breaks

9:00am CDT

Keynote: Rethinking Microservices: How WebAssembly on the Cloud Changes Things - Matt Butcher, Chief Executive Officer, Fermyon

Microservices are serving us well in many ways. But in some ways, we can do better. Having learned a bit from Functions as a Service, containers, and now WebAssembly, we can rethink some of our assumptions and perhaps devise a better way for creating microservices. In this session, Matt introduces cloud-side WebAssembly and shows how it addresses common developer problems. From maintainability of code to security to operational simplicity, WebAssembly is the technology that lets us build better microservices faster.

Speakers

Matt Butcher

CEO, Fermyon

Matt Butcher is co-founder and CEO of Fermyon, the serverless WebAssembly in the cloud company. He is one of the original creators of Helm, Brigade, CNAB, OAM, Glide and Krustlet. He has written and co-written many books, including "Learning Helm" and "Go in Practice." He is a co-creator... Read More →

Thursday June 23, 2022 9:00am - 9:20am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

9:25am CDT

Keynote: A Year Since Launch - OpenSearch - Carl Meadows, Director, AWS

At the one year point, Carl Meadows will discuss what we have learned in the OpenSearch project so far and look into where we hope to go in the future as a community and a codebase.

Speakers

Carl Meadows

Director, AWS

Carl Meadows is Director of Product Management at AWS and is responsible for Amazon OpenSearch Service and the OpenSearch project. In his role, Carl oversees product management and customer success teams for Amazon OpenSearch Service, and product management, UX, documentation and... Read More →

Thursday June 23, 2022 9:25am - 9:40am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

9:45am CDT

Keynote: Wandering in the Wonders of the End User Community - Taylor Dolezal, Head of Ecosystem, Cloud Native Computing Foundation

You’ve likely heard of the nebulous, “open source community,” but where in the world do you get started? What EXACTLY does this community do, how do they meet, or when do they organize? I invite you to wander with me as we uncover the secrets of the CNCF end-user community, and hear the fascinating stories of individuals that dare to work in the open.

Speakers

Taylor Dolezal

Head of Ecosystem, The Linux Foundation (CNCF)

I work on infrastructure tools that enable innovation. I specialize in Kubernetes, Terraform, public clouds, and distributed systems. You can also find me buried deep in a book, preparing a technical talk, or running with my partner, Hannabeth, and our two dogs.

Thursday June 23, 2022 9:45am - 9:50am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

9:55am CDT

Keynote: Automotive Has a New Passenger: Open Source Is On Board - Chris Wright, Senior Vice President & Chief Technology Officer, Red Hat

The automotive industry is undergoing tremendous change and attempting to reinvent itself and its vehicles. Red Hat SVP and CTO Chris Wright will share his thoughts on how open source can help the industry bridge the transition from the old to the new – with safety and security in mind, along with lots of in-vehicle software. He’ll also discuss where open source communities are pooling their efforts to help deliver the next generation of vehicles to satisfy demanding drivers everywhere.

Speakers

Chris Wright

Chief Technology Officer, Red Hat, Red Hat

Chris Wright is Senior Vice President and Chief Technology Officer (CTO) at Red Hat. He leads the CTO Organization and Office of the CTO, which is responsible for incubating emerging technologies and developing forward-looking perspectives on innovations like artificial intelligence... Read More →

Thursday June 23, 2022 9:55am - 10:00am CDT
Lone Star D/E (Level 3)

Keynote Sessions

Experience Level Any

10:00am CDT

Coffee Break

Thursday June 23, 2022 10:00am - 11:10am CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

10:00am CDT

Sponsor Showcase

This is the place to network, meet up, and learn more about companies that sponsor this event.

Thursday June 23, 2022 10:00am - 4:05pm CDT
JW Grand Ballroom (Level 4)

Special Events / Exhibits / Breaks

11:10am CDT

Welcome & Opening Remarks - Brandon Lum, Google

Speakers

Brandon Lum

Software Engineer, Google

OSS NA22 PPT GlobalSecurityVulnerabilitySummit.pptx pdf

Thursday June 23, 2022 11:10am - 11:20am CDT
Brazos (Level 2)

Global Security Vulnerability Summit (GSVS)

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

Carbyne Stack - Cloud Native Computing on Encrypted Data - Sven Trieflinger, Robert Bosch GmbH

Data has become a strategic asset that is pooled with others for joint processing, monetized on data platforms, and used to fuel the AI revolution. As the ability to leverage internal and external data is becoming a major factor for business success, protecting valuable data is more important than ever. Enter Computing On Encrypted Data technologies (COEDs). COEDs pave the way for strong end-to-end protection of data by enabling encryption in use. One roadblock for the wider adoption of COEDs so far has been the lack of integration with state-of-the-art cloud technology to enable scalable, resilient, and easy to operate COED deployments. The Carbyne Stack open-source project has set out to close this gap by lifting a specific COED technology called Secure Multiparty Computation (MPC) into the cloud. Sven will take the audience down the rabbit hole of COED technologies and explain how Carbyne Stack blends cloud-native technology (including Kubernetes, Istio, Knative, and others) to solve the specific challenges of deploying MPC in the cloud like cross-cluster orchestration of MPC services and serverless provisioning of MPC workloads.

Speakers

Sven Trieflinger

Senior Project Manager Privacy-Preserving Computing Technologies, Robert Bosch GmbH

Sven is a Senior Project Manager, Research Engineer, and open source software maintainer at Bosch Research. He has over 15 years of experience in the design, architecture, and implementation of distributed systems and cloud platforms. With his team at Bosch, Sven drives innovation... Read More →

20220623 Carbyne Stack Cloud Native Computing on Encrypted Data pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Room 310/311 (Level 3)

CloudOpen, New & Emerging Open Source Projects

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:10am CDT

Managing Containerized Software on Edge Computers with Open Horizon - Glen Darling, IBM

Join Glen for a technical introduction to the Linux Foundation's Edge project, Open Horizon. Open Horizon is a single pane of glass for secure containerized software lifecycle management at extreme scale on both Kubernetes clusters and stand-alone Linux hosts running only Docker. Unlike other Edge Computing solutions, Open Horizon uses fully autonomous Agents on each edge computer, driven by your stated Intent, making independent decisions for the management of their own edge node. Open Horizon supports ARM32 (v6 and up), ARM64, x86/64, ppc64le, and soon RISC-V hardware with as little as 512MB RAM (or even less). The Agents themselves need only about 30MB at runtime. Open Horizon's decentralized architecture is the inverse of what you might expect for a system that manages large numbers of edge computers. The Agents are in charge here and cannot be coerced into violating their policies. They are designed to be installed behind firewalls and listen on no external ports at all; they are unreachable by hackers. Instead, Agents reach outward to the Management Hub for rendezvous, messaging, and other information sharing but ultimately they independently decide on the best course of action for their own node. Attend this session to learn more about this exciting open source project!

