Open Source Summit + AI_dev Japan 2024: Full Schedule

October 28-29, 2024 | Tokyo, Japan
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + AI_dev Japan 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Japan Standard Time (UTC +9). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

07:30 JST

Registration & Badge Pick-Up

Monday October 28, 2024 07:30 - 18:10 JST

Main Foyer

Monday October 28, 2024 07:30 - 18:10 JST
Main Foyer

Special Events / Exhibits / Breaks

09:00 JST

Keynote Sessions to be Announced

Monday October 28, 2024 09:00 - 10:45 JST

Main Hall

Monday October 28, 2024 09:00 - 10:45 JST
Main Hall

Keynote Sessions

10:45 JST

Coffee Break

Monday October 28, 2024 10:45 - 11:15 JST

Solutions Showcase

Monday October 28, 2024 10:45 - 11:15 JST
Solutions Showcase

Special Events / Exhibits / Breaks

10:45 JST

Sponsor Showcase

Monday October 28, 2024 10:45 - 19:30 JST

Solutions Showcase

Monday October 28, 2024 10:45 - 19:30 JST
Solutions Showcase

Special Events / Exhibits / Breaks

11:15 JST

Democratizing Diffusion Models with Diffusers - Sayak Paul, Hugging Face

Monday October 28, 2024 11:15 - 11:55 JST

Hall B (4)

The talk “Democratizing Diffusion Models with Diffusers” will explore the diverse applications of the open-source Python library Diffusers in the image and video generation space. The talk will showcase how Diffusers, based on diffusion models, enables fast and high-quality image and video generation, making it accessible to a wide range of users. The presentation will cover various use cases, including image inpainting, image editing, and scene composition, demonstrating the capabilities of Diffusers in enabling users to create and edit photo-realistic images with minimum effort. The audience will gain insights into the potential of Diffusers in revolutionizing the way images and videos are generated and edited, making it a must-attend session for anyone interested in the latest advancements in this field.

Speakers

Sayak Paul

Research Engineer, Hugging Face

Sayak works on diffuson models at Hugging Face, focusing on training them, maintaining the diffusers library, and leading some applied research efforts. Off the work, he likes to binge-watch ICML tutorials and Suits.

Monday October 28, 2024 11:15 - 11:55 JST
Hall B (4)

AI_dev

Audience Intermediate

11:15 JST

AGL Roadmap Update - Walt Miner, The Linux Foundation

Monday October 28, 2024 11:15 - 11:55 JST

Hall B (3)

Speakers

Walt Miner

Senior Director of Community - Automotive Grade Linux, The Linux Foundation

Walt Miner is the Senior Director of Community at The Linux Foundation and has served as Community Manager for Automotive Grade Linux since 2014. Walt has spoken at numerous conferences throughout the worlds and brings over 30 years of embedded software development and management... Read More →

Monday October 28, 2024 11:15 - 11:55 JST
Hall B (3)

Automotive Linux Summit

Audience Any

11:15 JST

Architecting Kubernetes-Based Internal Developer Platforms: Essential Patterns and Practices - Hiroshi Hayakawa, LY Corporation

Monday October 28, 2024 11:15 - 11:55 JST

Hall A (3)

Recent IT paradigms like DevOps, CD, and IaC have shortened release cycles but burdened developers with mastering many tools. Platform Engineering, a field of software engineering frequently discussed in the CNCF, addresses this by providing Internal Developer Platforms (IDPs) that automate non-essential tasks. Kubernetes is widely used to run the various components that make up an IDP, thanks to its consistent API experience and high extensibility. However, Kubernetes was initially created as a general foundation for running workloads, not as part of platforms. Therefore, IDP builders must add Cloud Native technologies and customizations to Kubernetes. Despite three years since the rise of platform engineering, making the right architectural and technology choices remains challenging and requires a deep understanding of the organization's context and technologies. In this session, he will explain various architectural patterns for building IDPs using Kubernetes, including access control and multitenancy. Additionally, based on years of experience providing Kubernetes-based IDPs, he will discuss the pros/cons, operational considerations, and suitable organizational structures.

