Welcome to FOSSASIA Community Day! This opening session brings together students, first-time contributors, and community members to kick off a day dedicated to learning, collaboration, and getting involved in open source. As part of Community Day, we also take a moment to celebrate International Women’s Day by recognizing the contributions of women and allies who help build inclusive, diverse tech communities. We’ll share what to expect from the day, how to get involved in FOSSASIA projects and local communities, and how each of us can support a more welcoming open-source ecosystem. Join us as we start Community Day with inspiration, connection, and a shared commitment to growing open technology together.

Getting into DIY electronics and IoT projects seems easy: just grab a development board, follow a tutorial, and watch the LEDs blink. But reality is messier. Documentation is often incomplete, software libraries fall out of date, and troubleshooting hardware introduces layers of complexity that tutorials don’t always prepare you for. In this talk, I’ll share my experience learning to solder and work with DIY IoT, uncovering the frustrations of supposedly “beginner-friendly” projects, despite being a seasoned software engineer, and offering thoughts on how we should be talking to newcomers.

Along the way, I ran into outdated documentation, unresponsive project maintainers, the quirks of the Arduino IDE, and cryptic error messages. These challenges made me rethink how we approach tutorials, documentation, and the learning process itself. How do we balance encouragement with setting realistic expectations? Can we teach people not just to follow instructions, but to think like engineers?

This talk is for anyone who has struggled with a DIY project, fought with documentation, or wants to challenge the way we teach problem-solving.

The theme of our laboratory's research activities is human-computer (machine) interaction and human behavior analysis; therefore, students sometimes develop web applications to conduct their experiments. Several application hosting services are available for publishing applications online. We can use such services without paying fees if the application size is not large. However, they usually require that the source code be open-source; for instance, we need the source code to be hosted on GitHub if we would like to use Streamlit Community Cloud, a Python-based application hosting service. In addition, supervisors or senior students provide comments on their source code; occasionally, code may be forked and improved by other members in our laboratory. Therefore, students should understand not only how to use application hosting platforms and source code repositories, such as Streamlit and GitHub, but also the concepts of open-source software, licenses, and the significance of publishing source code.
This talk presents several cases in which my students constructed their apps and published them as open-source software. It also illustrates a part of my course, which explains the idea of open-source and its fundamental significance.

Google Summer of Code (GSoC) is a global program that helps new contributors get started in open source while working with experienced mentoring organizations. In this 15-minute introduction, the GSoC admin team will walk through the basics of the program—what GSoC is, how it works, and who can apply.

The session will cover how contributors can choose the right open source organization, prepare a strong proposal, and make their first meaningful contributions. We’ll also share practical tips, common pitfalls to avoid, and what mentors look for in successful applicants.

This talk is designed for students and beginners who are curious about open source and want a clear, practical overview of how to take their first step into the Google Summer of Code program.

In a fast-evolving tech landscape, skills matter but how you validate them can shape your career. In this session, the Director of the Linux Professional Institute explores how industry-recognized certifications help individuals build credibility, open global career opportunities, and stay relevant in open source and IT roles.

The talk will cover how certifications complement hands-on experience, the pathways offered by LPI for Linux and open-source professionals, and how learners at different career stages from students to experienced practitioners—can use certification as a strategic tool to future-proof their careers.

Many of us Apple/Windows users are frustrated with disregard for privacy, platform lockdowns, and arbitrary limitations. Some of us have flirted with Linux and GrapheneOS, but it is often overwhelming for newcomers. We have questions like:

What is a cheap used laptop where everything works with Linux out of the box?
What is a good distro for someone getting started?
What are a decent photo manager and video editor?
Useful offline LLM?

Join us and share your tips. We also invite beginning open-source explorers to join us and ask questions. We will discuss the common errors that crop up while setting up and how you can use Gemini or ChatGPT to get answers quickly

Have you been watching the recent internet crackdowns in Iran, Russia, Venezuela, and elsewhere, and wondering how you can help? Many people when faced with internet censorship turn to tools like Tor and VPNs to bypass it, but then the governments try to block those tools too. This cat-and-mouse game led to Tor's "pluggable transport" design, where people can try different modules to transform their traffic into something the censor won't block.

One of the easiest modules to install as a volunteer to help these censored people is named Snowflake. It makes the traffic look like WebRTC (video chat) and hundreds of thousands of people around the world run Snowflakes to proxy encrypted traffic into the Tor network.

In this workshop we will join this crowd of volunteers helping censored people. Bring your iOS or Android device (and for bonus points, install the Orbot app beforehand), or bring your Linux server or VPS login, or bring your Firefox or Chromium browser. I'll talk through why it's safe to be a Snowflake proxy and/or a Snowflake user, how the protocol works, and the tradeoffs between the various ways of contributing.

Software teams often say “testing is everyone’s job,” yet in practice, quality still quietly falls back to QA. In open source and fast-moving engineering teams, this gap becomes even more visible—contributors vary in experience, ownership is distributed, and testing is often deprioritized.
In this talk, I’ll explore why the idea of shared responsibility for testing is so hard to execute, even when teams genuinely believe in it. Drawing from real QA experience in collaborative and open tech environments, I’ll highlight common failure patterns, misconceptions about testing, and the hidden work QA ends up doing.

More importantly, I’ll share practical, lightweight ways teams can actually make testing a shared responsibility—without slowing down contributors or burning out QA. This talk is for developers, testers, and community contributors who want better quality without turning testing into a bottleneck.

Open source has enabled an extraordinary diversity of contributions, from personal learning projects to widely adopted tools. As the volume of innovation grows, the question is no longer whether people can contribute, but how different contributions relate to one another over time. This session explores coordination as a system-level dynamic in open innovation—how shared context, alignment, and integration allow some ideas to interconnect and evolve collectively, while others remain intentionally independent.

Participants will leave with a clearer lens for understanding how coordination shapes the way innovation connects, scales, or stays local within open ecosystems.

A GitHub profile is the front door to your digital identity, but many developers leave it blank. In this session, we will start with the basics of how to create your special repository and design a welcoming introduction to showcase your skills beyond just code, which can attract opportunities.
Finally, we will elevate your profile by using GitHub Actions to automate updates, such as syncing your latest blog posts. You will leave with a clear roadmap to turn a static Markdown file into a living portfolio that works for you.

• I’ve spent much of my life teaching people who were convinced they were “not technical” how to build and fix things.

• Again and again, I see the same pattern: when people learn together in a supportive hackerspace, they explore, tinker, and find topics and projects that they find meaningful. If others also find it meaningful, this can often lead to products that can be sold. Many can make a living on the resulting small business. Open hardware is ideal for such community-oriented projects.

• I will share what I have learned from hackerspaces around the world about how these communities function as inspiration for learning, for production, and for repair networks.

• I will also share how I have helped many hackerspaces get started

Workshop Description:

• Hackerspaces do not begin with expensive tools or perfect governance. They begin with people who want to learn and share together. People encourage each other to explore. People help each other build and fix things. Over time, these spaces often evolve into small but powerful production and repair hubs, with low-cost open hardware at its core.

• This workshop draws from experiences teaching and visiting hackerspaces worldwide to explore what makes these spaces actually work.

• I’ll share about designing open hardware that beginners are not afraid to build, that tolerates mistakes, and that can be repaired locally using commonly available parts.

• We’ll look at documentation and teaching practices and see how workshops and events act as powerful accelerators that improve both hardware and community.

The core outcome of the workshop is practical. Participants will work individually or in small groups to create a clear, step by step plans for starting a hackerspace, or for evolving an existing one into a stronger production and repair space. This plan will cover:

• How to start with people, not equipment

• How to choose organizational and decision-making options

• How to attract newcomers

• What tools and practices matter

• How to support local building and repair

• How to connect with other spaces as part of a distributed network

By the end of the session, participants will leave not only with ideas, but with concrete plans they can take home and adapt to their own local context. The focus is on supportive communities that encourage everyone to explore meaningful activities, with open hardware as a powerful idea for creating projects that sustainably benefit those who create them, and as well as those in the surrounding community.

Kubernetes is one of the world’s largest open-source projects. With more than 80,000 contributors around the world, over 30 Special Interest Groups (SIGs) and Working Groups (WGs), and meetings happening around the clock, stepping into the community can feel very overwhelming. For new joiners coming from regions where the maintainer base is still small like APAC, the most common question is: how do I get started in such a vast community?

In this talk, Wendy Ha, an upstream contributor with experiences across different aspects of Kubernetes like Cluster API, Etcd, SIG Node, will take you on a week-in-the-life tour of a typical contributor. From Monday to Sunday, you’ll get a behind-the-scenes look at how the community operates:

• Understanding the community structure, finding SIGs and navigating meeting calendars.

• What to expect when you attend meetings.

• Tips and lessons for collaborating across time zones (especially for APAC and South East Asia contributors).

• How to expand your contributions into the wider CNCF ecosystem.

• Where to get help and guidance.

This session not only highlights the most up-to-date community structure of Kubernetes, but also shares lessons learned especially valuable for contributors from APAC and South East Asia regions.

This hands-on Vibe Coding workshop is designed for developers who already have coding experience and want to level up their productivity and creative workflow using AI-assisted development. Participants will learn how to collaborate effectively with coding assistants to scaffold projects, explore ideas rapidly, refactor and debug code, and iterate toward cleaner architectures without losing control over code quality and technical decisions. The session focuses on practical techniques and real-world workflows that help experienced developers move faster, prototype smarter, and turn rough ideas into solid implementations in the AI era.

Slides: https://clicker.page/?source=https%3A%2F%2Fgithub.com%2FOrbiter%2Fvibe-coding-workshop%2Fblob%2Fmain...

Contributing to the tech community at a regional scale often comes with visibility, travel, and ongoing commitments. For community experts and frequent speakers across the APAC region, balancing these responsibilities with motherhood requires intentional choices and sustainable practices.
In this session, I will share my personal journey balancing my roles as a Google Developer Expert (GDE) in AI, a LINE API Expert, a Data Engineer Lead, and a mother. From speaking at conferences and creating technical content to mentoring developers and supporting communities, I have learned that meaningful contribution is not about doing everything—but about doing the right things at the right time.

Drawing from my experience speaking at events across Thailand, Malaysia, Indonesia, and the Philippines, I will discuss how I manage community expectations, regional speaking engagements, and family life without burnout. This talk offers a practical and honest perspective on sustaining long-term community impact while navigating multiple professional and personal roles.

PostgreSQL is one of the most successful open-source databases, powering everything from agile startups to Fortune 500 enterprises. Its power lies not only in its robust features and permissive licence but also in the vibrant partnership between a passionate open-source community and forward-thinking enterprise organisations. This session will explore how commercial organisations contribute to PostgreSQL’s evolution through funding, development, and advocacy while preserving its community-driven ethos. Learn how this partnership fuels innovation, ensures sustainability, and enables PostgreSQL to meet the demanding needs of mission-critical, enterprise-scale deployments.

What we’ll Cover in this talk:

• PostgreSQL Evolution: Trace its journey from research project to powering mission-critical enterprise systems.
• Commercial Contributions: How companies fund development, sponsor committers, and build enterprise tooling.
• Community Governance: Why PostgreSQL remains independent despite commercial involvement.
• Challenges & Solutions: Practical approaches to address production support gaps and scale for critical workloads.
• Behind the Code: Meet major PostgreSQL committers, their roles, and the companies backing them
• Shaping Tomorrow: How this partnership drives PostgreSQL’s roadmap ensures its resilience.

Join us to learn how you can contribute to and benefit from this unique partnership shaping the future of PostgreSQL database.

The MySQL ecosystem spans vendors, cloud providers, contributors, and millions of users worldwide — yet its long-term strength depends on deeper collaboration, shared governance, and a clear focus on user success. This talk explores practical steps to build a more inclusive, vendor-neutral, and resilient MySQL community. We will discuss how to align diverse stakeholders, encourage contribution and innovation, support education and events, and ensure the ecosystem remains open, sustainable, and future-proof. The goal: a stronger community that benefits everyone building on MySQL.

This hands-on workshop is led by the Eventyay maintainers for existing Eventyay contributors. Interested newcomers are also very welcome to join.

Participants will learn how to set up Eventyay locally for development, understand the project architecture, and walk through the deployment process. We will also introduce the Eventyay development workflow, including how we collaborate, review contributions, manage issues, and ship features in the open source community.

In addition, the workshop will include an overview of Eventyay’s Google Summer of Code (GSoC) project ideas for this year, with guidance on how to get involved, how to prepare a strong application, and how to start contributing early.

For the first time in history almost everyone uses open source, albeit often without getting the benefits of free software. Open source has accomplished unparalleled success in the IT industry, but with success comes challenges and risks. Over recent decades we have seen business models change while the industry and the users found the best ways to use open source. With software as a service we now see a fairly new but very successful approach, that goes hand in hand with open source, but is not without issues. This presentation will walk the audience through different approaches of monetizing and developing open source and examine the consequences of SaaS models for the open source ecosystem, both for business models and software development It will also point out how recent developments show the resilience of the Open Source world.

Coffee and Tea Break

A beginner-friendly introduction to Apache Airflow, covering the basics of workflow orchestration and its usage on Google Cloud Platform through Cloud Composer, with a simple practice project as an example.

Scrum Helper is an open source collaboration tool designed to improve visibility and coordination in distributed open source teams. In this session, I will introduce Scrum Helper as a lightweight system that helps contributors and maintainers track ongoing work, share progress asynchronously, and stay aligned across issues and pull requests.

The talk shows how Scrum Helper fits into existing GitHub and GitLab workflows, lowering onboarding friction for new contributors while supporting the needs of established open source organizations. Attendees will gain a practical understanding of how the tool can strengthen collaboration, contributor engagement, and project sustainability.

Half of the world's 7,000 languages will disappear this century. The political will to preserve them exists, but the infrastructure doesn't. This session introduces Starlog, an open-source web platform that serves as a diagnostic tool for language health, mapping vocabulary coverage across semantic domains to show communities exactly what's documented and what's at risk.

Data sovereignty is core: communities own all data with tiered access (public, community, ceremonial). Elders speak, documenters record, validators approve, and a star appears. Currently deployed with Shona (Zimbabwe, Bantu family) and Paiwan (Taiwan, Austronesian family) in partnership with Bo Hongming, founding father of Taiwan's Indigenous language preservation laws. Live demo included.

This session will shows how to build interactive 2D and 3D maps using open datasets and open geospatial formats. Through real-world website examples, I’ll demonstrate how users can explore weather, location, and environmental data in an interactive and intuitive way.

Also covers practical approaches to improve scalability, such as better data organization and map layer handling. While Mapbox and Google Maps Platform are used as examples, including customizing map styles with google cloud based tools the focus is on reusable ideas and patterns that work across different mapping libraries and technology stacks.

This session features a series of short 5-minute lightning talks by speakers from different countries, cultures, and professional backgrounds, sharing personal experiences from their journeys in technology and community-driven work.

Each speaker offers a concise, first-hand perspective from software development and open technologies to startups, research, education, and community building. Rather than a traditional panel discussion, these focused spotlights highlight real stories, lessons learned, and moments of growth.
The session reflects the spirit of #GiveToGain: sharing knowledge, time, mentorship, and lived experience to inspire others, strengthen communities, and create more inclusive pathways in tech

Managing a Call for Speakers and building a conference schedule can quickly become complex when handled through emails and spreadsheets. In this session, I introduce Eventyay, an open source project by FOSSASIA, and show how it helps organizers run an open Call for Speakers, coordinate reviews, and turn accepted talks into a structured schedule.

The talk gives a concise overview of the workflow used by open source communities to keep speaker selection transparent, collaborative, and scalable from submission to final agenda.

Join us for an informal pre-event gathering at Lotus's Eatery in True Digital Park after Community Day. This is a relaxed opportunity to meet fellow participants, speakers, and community members before the main summit begins.

The gathering is informal and simply order food and drinks directly from the restaurant and join the conversation. No registration required.

In the opening remarks of FOSSASIA Summit 2026, Hong Phuc Dang reflect on the community’s journey over the past year and the milestones achieved across our projects, events, and regional initiatives. They will highlight how open source continues to drive innovation in key areas such as AI, cloud, data, open hardware, and developer tooling, and share stories from the communities and contributors who make this progress possible.