Speakers

Glen Darling

Insignificant Annoyance, IBM

Glen Darling works for IBM in San Jose California and is one of the original 6 developers of the Linux Foundation's Edge project, Open Horizon. Check out Glen’s Open Horizon videos on the LF Edge YouTube channel: https://www.youtube.com/playlist?list=PLgohd895XSUddtseFy4HxCqTqqlYfW8Ix... Read More →

OSS NA 2022 Presentation pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Lone Star G (Level 3)

ContainerCon, Containerized Software Lifecycle Management

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

Unravelling the Magical Act of DockerSlim Minifying Container Images - Mritunjay Sharma, Slim.AI

Ever thought of attending a magical act in an Open Source Summit? Or for that matter doing an X-Ray of your containers or maybe giving them some magical portion to minify their image size? That’s exactly what magician Mritunjay is going to pull out in this act! Growing containers sizes can be a problem for both the size and security it demands. From minifying your Docker container image by up to 30x to make it securer too, this talk will entail how the magical portion of DockerSlim can simplify and optimize the developer experience with containers by making them better, smaller and securer without changing anything in the Docker container image. Through this talk, the audience will learn how DockerSlim optimizes containers by understanding the application and what it needs using various analysis techniques and how one can customize/edit containers and container metadata. Wondering what if you need some of those extra things to debug the containers? Hold your beers, this talk also entails the use of dedicated debugging side-car containers for that! So join this magical act to hook you to the journey of no longer worrying about manually creating Seccomp and AppArmor security profiles or for that matter being an expert in Linux syscalls to have securer and optimized containers!

Speakers

Mritunjay Sharma

Member of Technical Staff, Slim.AI

Mritunjay is a Member of Technical Staff with Slim.AI, with active involvement in various open-source communities for almost two years now. He was previously an SDE Intern at HackerRank and Nirmata too. A speaker for two talks at KubeCon NA'21 and at the maintainer’s track talk... Read More →

Thursday June 23, 2022 11:10am - 11:50am CDT
Lone Star H (Level 3)

ContainerCon, Container Images and Registries

Experience Level Entry-level
Session Type In-person Speaker(s)

11:10am CDT

Codes of Conduct in Action: Navigating the Challenges of Incident Resolution - Joanna Lee, Gesmer Updegrove LLLP

Codes of Conduct are essential to protecting the health and safety of open source communities. Code of Conduct (CoC) incident response is often replete with challenges, including conflict-ridden situations, unclear facts, and heated emotions. Additionally, when public in nature, CoC incidents can become politically divisive within a community, and certain types of incidents can expose project leadership and the hosting foundation to legal liability and risk.

This talk will give an overview of evolving best practices for resolving Code of Conduct incidents and navigating the challenges of incident resolution, and will discuss:

How Codes of Conduct and best practices are evolving
Fairness throughout the CoC incident response process
Mediation as a tool for resolving conflict
Applying Transformative Justice and Restorative Justice to incident resolution
Managing legal and community relations risks
Navigating conflicts of interest
Balancing transparency with protecting reporters’ privacy

Speakers

Joanna Lee

VP of Strategic Programs & Legal, Linux Foundation

Joanna Lee is the Vice President of Strategic Programs & Legal at CNCF and the Linux Foundation, where she drives complex strategic initiatives that are designed to impact the evolution of open source ecosystems, create high value new programs, improve health and sustainability of... Read More →

Codes of Conduct in Action OSSNA 2022 June 7 pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Room 211/212 (Level 2)

Diversity Empowerment Summit, Communities

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

If (oops) { Do_not_panic(); } - Lucky Tyagi, Samsung Semiconductor India R&D Center

Linux Kernel has two types of panics, namely, hard panics (Aiee!) and soft panics (Oops!). A soft panic occurs when kernel encounters a fault or exception in code, and then it dumps the stack trace in the debug console. The stack dump contains the processor status and the CPU register values when the panic occurred. Any developer must have a good understanding of the target architecture and Linux kernel internals to perform the root cause analysis of an Oops and to debug the issue. This talk is intended for developers who have just begun their journey in Linux Kernel Development. A general methodology of debugging a kernel soft panic is discussed in this talk which can be followed by anyone as starting steps. To achieve this, a simple soft panic is triggered and then a standard approach is followed, which involves understanding the kernel stack dump, back tracing to the faulty code from dump, deciding on which tool to use for debugging depending on the location of faulty code. This talk also discusses several exception templates with examples and guides to understand their types and category for accelerated debugging. The main tools discussed in this paper are, printk, oops tracing, ksymoops, KDB and KGDB.

Speakers

Lucky Tyagi

Staff Engineer, Samsung Semiconductor India R&D Center

Lucky Tyagi is pursuing his professional quest of exploring, understanding and learning Linux Kernel internals as a Staff Engineer in Samsung(SSIR). He is currently working on Quad SPI (QSPI) flash memory devices while holding experience on Linux Device Drivers, Yocto Build System... Read More →

OSS ELC SSIR Kernel Panic v1 pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Linux in Devices

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:10am CDT

OSFCI - Extensible Open-source CI for Firmware with Real Hardware Execution - Arun Darlie Koshy & Jean-Marie Verdun, Hewlett Packard Enterprise (HPE)

In a post pandemic world, enabling efficient remote work has become a strong requirement. Firmware engineering workflows are difficult in a fully virtual environment. OSFCI aims to address this need by offering an edge working environment to firmware engineers with default support for open communities like OpenBMC, LinuxBoot etc. We built one of the world’s first fully open-source continuous integration platform for open-source firmware. The evolution is from some early iterations circa 2018 - coverage at that time was for LinuxBoot on very limited hardware. We now offer a web-service with a fully featured API. At a high level, we have: - a microservices based architecture implemented in Golang designed for scale - multi-node deployment that includes API / web gateway, controllers, compilers etc. - full execution on real hardware with rapid firmware swap-testing workflow - support for cutting edge industry test-frameworks - a free public instance based on cutting edge server platforms available to all This project is now part of Open Compute Platform (OCP). We welcome new users and contributors to the effort. We have easy playbooks for development and deployment.

Speakers

Jean-Marie Verdun

Distinguished Technologist, Advanced Development team, HPE

Jean-Marie serves is a Distinguished Technologist for HPE's Advanced Technology Team. A widely recognized open-source innovator, he's leading strategy around open firmware solutions for HPE's server lines and broader open-source innovation. He's thrilled by computers. Jean-Marie spent... Read More →

Arun Darlie Koshy

Senior Engineer, Advanced Technology Team, Hewlett Packard Enterprise (HPE)

Arun Darlie Koshy is a senior engineer on HPE's Advanced Technology Team. The team is currently working on providing open firmware solutions on HPE's server lines and broader open-source innovation. Prior to this, Arun helped build products that secure some of the world's largest... Read More →

OSS OSFCI 6 22 pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Test frameworks and Board Farms, Standards

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

SSDFS: Flash-friendly File System with Highly Minimized GC Activity, Diff-on-write, and Deduplication - Viacheslav Dubeyko, ByteDance

The architecture of SSDFS is the LFS file system that can: (1) exclude the GC overhead, (2) prolong NAND flash devices lifetime, (3) achieve a good performance balance even if the NAND flash device's lifetime is a priority. The fundamental concepts of SSDFS: (1) logical segment, (2) migration scheme, (3) background migration stimulation, (4) diff-on-write. Every logical block is described by {segment_id, block_index_inside_segment, length}. This concept completely excludes block mapping metadata structure updates that results in decreasing the write amplification factor. Migration scheme implies that after erase block exhaustion every update of logical block results in storing new state in the destination erase block and invalidation of logical block in the exhausted one. Regular I/O operations are capable to completely invalidate the exhausted erase block for the case of “hot" data (no necessity in GC operations). SSDFS is using the migration stimulation technique as complementary to migration scheme. It means that if some LEB is under migration then a flush thread is checking the opportunity to add some additional content into the log under commit. SSDFS is using the inline techniques to combine metadata/data pieces into one I/O request of decreasing write amplification factor.