Speakers

Hiroshi Hayakawa

Staff Platform Engineer, LY Corporation

Hiroshi is a lead engineer of Kubernetes-based application platforms in LY Corporation's Private Cloud Division. The company runs many large-scale applications on its Kubernetes-based platform, and Hiroshi is skilled in running applications stably at such a scale. He has also been... Read More →

Monday October 28, 2024 11:15 - 11:55 JST
Hall A (3)

CloudOpen

Audience Beginner

11:15 JST

Safe Systems with Linux - Philipp Ahmann, Etas GmbH (BOSCH) & Kate Stewart, The Linux Foundation

Monday October 28, 2024 11:15 - 11:55 JST

Main Hall

As Linux is increasingly deployed in systems with varying criticality constraints, distro providers are expected to ensure that security fixes in their offerings do not introduce regressions for customer products that have safety considerations. The key question arises: How can they establish consistent linkage between code, tests, and the requirements that the code satisfies? And which open source tools and specifically for Linux exist to support traceability in order to comply with standards such as ASPICE, ISO26262 or ISO21434? This talk addresses critical challenges in requirements tracking, documentation, testing, and artifact sharing within the Linux kernel ecosystem. Functionality has historically been added to the kernel with requirements explained in the email justifications for adding, but not formalized as “requirements” in the kernel documentation. While tests are contributed for the code, the underlying requirement that the tests satisfies is likewise not documented in a consistent manner. This and further topics will be discussed. Additionally, the results from the "Safe Systems with Linux" micro conference at Linux plumbers will be summarized.

Speakers

Philipp Ahmann

Sr. OSS Community Manager, Etas GmbH (BOSCH)

Philipp Ahmann is a senior OSS community manager at Etas GmbH (BOSCH) specializing in safety and automotive grade open source software. He holds the position of technical steering committee chair for the Linux Foundation (LF) ELISA project to Enable Linux in Safety Applications and... Read More →

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects... Read More →

Monday October 28, 2024 11:15 - 11:55 JST
Main Hall

Critical Software Summit

Audience Intermediate

11:15 JST

The Kernel Report - Jonathan Corbet, LWN.net

Monday October 28, 2024 11:15 - 11:55 JST

Hall A (4)

The Linux kernel is at the core of any Linux system; the performance and capabilities of the kernel will, in the end, place an upper bound on what the system as a whole can do. This talk will review recent events in the kernel development community, discuss the current state of the kernel and the challenges it faces, and look forward to how the kernel may address those challenges. Attendees of any technical ability should gain a better understanding of how the kernel got to its current state and what can be expected in the near future.

Speakers

Jonathan Corbet

Editor, LWN.net

Jonathan Corbet is the kernel documentation maintainer, co-founder of LWN.net (and the author of its Kernel Page), a member of the Linux Foundation's Technical Advisory Board, and the lead author of Linux Device Drivers, Third Edition. He lives in Boulder, Colorado, USA.

Monday October 28, 2024 11:15 - 11:55 JST
Hall A (4)

LinuxCon

Audience Intermediate

11:15 JST

From Policy Enthusiast to Legislators' Contact Point - Ciarán O'Riordan, OpenForum Europe

Monday October 28, 2024 11:15 - 11:55 JST

Hall A (1)

Governments around the world are working on legislation to regulate cybersecurity, AI, and product liability for software. The success of free and open source projects and companies has been driven by our technology. Our teams working on legislation and public policy are much smaller, but we also have results that we can be very proud of. This presentation looks at the importance of policy work and what we do that leads to success in this domain. We will look at the international relevance of some current regulations being produced in Europe - notably the EU's Cyber Resilience Act, the AI Act, and the Product Liability Directive. From these, we will look at how these areas could be best regulated in other parts of the world. We will examine the technical information that policy makers need, so that they can make informed decisions. And we will also look at the meta goal of improving our policy work in the long term. We will do this by looking at the methods and organisation that allowed our ecosystem to be effective while working with the legislators to improve these texts.