The session will also touch on FOSSASIA’s growing impact across Asia, the expansion of local communities, student and contributor programs, and partnerships that strengthened the open-source ecosystem over the last year. Looking ahead, she will outline the priorities for the coming year and invite participants to take part in shaping the next chapter of FOSSASIA. This opening sets the tone for the summit: celebrating what we’ve built together and looking forward to what we can achieve as a global open source community.

As artificial intelligence becomes faster, smarter, and more integrated into our daily lives, a crucial question emerges: what does it mean to stay human? In this talk, we explore how technology is transforming the way we work, think, and create—while highlighting the uniquely human qualities that machines cannot replace. From curiosity and empathy to judgment and creativity, the talk invites audiences to reflect on how we can embrace AI as a powerful tool without losing the values, relationships, and perspectives that define us. In an age of intelligent machines, staying human may become our most important skill.

Three years into the Electronic Frontier Foundation's advocacy campaign to get more Tor relays running in universities (https://toruniversity.eff.org/), we've steadily grown from the 13 initial participating institutions to now nearly 50 different universities around the world running Tor relays, including our first university relays in Korea and Taiwan.

Roger, co-founder and original developer of Tor, will give an update on how the EFF campaign is going, and why educational institutions are critical locations to help with the Tor privacy network, with people motivated by three different perspectives: education, community, and research.

Core idea: AI does not replace the need for people who understand hardware, software, or the world we live in. It highlights the need. When pocket calculators were new decades ago, people were suddenly freed from the tedium of calculating arithmetic by hand. Some people trusted the answers received from these machines without thinking about the plausibility of the answer they received. For instance, does 7 divided by 6 actually equal 42? Ascertaining the plausibility of an answer from a pocket calculator is easy for anyone who knows arithmetic. Answers from an AI may seem plausible, but if the problem is complex, how can we truly know if it is? For AI to meaningfully and safely assist people with their projects, we need to have ongoing discussions on how we can best use this powerful new tool so that it can, hopefully, enable more good than harm in our world. In the realm of open hardware development, as well as software, can AI expand the realm of open designs? Can communities, such as hackerspaces, use AI to accelerate, rather than merely centralize, the next phase of hardware innovation? These are some of the questions explored in this short introductory talk. AI is too new for answers, but it is important for all of us to be asking questions, and exploring answers amongst ourselves.

Themes and Questions

• Environmental effects aside, from a user’s perspective, AI can seemingly effortlessly propose hardware designs, but it currently seems that only people who devote time and play with hardware can evaluate, build, and iterate on them. How will this look in the future?

• Can open hardware help AI create more open hardware, rather than merely provide training data for more corporate-controlled proprietary control of technology?

• In the face of AI giving seemingly easy answers to complex problems to anyone in the world with a computer, can hackerspace communities continue to provide environments where open hardware is built, tested, repaired, and improved?

• Used as a tool in the right hands, using AI can speed up design cycles, documentation, troubleshooting, and learning. What happens in the wrong hands?

• Can AI-assisted guidance help more people move from interest to capability? Can this guidance work better at supportive communities, such as hackerspace?

Takeaway

AI is an incredibly powerful tool that seems to give everyone the ability to solve complex problems. Yet, how do we know if these problems are solved well? What are the consequences of implementing these solutions? What if the solution is too complex for anyone to understand? Can we develop skills to use this new and rapidly evolving technology in ways that improves our lives? Let’s start asking questions, and explore possible answers to these and other important questions.

As children and young people spend more time online, the risks they face from harmful content to unsafe digital environments are becoming a growing concern for families, educators, and policymakers. In the US and UK in particular, child protection online has emerged as a major social and regulatory challenge, raising difficult questions about safety, privacy, and freedom on the internet.

In this talk, let's explore how open source software can play a practical role in protecting networks and users while preserving transparency and trust. The session introduces an open-sourced project designed to help organizations, schools, and communities better understand and mitigate online risks through configurable, auditable, and privacy-respecting tools. By focusing on collaboration and openness, the talk highlights how the open source community can contribute meaningful, scalable solutions to one of the most pressing challenges of the digital age.

This session introduces an openEuler-based open source stack as a stable and open foundation for modern computing in the AI era. It explores how openEuler, as a community-driven Linux distribution, supports diverse hardware architectures, provides a reliable operating system base, and integrates well with cloud-native and AI-related software ecosystems. The session highlights openEuler’s role in enabling scalable, secure, and collaborative development for next-generation AI and cloud workloads.

As the computing landscape shiftsfrom traditional resource management to intelligent agency, openKylin isleading the evolution of open-source operating systems through a full-stack AIrefactoring. The presentation details the architectural pillars of openKylin2.0 designed to overcome hardware fragmentation and software silos. Lookingtoward 2026 and beyond, openKylin outlines the shift from "AI on OS"to "AI for OS" via an innovative architecture.

tbc

Enjoy the coffee & tea break!

Large Language Models (LLMs) like ChatGPT and Gemini are reshaping how people in every field approach problem-solving, from brainstorming ideas to debugging complex systems. This talk will explain, in straightforward terms, how LLMs work, what they’re good at, and where their boundaries lie.
We’ll explore the principles of prompt engineering—how to frame questions and instructions to get clearer, more reliable results—and show practical ways to make LLMs a valuable part of everyday work. Attendees will leave with a grounded understanding of how to think about LLMs and concrete strategies for using them effectively in their own workflows.

Many users have installed software on Debian or Ubuntu with a simple "apt-get install" command,
but very few understands what a Debian package really is.
This talk will demystify the .deb package format by taking a hands-on approach.
We will download a real-world package, use command-line tools to extract its contents,
and then dissect the control files, metadata, and data archives within and explain
what each part of the package is doing and also show how they all relate to the
source of that particular package.

Kyber is an open-source SDK for real-time control of machines, with the lowest latency possible.Machines being Computers, Programs, Robots, Drones, AI Agents.It is a solution comprising server, client and protocol (based on Quic), and is cross-platform, cross-devices, because based on VLC and FFmpeg (and also Web).

Use cases go from cross-platform Remote Desktop (Citrix, Parsec), Remote Rendering (XR/3D) to teleoperation and teleobservation of drones, robots and autonomous vehicles. One can also use that for AI video agents.On the same link, all sensors (video, audio, subtitles, GPS, IoT sensors) and control (mouse, keyboard, gamepads, USB, serial, MAVlink) are muxed in a coherent fashion, so that network adaptation and replayability are possible.The later being very useful to train robotics AI models

In October 2024, we announced FLOSS/fund out of Zerodha as a big experiment to fund critical Free/Libre Open Source projects globally, which in turn was the culmination of a series of ad-hoc funding attempts over the years. It is the first of its kind in India, and one of the few in the world.

Over the last year, some of the biggest and most important FOSS projects in the world applied to the fund. We received applications from all sorts of projects - developer tools, programming languages and libraries, critical FOSS infrastructure, to humanitarian and social-impact projects, all organically via word of mouth and volunteer outreach.

While the experiment itself has done really well (and we have already set aside another $1mn for 2026), there have been several (un)surprising disappointments and learnings.

In this talk, we will share our experience from running this program, what we learnt, what other projects and funders should know, and our plans for the future (eg. making FLOSS/fund a community driven effort, pushing for the creation of an Indian sovereign FOSS fund etc.)

We will also introduce (at the risk of proposing yet another standard) funding.json - an open JSON manifest for describing FOSS funding requirements that we launched as an experiment with FLOSS/fund. At the time of writing this proposal, the manifest has already been adopted by some of the biggest projects globally, and several platform integrations are in progress with GitHub, f-droid, thanks.dev etc.

Check out the $1mn allocation from 2025 and the anniversary post for more details.

For nearly 30 years, GNOME has been a cornerstone of the Free Software ecosystem, driving innovation on the Linux desktop and empowering millions of users. Historically, much of this work was made possible through corporate philanthropy from sponsors like Red Hat and SUSE. But as industry priorities shifted toward cloud infrastructure and enterprise services, funding for desktop-centric projects steadily plateaued.

This talk shares how the GNOME Foundation responded to this challenge by rethinking its financial model and launching its first major community-driven fundraising initiative. Inspired by KDE’s experiences, we recognized that depending primarily on corporate benefactors was no longer sustainable, and that long-term resilience required building strong grassroots support.

In this session, you’ll learn:

• How GNOME evaluated the decline in traditional sponsorships

• The strategy behind designing our first community fundraising campaign

• How we defined achievable KPIs and aligned them with real impact

• Challenges we faced in engaging a diverse user base

• What worked, what didn’t, and what other open-source communities can adopt immediately

• Programmable
  - Reproducible
  - Declarative
  - Dependable
  
  An introduction to functional package managers and their areas of application.
  
  During the talk we will touch on three very practical topics:
  
  - How to create a time-proof development environment (a repo with all the needed dependencies and tools for working on a project) that is easy to replicate, modify, and share, that will work without any changes for the next 10 years, and why Docker is not the option.
  
  - How to make a real declarative definition of the whole OS, and why Ansible and Kubernetes Helm charts are not the option.
  
  - What is so special about Guix? Lisps, compilers bootstrapping, or something else?

As ARM expands from data centers into PCs and AI-enabled systems, openness across hardware and software becomes increasingly important.

This talk introduces Phytium, a Chinese ARM CPU company whose products span ARM-based PCs, laptops, and server platforms, and its participation in the openKylin ecosystem. As a Platinum donor, Phytium contributes ARM platform enablement, hardware features, and software ecosystem support to openKylin for PCs, laptops, and edge AI workloads. On the server infrastructure side, Phytium supports open, hardware-aware firmware and management for ARM servers.

Together, Phytium and openKylin illustrate how an open ARM platform can be built from PCs to servers through community-driven development and ecosystem collaboration.

Most RAG demos break down when they meet real-world constraints: complex tables, BI outputs, proprietary PDFs, security requirements, and cost limits.
In this talk, we share a production case study from Pretagov on how we customised the open-source Onyx AI stack to build reliable, evidence-backed AI assistants for government and enterprise environments.
Rather than focusing on generic chatbots, we’ll walk through the practical engineering work required to make RAG systems usable in regulated settings:

• Extending RAG beyond plain text to handle tables, reports, and structured data
• Building custom ingestion pipelines for CMS platforms, BI tools, and proprietary documents
• Enforcing citation, traceability, and governance over source material
• Optimising cost and performance for real deployment, not demos

As AI becomes a core requirement for modern desktop and edge systems, operating systems are evolving from passive application hosts into active providers of secure, low-latency, and resource-aware AI services. Drawing on practical experience with the Debian/Ubuntu AI subsystem and insights from upstream ecosystem developments, this talk presents an architectural blueprint for a truly native AI subsystem on Linux.

The session will introduce a complete AI subsystem technology stack, including:

• Southbound Layer: Unified abstraction and scheduling for heterogeneous compute units (CPU/GPU/NPU), model lifecycle management, and a decoupled runtime execution framework.
• Core Runtime Layer: Capability governance, resource arbitration, and global AI capability discovery mechanisms.
• Northbound Layer: Standardized APIs and developer toolkits that expose AI capabilities—such as speech recognition, OCR, vector retrieval, and multimodal inference—to applications.
• Security & Privacy Layer: Local-first execution, trusted model execution boundaries, and support for collaborative cloud-edge computation.

• Practical architecture and component layout for building a Linux-native AI subsystem from the ground up
• Strategies for model management, heterogeneous compute scheduling, and hybrid local-cloud inference
• Hands-on lessons in performance optimization, extensibility design, privacy protection, and long-term maintainability

• Operating system engineers
• Desktop and edge platform developers
• AI runtime and framework contributors
• Open-source community members interested in integrating native AI capabilities into Linux distributions

Students in our region have been users of open source tools and technology but there are negligible people who contribute back to the growth, infact many doesnt even know that they could contribute back. The culture of contribution should be inculcated among the student community. This talk presents the efforts to building communities to foster the culture of open source and contributions by the students.

This talk presents the Open source advocacy path by introducing to the philosophy of open source, introduction to Open Source tools and mentorship to enable students to contribute. This talk will also present different ways open source can be introduced into mainstream curriculum where academician community introduced open source in day to day classwork. The community effort to push the adoption of tools, contribution path and transfer of knowledge within the campuses and cross campus exchange programs. Will present a case-study of few communities where the impact was created through this efforts among which even i was part of. I will also discusses the role of Non-Profits, Communities and Academic institutions collaborating can help to pave this path.

This talk will present case studies which communities, organizations can adopt in building an open source eco system. This also gives insights on how the education system can be transformed to build open source contributors.

We all know OpenAI's ChatGPT is great, but it would be greater if we can run it within our private network. For some scenarios, we desperately need it. But how?

Throughout this session, I'm going to discuss a few options with panels including 3 local LLM servers - Ollama, Docker Model Runner and Foundry Local, and how it can be seamlessly integrated with our intelligent app using Aspire and Microsoft.Extensions.AI.

In addition to that, I'd also like to discuss how it can be extended to the other LLMs provided by cloud service providers and independent vendors, and how this approach brings benefits to the open source community.

Open source transformed the software industry by enabling collaboration across communities, companies, and countries. A similar shift is now emerging in hardware. What once began in hackerspaces and maker communities is evolving into a broader ecosystem that includes open chip architectures, operating systems, industry partnerships, and global technology platforms.

This panel explores how open hardware is moving from experimental community projects to large scale technology ecosystems. Panelists will discuss the role of makerspaces and community innovation, the importance of open operating systems and hardware compatibility, and the impact of new architectures such as RISC V. The conversation will examine how open technologies can lower barriers for new hardware platforms, enable collaboration between developers and manufacturers, and support the development of open technology stacks.

Bringing together perspectives from hacker communities, assistive technology makerspaces, and large scale open source ecosystems, the panel will explore how open hardware can grow from grassroots innovation into a global foundation for future technology.

Burnout is a common yet often unspoken experience in open source communities. During the COVID-19 pandemic, the loss of in-person interaction strained relationships in the LibreOffice community and eventually led to my own burnout and withdrawal. This talk introduces yuru participation — a low-pressure, flexible way to rejoin OSS without returning to unsustainable expectations. Through micro-contributions, documentation and translation work, and casual community engagement, contributors can rebuild confidence and connection at their own pace. By sharing my journey from burnout to recovery, this session offers practical guidance for individuals and insights for communities aiming to create healthier, more resilient environments.

Nix offers declarative, reproducible builds but this can’t happen if you rely on a mutable provenance — hence the need for “input pinning”.

Prior art of niv & npins ‘solved’ with a lockfile operated via a CLI application. Experimental Flakes did the same, but with a manifest file however also mixes in project structure concerns leading to some good but some poor patterns. All currents options have underlying & unsolved limitations when you step outside the narrow scope of how they expect your project — & your inputs sources — are set up.

Nixtamal takes a fuller, flexible approach to these shortcomings. It focuses strictly on input pinning, using a declarative manifest to make decisions explicit: what is pinned, how “freshness” is determined, which patches are applied, & where mirrors fit into the model. By depending on Nixpkgs rather than Nix’s builtins, Nixtamal can reuse richer fetchers & support VCSs & workflows that Flakes & other tools cannot, without re-implementing the toolchain inside the sandbox.

This talk compares existing pinning approaches — including what inputs.*.follows can/cannot express — & shows what a manifest-based model enables in practice. Attendees will come away with a clearer mental model of input pinning in the Nix design space, why mirrors + user-defined freshness matter, & when separating pinning from composition leads to simpler & more robust Nix workflows.

The Linux desktop system boasts strong customization and freedom, but its application ecosystem has long been a weakness. Recently, the Android system has millions of applications, covering all aspects of work and life. If we could integrate these and create a brand-new desktop experience, what kind of impact would it have?

This presentation will introduce our open-source project - OpenFDE (Open Fusion Desktop Environment). This is an innovative desktop environment that integrates the Android open-source project (AOSP) deeply with Linux applications, enabling users to run various Android applications seamlessly on their Linux desktops.

We will share:
Project Vision: Why did we choose AOSP and Linux integration? What problems are we aiming to solve?
Core Architecture: How do we achieve the integration of these two major systems? In-depth analysis of the key technologies of OpenFDE in terms of graphics, window management, and application lifecycle.
Live Demonstration: Witness firsthand the smooth coexistence of Linux and the latest Android applications (including large-scale games) in the OpenFDE environment.