Speakers

Viacheslav Dubeyko

Linux kernel engineer, ByteDance

I was born and grew up in Russia. I graduated in 1997 as a physicist (X-ray spectroscopy of physics of solids), and I received my Ph.D. in 2002. But then I decided to turn my career into software engineering because I always have been inspired by algorithms designing. I started my... Read More →

SSDFS talk v.3 pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Room 203/204 (Level 2)

Embedded Linux Conference (ELC), Flash Memory Devices and Filesystems

Experience Level Senior-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

11:10am CDT

Unikraft: Making Unikernels Mainstream - Felipe Huici, Unikraft UG

The cloud is undoubtedly a major success story, but while wildly popular, most deployed services/VMs are extremely bloated and inefficient, resulting in unnecessarily large cloud infrastructure bills and carbon footprint. Unikernels would seem to be a perfect fit for this environment: specialized VMs containing only the functionality needed by each application and resulting in boot times of only milliseconds, memory consumption of a few MBs, high throughput, and a minimal trusted computing base (TCB) to name some of their key characteristics. However, despite being around for several years and being popular in research and developer circles, unikernels have struggled to see major deployment. The reasons are several, including lack of application support, no integration with major orchestration frameworks, poor debugging functionality and documentation and in some cases lacklustre performance. The Linux Foundation Unikraft project has the explicit aim of bringing unikernels into the mainstream. In this talk we will briefly cover the project's history and architecture, and will show how Unikraft is able to provide high performance and security, all of the while making it easy for users to run unmodified mainstream applications. We will also show a brief demo.

Speakers

Felipe Huici

CEO & Co-Founder, Unikraft UG

Dr. Felipe Huici is CEO and Co-Founder at Unikraft UG, a start-up dedicated to lightweight virtualization technologies and significantly lowering cloud infrastructure bills. In addition, Felipe is a chief researcher at NEC Laboratories Europe in Heidelberg, Germany where his main... Read More →

Thursday June 23, 2022 11:10am - 11:50am CDT
Lone Star F (Level 3)

LinuxCon, Virtualization

Experience Level Entry-level
Session Type Virtual Speaker(s)

11:10am CDT

Searching for the Right Words: Bringing NLP to Apache solr through ONNX and OpenNLP - Jeff Zemerick, Opensource Connections

Natural language processing capabilities have exploded in the past few years, with most of the work done in Python. The ONNX Runtime provides a means for using deep learning models across programming languages, architectures, and platforms, promising to further democratize advancements in machine learning. With the ONNX Runtime, developers no longer have to rely on remote services to access NLP services created in other languages. In this session we will show how a deep learning model trained using PyTorch or Tensorfow can be used for inference from a Java search stack of Apache OpenNLP, Apache Lucene, and Apache Solr. We will demonstrate how these state-of-the-art NLP capabilities can be realized in Apache Solr to offer search users a more impactful search experience. We will discuss the challenges, the relationships between OpenNLP, Lucene, and Solr, and how attendees can get started in these open source projects.

Speakers

Jeff Zemerick

Search Consultant, Opensource Connections

Jeff is a consultant in the areas of cloud, NLP, and search. Based outside of Pittsburgh, PA, USA, Jeff is the current chair of Apache OpenNLP, an infrequent piano player, and best friends to two energetic dogs.

Linux Foundation Open Source Summit Presentation Searching for the Right Words pdf

Thursday June 23, 2022 11:10am - 11:50am CDT
Room 303/304 (Level 3)

Open AI & Data Forum, Natural Language Processing

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

11:10am CDT

Panel Discussion: Lessons Learned: OSPOs in Universities - Clare Dillon, Innersource Commons; Sayeed Choudhury, Johns Hopkins University; Stephen Jacobs, Rochester Institute of Technology; Stephanie Lieggi, UC Santa Cruz; John Whelan, Trinity College Dubl

In this virtual panel session, we will hear the experiences of a group that are all involved in rolling out open source programs in the university setting from the US and Europe. Sayeed Choudhury (JHU), Stephen Jacobs (RIT), Stephanie Lieggi (UCSC) and John Whelan (TCD) will examine the similarities and differences between the OSPOs in each institution in terms of the role they play, and the challenges they face as their OSPOs evolve over time. Topics to be covered include: where an OSPO can be housed within an academic institution, how to manage stakeholders, educational objectives, and how and OSPO can impact the broader goal of Open Science. This session will be moderated by Clare Dillon, from the OSPO++ Network.

Speakers

John Whelan

Technology Transfer Case & OSPO Manager, Trinity College Dublin

Since 2008, John has been the Technology Transfer Case Manager at Trinity College, Dublin responsible for commercialisation of ICT research. As part of his role in Trinity, John set up and manages Trinity’s Open Source Programme Office, the first of its kind in Europe. The mission... Read More →

Stephen Jacobs

Director of Open@RIT, Rochester Institute of Technology

Stephen designed and built exhibits for the Capital Children’s Museum in the 1970s, ran the AmiEXPO trade shows for the Commodore Amiga in the 1980s, and began teaching at Rochester Institute of Technology in the 1990s. Today, he serves as Director of Open@RIT, a Key Research Center... Read More →

Sayeed Choudhury

Head of OSPO, Johns Hopkins University

Sayeed Choudhury is the Associate Dean for Research Data Management and Head of the Open Source Programs Office (OSPO) of Johns Hopkins University (JHU). I’m also a member of the Executive Committee of the Institute for Data Intensive Engineering and Science (IDIES) at JHU. I’ve... Read More →

Stephanie Lieggi

Executive Director, Center for Research in Open Source Software; UCSC Open Source Program Office, UC Santa Cruz

Stephanie is executive director at CROSS and co-PI for the UC Santa Cruz OSPO. In her current roles she supports the work of academic-based open source projects and enables a sustainable contributor base through the management of hands-on mentorship programs. Stephanie promotes the... Read More →

Clare Dillon

ED, InnerSource Commons

Clare Dillon has spent over 25 years working with developers and developer communities. She is a co-founder of the Open Ireland Network, a community for those interested in advancing open source at a national level in Ireland. Last year, she was also appointed Executive Director of... Read More →

Thursday June 23, 2022 11:10am - 11:50am CDT
Room 301/302 (Level 3)

OSPOCon, OSPOs in Academia and Government

Experience Level Mid-level
Session Type Virtual Speaker(s)

11:20am CDT

Organization before Electronics before Concrete - Anne Bertucio, Senior Program Manager, Google

Open source is our technical public infrastructure. As we propose significant changes and new solutions to address recognized problems in open source, like vulnerability management, how can we apply the lessons learned from significant projects in physical public infrastructure?