Speakers

Ciarán O'Riordan

Sr. Policy Advisor, OpenForum Europe

Senior Policy Advisor at OFE, Ciarán O’Riordan has been working in Brussels since 2004 with a focus on EU policy and free and open source software. He recently worked on the EU's Cyber Resilience Act as well as coordinating the efforts of many free and open source organisations... Read More →

Monday October 28, 2024 11:15 - 11:55 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

11:15 JST

Building an Active Developer Community to Strengthen Open Source Program Offices (OSPO) - Regina Nkenchor, IKEA

Monday October 28, 2024 11:15 - 11:55 JST

Hall A (2)

OSPO initiatives thrive on the strength and engagement of their developer communities. However, creating and sustaining a vibrant community poses its own set of challenges. The primary goal of this talk is to share the strategies employed by Ingka IKEA’s Open Source Program Office (OSPO) for nurturing a dynamic and engaged developer community while considering the challenges of fostering collaboration within the open source ecosystem. Developers in an open source community often come from varied backgrounds and possess different levels of understanding and experience with open source contributions. Additionally, developers within an organization have varied concerns around their primary work goals, and contributing to open source may not always be a priority. Therefore, what are the strategies that OSPO’s can implement to enhance the appeal of open-source initiatives and encourage participation and contributions? How do they retain and support contributors to ensure consistent engagement? In this talk, I will share strategies from Ingka IKEA’s OSPO for building an active developer community to strengthen OSPO initiatives, empowering contributors in open-source projects.

Speakers

Regina Nkenchor

Software and OSPO Ambassador IKEA IT AB, IKEA

Regina is an OSPO Ambassador at IKEA. Her role also involves collaborating with the OSPO team to shape strategies and initiatives for adopting open source tools, developer community growth, and participation. Additionally, she is a software engineer at IKEA. Previously, Regina served... Read More →

Monday October 28, 2024 11:15 - 11:55 JST
Hall A (2)

OSPOCon

Audience Intermediate

11:15 JST

Securing the Unseen: Defending Against Open Source Software Supply Chain Attacks - Lawrence Crowther, Snyk

Monday October 28, 2024 11:15 - 11:55 JST

Meeting Room 1

Open source software powers today’s apps, but it also comes with hidden risks. Supply chain attacks targeting these components are on the rise, and the consequences can be serious. In this talk, we’ll uncover how these attacks work, share real-life examples, and discuss practical steps to protect your software. You’ll walk away with a clear understanding of the threats and how to keep your applications safe from unseen vulnerabilities in your open source dependencies.

Speakers

Lawrence Crowther

Head of Solutions Engineering APJ, Snyk

Lawrence Crowther is a leader in the Asia Pacific and Japan (APJ) tech scene with over 20+ years of experience. Currently, he heads the solutions engineering team at Snyk, where his team helps grow the business and promote Snyk's offerings across the region. Previously, Lawrence held... Read More →

Monday October 28, 2024 11:15 - 11:55 JST
Meeting Room 1

SupplyChainSecurityCon

12:05 JST

Data Prep Kit: A Comprehensive Cloud-Native Toolkit for Scalable Data Preparation in GenAI App - Daiki Tsuzuku & Takuya Goto, IBM

Monday October 28, 2024 12:05 - 12:45 JST

Hall B (4)

Every conversation on AI starts with models and ends with data. Data preparation is emerging as a very important phase of the GenAI journey, as high quantity and quality text and code corpora for GenAI model training have shown to play a crucial role in producing high performing Large Language Models (LLMs). The data preparation phase in the Generative AI lifecycle aims to clean, filter, and transform the datasets of text and code that are acquired from various sources into a tokenized form that is suitable for the training of LLMs, be it pre-training, or constructing LLM apps via fine-tuning or instruct tuning. The latter poses unique challenges, as each use case may necessitate tailored data preparation approaches. Given the enduring and evolving demand for data preparation techniques in LLM applications, we are introducing Data Prep Kit as an open-source software asset. This endeavour is geared towards fostering collaborative efforts within the community, enabling collective development and utilization, and ultimately reducing time to value. DPK has been instrumental in powering the IBM open-source Granite models.

Speakers

Takuya Goto

Software Engineer, IBM

Takuya is a software engineer at IBM where he works on software product development, and open-source development. Takuya specializes in NLP, ML, and text-based data processing. In his free time, Takuya likes running, and traveling with my wife and son.

Daiki Tsuzuku

Software Developer, IBM

I have been working in IBM as a software developer for about 7 years. I have been the backend developer, and sometimes frontend developer, of Watson Explorer, Watson Discovery, and watsonx Orchestrate. My field is to develop the application of processing a wide variety and large volume... Read More →

Monday October 28, 2024 12:05 - 12:45 JST
Hall B (4)

AI_dev

Audience Intermediate

12:05 JST

AGL Software Defined Vehicle Update - Jerry Zhao, Panasonic Automotive Systems Co., Ltd.