Whether you are a Linux or Android developer, or a technical expert interested in operating system innovation, we believe that OpenFDE will offer you new perspectives.

Failure can only be stepping stone to success if you are able to recognise it, accept it and then deal with it adequately. None of these steps are pleasant, but they are very useful.
Open-source projects also face different challenges than most other organisations, so different approaches and skills may be required - something that engineering courses do not prepare you for. But we also have some invaluable assets at our disposal, appreciate and acknowledge them!
The xpra project is constrained by the laws of physics, and human behaviour in equal measure. Both demand sacrifices, but of a very different kind.
Through some decisive experiences, I would like to offer you some lessons that I have sometimes failed to learn or apply, but which have all been immensely valuable to our project and should provide you with practical ways for dealing with the inevitable failure of all things software.
Living in Thailand since 2009 played a big part in my ability to become a full-time open-source maintainer, and also provided its own unique set of challenges.

Creating custom Linux distributions has traditionally required specialized tooling, deep OS knowledge, and platform-specific build environments. With bootc, we now have a modern, container-native approach that turns OCI images into bootable, updatable Linux systems — and with Podman Desktop, this workflow becomes accessible on Linux, macOS, and Windows.

In this session, we’ll walk through how bootc leverages familiar container-building techniques to define an entire OS, enabling reproducible, declarative, and automated system images. We will explore how Podman Desktop simplifies this process with its cross-platform UI and built-in bootc extensions, allowing developers to build, test, and publish custom Linux OS artifacts without leaving their workstation.

Attendees will learn:

• What bootc is and how it transforms OCI images into bootable distros

• How to use Podman Desktop as a cross-platform environment for bootc workflows

• How to build a custom Linux OS image from scratch

• How to test bootable images locally with Podman Virtual Machine or external hypervisors

By the end of the talk, you’ll be ready to create your own tailor-made Linux distribution—faster, simpler, and on any platform you choose.

This session will examine the importance of developing a strategy for maintenance, growth and development for OSS projects and foundations, and discuss the challenges in doing so. It will consider how to plan strategy development, how to ensure it is inclusive of the community and relevant stakeholders, how to ensure that key organisational and external aspects are considered, and how to track progress meaningfully towards success.

Ever tried to build an AI agentic workflow and found yourself wondering, “Why are you doing that? I didn’t ask for that.”

I often hear people say that open models will never match proprietary ones, especially when agentic systems get complicated. I’ve heard that myself while building agentic workflows with open 4B and 30B models that run on a single GPU. Along the way, I discovered that these smaller models can match, and sometimes even outperform, much larger proprietary models when they’re used as orchestrators, workers, and collaborators.

In this talk, I’ll share what I learned the hard way: how to give open models the right context, how to equip them with tools they can actually use, and how a bit of thoughtful testing can keep workflows from drifting in unexpected directions.

You’ll leave with practical approaches that prepare you to work confidently with any open model, helping you unlock their full potential and build agentic workflows that can truly rival much larger proprietary systems, without giving up transparency, control, or the joy of building.

It has been evident that there is a skills gap in semiconductor design, with chip design locked behind proprietary tools. This talk will touch on an open source blueprint to address this gap with hands-on education. It will cover the RISC-V ISA, open source EDA tools (like OpenLane), and accessible fabrication via Multi-Project Wafer services dismantle these barriers. It will touch on a framework for guiding students from digital logic concepts to submitting their own designs for fabrication thereby transforming them from passive users into active creators of silicon products. This practical pathway leans on the global open source hardware community to build vital skills and inspire the next generation of innovators.

When a large language model (LLM) has been trained on text featuring social biases, those biases implicitly impact the outputs of the model. Training an LLM on censored content, i.e., those pieces of content which remain after being subjected to state censorship (including alterations, deletions, and self-imposed censorship), results in what we term censorship bias. Most Simplified Chinese content on the Internet and, as a result, in the common crawl, has been subject to state censorship. In recent published work, I outlined a novel methodology in which we analyze censorship bias through the framework of comparing responses to prompts made in Simplified Chinese and Traditional Chinese. We applied this method to evaluate a number of popular LLMs developed by Google, Meta, OpenAI, and Anthropic (developed in the west and blocked in China) and we found evidence of censorship bias in all of them. I will discuss our results and the implications for privacy and security. I will end with a discussion of our work understanding the security implications of using generative AI in the software supply chain and how we are working with open source projects to better understand this.

Ever scrolled past an ad on social media, then bought that product later—and wondered: How do companies know the ad worked… without invading my privacy? This 25-minute talk is for you! We’ll break down the "hidden side" of ads in plain language. You’ll learn how ads can stay useful (think: ads for stuff you actually care about) while keeping your data safe. Whether you’re tired of ads following you around, curious about how your info is used, or just want to understand the future of online ads, this talk will make privacy-preserving ads feel accessible.

The open web platform is rapidly maturing on the RISC-V architecture. This talk presents the latest upstream progress in enabling Chromium and Node.js to run efficiently and reliably on RISC-V systems. We will cover recent contributions across V8, Blink, libwebrtc, Node.js core, and the broader JavaScript toolchain, including key architectural challenges such as JIT enablement, instruction-set gaps, memory model differences, and cross-platform build system integration. We will also share the current status of upstream CI, performance benchmarks on new RISC-V hardware, known limitations, and the roadmap toward full Tier-1 support. Attendees will learn what is already working, what remains to be upstreamed, and how the community can contribute to completing a fully open, fully native RISC-V web platform.

A single Machine Learning project can inadvertently tie your entire application to a specific cloud vendor's feature serving solution, crippling your multi-cloud strategy. This talk introduces Feast [1], the open-source Feature Store, and explains its function as a vendor-neutral Data Gateway. We will show how Feast acts as an abstraction layer, allowing models to consistently retrieve features without worrying about the underlying data sources.

[1] https://github.com/feast-dev/feast/

More and more ARM and RISC-V SoCs now come with built-in NPUs. Although these NPUs are generally not powerful enough to handle NLP models, they play a significant role in edge-side CNN workloads such as object detection. In this session, the speaker will introduce several well-known platforms (including NXP IMX and Rockchip platforms) and analyze the performance differences between proprietary and open-source NPU drivers on Linux. Beyond architectural differences, how do they actually perform in real-world scenarios? A comparison table will also be presented to clearly illustrate the results, demonstrating that the theoretical TOPS defined by the hardware can indeed be pushed to its limits when used correctly.

In addition, while many people assume that the bottleneck of NPU performance lies solely in the CNN model itself, our research shows that the camera interface is also a decisive factor that can significantly influence the overall bottleneck.

In this session we’re going to focus on the best tips for applying to be a GSoC contributor. From how to start your journey thinking about what you are interested in to specific tips of what to do (and not do) to be a successful GSoC applicant and long term contributor.

Raspberry Pi released the Raspberry Pi 500+ in September 2025. It features a mechanical keyboard, which opened a new use, ‘Raspberry Pi as a luxury desktop environment.’ Along with requirements for quiet thermal control and stable Linux operation, many issues become apparent only in real-world usage when actual users are considered, such as locale-dependent input problems. These issues are often difficult to identify during the development stage. In this talk, Masafumi will explain how he worked with the Raspberry Pi 500+ development team through the community by sharing feedback based on real usage. This feedback helped developers better understand local environment issues and improve the product.

What can we learn from a decade of release votes in open source communities? From 2015 to 2025, over 1,600 Apache Incubator release vote threads showed how project collaboration and growth have changed.

In this talk, I’ll share practical lessons from analyzing votes across more than 160 projects. You’ll see how better documentation, mentoring, and automation changed a stressful compliance process into a positive learning experience.

You’ll learn about the changes: fewer rejections, quicker reviews, and a shift from a strict to a more collaborative tone. I’ll also discuss how release cadence reflects community health and what early warning signs to watch for before a project slows down.

Whether you’re a maintainer, mentor, or contributor, you’ll come away with ideas to improve release workflows and help build stronger, more confident communities.

Coffee is not only a beloved beverage worldwide but also a vital source of income for millions of smallholder farmers, especially across Asia. However, structural biases in trade networks often result in unequal market access, limiting fair opportunities. This session demonstrates how the upcoming SQL/PGQ capabilities in PostgreSQL and the standardizing Graph Query Language (GQL) for graph databases can be applied to real-world coffee trade data to detect bias, visualize unfair market structures, and enhance transparency and fairness. Using open datasets from international organizations and NGOs, we will present hands-on query examples, reveal patterns of bias, and discuss practical methods for addressing inequities. Participants will leave with reproducible PostgreSQL queries and a practical framework for applying graph analysis to social impact challenges.

ARM-based laptops are rapidly becoming viable daily drivers for developers and power users. This talk explores the current state of Linux on ARM laptops, covering hardware platforms, performance, battery life, driver and firmware support, and the overall developer experience. The session will help attendees understand whether Linux on ARM laptops is ready for their workflows, what to consider when choosing hardware, and why this ecosystem represents a meaningful shift in the future of personal computing

Today, many enterprises are grappling with the "build vs buy" dilemma, often choosing to “buy" to optimize innovation and resource allocation. While this trend has led to a rapid adoption of third-party SaaS platforms for critical business operations, it has also introduced additional security risks. To effectively manage them, security teams implement SaaS Security Posture Management (SSPM), which is essential for scaling modern SaaS security programs. However current SSPM solutions are crippled by the lack of administrative APIs and audit logging, creating major security blind spots. In this talk, we will discuss a novel Agentic Framework that utilizes AI-powered UI Agents and browser automation to securely and reliably circumvent this limitation. By implementing a comprehensive SSPM solution with agentic capabilities, organizations can significantly enhance their SaaS security posture and proactively manage third-party risks.

Hardware is interesting and rewarding, yet tough. Not many people are able to explore beyond microcontrollers like Arduino. In this talk, I'll share quick insights on taking your skills to the next level by building a hacky-yet-sturdy robotic arm, the SO-101, and interfacing it with open-source models to automate tasks. We'll explore how to work with Physical Intelligence's open-source model, OpenPi, and integrate it with your robot. We'll also briefly cover Rerun and how you can simulate the robotic arm yourself before buying parts or 3D printing a new one.

Universities play a critical role in shaping the future of open source — not only by teaching software development, but by contributing research, mentoring students, and collaborating globally. This panel brings together academic leaders from universities around the world to discuss how open source enables cross-border collaboration, practical learning, and long-term community impact.

Topics to explore

• Integrating open source into university curricula

• Research labs and long-term OSS stewardship

• Student participation in real-world projects

• International collaboration between universities

• Challenges and incentives in academic open source

Let's be honest, database performance often feels like dark magic. One day your queries fly, the next they crawl, and you're left wondering what changed. The common pieces of advice are usually "tune your queries", "tune the parameters", but what does that really mean? This talk strips away the mystery of high-performance database tuning, focusing on practical, open-source techniques applicable to PostgreSQL, MySQL, and their variants.

We’ll explore how the core concepts of indexing, memory management, and I/O interact to determine your system’s throughput. We will demystify common optimization myths and show how effective scaling is about understanding the database engine's relationship with the underlying operating system and hardware. This isn't just theory: we'll dive into real-world tuning parameters (like shared_buffers, innodb_buffer_pool_size, and kernel settings) and provide clear, actionable rules for when software tuning hits its limit and when you must invest in faster hardware, and critically, which hardware matters most (spoiler: it's not always the CPU or Memory).

If you want to move beyond guessing and start scaling with precision, this session will give you the practical knowledge to do it. No vendor promises, no marketing fluff, just the stuff that actually moves the needle when your users are waiting!

Historical and archaeological research often involves navigating vast, fragmented, and complex data landscapes. In this talk, we explore how knowledge graphs, powered by Neo4j, can bring structure and insight to these data-rich domains. By modeling relationships across time, geography, artifacts, and historical figures, researchers can uncover hidden connections and validate hypotheses with greater confidence.

The session demonstrates how integrating Neo4j with Generative AI (GenAI) enables natural language interfaces and contextual reasoning, making it easier for domain experts to query and interact with historical datasets. Additionally, we’ll introduce the use of OpenAI Agents SDK to orchestrate semantic enrichment and maintain data integrity across diverse sources.

Whether you’re a technologist, data scientist, or humanities scholar, this session will show how graph technology and AI can collaboratively illuminate the past and drive discoveries.

Security is often viewed as expensive, a luxury only large companies with significant budgets can afford. This session challenges that assumption and demonstrates how to build effective security capabilities using free and open-source tools.

We'll discuss how to implement essential security functions including telemetry collection, log centralization, data analysis, threat detection, and vulnerability scanning. You'll learn practical approaches to building these capabilities without burning a hole in your budget sheet, and how to prioritize them based on your organization's needs.

Whether you're working with a shoestring budget or building security from scratch, we want to show you that security isn't a luxury - it's achievable for everyone.

Why do we clutter simple devices with clumsy buttons or expensive screens just for a one-time setup?

Many commercial IoT devices force users to type Wi-Fi passwords on tiny touchscreens or navigate menus with awkward buttons—features that are rarely used after the initial setup. This not only increases hardware costs but also harms the user experience.

In this workshop, we present "Tac Photo," a minimalist photo frame built with FreeRTOS on ESP32. We demonstrate how to offload complex configurations to the user's smartphone via NFC, allowing the device hardware to remain "Calm" and focused only on daily interactions.

Participants will explore:

1. Redefining Hardware UX: Eliminating the need for dedicated setup buttons or touchscreens. We show how to use NFC to bridge the gap between complex input requirements (like passwords) and simple hardware interfaces.

2. Sustainable Architecture: Why switching from GPOS to RTOS is crucial for long-term stability and security. We discuss implementing essential connectivity without the overhead of a bloated OS.

3. Demo: A live demonstration of the "Touch-and-Config" experience, proving that a device without a screen or buttons can offer a superior, seamless user experience.
   

This project is built entirely on open source tools (ESP-IDF, mbedTLS) and serves as an open reference design for secure IoT. We will share the firmware and hardware schematics to empower the Maker community.

Join us to rediscover the value of efficient, secure, and truly "Calm" hardware design.

Suricata is a world class Intrusion Detection and Prevention System known for its rich logging and super fast speed. Suricata is a FOSS project funded by the Open Information Security Foundation.
Suricata was founded in 2007 by Victor Julien and is going strong till date with the help of a small developer team and a worldwide community and consortium members.

This talk shall comprise of a small presentation about what Suricata is and what are the different ways it can be used followed by exercises on how one can run their own Suricata instance as an IDS, configure it and run it over their own network.

The talk layout would roughly be:

0. Introduction to the speaker [1 min]
1. Introduction to Suricata [2 mins]
2. What all Suricata can do [2 mins]
3. Modes that Suricata can operate under [1 mins]
4. Where to place Suricata within your network [1 min]
5. A demo of hands-on exercises using Suricata as an IDS [5 mins]
- [Exercise 1] Run Suricata with a given set of FOSS rules
- [Exercise 2] Write your own rule to get an alert
- [Exercise 3] Modify an existing rule to match the output expected
6. Q&A [3 mins]

"Vibe Coding" was named Collins Dictionary's Word of the Year 2025 — but how do you actually teach it to everyone?

This talk introduces Vibe Vibe (vibevibe.cn), the world's first systematic, open-source tutorial on AI-assisted development, built with Datawhale (#31 on GitHub, 264K+ stars) and supported by WAVE (World AI Vision & Empowerment Association), a global nonprofit dedicated to closing the AI access gap.

The curriculum spans four modules — from a zero-experience Basic track to a production-grade Advanced track — with one core philosophy: teach judgment first, tools second. I'll share the pedagogy behind Vibe Vibe's "vocabulary before syntax" approach, a breaking case study of a student who vibe-coded a project in 10 days and secured ¥30M in investment, and what Karpathy's evolution from "Vibe Coding" to "Agentic Engineering" means for AI education. Attendees will leave with practical frameworks for adopting AI-assisted development in their own learning or teaching.

The growth of specialized databases (like vector, graph, and time-series systems) is great for innovation. However, relying on proprietary managed services for each one creates problems: high costs, complex compliance, and massive vendor lock-in.

This session offers a powerful, 15-minute plan for open-source self-sufficiency. We will introduce OpenEverest, an open-source platform that uses Kubernetes and its Custom Resource Definitions (CRDs) to replace those fragmented managed services. We will clearly show how our flexible, open-source architecture lets teams run any database engine they need—from PostgreSQL to specialized NoSQL—all managed from one unified control center.