Speakers

Anne Bertucio

Manager, Open Source Programs Office, Google

Anne leads program development in Google’s Open Source Programs Office (OSPO). The Program Development Team helps teams at Alphabet develop, contribute to, and release open source software with an eye towards strategy, sustainability, and the spirit of the Open Source Definition... Read More →

Thursday June 23, 2022 11:20am - 11:35am CDT
Brazos (Level 2)

Global Security Vulnerability Summit (GSVS)

Experience Level Any
Session Type In-person Speaker(s)

11:35am CDT

Security Overview - Frederick Kautz, Security Enterprise Architect

Speakers

Frederick Kautz

Co-Chair, KubeCon

Frederick collaborates on security and networking. He is on the SPIFFE Steering Committee, focusing on providing Zero Trust Workload Identity to compute workloads and resources. Frederick co-authored Solving the Bottom Turtle. He is a co-founder of OmniBOR and maintains the reference... Read More →

Thursday June 23, 2022 11:35am - 11:50am CDT
Brazos (Level 2)

Global Security Vulnerability Summit (GSVS)

Experience Level Any
Session Type In-person Speaker(s)

12:00pm CDT

Sponsored Session: Your Next Workstation Is In The Cloud - Ketan Gangatirkar, Coder

Cloud products have generated remarkable value over the last two decades. Ironically much of this value doesn’t benefit the software engineers while they code those products. We’re still tediously constructing our workspaces by hand, just like we did in 1994.

That is finally changing – software engineering is entering the cloud era. The key is remote workspaces that use consistent images so your code truly runs on everyone’s machine. You can check out, edit, compile, test, run, debug, and do almost everything else you can do on a local machine except trip over the power cord. Remote workspaces can provide superb performance no matter what device is in your hand, on your lap, or under your desk.

These platforms are now possible because of an ecosystem rich with open source components like Docker, VS Code Remote, and Infrastructure-as-Code. There’s now a remote workspace option for almost everyone, whether working for someone else, on an open source project, or for yourself. These products are already capable enough for many, but some obstacles remain before adoption by most software engineers.

The good news is that all those obstacles will be overcome – the problems are well understood, so it’s just a matter of time. Join Ketan Gangatirkar, VP of Engineering and Product for Coder, tolearn the current state of the art, what obstacles stand in the way of mainstream adoption, and why your future workstation will be in the cloud. You may not be using a cloud workspace today, but in just a few more years you won’t consider using anything else.

Speakers

Ketan Gangatirkar

VP of Engineering and Product, Coder

Ketan Gangatirkar is the VP of Engineering and Product at Coder and was previously a VP at Indeed. In his career, he has made an impressive number of mistakes, including releasing as open source a project you’ve never heard of because of how profoundly it failed. He believes in... Read More →

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 310/311 (Level 3)

CloudOpen

Session Type In-person Speaker(s)

12:00pm CDT

The Value of Community Building. And why you Should Invest in Building One - Jacqueline Salinas, Freelancer

Do you understand the value of investing in a community? Have you ever been curious about what the fundamentals for a successful community look like? Do you want to design a community for your brand, product, or open source project but have no idea where to begin? You've come to the right place! The value of community building goes beyond awareness and outreach. Cultivating a rich and engaged community takes time and personal investment but the regards have a big impact on your culture, profits, and growth rate.

In this session you'll walk away with a few framework examples to help you set up your own community. We explore and compare different community building practices to help you onboard, retain, and grow your members. The goal of this session is to help you design your first governance model, recruiting and onboarding new members, and show you how to leverage your community as a powerful vehicle to help you evangelize your project, brand, or product!

Speakers

Jacqueline Salinas

Director of Ecosystem, Sysdig

Jacqueline’s area of expertise is in crafting brand stories, developing outreach and marketing strategies to grow strong ecosystems and communities. She has 11+ years of experience working in marketing and sales organizations in Silicon Valley. Jacqueline has a thorough understanding... Read More →

The Value of Community Building & Why You Should Invest in One pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 408/409 (Level 4)

Community Leadership Conference, Community Management

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Debugging at Scale in Production - Deep into Your Containers with Kubectl Debug, KoolKits and Continuous Observability - Shai Almog, Lightrun

Brian Kernigham said: “Debugging is twice as hard as writing the code in the first place.” In fact, debugging in a modern production environment is even harder - orchestrators spinning containers up and down and weird networking wizardry that keeps everything glued together, make understanding systems that much more difficult than it used to be. And, while k8s is well understood by DevOps people by now, it remains a nut that developers are still trying to crack. Where do you start when there’s a production problem? How do you get the tools you’re used to in the remote container? How do you understand what is running where and what is its current state? In this talk, we will review debugging a production application deployed to a Kubernetes cluster, and review kubectl debug - a new feature from the Kubernetes sig-cli team. In addition, we’ll review the open source KoolKits project that offers a set of (opinionated) tools for kubectl debug. KoolKits builds on top of kubectl debug by adding everything you need right into the image. When logging into a container, we’re often hit with the scarcity of tools at our disposal. No vim (for better or worse), no DB clients, no htop, no debuggers, etc… KoolKits solves those problems in an elegant way...

Speakers

Shai Almog

Developer Advocate, Lightrun

Developer advocate for Lightrun, co-founder of Codename One, Creator of DDT, open source hacker, speaker, author, blogger, Java rockstar and more. ex-Sun/Oracle guy with 30 years of professional development experience. Shai built virtual machines, development tools, mobile phone environments... Read More →

Debugging at Scale in Production Deep into your Containers with kubectl debug, KoolKits & Developer Observability. pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Lone Star G (Level 3)

ContainerCon, Debugging

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Be Part of the Solution: Cultivating Inclusion in Open Source - Radha Jhatakia & Mike Bufano, Google

We’ve all had moments in which we could have demonstrated better allyship behaviors to show up in support of our colleagues. From the way we conduct meetings to how we name our projects, there are countless opportunities in our day-to-day interactions to create better, more psychologically safe environments. Especially in open source, for individuals to feel empowered and comfortable contributing in the open, they need to feel included. In this session, Radha and Mike will discuss ways in which we can increase awareness of our own behaviors, and create opportunities where we can demonstrate inclusion, allyship, and advocacy. The presenters will share data from the field, discuss inclusion best practices, and leave attendees with actionable steps to cultivate inclusion in open source spaces.