Monday October 28, 2024 12:05 - 12:45 JST

Hall B (3)

The AGL SDV Expert Group has been adding new features to the AGL Unified Code Base. Jerry will present an update on their latest efforts.

Speakers

Jerry Zhao

Chief SDV Architect, Panasonic Automotive Systems Co., Ltd.

Jerry leads the Automotive Grade Linux Software-Defined Vehicle Expert Group and works at Panasonic Automotive Systems Co., Ltd. leading a development team for SDV solutions. He had abundant experience in multiple automotive fields, including IVI, AUTOSAR, virtualization and clou... Read More →

Monday October 28, 2024 12:05 - 12:45 JST
Hall B (3)

Automotive Linux Summit

Audience Any

12:05 JST

Open Source LLMs in the Cloud: Scalable Solutions - Miley Fu, WasmEdge

Monday October 28, 2024 12:05 - 12:45 JST

Hall A (3)

The demand for running LLMs in the cloud is growing exponentially. In this keynote, we will explore developer’s and enterprises’ urging need for open source LLMs and the best practices for deploying them in cloud-native environments. Three key approaches for LLM deployment: Python-based solutions, native runtimes like llama.cpp or vLLM, and WebAssembly as an abstraction layer. Miley will discuss the benefits and challenges of each approach, focusing on real-world applications, integration ease, portability, and resource efficiency and talk about the CNCF CNAI ecosystem landscape. This keynote aims to demystify cloud-native AI. Attendees will have practical advice and a clear roadmap for deploying LLMs in the cloud, learning about the strengths and trade-offs of different approaches, to have a better idea to select and implement the most suitable strategy

Speakers

Miley Fu

DevRel, WasmEdge

Miley is a Developer Advocate with a passion for empowering developers to build and contribute to open source. With over 5 years of experience working on WasmEdge runtime in CNCF sandbox as the founding member, she talked at KubeCon, KCD Shenzhen, CloudDay Italy, DevRelCon, Open Source... Read More →

Monday October 28, 2024 12:05 - 12:45 JST
Hall A (3)

CloudOpen

Audience Beginner

12:05 JST

Secure Code, Safe Future: Mastering Security in Critical Software Development - Liran Tal, Snyk

Monday October 28, 2024 12:05 - 12:45 JST

Main Hall

You do your best to build a quality product and ensure testability and maintainable code. However, code security issues require a different domain of expertise, and your last vulnerable line of code is your first security regret. Maybe you heard about OWASP Top 10, and just maybe you can spot an SQL injection but how do you scale and prioritize code security across your tech stack and your development team? How do you ship secure operational technology (OT) software for critical infrastructure? This task becomes even more difficult to balance with false positive alerts, struggles to find vulnerable C++ libraries statically compiled in your runtime, and bridging the growing security knowledge gap that results in developers writing insecure code. Tune in to learn about secure coding practices and techniques to produce high-quality secure software. Your takeaways from this session will be learning from practical real-world vulnerable code, secure dependency upgrade policies, leveraging SBOMs for vulnerability and package signals, and hands-on hacking demos. This session offers actionable strategies and real-world applications to help you safeguard your critical software projects.

Speakers

Liran Tal

Director of Developer Advocacy, Snyk

Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security WG, and further promotes... Read More →

Monday October 28, 2024 12:05 - 12:45 JST
Main Hall

Critical Software Summit

Audience Beginner

12:05 JST

Step by Step, What Should We Do for the Kernel Ecosystem? - Hirotaka Motai, Cybertrust Japan

Monday October 28, 2024 12:05 - 12:45 JST

Hall A (4)

The announcement that the kernel LTS period would be two years came as a shock to embedded Linux developers (especially in Japan). However, it was also the moment that they had been relying on the kernel maintainers.Hirotaka wondered what we could do for the maintainers who worked so hard to maintain the kernel LTS, and started "Linux Kernel LTS Study Group" in Japan.A number of issues came up, including those related to kernel testing, the product development period and LTS period, and upgrading kernel versions. In this session, he will share the summary of discussions with in-house kernel developers working in Japanese companies and some examples of Open Source projects that can help you solve them, and encourage what other in-house kernel developers or just user can do as a first step for the kernel community.