Attendees will get practical steps on how this method stops cloud vendor dependence, helps keep data secure and sovereign, and lets platform teams use the full, flexible power of the open-source data world.

LED Badge Magic and Magic ePaper are open source hardware and software projects that combine programmable devices, embedded firmware, and cross-platform applications built with Flutter. In this session, Padmal introduces both projects, their technical architecture, and how contributors can work across hardware, firmware, and application layers to build real-world, user-facing open source systems. The talk highlights opportunities for developers to get involved through Google Summer of Code (GSoC), including example project ideas, mentorship areas, and how to get started contributing. Participants will gain an overview of how open hardware ecosystems are built in practice and how to turn hands-on contributions into meaningful open source experience through GSoC.

This session presents an open source framework for securely running GPU workloads inside trusted execution environments, providing strong privacy and isolation guarantees. It outlines the key design ideas and introduces the released scripts and tooling that enable others to deploy and verify privacy-preserving GPU compute in their own environments.

AI agents have conquered software development—writing code, debugging, and deploying autonomously. Yet we remain trapped in manual workflows for our personal digital lives: juggling scattered tasks across multiple apps, manually scheduling meetings, and managing fragmented calendars. This talk bridges that gap.

"From Vibe Coding to Life Automation" explores the journey from AI-assisted development to full-stack personal automation. The presentation introduces vibe coding a terminal-first philosophy emphasizing flow state, minimal context switching, and natural language interfaces—and demonstrates how this same pattern can automate life management.

The speaker shares his complete 6-month experimentation with AI coding tools (OpenCode, Claude Code, Kimi CLI, Copilot CLI), a real-world case study of leading the Eventyay Mobile project using SDD/TDD with AI agents, and the architecture of extensible agent skills via Oh My OpenCode.

The centerpiece is OpenClaw, a self-hosted personal AI assistant that integrates with messaging platforms (Telegram, WhatsApp, Slack) to automate Google Workspace, Azure DevOps, and GitHub through natural language. Live demonstrations show three real automations in production: migrating 511 tasks to a GTD system in 3 minutes, zero-touch calendar scheduling, and fully automated backups.

Key takeaway: If AI can run your code, it can run your life—self-hosted, with your data, on your terms.

This talk introduces PSLab (Pocket Science Lab), an open source hardware and software platform for science education and experimentation. Marc will give a brief overview of the project, its current roadmap, and how contributors can get involved. The session will also highlight potential Google Summer of Code (GSoC) project ideas related to PSLab, outlining opportunities for contributors who want to collaborate on impactful open source work.

Apache Spark often feels like a black box to beginners because it does not execute code line by line like traditional Python or Pandas programs. This talk introduces a practical mental model to understand how Spark decides what to run and when execution actually happens. It explains lazy evaluation, the role of transformations and actions, and how Spark builds logical and physical execution plans that form a DAG.

The session also demonstrates how developers can take a peek into Spark’s execution plan and reason about performance issues. Aimed at PySpark beginners, this talk focuses on understanding Spark’s execution behaviour without diving deep into complex internals, helping developers write more predictable and efficient data pipelines.

True Digital Park brings together startups, innovation programs, corporate partners, and developer communities in a shared ecosystem designed to support early-stage growth and collaboration. In this session, we will introduce the startup ecosystem at True Digital Park, highlight the types of startups and initiatives based there, and share how founders and builders can access resources such as incubation programs, mentoring, pilot opportunities, and community events. Attendees will leave with a clearer picture of how to engage with Bangkok’s startup ecosystem and where open-source and developer-driven innovation fits into this landscape.

We trust ISP provided routers with our entire digital life, yet they are often insecure black boxes running outdated software. In this session, I will demonstrate how to take control of a locked-down consumer router, expose its security flaws, and repurpose it into a powerful network defense tool.

This 15-minute deep dive focuses on two practical hacks:

1. The Security Lesson: I will walk through the forensic process of walking through the router's stock firmware and analyzing the binary structure. We will pinpoint exactly how I uncovered hard coded backdoor credentials in the file system and gained root access—a critical lesson in embedded security.
2. The Practical Upgrade: With root access secured, I will demonstrate how to transform the device into a network wide ad blocker.

In today’s world of fast-growing systems, backend developers and SRE teams often struggle with noisy alerts, manual incident handling, and the complexity of maintaining reliable services. In this beginner-friendly lightning talk, I will share what I learnt as a backend engineer working inside an SRE organization, and how observability plays a critical role in keeping systems healthy.

We’ll break down core concepts like logs, metrics, traces, SLIs, and SLOs in simple terms, and explore how incidents flow through real monitoring systems. I will also give an overview of a practical event-handling workflow showing how automated rules and actions can reduce alert fatigue and improve reliability without deep SRE expertise.

This session is designed for students and early-career developers who feel overwhelmed by observability and DevOps jargon. By the end, you’ll clearly understand how observability supports backend development, how incidents are managed in production environments, and how you can start experimenting with your own automation and monitoring workflows using open-source tools.

Developers often know exactly what they want to accomplish, yet still spend time translating intent into the right API calls, portal navigation, or query syntax. The Model Context Protocol, MCP, is designed to close that gap. It gives AI agents a consistent way to work with the tools and systems developers rely on, so natural language can become a direct driver of real actions.

This session takes a practical look at how MCP fits into modern engineering environments and how it can reduce friction in everyday workflows. We will explore how conversational requests can automate repeated tasks, shorten the path from question to answer, and keep developers focused on problem solving instead of plumbing.

As part of the talk, I will share my experience building an MCP server for Azure Cosmos DB, and demonstrate how it connects seamlessly with Microsoft Foundry to execute real operations from simple prompts. I will also showcase how these capabilities can be surfaced through an Angular application using an Angular Agent Kit, bringing MCP-powered interactions directly into user-facing experiences.

If you are curious about how AI can make development smoother rather than more complicated, this session offers a grounded look at what MCP delivers today and why it matters.

Learn about Monero and privacy cryptocurrencies in an easy and accessible way

Notebooks are a powerful way to explore your data. You can tune parameters, branch analysis and generate visualizations all in one place. However, they are often discarded for production. This talks intends to show you a possible solution to this problem: reactive notebooks; specifically marimo, an open-source reactive Python notebook.

We will explore how reactive notebooks support rapid creation of data apps, bidirectional visualizations, and executable scripts, featuring DuckDB.

Digital identity management in amateur radio is fragmented and manual, requiring operators to use redundant credentials and insecurely verify their licenses (e.g., via email) across services like remote control and digital voice gateways. This fragmentation impedes security, regulatory compliance, and application development.

This talk introduces CallSignConnect, a Minimum Viable Federation framework for secure call sign assertion. CallsSignConnect defines an open OAuth 2.0 / OpenID Connect Profile specifically for amateur radio, providing essential claims like callsign and a multi-dimensional assurance vector (IAL, FAL, AAL) aligned with NIST SP 800-63 / ITU-T X.1254.

The core innovation is its federated model, which utilises ENUM-style DNS delegation (e.g., w.a.1.w.callsign.online) to locate an individual's self-hosted or club-hosted Identity Provider. This federated design minimises reliance on a single central authority and maximises resilience. The talk will address the open-source reference implementation, client libraries, and a strategy for bootstrapping trust by piggybacking on the existing enrolment processes of networks like EchoLink. CallSignConnect offers a path to modern, secure, and standards-based authentication for the global amateur radio service.

Ethereum is a decentralized FOSS protocol, its research and development is done all in open across dozens of teams, hundreds of developers and a vast community of users. This talk dives into how we are able to coordinate large scale efforts and deliver upgrades to the whole network with zero downtime. Learn about our experience and interesting computer science challenges we are solving to push the technology forward.

The industry has rapidly shifted from AI chatbots to AI agents as the next evolutionary step. The emergence of two key standards—Agent2Agent (A2A) patterns and the Model Context Protocol (MCP)—provides the foundation for securely and easily bridging multiple agents together. More recently, Agent Payments Protocol (AP2) was also introduced to secure payments with AI agents.

Let's examine these protocols together, and see some of them in practice in a quick demo.

TBC

Modern data platforms face growing challenges, including siloed systems, rising warehouse costs, lakehouse complexity, and the need for sub-second analytics at scale. In this talk, we discuss how open-source Presto offers a unified, high-performance solution to these practical problems.

The session covers four useful features that make Presto a key part of modern data engineering:

• Federated querying across databases, object stores, and streaming systems without moving data.
• Lakehouse-ready performance, with support for table formats like Iceberg, Hudi, and Delta.
• Cost-efficient analytical acceleration that reduces the need for costly proprietary warehouses.
• Proven tuning methods that lead to significant improvements in concurrency, latency, and resource efficiency.

At FOSSAsia 2021 I spoke about the critical need for robust security in open-source applications, laying the foundation for community-wide awareness of secure development practices. At FOSSAsia 2025 I advanced that conversation with a deep dive into identity and authorization for cloud-native open-source projects, focusing on password-less authentication, fine-grained authorization, and practical demos with Keycloak.

Now, in 2026, the landscape has shifted again. The rise of AI agents and model-driven workflows has introduced new identity surfaces, authorization challenges, and privacy risks. This talk extends the IAM conversation into the age of autonomous agents and the Model Context Protocol (MCP). We will examine how agents and models acting on behalf of users, organizations, or other agents complicate traditional notions of identity, trust, and authorization, and we will map those risks to operational control plane patterns.

Key themes include:

• Agent identity and trust: how do we authenticate and authorize autonomous agents, and what does "Who are you?" mean when the actor is non-human?
• The death of the static API key: why long-lived secrets are a fatal threat to agentic workflows and how to phase them out.
• Keycloak in action (demo): a consolidated, hands-on demonstration using Keycloak, a CNCF incubating project, to implement agent-focused IAM patterns, including:
• issuing just-in-time, least-privilege tokens via token exchange (RFC 8693) to minimize blast radius;
• enforcing context-aware policies (attribute-based and time-based) to limit agent actions by runtime context;
• binding tokens to agent cryptographic keys using proof-of-possession (DPoP) to mitigate token theft and replay.
• Protocol extensions and standards: applying and adapting OAuth 2.0, OpenID Connect, etc. to agent-to-agent and MCP interactions.
• Threat modeling for AI agents and MCPs: prompt injection, agent impersonation, supply-chain and model poisoning, and practical mitigations.
• Privacy and compliance: ensuring agent-driven workflows respect GDPR, data minimization, and privacy-preserving techniques.

By combining IAM best practices, MCP security patterns, and an open-source demo, this session will give developers and security engineers a practical, standards-based playbook for building trustworthy, least-privilege, and privacy-preserving systems in the era of AI agents.

Every transaction on a public blockchain is a data point. Stack enough of them together, and someone — a corporation, a state actor, a data broker — ends up knowing more about your financial life than you do. The stablecoin market, now measured in the trillions, sits wide open for harvesting. This is the Cambridge Analytica moment for crypto, and most of the industry isn't ready.

But what does a solution even look like? Privacy coins are siloed. Mixers are blunt instruments. ZK rollups lock you into a single chain. And compliance requirements make most privacy tools a non-starter for real financial applications.

In this talk, we'll explore what it takes to build a multi-chain distributed privacy system that works across Ethereum and beyond — one where compliance and confidentiality aren't at odds. We'll dig into the architectural tradeoffs, the role of ZK composability, and what it means to deliver sub-second proof generation on a mobile device without giving up self-custody.

Discover how YDB leverages the Model Context Protocol (MCP) to bridge AI models with database systems. This session delves into the development of a Python-based MCP server that enables seamless interactions between large language models and YDB’s open-source Distributed SQL DBMS. Learn about the design decisions, challenges faced, and the practical benefits of integrating MCP into data architecture.

In the relentless world of on-call rotations, SREs and DevOps teams drown in alert storms, scattered logs, and rigid runbooks that lag behind fast-evolving systems. This talk reveals how large language models (LLMs) become tireless SRE sidekicks, ingesting telemetry from tools like Prometheus, Loki, or OpenTelemetry to distill noisy alerts into precise, context-aware insights and remediation steps. Attendees will walk through hands-on integrations: wiring LLMs into ChatOps platforms (Slack, Discord, or Mattermost) for real-time triage; converting static Markdown runbooks into dynamic, queryable copilots that suggest fixes with confidence scores; and deploying agentic workflows for auto-diagnosis using RAG patterns over incident histories.

Key Takeaways:

• Practical LLM Integrations: Code snippets for LangChain or LlamaIndex to parse alerts and generate SLO-aligned responses.

• Guardrails for Safety: Techniques like prompt engineering, human-in-the-loop approvals, and output validation to prevent hallucinated fixes.

• ChatOps Patterns: Building slash commands for "/triage P1 alert" or "/runbook pod-crash" that query your GitOps repo and observability stack.

• Auto-Diagnosis Demos: Live examples reducing MTTR from hours to minutes via vector search over past incidents and auto-generated AARs.

• Tooling Stack: Open-source picks like OpenLLM, Haystack, or vLLM for self-hosted inference, plus ArgoCD/GitOps for deployment safety.

• Metrics That Matter: Real benchmarks on toil reduction (aim for 50%+), alert fatigue drop, and on-call satisfaction scores.

Ideal For: SREs, DevOps engineers, and platform teams ready to leverage AI for proactive ops in Kubernetes, cloud-native, or hybrid environments. No PhD required, just bring your API keys and a love for less pager duty.

Modern analytics systems increasingly face the challenge of balancing real-time performance with cost efficiency at scale. Project Antalya is Altinity’s open-source extension to ClickHouse that addresses this trade-off by integrating shared Iceberg storage and cleanly separating compute from storage.

In today's world security is of utmost importance. Zero Trust Architecture (ZTA) and post-quantum cryptography (PQC) are the natural next steps to address future threats. In this presentation I will explain why implementing ZTA and PQC is important, discuss the implementation challenges, and show how FreeIPA is addressing them.

ZTA is a security framework based on the principle that no user, device, or system should be trusted by default, regardless of its location inside or outside the organisation's network perimeter.

PQC refers to a set of cryptographic algorithms designed to be secure against attacks from both classical and quantum computers. The primary goal of PQC is to develop systems that can withstand the threat posed by large-scale quantum computers, which could potentially break widely used public-key cryptosystems like RSA.

FreeIPA is an Open Source identity management system providing the centralised authentication and authorisation mechanisms and account storage necessary to manage the security aspects of a network of computers, with a rich set of features on top. This presentation will explain how ZTA and PQC are being implemented in FreeIPA, to enable organisations to meet their security and compliance objectives.

This meta session brings together all Lightning Talks into a fast paced, high energy format that highlights ideas in their rawest and most experimental form. In short five minute slots, speakers present a single concept, insight, prototype, or open question that matters now. The goal is not polished perfection, but speed, clarity, and inspiration.

Lightning Talks are the entry point for new contributors, first time speakers, and seasoned experts alike to test ideas, share early results, or spark collaboration. This session acts as a catalyst for hallway discussions, follow up sessions, and concrete contributions across the FOSSASIA community.

Attendees will experience a dense stream of perspectives across open source software, hardware, AI, web, data, and community building. Expect practical takeaways, unexpected connections, and plenty of starting points for deeper conversations throughout the summit.

Imagine telling your system, “Simulate a pod failure on the payments service,” or asking, “What chaos experiments have we run on service X in the last 30 days?” In this talk, we explore how natural language interfaces powered by AI and the Model Context Protocol (MCP) are reshaping the way we design, execute, and analyze chaos experiments using the open-source LitmusChaos project. The audience will be introduced to a more intuitive experience, one where you no longer need to write YAML or memorize CRDs to validate resilience.

This session isn’t just about technology, it’s about accessibility. By replacing YAML and dashboards with human language, we’re lowering the barrier to entry for chaos engineering. Resilience testing becomes accessible to QA, product, and on-call teams, not just platform experts. Whether or not you’re currently using Litmus, this talk will provide a roadmap for building your own chaos copilot using open standards and open-source tooling, and a glimpse into a future where resilience is everyone’s responsibility.