Speakers

Mike Bufano

Program Manager, Google

Mike (he/him) has worked at Google in NYC since 2013 and is currently a Program Manager within Google’s OSPO team. In addition to working on ways in which we can bolster trust and safety in open source communities, Mike is globally active as a leader within Google’s LGBTQ+ community... Read More →

Radha Jhatakia

Program Manager, Google

Radha (she/hers) is a Program Manager, leading DEI and Comms initiatives in Google’s Open Source Programs Office in San Francisco. She has worked at the intersection of communications and DEI in different industries, which led her to open source in 2017, and joining the Google OSPO... Read More →

[Deck] Be part of the solution Cultivating inclusion in open source pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 211/212 (Level 2)

Diversity Empowerment Summit, Strategies for Inclusiveness

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Even More Board Farm Goodness - An Update on the REST API for Automated Testing - Tim Bird, Sony Corporation & Harish Bansal, TimeSys

This talk presents an update on work to create a standard API between automated tests and board farm hardware and software. Previously, we introduced the notion of a dual REST/command-line API that could be used for discovery, control and operation of hardware and network resources in a test lab. We would like to highlight additional progress of the project over the past year. There are now APIs for control of audio hardware in the lab. Also, the API usage has been integrated into a few different testing frameworks. We will describe the new APIs we have added, and demonstrate new test frameworks working with the REST API system. This includes frameworks for performing UI testing of a device under test. Although different equipment is utilized in different test labs (or board farms), by using the REST API the same test can be run in the different labs to obtain test results and provide quality assurance for products. It is hoped that this board farm API abstraction will pave the way for more sharing of automated tests and testing resources, to accelerate the use of automated testing for products based on embedded Linux.

Speakers

Harish Bansal

Technical Engineer Manager, TimeSys

Harish Bansal is an Embedded Board Farm and Test Automation (TA) technical engineer manager at Timesys with 15+ years of applications development experience. Prior to joining Timesys, Harish worked for Honeywell India, Vocollect, and other companies. Harish holds a master's degree... Read More →

Tim Bird

Principal Software Engineer, Sony Electronics

ELC 2022 More Board Farm Goodness Bird Bansal pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), Test frameworks and Board Farms

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Porting Linux to a Baseboard Management Controller Asic, Feedbacks and Perspectives - Jean-Marie Verdun & Luis Luciani, HPE

We will address during our talk the experience encountered during the port of U-boot/Linux/OpenBMC to our GXP Baseboard Management Controller designed for and deployed on all HPE Proliant server family. Following a quick introduction of the ASIC architecture, its security model, we will focus on the complexity or simplicity to enable the various linux building blocks on our asic, and give perspectives of potential improvement to linux support on management infrastructure. This talk will be technology oriented with the intent to entertain fruitful discussions around our understanding on how linux could be improved to support upcoming BMCs.

Speakers

Luis Luciani

HPE, Distinguished Technologist, Advanced Development team

Luis has been with HPE for 33 years where he started out writing firmware for modems. He moved over to servers writing firmware for management cards used on Compaq servers in the late 1990s. Since then he has had the privilege to have worked on many firsts in the industry such as... Read More →

Jean-Marie Verdun

Distinguished Technologist, Advanced Development team, HPE

OSS NA22 BMC pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC), Embedded System Architecture, Preparing Linux for Future Embedded Requirements, Security

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

System Device Tree and Lopper: Concrete Examples - Bruce Ashfield & Stefano Stabellini, AMD

System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.

Speakers

Bruce Ashfield

Principal Software Engineer, AMD

Bruce has been working professionally with Linux since 2000, and a user since 1995. He currently works as a Principal Systems Engineer for AMD, sending time as maintainer for the Yocto project reference kernel, meta-virtualization and meta-cloud-services layers. He is also the creator... Read More →

Stefano Stabellini

Fellow, AMD

Lopper ELCNA 2022 pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 203/204 (Level 2)

Embedded Linux Conference (ELC), FPGAs and Dynamic Hardware, Device Tree and Other Linux Subsystems, Build Systems, & Embedded Distributions and Development Tools, Embedded System Architecture

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Open Source Runs the World, Why Not Vulnerability Identifiers? - Josh Bressers, Anchore & Josh Buker, Cloud Security Alliance

Open source won, it works, it’s amazing. All of the world runs on top of Open Source. We see more collaboration and progress than ever seen before in history, yet the vulnerability identifier ecosystem has failed to keep pace with this progress. It’s easy to complain about the past, building the future is hard, and building an Open Source community is even harder. The Cloud Security Alliance has created a new project called the Global Security Database (GSD) to build this future. The GSD is a working group that is building an Open Source community to help solve some of the hardest problems we see today in the vulnerability identifier space. We have a lot of problems that need new ways of thinking. At the CSA we believe the best way forward is to use all the power and advantages of Open Source to build a community and ecosystem. This session will explain what the GSD is doing today. The GSD has meetings, code, data, and a charter. What we need is help. We will explain the expectations of the GSD for the future. Ideas like informational identifiers, cloud identifiers, and namespaced metadata to name a few. The future is ours to create! We all win or we all lose, it only makes sense to work together on the future. Come hear about the GSD and learn how you can join and contribute.

Speakers

Josh Buker

Cloud Security Alliance, Research Analyst

Josh Buker is a research analyst for Cloud Security Alliance, with a focus in application security and secure code libraries.

Josh Bressers

Vice President of Security, Anchore

GSVS Presentation CSA template pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Brazos (Level 2)

Global Security Vulnerability Summit (GSVS), Planning for the Future

Experience Level Entry-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

12:00pm CDT

Tracing on Page Table - YuHsiang Tseng & ChinEn Lin, National Taiwan Ocean University

Recently, there are some patches that tried to improve the page table, but there is no great infrastructure to display the details of the page table statement they added. In light of this, we try to provide a complete system for tracing the page table. In this talk, we will introduce how we implement this and some benchmarks, analyses.

Speakers

Chih-En Lin

Student, National Taiwan Ocean University

Chih-En Lin is a student studying at National Taiwan Ocean University.He is interested in Linux kernel memory management. And, he is a collaborator of The Linux Kernel Module Programming Guide (sysprog21/lkmpg).

Yu-Hsiang Tseng

Student, National Taiwan Ocean University

Yu Hsiang Tseng is an undergraduate student. He used Linux for daily use for several years, interested in hopping Linux distros and WM/DEs.

LinuxCon Tracing On Page Table pdf

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Lone Star F (Level 3)

LinuxCon, Tracing

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

12:00pm CDT

The Unlimited Potential of Neural Search to Unlock the New Way of Data Comprehension - Bing HE, Jina AI

Unstructured data is flooding over businesses nowadays while the way of processing data has been always limited to a structured way before. Neural search creator Jina AI has come aiming to bring a new way of accessing unstructured data in its original unstructured way which helps unlock huge potential for businesses to see the value their unstructured data could bring. This talk will be sharing the best learnings that Jina AI has built with open source product ecosystem to help developers easily build applications built by neural search and also how this will bring unlock business opportunities.