Speakers

Hirotaka Motai

Expert Engineer and OSPO staff, Cybertrust Japan

Hirotaka worked as an embedded software engineer for 20 years. Currently he works for Cybertrust Japan and develops Debian-based embedded Linux Distribution and technical services with his team. He is a member of the technical committees in the CIP project. He is also an OSPO staff... Read More →

Monday October 28, 2024 12:05 - 12:45 JST
Hall A (4)

LinuxCon

Audience Beginner

12:05 JST

Unlocking Agility with Open Source: A Guide for Modern Businesses - Younes Hairej, Aokumo Inc.

Monday October 28, 2024 12:05 - 12:45 JST

Hall A (1)

For modern businesses navigating today's dynamic tech environment, open source is more than just a platform – it's a game-changer. This session dives deep into the transformative power of open-source software as a key driver of business agility and innovation. Real-world stories from the world of FinTech will showcase how open source empowers Japanese organizations to adapt swiftly to evolving markets and technological advancements. We'll address a common pain point: security concerns during open-source adoption and explore effective strategies to mitigate them. Beyond the technology itself, this session explores the cultural shift required to thrive in an open-source ecosystem. We'll highlight the unique collaborative spirit and community aspects within the Japanese business landscape, empowering you to leverage open source effectively.

Speakers

Younes Hairej

Founder & CEO, Aokumo Inc.

Younes is a senior technologist and business leader with over 10 years of experience in cloud and open source technologies. He is the founder and CEO of Aokumo Inc., a cloud infrastructure company. He is a trusted technology advisor and has won awards for his work, including the FX-Markets... Read More →

Monday October 28, 2024 12:05 - 12:45 JST
Hall A (1)

Open Source Leadership Summit

Audience Intermediate

12:45 JST

Lunch Break

Monday October 28, 2024 12:45 - 14:00 JST

Special Events / Exhibits / Breaks

14:00 JST

Optimize Your AI Cloud Infrastructure: A Hardware Perspective - Liang Yan, CoreWeave

Monday October 28, 2024 14:00 - 14:40 JST

Hall B (4)

GPU Cloud has become a ubiquitous component of contemporary AI infrastructure, especially for distributed machine learning scenarios. While conversations around AI infrastructure optimization typically revolve around the application layer, such as machine learning tasks and distributed job schedulers, delving into the underhood of the GPU cloud is essential. Numerous factors, including POD Scheduler, Device Plugin, GPU/NUMA topology, ROCE/NCCL Stack, and more, can significantly impact performance.

This session will thoroughly explore the tuning of various machine models(CNN/RNN/Transformer) from MLPerf using an H100 Cluster as a reference. We will analyze the correlation between model performance and device operator configuration in nodes by presenting first-hand experimental results to unveil the hidden potential within a K8S GPU Cloud.

Speakers

Liang Yan

Sr. Software Engineer, CoreWeave

Liang Yan is a senior software engineer at Coreweave, specializing in AI Infra, heterogeneous architecture acceleration and distributed machine learning systems from the cloud base. He collaborates closely with upstream communities and leading vendors like NVIDIA, AMD and ARM, delivering... Read More →

Monday October 28, 2024 14:00 - 14:40 JST
Hall B (4)

AI_dev

Audience Any

14:00 JST

Panel: How to Accelerate Contribution in Automotive Industry - Masato Endo & Ryunosuke Yamashita, Toyota Motor Corporation; Hiroyuki Ishii, Panasonic Automotive Systems Co., Ltd.; Yuichi Kusakabe, Honda Motor Co., Ltd.; Meixia Wang, Volvo

Monday October 28, 2024 14:00 - 14:40 JST

Hall B (3)

As keywords such as SDV are heard more and more frequently, software is becoming more and more in demand in the automotive industry. Open source software is used not only in vehicles, but also in various other applications such as data centers, smartphone applications, and internal systems. Some community activities, such as AGL and ELISA, are being promoted mainly in the automotive industry, and an increasing number of companies in the industry have established OSPOs. On the other hand, some companies are still reluctant to provide software developed in-house to external parties, and there are cases where software engineers in the automotive industry want to participate in open source community activities but are not provided with appropriate support. In this panel, members who are involved in open source activities at OEMs and suppliers will gather to discuss solutions to make open source community activities and contributions smoother for software engineers in the automotive industry. If you have any problems in your open source activities, please join the discussion. We hope that these issues will also be solved by the community.

