Open Source Summit + AI_dev Japan 2024

Recent IT paradigms like DevOps, CD, and IaC have shortened release cycles but burdened developers with mastering many tools. Platform Engineering, a field of software engineering frequently discussed in the CNCF, addresses this by providing Internal Developer Platforms (IDPs) that automate non-essential tasks. Kubernetes is widely used to run the various components that make up an IDP, thanks to its consistent API experience and high extensibility. However, Kubernetes was initially created as a general foundation for running workloads, not as part of platforms. Therefore, IDP builders must add Cloud Native technologies and customizations to Kubernetes. Despite three years since the rise of platform engineering, making the right architectural and technology choices remains challenging and requires a deep understanding of the organization's context and technologies. In this session, he will explain various architectural patterns for building IDPs using Kubernetes, including access control and multitenancy. Additionally, based on years of experience providing Kubernetes-based IDPs, he will discuss the pros/cons, operational considerations, and suitable organizational structures.

Governments around the world are working on legislation to regulate cybersecurity, AI, and product liability for software. The success of free and open source projects and companies has been driven by our technology. Our teams working on legislation and public policy are much smaller, but we also have results that we can be very proud of. This presentation looks at the importance of policy work and what we do that leads to success in this domain. We will look at the international relevance of some current regulations being produced in Europe - notably the EU's Cyber Resilience Act, the AI Act, and the Product Liability Directive. From these, we will look at how these areas could be best regulated in other parts of the world. We will examine the technical information that policy makers need, so that they can make informed decisions. And we will also look at the meta goal of improving our policy work in the long term. We will do this by looking at the methods and organisation that allowed our ecosystem to be effective while working with the legislators to improve these texts.

The demand for running LLMs in the cloud is growing exponentially. In this keynote, we will explore developer’s and enterprises’ urging need for open source LLMs and the best practices for deploying them in cloud-native environments. Three key approaches for LLM deployment: Python-based solutions, native runtimes like llama.cpp or vLLM, and WebAssembly as an abstraction layer. Miley will discuss the benefits and challenges of each approach, focusing on real-world applications, integration ease, portability, and resource efficiency and talk about the CNCF CNAI ecosystem landscape. This keynote aims to demystify cloud-native AI. Attendees will have practical advice and a clear roadmap for deploying LLMs in the cloud, learning about the strengths and trade-offs of different approaches, to have a better idea to select and implement the most suitable strategy

You do your best to build a quality product and ensure testability and maintainable code. However, code security issues require a different domain of expertise, and your last vulnerable line of code is your first security regret. Maybe you heard about OWASP Top 10, and just maybe you can spot an SQL injection but how do you scale and prioritize code security across your tech stack and your development team? How do you ship secure operational technology (OT) software for critical infrastructure? This task becomes even more difficult to balance with false positive alerts, struggles to find vulnerable C++ libraries statically compiled in your runtime, and bridging the growing security knowledge gap that results in developers writing insecure code. Tune in to learn about secure coding practices and techniques to produce high-quality secure software. Your takeaways from this session will be learning from practical real-world vulnerable code, secure dependency upgrade policies, leveraging SBOMs for vulnerability and package signals, and hands-on hacking demos. This session offers actionable strategies and real-world applications to help you safeguard your critical software projects.

The announcement that the kernel LTS period would be two years came as a shock to embedded Linux developers (especially in Japan). However, it was also the moment that they had been relying on the kernel maintainers.Hirotaka wondered what we could do for the maintainers who worked so hard to maintain the kernel LTS, and started "Linux Kernel LTS Study Group" in Japan.A number of issues came up, including those related to kernel testing, the product development period and LTS period, and upgrading kernel versions. In this session, he will share the summary of discussions with in-house kernel developers working in Japanese companies and some examples of Open Source projects that can help you solve them, and encourage what other in-house kernel developers or just user can do as a first step for the kernel community.

This panel aims to provide lessons learned on cultural differences when approaching OSS communities. In the past, Willem and Daniel explored the differences between China and Spain. This time we are bringing Yuki Hattori, based in Japan, GitHub employee, and Ana Jiménez from the TODO group with a wide perspective on OSS projects around the world. We learned in the past about how Chinese society works [ring-based trusted networks] and barriers to effectively bringing people into Western based organizations and the other way around, how to effectively interact with more Chinese-based OSS projects. This time we would like to expand this discussion with Japanese concepts such as 'nemawashi' which is the practice of laying groundwork and building consensus before making proposals, 'uchi-soto' dynamics which is the distinction between 'insiders (uchi) and outsiders (soto) in social groups, and others. This panel will bring this discussion to the audience with practical advice on how to engage and onboard newcomers, while we are all learning together from each other.

“The OSS Bird’s Eye View” provides a comprehensive picture of the open source ecosystem. “The OSS Bird’s Eye View” is a tool for visualizing OSS projects, created by community within Japan. This diagram helps to understand the categories and trends of the OSS ecosystem. In this session, we will explain how to create the OSS Bird’s Eye View and how to use it. Also, by comparing past OSS Bird’s Eye Views, we will introduce what kind of transitions have occurred in OSS over the past 10 years, and show how the OSS Bird’s Eye View has deepened our understanding of the OSS ecosystem. This session is beneficial for all people who are beginners in OSS, community leaders, developers, researchers, educators, and those who want to utilize OSS in business. We look forward to your participation.