Learn how you can use SQL to quickly visualize and build data dashboards with Shaper, an open source tool built on top of DuckDB.
We will:

• build an interactive dashboard that queries live data across multiple data sources including Postgres, S3, and Google Sheets,
• see how to combine building dashboards in SQL with your favorite code editor and AI agent,
• and understand how DuckDB powers Shaper.

Edge AI is growing fast. Small devices now run small models that make real decisions in homes, factories, and cities. But these models face the same threats as large AI systems while running with far less compute, memory, and security tooling. This talk introduces a practical security playbook for protecting AI workloads on resource-constrained edge devices.

We will explore common attack paths like model extraction, input probing, data poisoning, adversarial triggers, and runtime manipulation. Then we look at how open-source tools can defend these devices without slowing them down. The talk covers lightweight model integrity checks, telemetry using eBPF-style tracing, secure update pipelines, sandboxing patterns, and methods for detecting unusual inference patterns on tiny models.

The goal is to show how developers can secure edge-AI systems with fast, transparent, and community-friendly techniques. The session ends with a working demo of a minimal edge AI security setup: a small model on a low-power board, traced and protected using open tooling.

This session explores how Grafana is building interactive, in-product learning experiences to help users get up to speed faster. It covers how these learning flows are designed, how open source plays a role in their development, and what it takes to make onboarding and education engaging rather than painful.

Headless CMS adoption is hampered by one critical flaw: a poor editor experience that fails organizations with complex design systems and large content teams.

Drawing on years of experience with enterprise systems, Pretagov has developed an innovative, open-source visual editor designed to solve this usability crisis. This project enables a true WYSIWYG (What You See Is What You Get) experience—including drag-and-drop and in-line typing—directly on the rendered frontend.

We will demonstrate how this solution achieves maximum editor intuition with minimum developer cost:

• Technology Agnostic: It works with any frontend framework (React, Vue, etc.), requiring developers only to add a few non-intrusive HTML tags to existing components.

• The Power of FOSS: Initial focus targets deep integration with Plone and Wagtail, providing a superior editorial solution for these robust FOSS CMS platforms.

• Production UX: Delivers the intuitive system required by large editor teams, drastically improving content velocity without forcing costly component rewrites.

Join us to see how this open-source editor finally eliminates the usability trade-off inherent in headless architecture.

Governments around the world are looking for better ways to involve citizens in decision-making. Consul Democracy is an open-source platform that enables participatory processes such as consultations, participatory budgeting, and collaborative policy development.
In this lightning talk we will briefly share how open-source technology can strengthen transparency, trust, and civic participation. We will highlight lessons from real implementations and why building an international developer and civic tech community is essential for the future of digital democracy.

Learn how to build and deploy a fully self-hosted AI copilot using 100% open source models and tools. In this fast-paced, hands-on session, we will go from zero to a working AI assistant that can securely answer questions about financial or operational data—without sending any information to external providers.

We will containerize an open source LLM, connect it to a small dataset (GL/Invoices), and expose a simple API. Attendees will leave with a reproducible reference implementation, a public GitHub repo, and practical patterns for running open source AI in production-like environments.

No finance background is required—the focus is on practical engineering, open source tooling, and clear takeaways developers can apply immediately.

This presentation will explore the evolution of YDB, a distributed database, as it developed vector search capabilities.
We'll discuss our journey from implementing a basic exact search to creating a global index system, designed to scale seamlessly across thousands of nodes and efficiently store and manage billions of vectors.

What happens when AI doesn’t just help us code - but makes decisions at runtime? Vibe Engineers is a playful, open-source exploration of embedding LLM decisions directly into live system behavior - shaping retry choices, branching paths, and even on-the-fly function outputs.

This talk shares our experiments building a small toolkit that invites AI into the runtime layer and watches what unfolds. If you’ve ever wondered what happens when you stop telling an AI exactly what to do, this session is for you.

This talk presents real-world projects that combine open-source AI, biosensors, and creative coding to explore how humans build meaning and belonging through technology. Created by Taechasith “Tàe” Kangkhuntod at CreativeLabTH Group, these works use EEG headsets, generative algorithms, and digital fabrication to translate meditation, chant, and emotional states into interactive artifacts. The session begins with From Brainwaves to Blessings, where participants listen to Thai Buddhist chants while their brain signals are captured using open EEG tools. These signals are processed through open-source pipelines to generate 3D-printed bracelets and digital mandalas—objects designed to support everyday mindfulness. The project demonstrates how transparent AI workflows can transform abstract inner states into tangible, personal outputs.

The talk then explores Spirits of You and Ganga, an eco-conscious reinterpretation of the Loy Krathong ritual. Instead of physical offerings that pollute rivers, participants interact with an AI-based ritual interface that receives prayers digitally while biosensors reflect emotional feedback. Built with open frameworks, the project shows how cultural traditions can evolve without losing their core meaning. Additional examples—including AI Mandala, Harmony of Mindscapes, and Entangle อารมณ์—highlight how open-source VR, real-time data visualization, and signal processing can be used to study collective emotion and human–machine interaction. Throughout the session, practical insights are shared on using open tools for EEG processing, generative visuals, and ethical data handling.

The talk argues that open-source AI is not only a technical choice but a philosophical one. When algorithms are transparent, people can reflect on how meaning is constructed—by machines and by themselves. Decoding AI, in this sense, becomes a way of decoding attention, culture, and the human need to belong.

For centuries, education has faced an impossible trilemma: quality, scale, and personalization. We force diverse minds into standardized curriculums simply because true 1-on-1 mentorship has never been scalable—until now. In this lightning talk, 16-year-old developer and student Kannan Murugapandian explores how Open Source AI is shattering this barrier.

Moving beyond simple chatbots, we will examine how fine-tuned LLMs can act as Socratic tutors rather than just answer engines, adapting to a student's unique pace and curiosity in real-time. Drawing from the development of DonumAI, this session paints an optimistic future where AI doesn't replace teachers, but empowers them to offer "Oxbridge-style" tutorial attention to every student in the classroom. Join us to see how open technology is turning the dream of equitable, personalized education into a deployable reality.

Dive deep into the world of internet privacy and security with Roger Dingledine, co-founder and original developer of the Tor Project, in this enlightening "Ask Me Anything" session. Known for his pioneering work on anonymizing services to protect personal freedom and privacy online, Roger offers a rare opportunity to ask about the challenges, achievements, and future directions of Tor. Whether you're curious about the technical underpinnings of Tor, its implications for global internet usage, or how it continues to combat censorship, this session is your chance to get answers directly from a leading expert in the field. Join us to explore the intricate balance between privacy, security, and technology in today's interconnected world.

PostgreSQL is the world's most advanced open-source database, but scaling it for massive concurrent workloads poses significant challenges. In this session, we introduce PolarDB, a cloud-native relational database compatible with PostgreSQL. We will explore its unique architecture, which features the separation of compute and storage, allowing for minute-level elasticity and massive storage scalability. Attendees will learn how this shared-storage architecture eliminates data duplication, reduces replication lag, and enables Hybrid Transactional/Analytical Processing (HTAP) to handle high-concurrency scenarios efficiently.

Data science notebooks often represent a "perfect analysis”. But the problem lies in turning them into actual working services in production environments.

In this proposed workshop session, these are lessons learned working as an ML Engineer/ Data Scientist at Air Arabia, bridging data science work that looks perfect in notebooks with how those ML systems need to be optimized to be in production.

Using a problem in Formula 1 as an example participants will see,

• How refactoring of a Jupyter notebook into a production-ready Python service happens using best practices,
• Deploy it as a scheduled job or inference API (FastAPI vs Cron),
• Observability to catch failures. (Grafana, logging)
• Post-deployment maintenance

Databases are evolving into autonomous systems powered by AI. This session explores the current state of self-driving databases, including AI-driven optimization, automation, and operational intelligence. We’ll look at what is real today, what is still hype, and how this impacts modern database management.

The world is obsessed with building bigger AI models in a world where the internet drops without warning for billions in rural parts of the world. In rural and low-connectivity regions, cloud-based AI struggles because of internet connectivity. The global AI race has a blind spot: we’re designing intelligence for environments that most of the world doesn’t have access to. But research like the TinyStories paper has already proven that small, well-trained models can reason, generate language, and teach without massive compute. This talk makes the case for an offline-first AI future powered by Small Language Models (SLMs). We’ll explore how SLMs run locally on low-end hardware, why they're a realistic path to global AI access, and how developers can build lightweight, practical systems that thrive where Big AI fails.

Join the official FOSSASIA Social Event, an evening dedicated to cultural exchange, community connection, and networking with speakers, partners, and participants from around the world.

The event takes place at the conference venue, True Digital Park

A dedicated Social Event ticket is required to attend. Registration is required in advance.

Location: YELLOW Room

For those who would like to continue the evening after the Social Event, join us for a late-night gathering at Yellow Room. This informal meetup is a chance to relax, grab a drink, and continue conversations with fellow participants in a casual setting.

Most data scientists work in jupyter notebooks, but the code have to be heavily refactored and optimized before it's ready for production. This is because research coding style is different than production coding style, and that data scientists might not be aware of proper software engineering practices, which lead to inefficient code.

There are a lot of gotchas to keep in mind when porting code written in jupyter notebooks to production-grade python project, we are going to discuss how to make it less painful for everyone involved.

Case in point: I tell data folks import the production project into notebooks, they can modify the code in vscode/etc and run interactively in the notebook, because if you manually copy the code over to notebook for debugging/dev, you might forgot to update all changes back to the python project. Data scientists: just copying the code over what can go wrong?

Learn how to contribute to Apache Airflow in just 25 minutes. This hands-on workshop guides you through setting up the development environment, making a small change, running tests, and submitting your first pull request. Just bring your laptop and curiosity—let's get your first contribution shipped!

AI is making software hyperpersonalized. As “vibe-coded” tools and AI agents proliferate, they ingest our conversations, health data, company knowledge, and daily decisions. Yet almost all of this deeply personal software runs on centralized infrastructure owned by someone else. We are building the most customized software in history on systems that users neither understand nor control, quietly normalizing a future where autonomy is traded for convenience by default.

This talk makes a blunt claim: in the AI era, open source without owned execution is no longer enough. Privacy, agency, and freedom now depend on where software runs, not just how it is licensed. By combining local-first AI models, self-hosted infrastructure, and radically simplified user experience, we can make running your own compute as accessible as installing an app—without being a sysadmin. The next wave of open software will not win by ideology alone, but by giving people back control of their data, their programs, and the machines that think on their behalf.

TBC

PostgreSQL is over 30 years old, older than most programming languages, databases, and even many of the companies that now depend on it. Yet it continues to evolve, remain relevant, and quietly power some of the most demanding systems in the world. That kind of longevity isn’t accidental.

This talk looks at PostgreSQL as a long lived software system and asks a simple question. Why did this one survive? We’ll unpack a few core lessons drawn from PostgreSQL’s history, its conservative core with relentless incremental improvement, its obsession with correctness over convenience, and its extension first philosophy that allowed innovation without destabilising the foundation.

Today’s AI frameworks excel at building prototypes. But when autonomous agents need to run continuously in production, developers are left on their own.

This talk takes a first-principles approach to agentic systems. Instead of chasing frameworks that will be obsolete tomorrow, we focus on the enduring patterns and principles that outlast any particular implementation.

You’ll walk away with a systems engineering mindset for agentic applications—one that helps you move from fragile prototypes to reliable, scalable, and long-lived production systems.

Before 1990s, people must know how machine work to program computer; variable offset in memory layout, memory address and its relationship with function call, even simple thing like "string" seemed complicated.

Next, in 1990s, Python originated and change how we program computer. Now, people outside of CS field can program computer such fast. Python abstract away complexity to handle computer such as dynamic type, loop with less detail, no entrypoint of program (main()). Python make it more "implicit".

However, now industry is shifting back to "explicit" in programming, people blame "Python is slow". Make python fast is silver goal for world-leading cooperation; Arm has runtime team dedicated to Python. The funny thing is; the more we try to make Python fast, the more we are getting back to machine level.

What is going to happen next? This talk will walk us through past, present, and potential future of Python. It will be explained in plaint language by dummies for normal people.

The PostgreSQL community is vast, vibrant, and a major force in the tech world. This talk will explore a brief history of PostgreSQL community and the countless ways people contribute to its success.

In many teams, code is spread across multiple repositories, and each repo contains only a fragment of the overall context. This makes it hard for AI assistants to understand a system end to end. Monorepos centralize code and signals, but once a monorepo grows large, the key challenge becomes how to represent and access that knowledge efficiently so AI can use it.

In this talk, Qun Lin will share a practical approach to make AI truly monorepo aware by building a monorepo indexing layer and connecting it to the model through MCP and composable skills. We will look at what to index in a large monorepo, how to organize information at the package and workspace level, and how to expose these capabilities as tools that AI can call. The goal is to let AI navigate the codebase with stronger context, answer questions more accurately, and generate changes that fit the monorepo structure.

What if your cloud app shipped as one database file and still scaled globally? This talk shows how to build a modern OSS stack with SQLite at the core, WebAssembly on the client, and CRDT-based synchronization for offline-first collaboration, then deploy across edge nodes with simple, observable ops. We’ll stitch together open tools as with SQLite and WASM runtimes, CRDT frameworks, and lightweight replication layers to replace heavy microservices with a fast, portable, testable artifact you can run anywhere. The result is fewer moving parts, instant local dev, painless rollbacks, and excellent performance at the edge.

The talk will explain how FOSS principles shape the project in practice, from software selection and contribution strategies to governance and
long-term sustainability. It will also explore the role of interoperability and federated infrastructure, and why these aspects are essential when building communication systems for a federal and highly regulated public sector environment.

Real-world experiences, architectural decisions, and lessons learned from the project will be shared, with an honest look at what works well and where challenges remain.

PostgreSQL’s system catalogs are at the heart of how the database organizes and manages information.
Far more than just metadata tables, these catalogs store essential details about databases, schemas, tables, indexes, functions, roles, and almost every object inside Postgres.
A solid understanding of catalogs not only helps developers and DBAs write powerful queries for introspection but also provides deeper insights into how Postgres operates internally.In this session, we will explore the structure and purpose of key catalogs, demonstrate practical queries to retrieve metadata, and highlight how catalogs differ from views like information_schema.
Attendees will learn how to use system catalogs for tasks such as schema discovery, dependency tracking, and debugging.
By the end of the talk, you’ll be equipped with the knowledge to confidently navigate PostgreSQL’s catalogs and leverage them to make your day-to-day work with Postgres more efficient and transparent.

Platform engineering is the hottest trend in infrastructure, but most teams struggle with the same question: how do you actually build an Internal Developer Platform? An IDP isn't a single tool—it's an architecture with multiple components working together.
The challenge: you need a developer portal for self-service, a provisioning engine for infrastructure, and orchestration to tie them together. Most teams either buy expensive proprietary platforms or get stuck building brittle custom integrations that never reach production.
This talk presents a complete, production-ready IDP reference architecture built entirely with open-source CNCF projects. We'll break down the three core components: Backstage as the developer portal (the "what developers see"), k0rdent as the provisioning API (the "control plane"), and Cluster API as the infrastructure engine (the "what actually creates clusters").
You'll see the full cycle: how developers request clusters through Backstage templates, how those requests flow to k0rdent's API, how k0rdent translates them into CAPI resources, and how CAPI provisions across AWS, Azure, or on-prem. We'll cover the hard parts: API contracts between components, handling async provisioning in a UI, RBAC for multi-tenant self-service, and graceful failure handling.

Core Hackathon Question

How can safety for young users be embedded into digital systems by design, while maintaining strong security and responsible data practices?

Participants will be challenged to prototype architectural approaches that integrate safety directly into platform design rather than relying on intrusive monitoring or excessive data collection.

• How can harmful behavior patterns be identified without intrusive data collection or content surveillance?
• How can privacy aware parental guidance mechanisms be designed without centralized tracking?
• How can user experience design reduce risk for young users while preserving usability and autonomy?
• How can decentralized or consent based reporting mechanisms be implemented securely?
• How can metadata exposure be minimized while still enabling effective safety features?

The hackathon will focus on engineering and system design challenges. It is not intended as a forum for regulatory debate or policy positioning.