Speakers

Bing HE

Co-founder & COO, Jina AI

Bing HE, the Co-founder & COO of Jina AI, and listee of Forbes Asia 30 under 30 will be sharing how Jina AI has built a true global open source community and the potential Jina AI is bringing to its community and the global open source ecosystem.

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 303/304 (Level 3)

Open AI & Data Forum

Experience Level Mid-level
Session Type In-person Speaker(s)

12:00pm CDT

A Walk through the OSPO Five-stage Model and Personas - Ana Jimenez Santamaria, TODO Group

The TODO Group published a new research that un unpacks the Evolution of the OSPO based on previous OSPO survey insights and the learnings from some of the most noted open source leaders in the community. This research provides a set of patterns and directions to help implement an OSPO (Open Source Program Office) or an open source initiative within corporate environments. This includes an OSPO Maturity model, practical implementation from noted OSPO programs across regions and sectors, and a set of OSPO Personas, which drives differentiation in OSPO behavior. During this presentation, Ana will walk through each of the sections from the study. The audience will be able to learn the different actions an OSPO or open source initiative should accomplish to advance in their OSPO journey based on the proposed model, and how to identify its OSPO persona. It will also be a space to welcome the open source community to share feedback and learn how to collaborate with these resources, expanding the initial archetype scope or improving the documentation for each of the stages.

Speakers

Ana Jimenez Santamaria

OSPO Program Manager, TODO Group, Linux Foundation

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Room 301/302 (Level 3)

OSPOCon, OSPO Lessons Learned

Experience Level Entry-level
Session Type In-person Speaker(s)

12:00pm CDT

Meet the Community Behind the Open Programmable Infrastructure Project - Anh Thu Vo, Marvell Technology; Venkat Pullela, Keysight Technologies; Yan Fisher & Kris Murphy, Red Hat; Garth Fruge, NVIDIA

Open Programmable Infrastructure (OPI) Project is the newest project within Linux Foundation. Announced earlier this week, OPI aims to foster a community-driven, standards-based open ecosystem for next-generation architectures and frameworks based on Data Processing and Infrastructure Processing Units. The project is designed to facilitate the simplification of network, storage and security APIs within applications to enable more portable and performant applications in the cloud and datacenter across DevOps, SecOps and NetOps.
If you are interested in learning more about this project and the role you can play in it, please join us for this informal Birds-of-a-Feather session to meet and mingle with members of the OPI community and other like-minded attendees!

Speakers

Garth Fruge

DPU Segment Lead, Americas, NVIDIA

As part of Nvidia’s Global Product Segment Sales team, Garth Fruge is a DPU technology evangelist & the DPU segment lead at Nvidia for the Americas; driving strategy for DPU customer adoption as well as identifying emerging use cases. Prior to the Nvidia acquisition he spent almost... Read More →

Yan Fisher

Global Evangelist, Red Hat

Yan Fisher is a Global evangelist at Red Hat where he extends his expertise in enterprise computing to emerging areas that Red Hat is exploring. Fisher is closely tracking partners' emerging technology strategies as well as customer perspectives on several nascent topics such as performance-sensitive... Read More →

Kris Murphy

Senior Principal Software Engineer - Computational Infrastructur, Office of CTO, Red Hat

Anh Thu Vo

Distinguished Engineer, Marvell Technology

Software Architect with thirty plus years of software development and consulting experience, currently working on Cloud Infrastructure Management, Networking, Radio-Access Network (RAN), and AI/ML. Anh Thu’s experience included distributed systems (Software Defined Networks - SDN... Read More →

Venkat Pullela

Chief of Technology, Networking, Keysight Technologies

Venkat Pullela is Chief of Technology, Networking for Keysight Technologies, where he focuses on open, software-defined networking, and evolving testing architectures. He was previously Co-Founder at OpenNets, developing tools for programmable networks and SDN solutions. He has... Read More →

Thursday June 23, 2022 12:00pm - 12:40pm CDT
Lone Star H (Level 3)

Wildcard

Session Type In-person Speaker(s)

12:40pm CDT

Lunch (Attendees on Own)

Thursday June 23, 2022 12:40pm - 2:05pm CDT
Lunch Maps Available at the Registration Counter (Level 4)

Special Events / Exhibits / Breaks

1:15pm CDT

Ask the Expert Session with Asra Ali on Open Source Security & sigstore

Ask Asra about Open Source Security & sigstore.
Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Asra Ali

Senior Software Engineer, Google

Thursday June 23, 2022 1:15pm - 1:35pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:15pm CDT

Ask the Expert Session with Kate Stewart on SPDX, Safety Critical Software & Embedded Systems

Ask Kate about SPDX, Safety Critical Software & Embedded Systems.
Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Thursday June 23, 2022 1:15pm - 1:35pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

1:15pm CDT

Ask the Expert Session with Matt Butcher on Web Assembly & Cloud Native

Ask Matt about Web Assembly & Cloud Native.

Ask the Expert sessions: Sit down with open source experts to gain knowledge 1:1 and ask all your pressing questions!

No sign-up necessary - just stop by the Lone Star East Foyer (located on Level 3 between rooms 305 and 306).

Speakers

Matt Butcher

CEO, Fermyon

Thursday June 23, 2022 1:15pm - 1:35pm CDT
Lone Star East Foyer (Level 3)

Special Events / Exhibits / Breaks

Experience Level Any
Session Type In-person Speaker(s)

2:05pm CDT

Design Patterns for OPA and Cloud Native Authorization - Tim Hinrichs, Styra

Part of the beauty of the cloud-native ecosystem is its rich selection of best-of-breed solutions that span the entirety of the software development lifecycle: from datastores, to CICD pipelines, to programming languages, to test frameworks. The challenge, however, is that all of these different projects and components need to be independently configured to meet security, compliance, and operational mandates. In this talk we focus on the problem of authorization (controlling which users and machines can perform which actions on software) and how to solve that authorization problem across many different kinds of software using the CNCF's graduated Open Policy Agent. OPA has been used by 100s of companies all over the planet to solve a plethora of authorization challenges in different domains, e.g. Kubernetes, service-meshes, infrastructure-as-code, SSH guardrails, and application-level authorization. For a new user, the challenge is understanding how to apply OPA to solve their own authz challenges. This talks helps by describing the 4 most popular design patterns for OPA and giving the audience pointers to documentated examples of how leaders in the cloud-native space (e.g. Pinterest, Atlassian, Goldman Sachs), have applied those patterns successfully.