All challenge statements will:

• Emphasize privacy by design and secure architecture
• Promote responsible and ethical innovation
• Ensure practical deployability
• Encourage open source compatible solutions
• Avoid adversarial or political framingusers

You have heard great things about Postgres 18, but you just haven't had time to look into it. Sure you want to learn more, sitting through a bunch of slides sounds like a chore. What you really want is to see the features in Postgres 18 in action, so you can figure out what will help make your users (and you!) happier with as little work as possible. I’m Robert Treat, and I’ve put together a whirlwind tour of new features available in Postgres 18. I think I know what will help you get the most bang for the buck, but if I am wrong, we can chose the features that you want to see most. That's right, there are no slides in this presentation, not even an about-me slide; we're going straight into the database to help you learn what options will help you make the best case to get you upgraded.

In the last few years, many countries have started to pursue digital sovereignty, striving to break the dependency on a few large American and Chinese companies. More often than not, open source is a key element of this strategy, as it prevents lock-in and control by foreign actors.

However, the defining feature of open source software is its openness: anyone can use and contribute to it regardless of national borders. So, is there anything like "sovereign open source"? What would this concept actually mean? Are there requirements that should be placed on open source software, in its development and distribution processes, to make it fit for digital sovereignty without fundamentally altering its nature?

The talk will build on the global debate to address these questions.

AI coding assistants are changing how we build software—but our development practices have not caught up. Test-Driven Generation (TDG) introduces a modern evolution of Test-Driven Development built specifically for AI-assisted coding. In this talk, I’ll demonstrate how TDG brings the classic Red-Green-Refactor cycle into the AI era by generating tests first, enforcing structured iteration, and guiding large language models to produce reliable, test-validated code. Using the TDG plugin for Claude Code, I’ll showcase real examples of how test-first AI workflows reduce hallucinations, increase code quality, improve traceability, and align AI output with engineering standards. Participants will leave with clear, practical steps for adopting TDG in their own AI-accelerated development environments.

While local development serves its purpose, it often results in environmental friction across modern software teams. This inconsistency slows down new developer onboarding and impacts the predictability of testing and deployment.

In this session, we will explore Eclipse Che, an open-source platform based on Kubernetes that delivers full-featured, browser-based development experiences. You will learn how cloud development environments can solve common local development challenges, such as environment inconsistencies, dependency conflicts, and limited access, while giving you the flexibility to code from anywhere.

Learn how this platform can improve developer velocity and reduce operational overhead through standardized cloud environments. You will get a clear idea of how to set up projects, work with different tools, and use cloud development environments to streamline development, making it simpler, more consistent, and more accessible.

When AI agents first hit the scene, my team and I were all in. Our code generators would fetch jira ticket details through jira MCP and we’d use testing and automation agents to write test cases and then automate them. We felt incredibly productive. We had dozens of tests and test cases in minutes for every change that arrived on the QA environment.

But that feeling was an illusion.

The cracks started to show quickly. Our test case agent, for all its speed, would write tests that were nonsensical, redundant, or, worse, missed the most critical edge cases that our business logic depended on. We were left with a mountain of brittle, unmaintainable assets and a false sense of security. We realised we weren't a team of expert testers anymore; we were janitors for a machine, cleaning up its mistakes.

Our mistake was that we forgot that AI doesn’t explore. It only guesses the next most probable option. To explain, let me use a story from my own work. When I take my team of 15 out for lunch and ask, “Where should we eat?”

If I always pick the most common choice, it’s chicken tikka biryani every time. That’s low temperature.
If I only take the top 5 answers, I get chicken tikka biryani, pizza, ramen, burgers and pasta. That’s top-k.
If I stop once 90% of opinions are covered, maybe it’s pizza plus biryani. That’s top-p.
This is how Generative AI decides. It creates variation, but it never notices that the our favourite biryani place has closed or that a new pizza restaurant opened. Humans notice. That is why exploratory testing cannot be replaced by AI. Don't believe me? try asking an LLM to create a new unheard Dad joke :)

In this session, I will give audience both a story and a playbook: how to explain AI’s limits when someone tells you to “just use AI for testing,” and how to build a 'Human–AI–Human' workflow that helps embrace AI as a tool for what it is, boilerplate and tedious stuff.

Key takeaways of the session :

• Understand why AI generates variety but not true exploration (temperature, top-k, top-p explained simply with the lunch story).
• Have clear language to push back when managers or teams suggest replacing testers with AI.
• Learn a Human–AI–Human workflow: tester guides input → AI drafts → tester edits and applies judgment.

Kubernetes simplifies container orchestration, yet managing clusters across environments remains complex. ClusterAPI (CAPI) adds challenges with intricate YAML and multi-component integrations.Teams face inconsistent provisioning, high operational overhead, complex upgrades, and security risks.

In this session we will expand Kubernete ClusterAPI by using k0s, k0smotron, sveltos and k0rdent, all open source and Kubernetes-native Distributed Container Management aggregators, to create a "super control plane," which is templated and streamlines lifecycle management, ensuring version compatibility, and enhancing observability.

In this talk, we’ll explore how to:

• Simplify multi-cloud and hybrid Kubernetes operations.
• Reduces CAPI’s complexity with easy-to-use templates.
• Ensure tested, version-pinned integrations across components.
• Provides policy-based add-on management via Sveltos.
• Offer observability for both management and workload clusters.

Modern web applications demand robust end-to-end test coverage, yet maintaining Playwright test suites at scale remains a persistent engineering challenge. Flaky tests, selector drift, and timing issues can consume significant developer time—time better spent on feature development.In this talk, I'll share how we built a fully autonomous test healing pipeline that transforms how our team handles E2E test failures. Our system leverages the Model Context Protocol (MCP) to create an intelligent agent that doesn't just identify failures—it fixes them.What you'll learn:

• The Architecture: How Playwright Test Healer integrates with MCP to provide AI agents with deep test context, browser automation capabilities, and codebase awareness

• CI/CD Integration: Our approach to embedding the healing workflow seamlessly into GitHub Actions, including failure detection, triage, and automated fix generation

• Developer Experience: How we simplified the entire workflow to a single slash command—/fix-playwright-test <test_file>—that triggers autonomous debugging, generates fixes, and commits suggestions directly to your PR

• Real-World Impact: Quantitative results showing reduced mean-time-to-recovery, increased test stability, and reclaimed developer hours

Elixir lang and Phoenix framework have been taking the world by a storm.
A dozen projects in production powered by phoenix framework, from simple websites to complex marketing tech automation. This session aims to go over pros and cons of going all in on Phoenix Framework.

Operating ArgoCD across many clusters and hundreds of applications introduces challenges that aren’t obvious from small demos. This talk shares real-world patterns for scaling ArgoCD using ApplicationSet, GitHub PR workflows, cluster generators, and performance tuning. We’ll cover multi-tenancy design, repository structuring, secrets management, preventing sync storms, and keeping GitOps fast and safe at scale.

The eventyay system requires multiple components being configured correctly and running at the same time. In this workshop we present a method using local docker images for development.

In this talk, we will explore the significant improvements to PostgreSQL's indexing system between versions 13 and 18. The community has focused on three key areas: making indexes faster, reducing their storage overhead, and minimizing maintenance costs. These improvements might seem incremental when viewed individually, but together they create substantial performance gains for production workloads.

BTREE indexes now handle common query patterns more efficiently. BRIN indexes have become more versatile. The query planner has become smarter about using indexes. These planner improvements provide performance benefits without requiring any schema changes. Beyond performance, PostgreSQL now tracks more detailed statistics about index usage patterns. This helps database administrators make better decisions about which indexes to keep and which to remove.

This session will demonstrate these improvements using real-world examples and discuss upcoming indexing features planned for version 19 and beyond.

Join the Headlamp maintainers for a hands‑on workshop on how to extend Headlamp to include a UI for your favorite project, Custom Resources, or CNCF tool!

Headlamp is an extensible Kubernetes UI that is officially part of the Kubernetes project (under the SIG UI). It offers a great base UX for managing Kubernetes, and a comprehensive plugin system for creating new interfaces and experiences.

In this session, you will learn to build a Headlamp plugin, with the assistance of Headlamp's maintainers. You will leave with knowledge of how Headlamp's plugins work, and it's hopefully the kickstart of a new UI for your projects that you may choose to also publish with the community.

If you are already experienced in Headlamp, this session is still a great chance to have discussions with maintainers and the community, in order to take your contributions further.

Do not forget to bring your laptop, and we hope to see you!

Lynx is an open-source cross-platform framework that bridges the best of the web and native worlds. Designed for performance and a great developer experience, Lynx lets you build mobile and desktop apps using familiar web skills — and renders directly with native UI components on each platform.In this session, we'll take a brief look under the hood to explore how Lynx works and what sets it apart from other cross-platform solutions. We'll wrap up with a "one more thing" moment, previewing one or two exciting new features coming soon to Lynx.

As AI workloads grow across cloud and edge environments, operating systems are evolving to better support AI-native computing. This session introduces openEuler’s AI exploration and the SuperPoD OS initiative, highlighting how the OS stack is being optimized for heterogeneous compute, high-density AI clusters, and large-scale AI workloads. Attendees will gain a brief overview of how open-source operating systems can serve as a foundation for scalable and efficient AI infrastructure.

Wildcard pattern matching queries are common in many PostgreSQL-backed applications, yet they can be challenging to optimize. This is because BTrees can only handle prefix anchored queries, and pg_trgm is optimized for fuzzy matching. And, when single-character wildcards ( _ ) are involved, pg_trgm struggles to form meaningful trigrams leading to higher false positives. These result in expensive heap rechecks, which in return affect the query latency.

In this talk, I present Biscuit, an index access method implemented as an open-source PostgreSQL extension that explores an alternative indexing approach for pattern-matching queries. Biscuit is a lossless, in-memory index that decomposes any wildcard pattern into a set-operation expression on pre-computed character and length-based bitmaps. The evaluation of this expression yields deterministic results of records that match the pattern, thereby avoiding heap rechecks due to false positives.

We discuss the algorithm behind Biscuit, how it integrates with PostgreSQL's query planner, and also the benchmarks obtained. We shall also go ahead and discuss its practical applicability and limitations. This session aims to share practical insights from building an open-source database extension and to invite discussion around indexing strategies for text-heavy workloads.

Scaling modern applications requires a shift in mindset. Instead of scaling along a single dimension, today’s systems follow the Scale Cube, which defines three axes of scalability: horizontal scaling, microservices, and data partitioning.

Kubernetes already solves two of these axes out of the box. It enables applications to scale horizontally and supports microservice architectures through declarative orchestration. But scaling infrastructure efficiently—fast, reliably, and cost-effectively—remains a challenge.

Modern application developers frequently struggle with map SDK lock-in.
Although Google Maps, Mapbox, ArcGIS, HERE, and MapLibre provide powerful features, each SDK has different APIs, design philosophies, and platform-specific constraints. As a result, switching map providers or supporting multiple SDKs often means rewriting large parts of the application.

MapConductor addresses this problem by introducing a unified middleware SDK that abstracts multiple map SDKs behind a single, consistent API. Inspired by Kubernetes, MapConductor does not replace existing map SDKs—instead, it orchestrates them.

With MapConductor, developers can:

• Use the same code to control different map SDKs

• Reduce learning and migration costs

• Avoid vendor lock-in

• Focus on business logic rather than map-specific implementation details

The project currently supports Android (Jetpack Compose) and provides unified APIs for map operations such as camera control, markers, polylines, polygons, and geodesic rendering. A cloud-connected architecture enables advanced GIS features like data synchronization, geofencing, and offline support.

MapConductor is developed as an open-source middleware SDK, with a clear roadmap toward neutral governance and community-driven development.

This talk introduces the architecture, design decisions, technical challenges, and live demos, and discusses how open-source can democratize map application development worldwide.

pg_ivm is an extension that enables Incremental View Maintenance (IVM) for PostgreSQL, updating materialized views by applying only incremental changes instead of rebuilding the entire view as REFRESH MATERIALIZED VIEW does. This significantly reduces the cost of keeping views up to date.

In this talk, I will briefly introduce how pg_ivm works and the benefits it provides. I will also cover the latest improvements in pg_ivm, including newly added support for outer joins, along with ongoing development efforts.

AI Governance is a critical necessity for organizations deploying Artificial Intelligence. It encompasses the systematic assessment of risks and impacts, followed by the implementation of preventive measures before AI systems are put into operation.

This framework aligns with international principles and is increasingly mandated by national legislation in several countries. Organizations must demonstrate clear responsibility and accountability in their AI adoption, particularly in the dimensions of ethics, fairness, and transparency.

AI Governance is more than just policy formulation; it requires active implementation across the entire AI lifecycle. It involves a wide range of stakeholders, from executives and developers to users and legal experts. Consequently, it is a subject that everyone must prioritize.

Kubernetes has become the de facto standard for orchestrating cloud workloads, but its traditional device plugin model struggles to keep pace with the growing diversity of hardware accelerators such as GPUs, DPUs, high-speed networking devices, and emerging AI chips. Static allocation limits flexibility, resource efficiency, and multi-tenancy. This talk introduces Dynamic Resource Allocation (DRA)—a groundbreaking approach that enables fine-grained, on-demand allocation and sharing of devices across workloads, with topology-aware scheduling to optimize performance for complex hardware interconnects. We will dive into the architecture and design principles behind DRA, showcase real-world use cases, and discuss its implications for Telco, HPC and AI. Attendees will learn how DRA can unlock better utilization, scalability, and sustainability in cloud-native environments.

This talk presents pg_fusion, a prototype PostgreSQL extension that integrates Apache DataFusion as a query executor. The focus of the talk is on the design problems and architectural decisions required to embed an external, async, multi-threaded execution engine into PostgreSQL.

a technical overview of the security landscape for Large Language Models (LLMs), specifically focusing on the OWASP Top 10 for LLM Applications 2025. The document analyzes the evolution of AI security threats, contrasting the 2023 framework with the updated 2025 version to highlight emerging risks in generative AI development.

Scaling Btrfs for Cloud Infrastructure

Btrfs is a powerful and flexible file system with features that make it suitable for large-scale, containerized, and data-intensive environments. Its transparent compression capabilities can significantly extend the lifespan of storage devices by reducing write amplification, leading to substantial cost savings on hardware.

A core strength of Btrfs lies in its snapshot and send/receive features. These allow for the efficient deployment and management of base images and applications, enabling the creation of pristine runtime environments for services with minimal overhead. Snapshots also facilitate rapid testing and development workflows by allowing quick creation, modification, and disposal of isolated environments.

Btrfs offers high flexibility in its deployment, working across various hardware configurations. It also prioritizes data integrity through runtime checksums, providing robust protection against data corruption. Recent and ongoing developments include advancements in data streaming for improved efficiency and reduced resource consumption, as well as enhancements to space allocation and fragmentation management. Future work aims to bring advanced features like authenticated encryption, refined quota systems, and improved RAID support, further expanding its capabilities for diverse and demanding applications.

What attendees will gain:

Practical guidance on running Btrfs reliably at cloud scale

Real-world patterns for image distribution, service isolation, and fast provisioning

Insight into performance, cost, and durability trade-offs

A clear view of current limitations, active development, and where Btrfs is heading next

Zero-knowledge proofs promise privacy-preserving Web3, but they often feel intimidating and hard to use in practice. In this talk, we’ll explore o1js, an open-source TypeScript SDK for building zero-knowledge applications (zkApps) without needing a cryptography background. I’ll walk through the core concepts, what a zkApp looks like in code, and how proofs fit into a typical dApp architecture, so you leave with both an intuition for when to use zk and a concrete starting point to try o1js yourself.

Lunch Break

Are you a PostgreSQL developer or aspiring contributor ready to dive into the C source code? Memory management is a common roadblock, but it's also the secret to PostgreSQL's legendary stability. This beginner-friendly talk demystifies PostgreSQL's unique Memory Context system—a fundamental technique for controlling memory based on a data's expected lifespan (e.g., a single query or transaction). We'll cover why traditional C malloc/free leads to leaks in a long-running database, explore the critical Memory Context hierarchy (TopMemoryContext, CacheMemoryContext, etc.), and show you the core C functions and structures that make it work. Finally, you will learn how to debug memory usage with built-in views and functions, equipping you with the essential knowledge to write your first bug-free PostgreSQL code.