Speakers

Tim Hinrichs

CTO, Styra

Tim Hinrichs is a co-founder and CTO of Styra, the cloud-native authorization company, and he is a co-creator of the open source CNCF Open Policy Agent project. Before that, he worked at VMware and co-founded the OpenStack Congress project. Tim has 20+ years of experience developing... Read More →

OPA design patterns pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 310/311 (Level 3)

CloudOpen, Policy Agents

Experience Level Mid-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Scaling Your Community From a Few Hundred to Tens of Thousands - Anna Filippova, dbt Labs

dbt began as an open source project in 2016 with an ambitious goal: enable a new generation of data professionals to work together through code first workflows, CI/CD and version control. dbt soon became part of every data developers toolkit, and community emerged around the technology – a community of humans who call themselves analytics engineers. Today, this dbt Community includes 25,000 Slack group members, events in 8 countries, and connects annually at the Coalesce conference (7,000 attendees in 2021). The dbt Community is well known in open source data tooling circles as a friendly, human space that helps folks build strong connections. How do we keep this spirit alive as we scale past 25K humans? How do we make sure we retain a human first space when over 9,000 companies now use dbt daily? This talk will run through a brief history of the community and principles it was built on and then spend the majority of the time digging into practical things we've tried, what worked and what didn't and why. We'll talk about different modalities (e.g. Slack, Discourse and other platforms), how communities change as they grow globally, keeping the group in touch with its values when you can no longer moderate every message and empowering the community to self-govern.

Speakers

Anna Filippova

Director of Community, dbt Labs

Anna Filippova is the Director of Community for dbt Labs, where she fosters community development among 25,000 users working at 9,000 companies. Previously, Anna studied how distributed and open source communities worked, and she acquired a Postdoc at Carnegie Mellon, as well as a... Read More →

OSS Summit 2022: Scaling your community pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 408/409 (Level 4)

Community Leadership Conference, Community Management

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

From Laptop to Cloud: Developing Cloud Native Applications with Containerized Databases - Nicolas Vermande, Ondat

With the advent of microservices in Kubernetes, individual developer teams now manage their own data, middleware, and databases. Automated tests and CI/CD pipelines have to be revisited to include these new requirements. This session will discuss and demonstrate how to use Kustomize and Tekton to provide Kube-Native automated workflows taking into account new parameters such as database operators, StorageClass and PVC. In this talk, Nic is also going to provide some insights on how to optimize Tekton to work with multiple workspaces and overcome some of the affinity limitations. The demonstration will focus on building a comics cards web application using a flask-based frontend and leveraging postgreSQL as the database. It will cover the automation of multiple lifecycle stages: - local laptop testing automation on K3S with Kustomize - production deployment using Flux, Tekton and the Zalando PostreSQL operator

Speakers

Nicolas Vermande

Principal Developer Advocate, Ondat

Nicolas is an experienced hands-on technologist, evangelist and product owner who has been working in the fields of Cloud-Native technologies, Open Source Software, Virtualization and Datacenter networking for the past 18 years. Passionate about enabling users and building cool tech... Read More →

from latpop to cloud pptx

from latpop to cloud pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Lone Star G (Level 3)

ContainerCon, Storage and Databases

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Overcoming Imposter Syndrome to Become a Conference Speaker! - Dawn Foster, VMware

Open source conferences are always striving to increase their diversity by recruiting new speakers and encouraging people from underrepresented groups to submit talks. The goal of this talk is to provide resources to help everyone feel included, welcome, and worthy of being a conference speaker. As a new speaker, how do you decide what topic to cover? What can you do to help your topic stand out? How do you prevent imposter syndrome from getting in the way of your success as a speaker? You do not need to be the world’s leading expert on a topic to give a presentation. You just need to know a few things that can help other people learn enough about the topic to get started. By bringing your authentic voice and unique perspective to the topic, people will walk away from your talk with new insights that they wouldn’t get from another speaker. This talk will cover: * Selecting a topic and a conference for your topic. * Writing a title and abstract that will increase the chances of your talk being accepted. * The importance of your bio during the talk selection process. * Tips for writing and preparing your presentation. The audience will walk away with practical advice about writing and submitting talk proposals along with some tips for delivering a successful presentation.

Speakers

Dawn Foster

Director Open Source Community Strategy, VMware

2022 06 BecomeConferenceSpeaker OSSummit DES pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 211/212 (Level 2)

Diversity Empowerment Summit, Navigating Inclusivity Roadblocks

Experience Level Any
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

BOF: SBOMs for Embedded Systems: What's Working, What's Not? - Kate Stewart, Linux Foundation

With the recent focus on improving Cybersecurity in IoT & Embedded, the expectation that a Software Bill of Materials (SBOM) can be produced, is becoming the norm. Having a clear understanding of the software running on an embedded system, especially in safety critical applications, like medical devices, energy infrastructure, etc. has become essential. Regulatory authorities have recognized this and are starting to expect it as a condition for engagement. This BOF will provide an overview of the emerging regulatory landscape, as well as examples of how SBOMs are already being generated today for embedded systems by open source projects such as Zephyr, Yocto and others, followed by a discussion of the gaps folks are seeing in practice, and ways we might tackle them.

Speakers

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 201/202 (Level 2)

Embedded Linux Conference (ELC)

Experience Level Any
Session Type In-person Speaker(s)

2:05pm CDT

Configuring and Building a Heterogenous System Using the Yocto Project - Mark Hatle, AMD

Modern embedded systems are becoming more and more complex. This complexity is driving designs that require heterogenous systems. The talk will discuss why using a system device-tree may be a good approach to defining such as system, how a Yocto Project build project is configured for these types of systems, and an example of automating the configuration using a system device-tree. Once the system is configured, it can be used to construct and package the components for the defined heterogenous system, including Linux, bare metal applications, and firmware. Implementation details will be covered, as well as strategies to deal with binary only components. Mark will also discuss an example of how he has used these items to designed a heterogenous implementation with the Yocto Project for an FPGA based system that includes (aarch64) cortex-A, cortex-r5, and Microblaze architectures.

Speakers

Mark Hatle

Software Architect, AMD

Mark has been using and developing for Linux since 1993, and has been focusing on embedded Linux since 2000. He is an active contributor to both OpenEmbedded and the Yocto Project, and was involved in the creation of the Yocto Project. Mark has also been a maintainer of multiple projects... Read More →

ELC 2022 Heterogenenous Systems v2 pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Griffin Hall (Level 2)

Embedded Linux Conference (ELC), FPGAs and Dynamic Hardware, Device Tree and Other Linux Subsystems, Build Systems, & Embedded Distributions and Development Tools, Embedded System Architecture

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

V4L2 M2M as the Driver Framework for Video Processing IP - Karthik Poduval, Amazon Lab126

V4L2 M2M or mem2mem is a kernel framework that enables the use of V4L2 API for drivers of IP devices that classify themselves as memory-to-memory. This is different from the usual V4L2 output and capture devices which are memory-to-hardware or hardware-to-memory. This talk aims to be a tutorial of V4L2 M2M delving into the details on how it works. With the stability of V4L2 API and multi context support of V4L2 M2M we will explore how this may be the prefect framework to use to build your video processing IP drivers.