Open-source AI agents are reshaping how AI platforms are built, deployed, and governed. This session breaks down the core architecture of AI agents, explores proven design patterns, and examines the open-source tooling that powers real-world implementations. We’ll also address governance, interoperability, and community-driven standards essential for sustainable agent ecosystems. Attendees will gain a clear, practical understanding of how to build and govern robust, secure, and extensible AI agents grounded in open-source philosophy.

Building a reusable chatbot library is harder than it looks. Different types of chatbots - from simple assistants to complex LLM-driven agents - all demand flexible conversation logic, theming, and extensibility. React ChatBotify tackles these challenges with an open-source, developer-friendly approach designed for modern web applications.

In this talk, we'll look at how React ChatBotify models conversation flows using modular blocks implemented as state machines, making logic predictable and easier to reason about. We'll also dive into a GitOps-inspired theming system that treats UI appearance as declarative configuration, simplifying maintenance and making it easier for contributors to participate in open-source development.

Finally, we'll explore the plugin architecture that enables developers to add new behaviors and integrations without modifying the core library. Along the way, you’ll see a live demo showcasing how these pieces come together in real time. By the end, you’ll see how React ChatBotify’s design supports building a wide range of conversational experiences while staying lightweight, flexible, and fun to extend.

Running production-grade databases on Kubernetes is becoming increasingly common, but managing their lifecycle remains fragmented and complex for SRE and DevOps teams. Critical operations such as scaling, RBAC, monitoring, backup, and restore currently require navigating distinct, database-specific APIs and tools. This complexity prevents teams from fully realizing the operational efficiency and uniformity that Kubernetes provides.

This talk introduces OpenEverest, the open-source platform designed to address this operational gap. OpenEverest provides a single, unified UI and CLI to manage SRE functions for popular open-source databases such as PostgreSQL and MySQL deployed on Kubernetes. It abstracts away database-specific differences, offering standardized control for scaling, integrated observability, granular RBAC, and reliable data protection.

Join us to learn how OpenEverest simplifies the path to production readiness, reduces operational toil, and is building a pioneering open-source database management layer.

A session on building a full-stack AI solution using Firebase Genkit. We’ll explore how to integrate powerful AI capabilities into modern applications—from setting up backend logic and orchestrating AI workflows to delivering seamless, responsive user experiences on the frontend. Learn how to use Genkit with Firebase services for data, auth, hosting, and real-time updates, and walk away with a clear blueprint for creating scalable, production-ready AI apps end to end.

In the age of AI and GenAI, quick access to data remains the most critical means to extract insight and predict future actions. Apache Kafka, the de-facto standard for real-time streaming data operations, enables real-time streaming operations for a variety of such use cases.

In this talk I would demonstrate how modern AI agents built with LangGraph ReAct agentic capabilities can use Kafka MCP(Model Context Protocol) tool calls, to invoke Apache Kafka producer and consumer operations to extract insights immediately from real-time streaming data.

My talk would be based on a demo where AI Agents built with LangGraph would extract immediate insights from Retail Point-Of-Sale(PoS) transactions happening at a retail store by calling MCP tools on Apache Kafka.

Managing audit log filters across hundreds of databases is error-prone and tedious. What if you could enforce standardized filters as code, track changes in Git, and deploy them fleet-wide in seconds? In this talk, we’ll dive into terraform-provider-auditlogfilters – an open-source tool built to:

• Eliminate manual filter testing with declarative, version-controlled policies
• Deploy filters globally across MySQL clusters via Terraform’s for_each and modules
• Prevent drift using CI/CD pipelines (e.g., GitHub Actions) to validate rules pre-deployment
• Audit historical changes using Terraform state diffs

Logical replication in PostgreSQL is often framed as the solution behind migrations, upgrades, CDC pipelines, or active/active architectures. In reality, it is a lower-level primitive, a general-purpose mechanism for transporting ordered data change.

This session focuses on recent improvements to logical replication conflict handling, particularly the explicit detection, classification, and observability of conflicts introduced in PostgreSQL 18. Through demos, we show how conflicts that were previously silent or surfaced only as generic apply failures are now visible, structured, and measurable, without changing apply semantics or embedding resolution policy in the core.

Rather than presenting logical replication as a complete solution, the talk explains why PostgreSQL should intentionally stop short of conflict resolution, and how this boundary enables higher-level tools to implement safe, deterministic behaviour for migrations, blue/green deployments, and active/active systems.

The session concludes with a look at the direction of future releases, where PostgreSQL continues to strengthen conflict articulation and handling mechanics while leaving decisions and policy to the layers above.

AI/ML is now mission-critical for any growing organization, yet taking models from notebooks to production without accumulating technical debt remains a major challenge. At the same time, open source tooling play a vital role towards achieving fully automation. This session examines why many ML/DS systems fail in production and how a well-designed open-source MLOps stack enables scalable, reliable, and fully automated AI/ML platforms.

We’ll dive into the what and how of this practical MLOps architecture, covering model development, CI/CD, deployment, monitoring, and lifecycle management while highlighting key infrastructure and platform design choices required to support ML services at any scale. The session concludes with a hands-on demo showcasing true end-to-end automation using open-source MLOps tooling, eliminating platform friction and enabling production-ready ML from day one.

Terraform often stops at provisioning compute but modern cloud-native systems require automated control over how APIs are exposed, governed, and consumed. In this session, we take Terraform beyond basic infrastructure and into the world of automated API lifecycle management.

Using a working demo environment, we’ll provision a real API proxy layer, apply dynamic routing rules, deploy policies for rate-limiting and quota management, and automatically roll out updates across dev, staging, and production. We’ll also demonstrate how to integrate provider-level security, environment promotion, version rollbacks, and API consumer onboarding all driven through Terraform modules and CI/CD.

This talk is ideal for engineering teams wanting to make APIs as reliable and repeatable as infrastructure deployments, without relying on click-ops or manual configuration.

Clarity over Hype: how to think about code vs no-code tradeoffs, how to structure an AI stack that actually ships, and how to use tools like n8n and Rails with MCP together to move fast while staying in control.

No code tools like n8n are great but highly technical and a developer basic instinct is to code everything. This battle can lead with very complexe flows that could be simple.

In this session, I will dive into agentic AI systems ; intelligent agents capable of reasoning, planning, and acting autonomously ; and demonstrate how to implement them end-to-end on Google Cloud’s Vertex AI. Attendees will get hands-on examples of:

Designing decision-making pipelines for autonomous AI agents using Vertex AI Workbench and Vertex Pipelines.

Integrating explainable AI (xAI) techniques to ensure transparency, interpretability, and trust in agentic workflows.

Writing and executing Python code for AI agents that interact with APIs, analyze data, and make automated decisions in real time.

Leveraging Vertex AI models for predictive tasks, RAG-based knowledge retrieval, and continuous learning loops.

This talk is highly technical and includes live coding examples to show exactly how agentic AI can be deployed responsibly at scale. By the end, participants will not only understand the architecture of agentic AI systems but also be ready to implement their own explainable, cloud-powered autonomous workflows.

This talk dives into the technical realities of building and operating multi-tenant Kubernetes systems using only open-source components. It covers why requests and limits are not enough, and how cost attribution and noisy-neighbor problems emerge in real clusters. This session explores scheduling trade-offs, autoscaling failure modes, and observability patterns needed to run Kubernetes sustainably.

Many teams reach for Kafka or RabbitMQ as soon as they hear the word “queue”,even when all they need is a simple, reliable background worker. In this talk, I'll show you how I solved trying not to unnecessarily complicated system. A real-world notification system is dissected where a custom queue was built entirely on PostgreSQL to handle 60K–130K notifications for nearly 30K users within minutes in production. The session walks through the core table design, partitioning strategy, and FOR UPDATE SKIP LOCKED worker pattern, then connects it to a rule-based notification architecture (manifest, generator, dispatcher) that stayed flexible enough to add new campaigns with configuration only.Attendees will see what went well, and where a Postgres-only approach is a good fit compared to dedicated messaging systems.

In our React Native (Expo) app, we needed to implement an in-app photo picker that could display a large number of images from a user’s device.
As the number of rendered images increased, performance quickly degraded—fast scrolling drove memory usage up to around 2GB, eventually causing the app to crash in real usage.

This talk is a case study of how we diagnosed these issues in our production app and incrementally improved the gallery’s performance.
I’ll share the concrete problems we encountered, the assumptions that turned out to be wrong, and the practical changes we made to bring memory usage down to around 200MB while keeping the UI responsive.

Cloud bills arrive and suddenly everyone wants answers. Who spent what? Why did costs spike last month? Platform teams often find themselves caught in the middle, translating cryptic infrastructure costs into something finance and engineering leads can actually understand. It doesn't have to be this painful.

This talk shares practical approaches to building cost accountability into Kubernetes platforms without creating friction or finger-pointing. It covers how to implement team-level cost allocation using labels and namespaces effectively, set up showback dashboards that engineering teams will actually check, create budgets and alerts that inform rather than annoy, and have productive conversations with finance that don't end in spreadsheet wars.

Drawing from real experiences across platform teams of different sizes, this session focuses on what actually works using open source tools like OpenCost, Prometheus, and Grafana. No expensive enterprise platforms required. No blaming developers for writing code that runs.

The goal is simple: make cost visibility a natural part of platform engineering instead of a quarterly fire drill.

Attendee Takeaways:

Learn labeling strategies that make cost allocation painless. Build a showback dashboard in Grafana that teams trust. Set up meaningful budget alerts using Prometheus. Navigate the platform team vs finance conversation with confidence.

Pgpool-II is a powerful middleware that enhances PostgreSQL with connection pooling, load balancing, high availability, and query routing.
In this session, Pgpool-II developers will introduce what Pgpool-II is, explain its core architecture, and illustrate how it helps achieve both high availability and performance optimization in PostgreSQL environments. The talk will cover essential Pgpool-II features, including connection pooling, replication support, load balancing strategies, and automatic failover and recovery mechanisms.
This session is designed for PostgreSQL beginners and users who are new to Pgpool-II, but anyone interested in PostgreSQL scalability and high availability will benefit from the content.

This 15‑minute talk summarizes a Webview‑first approach that uses Webview + React to ship mobile features at web speed while preserving a native‑like experience via a native token bridge and mobile‑appropriate routing. We’ll share a three‑layer architecture (Shared Business Logic / Platform / Foundation), code‑sharing techniques with TanStack Router and React Query, and the lessons that let us roll out features on iOS/Android quickly and confidently.

Key Takeaways

• A three‑layer architecture model that separates business logic from platform‑specific UX, enabling high code reuse (up to 50–82% depending on the feature).

• Authentication strategies for Web vs Webview: from OIDC on the web to a native token bridge on mobile—smooth, secure, and maintainable.

This talk is from the real-world experience at EarnIn.

Building a browser agent on your local machine is one thing; running it reliably at scale is another. In this session, we will explore the architecture required to host and manage AI-driven browser agents using the open-source library browser-use on Kubernetes.

We will move beyond basic scripts to discuss the engineering hurdles of containerizing headless browsers, managing session persistence, and handling resource-intensive agent workflows in a distributed environment. Attendees will walk away with a blueprint for taking agentic browser automation from a laptop experiment to a scalable, production-ready cluster.

Key Takeaways:

• How to containerize browser-use agents for Kubernetes.

• Strategies for managing resource consumption (CPU/RAM) of headless browsers.

• Handling session management, timeouts, and error recovery in K8s.

• Real-world lessons from building automation.

React developers have long juggled React.memo, useCallback, and useMemo to squeeze performance out of their apps. Imagine a compiler doing that work for you automatically at build time. The React Compiler promises exactly this: fine grained memoization with zero code changes.

In this talk, I will demystify the React Compiler, explain how it works, and show real before-and-after results that prove the gains are tangible. You will learn how to adopt it safely, measure its impact in your own app, and avoid common pitfalls. With live coding and side-by-side demos, I will show how a single config flag can take an app from sluggish to snappy without touching a line of component code.

Why This Talk Matters:

• The React Compiler is in RC stage, teams are evaluating it right now.
• Attendees get a clear benchmarking workflow to measure impact in their apps.
• Live profiler demos reveal the compiler’s optimizations in action.
  

Key Takeaways:

• What the React Compiler does and how to enable it.

• How to benchmark before/after performance with tools like Lighthouse and React Profiler.

• Real-world demos showing fewer re-renders, smaller bundles, and faster UIs.

• When manual optimizations are still needed, and how to spot them.

Your AWS Glue bills are burning a hole in your pocket?! If your monthly serverless ETL costs are making your eyes water, you're not alone. This talk isn't just about saving money; it's about reclaiming control. We'll share the gritty, honest truth of how we slashed our AWS Glue bill from a mind-numbing $10,000/month for 80 ETL pipelines to a mere $400, achieving a staggering 96% cost reduction and a 25x improvement, all while maintaining peak performance.

Talk Flow:
1. The Problem (5 mins)
Our AWS Glue setup: 80 ETL pipelines costing $10,000/month
Why serverless became expensive at scale
The breaking point that triggered the migration
2. The Solution Architecture (10 mins)
Why Apache Airflow over other alternatives
Designing for cost: EKS vs ECS on EC2 vs other options
The three-component architecture: Webserver, Scheduler, Workers
3. The Implementation Battle (15 mins)
Infrastructure as Code: Complete Terraform setup walkthrough
The Docker Strategy: Baking DAGs into images
The Redis Nightmare: Setting up Celery Executor (and why it made me cry)
Networking & Security: ALB, security groups, and internal DNS
4. The Migration Process (10 mins)
Converting Glue jobs to Airflow DAGs
Zero-downtime migration strategy
Monitoring and debugging in production
5. Results & Lessons Learned (5 mins)
Cost breakdown: From $10,000 to $400
Performance comparison
What we'd do differently
When to choose open source over managed services
Q&A (5 mins)

This session takes a technical look at how HorizonDB’s architecture differs from upstream PostgreSQL and what trade-offs are involved when adapting PostgreSQL for large-scale, cloud native deployments. Using HorizonDB as a concrete case study, the talk will explore architectural patterns such as compute storage separation, high-availability design, failover mechanisms, and replica management, and discuss how these design choices impact performance, scalability, and operational complexity.

Every rapidly growing startup eventually runs into the same problem: monitoring costs begin to scale faster than the product itself. What starts as an affordable APM subscription quietly turns into a scaling tax - every new service becomes a new host, every traffic spike increases data volume, and every new engineer adds another seat. And when incidents happen, you often discover that the visibility you thought you had is either fragmented, noisy, or already gone due to retention limits.

This talk explores key industry-wide observability challenges and how we can rethink monitoring from first principles. Instead of accepting rising costs and limited control, we show how to shift to an OpenTelemetry-first, open-source stack built around OTel, Prometheus, and Grafana for faster root-cause detection and full ownership of monitoring data.

We also walk through how we replaced a costly commercial APM with a production-ready open-source architecture, improving incident response speed, clarity, and scalability, guided by a Golden Path approach.

What You’ll Learn

• How improved visibility leads to faster, evidence-driven incident response

• The architectural and operational changes required to make the transition successful

• How you can move to an open-source APM tool with a practical, step-by-step approach

Trade-Offs & Realities

• Where open source shines and where commercial tools still win

• Maintenance, skills, and time investment you should expect

Ever wondered how Jetpack Compose decides exactly which UI components to redraw? While we write declarative UI by describing "what" rather than "how," the real engineering happens at build time. This talk peels back the layers of the Compose Compiler, exploring how it analyzes your code for stability, manages the internal Slot Table, and enables smart recomposition strategies.

We will bridge the gap between high-level development and internal execution, moving beyond basic lifecycle knowledge. You’ll learn how to leverage compiler stability annotations, memoization, and wrapper classes to ensure Compose recomposes intelligently. Join us to demystify the "magic" and gain actionable insights into optimizing your Jetpack Compose UI performance.

Let's face it: databases are critical and complex, and this makes them sometimes stressful to operate. We need on call support but often handle this in a way which causes people to burn out of develop health problems.

In this talk we cover how businesses usually think about on call, and better alternatives. These alternatives can prevent financial losses from database outages and lead to happier, healthier, and more productive database administrators.

Deploying machine learning models to web browsers presents unique challenges: bundle size limits, not-so-good compute capabilities (we aim to p50 users, not to the flagship devices) and the need for real-time performance without server dependencies.
This talk shares our experience building a production document corner detection system that runs entirely client-side, achieving <20ms inference on desktop and <50ms on mobile browsers.

Three key engineering decisions will be covered:

First, why we adapted Google's BlazeFace architecture - originally designed for face detection - using 5×5 depthwise separable convolutions that provide excellent accuracy-to-compute ratios on mobile GPUs, achieving ~5px corner localization accuracy on MIDV document datasets.

Second, how we achieved 88% size reduction in ONNX Runtime WebAssembly (15MB -> 1.8MB) by building custom binaries with only the 21 operators our model requires, plus techniques like disabling RTTI, exceptions, and using ORT format for pre-optimized graphs.

Third, why we chose heatmap regression over direct coordinate prediction, enabling sub-pixel corner precision critical for downstream perspective correction.

Practical things include:
- why we should embed post-processing into ONNX exports (avoiding JavaScript argmax overhead)
- when to use SIMD-only vs. threaded WASM builds
- Docker image for reproducible wasm builds

I will demonstrate the complete pipeline from PyTorch training through browser deployment.

Building beautiful experiences on the modern web does not have to be laggy, even if it is computationally intensive. We'll go into the tips and tricks you can use to build your own rendering and audio pipelines on the web with WebGL2, Web Workers, Web Audio and WebAssembly. Let's make pretty visual and electronic soundscapes with zero lag!

Getting started with OpenTelemetry [OTel] is accessible, but hardening it for production scale presents significant Day 2 challenges, especially around collector deployment, reliability, and cost control. This session provides a complete guide, beginning with the foundations and culminating in advanced, multi-layered architectural patterns.

We will start with a quick refresher on the OTel framework, covering basic manual/automatic instrumentation and the collector's role, and later venture out to explore various deployment patterns for the Opentelemetry collector specially in a Kubernetes environment, like:

1. Foundational Deployments: The trade-offs of using OTel Collectors as Sidecars [isolation] vs. DaemonSets [node-level collection].

2. High-Scale Patterns: Deep-diving into resilient architectures:

   • Load-Balanced Gateways: Essential for high availability and enabling advanced features like tail-based sampling [which requires consistent hashing for trace stability].

   • Multi-Cluster Architectures: Creating layered pipelines for regional aggregation, cross-cluster authentication, and cost-effective data egress.

   • Multi-Tenant & Per-Signal Patterns: Using the Collector’s routing capabilities to isolate traffic by team or signal type [metrics/traces/logs] for optimal resource allocation. Basically, the collector acts as a central point and an ingress for various data points.

The latter half of the session will be dedicated to practical decision-making: providing a structured methodology for DevOps and SRE teams to weigh the pros and cons of each pattern and confidently select the most suitable architecture for their specific scale, complexity, and compliance needs.

Adapting Large Language Models to low-resource languages presents distinct technical challenges. Drawing from the SoroLLM project (a UNICEF collaboration for Tajik language), this talk examines four key obstacles: insufficient training data, limited computational resources, catastrophic forgetting, and suboptimal tokenization. We will discuss practical mitigation strategies and the inherent trade-offs in each approach, providing actionable insights for researchers and engineers working on domain adaptation for underrepresented languages.

Are you tired of the complexities of deploying and managing PostgreSQL? This session will walk you through how to run PostgreSQL on Kubernetes in Production with CloudNativePG. We'll cover topics like setting up high availability, scaling, backups, restores, and monitoring.

Traditional VPN servers, relying on hard drives, inherently risk retaining sensitive user data, leaving it vulnerable to seizure, unauthorized access, or the persistent installation of malicious backdoors. This session introduces TrustedServer Technology, a fundamental shift in VPN server architecture designed to eliminate these vulnerabilities and establish a new standard for user privacy.

We will detail how TrustedServer operates entirely on volatile Random Access Memory (RAM). This "diskless" approach ensures that all data, including operating system remnants and logs, is verifiably wiped clean with every single reboot. This design guarantees software consistency, prevents data persistence, and renders malicious persistence virtually impossible. Furthermore, the technology’s effectiveness has been confirmed through independent security audits.

Attendees will gain a clear understanding of why RAM-only operation is the most advanced and essential safeguard against data retention risks, establishing TrustedServer as the benchmark for a zero-trace VPN experience.

Can you build AI for a language that 20 million people speak, but nobody agrees how to write?This is the story of Typhoon Isan—what happened when scientists, engineers, and linguists joined forces to tackle a language without a standardized writing system. I'll share where tech skills hit walls (you can't annotate data without spelling rules) and how linguistic expertise opened doors (creating Isan's first practical orthographic standard).You'll see the collaboration in action: from community data collection to building an ASR model that runs 19x faster than Whisper. The small takeaway? A blueprint for low-resource languages. The bigger one? How cross-disciplinary collaboration pushes past limits that look technical but actually need different expertise working together.Come see what's possible when different fields truly collaborate—and how you might bridge those gaps yourself.

Companies have more and more security requirement for database accounts and some features can be mandatory for the security team to choose a RDBM. Although some requirements can be addressed with external authentication like AD/LDAP, some others need to be handled at PostgreSQL side like local user password hardness and reuse policy, authentication failure ban, authentication delay, forcing password change or emitting a warning before a password expire. Having last login information without grabbing the logs can also be a security team requirement. We will discuss how to implement all of that easily with PostgreSQL

Push the boundaries of web-based AI by running Large Language Models (LLMs) directly on the client side. This session dives deep into leveraging WebLLM and WebGPU to deploy high-performance, open-source models directly within the browser, eliminating the need for costly server-side APIs. We will explore the technical architecture required to bridge the gap between heavy AI models and web standards.

Canonical’s ethos is based on the fact that open source has always been about freedom of choice and broad access. Anyone can use the software. Anyone can improve it. We want secure, reliable software to be available to everyone. Not just experts. Containers now sit at the center of modern application delivery. But, they also sit at the center of modern security risk. The main challenge is that most containers are shipped with unused packages and old dependencies, and so expose large attack surfaces. Most developers aren’t OS or security specialists, that’s why they need tools to easily build secure containers.

Here, we introduce Rockcraft and Chisel, two Ubuntu-native, open source tools designed to make secure, minimal, and reproducible container images, and promoted by a rapidly growing community.

• Rockcraft is the tool that helps you build OCI-compliant “rocks”: declarative, reproducible container images with first-class integration with Chisel.
• Chisel allows developers to build “slices” of the Ubuntu root filesystem, producing highly minimal, hardened images without compromising usability.

This talk is beginner-friendly and practical. I will compare and demo this approach with familiar strategies like distroless images, slim variants, and `FROM scratch` builds. We’ll look at how Rockcraft + Chisel fit into this existing ecosystem, and where they shine. You can integrate them into existing software delivery pipelines, and democratize container security. Secure open source, made accessible to everyone.

We write hundreds of Cypress tests that check for buttons and text, but are we actually testing the user's experience? A user doesn't see a div with a CSS class; they see a broken layout on their phone. A user doesn't care if an API call returns 200 as they care if their shopping cart total is calculated correctly after a promo code.

This talk is about shifting from "element testing" to "experience testing" with Cypress. I'll show you how to write tests that truly guard against what makes users abandon your app. We'll move beyond cy.get() and dive into powerful, often overlooked, Cypress capabilities to catch real-world bugs.

I will demonstrate live how to:

• Catch Silent Financial Calcuation Errors: Write a test that doesn't just check if a "Calculate" button works, but actually validates that the final price, taxes, and discounts are mathematically correct across a series of actions.

• Test for Visual Regressions the Smart Way: Use Cypress to capture key user journeys and integrate with free, open-source tools to catch unintended visual changes that break your UI, without the flakiness of traditional pixel-by-pixel comparison.

• Uncover Performance Drags in the Test Pipeline: Use Cypress to measure and fail a test if a critical user flow (like login or checkout) takes longer than a predefined, acceptable threshold.

Stop just checking boxes and start ensuring quality. Join me to learn how to make your Cypress tests a true guardian of user happiness.

Thai localization efforts face challenges in finding consistent and easy-to-understand translations. Even when consulting the translation memory extracted from .po files, a mix of outdated translations and newer, quite different styles is often encountered. While a generic LLM might suggest good translations, these may not be consistent with the overall project's style.

Lazy-L10N is an integrated tool designed to address this issue. It builds a translation memory from .po files, uses pgvector to retrieve relevant translation examples, and employs a local LLM to construct new translations. Okular and KDE Thai localization were used as case studies.

In today’s PostgreSQL environments, support teams are the unsung heroes, the first responders when production issues threaten SLAs, revenue, and customer trust. Their job is critical: keeping PostgreSQL stable under pressure. But troubleshooting isn’t simple. It often means juggling a mix of specialized tools, extensions, and system views for different problem areas like performance bottlenecks, replication lag, backup and restore failures, disk errors, out-of-memory crashes, and more.

Each tool has its strengths but using them together introduces real challenges: constant context switching, inconsistent data formats, manual correlation, and steep learning curves for new engineers. The result? Longer time-to-resolution when every minute matters.

As a community, we’ve invested heavily in advanced features by making PostgreSQL smarter, even AI driven, but often overlook the basics: a unified troubleshooting experience for the support engineers who keep systems alive.

In this session, we’ll explore the tools PostgreSQL support teams rely on every day, share real world examples of where they shine and where they fall short, and highlight the operational pain points that slow down root cause analysis. Finally, we’ll consider a simple idea: what if there was a way to bring these insights together—not to replace trusted tools, but to provide a single, optional entry point that makes troubleshooting faster and less stressful?

Understanding these challenges is key to building better tools and features. Developers shape the PostgreSQL ecosystem, and by recognizing the gaps in troubleshooting workflows, they can help create a more consolidated, integrated experience—one that reduces complexity, accelerates resolution, and improves customer trust.

If you’ve ever felt overwhelmed by tool sprawl or wished for a more streamlined workflow, this session is for you

Many organizations want to leverage open source AI tools—Kubernetes, Kubeflow, PyTorch—but struggle with the operational complexity of managing them at scale. AWS FlexAI initiative bridges this gap by providing a curated approach to running open source AI workloads on AWS infrastructure while preserving flexibility and portability.

In this 15-minute lightning talk, we'll showcase how AWS container specialists from Korea and ASEAN help enterprises get open source AI to production faster. We'll cover three practical takeaways:

1. Cost-Efficiency + Flexibility: Optimizing infrastructure spend without vendor lock-in through Kubernetes and open source tools

2. Real-World Deployment: A snapshot of how customers in Asia are building production AI platforms on AWS using open source

3. Hybrid AI Architecture: Running self-managed open source models alongside AWS managed services (Amazon Bedrock, SageMaker)

Whether you're adopting open source AI or scaling it across regions, this session offers actionable insights and a practical roadmap.

Keywords
Open Source, AI/ML, Kubernetes, MLOps, Hybrid Cloud, AWS

How do you replace the engine of a moving car? Or better yet, how do you replace the heart of a living human? For decades, Fedora Badges has been a crucial partner for gamifying contributor engagement, but its ageing frontend technologies and backend infrastructure were becoming unmaintainable. This talk dives into the multi-year project to completely revamp Fedora Badges, piece by piece, while having it run just fine with sustainably equivalent feature parity. We will explore the transition from a legacy system to a modern architecture with our move from synchronous backend libraries like Flask to asynchronous backend libraries like FastAPI and from static templating systems like Jinja to progressive interface frameworks like React.

## Particulars

1. Identifying technical debt and associated risks of maintaining legacy systems past their end-of-support timeline
2. Why we moved on to a modern stack centered around asynchronous processing and progressive application
3. Moving code was not hard, moving data was - Complexities and learnings of the runtime active migration procedure
4. Evolving system administration from legacy centered virtual machines to cloud native OpenShift deployments
5. Demonstration and interactions of the live deployment of Fedora Badges, with the plans for further development
6. Interactive feedback from the participants on both the backend infrastructure and frontend technologies

1. Strategies for tackling massive technical debt acquired through years in established open source projects
2. Real world lessons on live migration of databases and tooling using examples from Fedora Infrastructure
3. Understanding the benefits of modern stack for community tooling and onboarding community contributors
4. Balancing technical innovation with community continuity - You can revamp, but should you revamp?
5. Encouragement and retention of voluntary contributors through gamifying aspects of community activities
6. Strategies for ensuring the longevity of the project codebase by working with various community disciplines

1. Update on Fedora Badges Revamp Project - https://gridhead.net/update-on-fedora-badges-revamp-project/
2. Tahrir - Fedora Infrastructure - GitHub - https://github.com/fedora-infra/tahrir
3. #badges-team topics on Fedora Discussions - Discourse - https://discussion.fedoraproject.org/tag/badges-team
4. Fedora Badges - Advanced Reconnaissance Crew - https://fedora-arc.readthedocs.io/en/latest/badges/index.html
5. Discourse as frontend for Fedora Badges - Discourse - https://discussion.fedoraproject.org/t/so-we-investigated-discourse-to-confirm-if-it-is-worthy-of-be...
6. Getting Fedora Badges Back in Shape - Discourse - https://discussion.fedoraproject.org/t/getting-fedora-badges-back-in-shape/42942

This talk explores the journey of developing open-source AI tools that bridge multiple modalities in healthcare applications. I'll demonstrate how open-source principles accelerated the work in local languages such as Thai speech-to-text models for medical conversations. I'll share real-world deployments including doctor-patient conversation transcription systems and DMIND, a depression prediction tool analyzing speech patterns. Finally, I'll present our 3D medical image reconstruction for skull and mandible surgery planning. Through these projects, I'll illustrate how open-source frameworks enable rapid prototyping, facilitate clinical validation, and democratize healthcare AI. Attendees will learn practical approaches to building medical AI applications and the importance of open-source in healthcare technology in Thailand.

AI coding assistants are changing how developers design, write, and refine software. This talk explores practical workflows for collaborating with AI to scaffold projects, explore ideas quickly, and refactor or debug code while maintaining control over architecture and code quality. Attendees will learn how to use AI as a productive coding partner to prototype faster and turn ideas into working implementations.

Slides: https://clicker.page/?source=https%3A%2F%2Fgithub.com%2FOrbiter%2Fvibe-coding-workshop%2Fblob%2Fmain...

Join us for a short wrap-up and a look ahead at what’s next for PostgreSQL and the PGDay community.

Chronic diseases remain one of the world’s greatest health burdens. According to the World Health Organization, 830 million people are living with diabetes globally, 1.4 billion adults have hypertension, and high cholesterol contributes to 3.6 million deaths every year (World Heart Federation). These conditions are largely preventable, yet early detection remains a major challenge.

In this conference session, I share the end-to-end journey of building HealthPredictor AI, an applied AI/ML health-prediction system developed at NUS using open-source tools, designed to predict the risk of chronic conditions such as diabetes, hypertension, and hyperlipidaemia. Our mission was simple: to empower individuals and caregivers with predictive insights for early detection and intervention, helping reduce the global burden of these diseases. Our models achieved an average accuracy of 98.2%, and we implemented a rule-based recommendation system to provide general follow-up suggestions and lifestyle guidance.

We will walk through the practical engineering workflow: data cleaning, feature engineering, model selection, evaluation metrics, architectural decisions, and how we integrated both a lightweight RAG-based AI assistant and a simple rule-based recommendation system into the application to support real-time responses and contextual guidance. The session highlights real-world constraints – limited resources, limited data, and a small software engineering team – and how we successfully navigated them to build a clinically inspired ML system.

Beyond the technical pipeline, I will share practical startup lessons from the project’s acceptance into the Microsoft for Startups Founders Hub – including what worked, what failed, and what we would do differently if rebuilding the system today. These include product thinking, user insights, data challenges, and engineering trade-offs that shaped the system’s development.
This talk is designed for developers, students, and engineers seeking practical, implementation-ready guidance on building applied AI/ML systems using open-source tools – without requiring massive infrastructure or a research background.

Conference Video Link: https://www.youtube.com/live/OoU3GWdNKPQ?t=24266s

Highlight FOSSASIA Projects

Announce the winners of the Hackathon

Event closing

Location: W Market on Sukhumvit Road (just 3 BTS stations from the event venue).

After the conference wraps up, anyone who would like to continue the conversations is welcome to join this informal community hangout at W Market. It’s a relaxed way to unwind, grab food or drinks, and connect with fellow participants after the event.

W Market is just three BTS stations from the conference venue at True Digital Park. Participation is informal. No registration is required.