Speakers

Karthik Poduval

Sr. Camera Software Engineer, Amazon Lab126

Karthik Poduval is a Senior Camera Software Engineer at Amazon Lab126. In this role, he develops device drivers and middleware stack for camera and other imaging devices. He has more than 16 years of overall experience majority of which is on camera and imaging devices on Linux/A... Read More →

V4L2 M2M as the driver framework for Video Processing IP pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 203/204 (Level 2)

Embedded Linux Conference (ELC), Audio & Video & Streaming Media and Graphics

Experience Level Mid-level
Session Type In-person Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Hidden Vulnerabilities in Open Source - Sharon Benzeev & Shaul Ben Hai, Palo Alto Networks

The use of open source comes with many benefits. It makes developing new technologies easier and faster. However, it raises challenges for security. Some maintainers are aware of the risks and actively seek to secure their code, while others might not have the capacity or interest in remediating known vulnerabilities, let alone newly discovered ones. Thus, open-source users have to dive deeply into the source code to ensure that the saved time and money from using open-source won’t be spent on mitigating a security breach.

There is still no holistic solution for ensuring open-source software is free from unknown vulnerabilities. Based on our research from the past year, we discovered hundreds of cases where security issues were not clearly documented, or responsibly disclosed.

In this talk, Sharon and Shaul will discuss hidden vulnerabilities in open-source - what they are, how they look, what is their security impact, and why they don’t usually get assigned a CVE?

They will show an example of an exploited vulnerability, discuss how it can impact your supply chain, and how to maximize the benefits of open-source and decrease the related security risks.

Speakers

Shaul Ben Hai

Security Researcher, Palo Alto Networks

Shaul Ben Hai is a security researcher at Palo Alto Networks, focusing on open source vulnerabilities in the context of cloud and container security.Shaul spent the last year researching vulnerabilities in open source frameworks and libraries and building innovative solutions that... Read More →

Sharon Ben Zeev

Manager, Security Research, Palo Alto Networks

Sharon Benzeev is a Security Researcher and Manager of Vulnerability Research at Palo Alto Networks. She specializes in open source security, as well as Cloud and Container security such as Docker and Kubernetes. At Palo Alto Networks, Sharon focuses on researching vulnerabilities... Read More →

Hidden Vulnerabilities in Open Source pptx

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 205 (Level 2)

Global Security Vulnerability Summit (GSVS), Documentation

Experience Level Any
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Securing Open Source Software - End-to-End, at Massive Scale, Together - Christopher R Robinson, Intel & Anne Bertucio, Google

Open source software is a significant part of the core infrastructure in most enterprises in most sectors around the world and is foundational to the internet as we know it. It also represents a massive and profoundly valuable attack surface. Each year more lines of source code are created than ever before - and along with them, vulnerabilities. In this presentation, we’ll share key lessons learned in our experience coordinating the industry-wide remediation of some of the most impactful vulnerabilities ever disclosed, present a threat model of the many unmitigated challenges to securing the open source ecosystem, share new data which illustrates just how fragile and interdependent the security our core infrastructure can be, debate the challenges to securing OSS at scale, and speak unspoken truths of coordinated disclosure and where it can fail. We will also discuss the Open Source Security Foundation (OpenSSF) and share guidance for how members of the security community can get involved and contribute meaningfully to improving the security of OSS - especially through coordinated industry-wide efforts.

Speakers

Anne Bertucio

Manager, Open Source Programs Office, Google

Christopher (CRob) Robinson

Director of Security Communications, Intel

Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. CRob is a 42nd level Dungeon Master and a 25th level Securityologist. He has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal... Read More →

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Brazos (Level 2)

Global Security Vulnerability Summit (GSVS), Community Building

Experience Level Any
Session Type In-person Speaker(s)

2:05pm CDT

Lower Response Time of Fork by Extending Copy-on-write to the Page Table - Chih-En Lin, National Taiwan Ocean University

The fork system call may use copy-on-write to share the memory among parent and child processes. Last year, Kaiyang Zhao brought out the idea on-demand fork, doing copy-on-write on the page table to reduce the response time. It shares the last level of page table PTE among parent and child processes. In this presentation, I will talk about how this works, what I have improved on, and the upstreaming experience I have tried.

Speakers

Chih-En Lin

Student, National Taiwan Ocean University

OSSNA 2022 LinuxCon COW PTE pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Lone Star F (Level 3)

LinuxCon, Linux Kernel Development (Advanced & Beginner)

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Integrating High Performance Feature Stores with KServe Model Serving - Ted Chang & Chin Huang, IBM

Having access to a consistent set of dataset features during different phases of the ML lifecycle is becoming critical. Companies that build and deploy machine learning models may need to manage hundreds of features, and they may even require using the latest features for real time prediction. Feast (Feature Store) attempts to tackle these problems by providing a standard high performing go-based SDK for retrieving features needed for distributed model serving. In this talk, attendees will learn how to build a production ready feature store on Kubernetes by using Feast which will be used to serve features to the model. Additionally, attendees will see how Feast can be used with KServe, a serverless model inferencing engine, to retrieve stored features in real time. In this talk, we hope to share how users can get started with using Feast on Kubernetes to achieve mission critical high performance inference need. Here, we set up an end-to-end demo using the Feast KServe transformer on Kubernetes to demonstrate how online features can be served to the KServe for real time inferencing.

Speakers

Chin Huang

Sr. Software Engineer, IBM

Chin Huang is a software developer in the IBM Center for Open-source Data & AI Technologies team. He's been active in the open source community for over six years, including OpenStack, Node.js, JanusGraph, and recently focused on Kubeflow and KServe. He has been working on Kubeflow... Read More →

Ted Chang

Software Engineer, IBM

Ted Chang is software engineer in the IBM Cognitive Open Technologies Group focusing on software development in the machine learning space. He has worked on various open source projects from OpenStack, Kubernetes, and TensorFlow. Lately, he has been focusing on MLOps such as Kubeflow... Read More →

Integrate KServe Modelmesh with high performance Feature server pdf

Thursday June 23, 2022 2:05pm - 2:45pm CDT
Room 303/304 (Level 3)

Open AI & Data Forum, Data (Versioning + Format + Pipeline Management)

Experience Level Entry-level
Session Type Virtual Speaker(s)
Session Slides Attached Yes

2:05pm CDT

Lessons Learned After 1 Year Running an OSPO in Bancolombia (LATAM) - Daniel Estiven Rico Posada, Bancolombia

Daniel will explain his experience creating the OSPO of one of the largest banks in Latin America: Bancolombia. He will cover in detail the challenges they have faced in this first year, the strategies they have used to solve them and of course the mistakes they have made in the process. This presentation will focus on showing the experiences of Bancolombia's Open Source office from 4 views: 1. Migration to OS Daniel will tell which proprietary technologies have been migrated to OS in this first year, what economic efficiency this adoption has generated, lessons learned and what plans they have for this year. 2. Contribution and communities Daniel will answer questions such as: What has been the use of joining the CNCF and the LF? What Open Source projects are they working on and have they qualified to release? Additionally, he will share lessons learned from the creation of OpenTalks, a community focused on increasing Latin American participation in OS projects. 3. Government and OS support What needs have been found at the OS support level with the migration of proprietary technologies? Additionally, he will tell about his experience implementing CHAOSS project. 4.Innersource Implemented patterns and benefits obtained from the implementation of an innersource strategy

Speakers