Speakers

Yuichi Kusakabe

Chief Architect/OSPO Tech Lead, Honda Motor Co., Ltd.

Yuichi Kusakabe is the Lead Architect at Honda Motor Co., Ltd. , AGL(Automotive Grade Linux) member and COVESA(Connected Vehicle Systems Alliance) member since 2011 with over twenty years of Automotive and Open Source Software Experience. Prior to joining Honda Motor he worked for... Read More →

Masato Endo

Manager of OSPO, Toyota Motor Corporation

Masato Endo is a Group Manager of TOYOTA. He focuses also on building the Open Source governance structure within Toyota and developing relationships with the Open Source community, through projects such as AGL and OIN. From 2017, he began to work with the OpenChain Project as a board... Read More →

Meixia Wang

Director of Open Source Ecosystem, Volvo Car Corporation

Mary Wang is the Director of Open Source Ecosystem of Volvo Car Corporation. Her professional accomplishments include initiating open source project, forming and built OSPO for Volvo Cars. Before this, Mary was a subject matter expert configuration manager and was responsible for... Read More →

Hiroyuki Ishii

AGL Steering Committee, Senior Linux Engineer/Architect at Panasonic Automotive Systems, Panasonic Automotive Systems Co., Ltd.

Since 2014, Hiroyuki Ishii has been a senior Linux engineer/architect at Panasonic Automotive Systems, specializing in infotainment products, debugging tools, and system consolidation. In 2021, he joined the Automotive Grade Linux project as a member of the System Architect Team and... Read More →

Ryunosuke Yamashita

Member of OSPO / Researcher, Toyota Motor Corporation

Ryunosuke Yamashita is a member of Toyota OSPO. He helps in-house software engineers solve problems related to OSS. He is also a member of the OpenChain Japan Work Group, where he is working on OSS license compliance. He wants to build and share OSPO best practices in the automotive... Read More →

Monday October 28, 2024 14:00 - 14:40 JST
Hall B (3)

Automotive Linux Summit

14:00 JST

Unlocking the Power of OpenTelemetry: Enhancing Design, Development, and Testing - Takaya Ide & Yasuo Nakashima, Hitachi, Ltd.

Monday October 28, 2024 14:00 - 14:40 JST

Hall A (3)

Developers often face the complex challenges of designing, debugging, and testing distributed systems like microservices. Understanding failures, identifying performance issues, and ensuring system reliability from the early stages of design and development can be daunting. Observability technologies provide valuable insights not just in production but also during design and development. In this session, we will explore OpenTelemetry, a cutting-edge observability framework, and its practical applications in the design, debugging, and testing of distributed systems. Key topics include: - Assessing the impact of incorporating a cache server on system behavior during the design phase. - Evaluating how database failures affect both backend and frontend applications during fault testing. - Detecting performance bottlenecks for specific requests during load testing. Participants will gain a clear understanding of how OpenTelemetry can revolutionize their debugging and testing processes, leading to more effective experiments and increased reliability in their distributed systems.

Speakers

Yasuo Nakashima

Researcher, Hitachi, Ltd.

Researcher, Digital Services Platform Innovation Center.

Takaya Ide

Senior Researcher, Hitachi, Ltd.

Takaya is a Senior Researcher in Service Computing at Hitachi, Ltd. With a passion for Cloud Native, DevSecOps, and open-source contributions, he has been instrumental in designing architectures and implementing monitoring and security within the company.

Monday October 28, 2024 14:00 - 14:40 JST
Hall A (3)

CloudOpen

Audience Intermediate

14:00 JST

Enhancing Cyber Resilience and Sustainability in Critical Infrastructure with CIP and IEC-62443-4 - Yoshitake Kobayashi, Civil Infrastructure Platform & Dinesh Kumar, Toshiba Software India

Monday October 28, 2024 14:00 - 14:40 JST

Main Hall

Linux is the foundational infrastructure for mission-critical systems across sectors like energy, transportation, and healthcare. These systems must operate reliably for decades while adapting to evolving Smart City and IoT landscapes. Interconnectivity brings challenges in managing vulnerabilities and upgrades, requiring adherence to standards and maintaining system integrity.

The Civil Infrastructure Platform (CIP) project addresses these challenges by providing an Industrial Grade Linux platform for robust, secure, and sustainable operations. Over 7 years, CIP has demonstrated a commitment to meeting current needs and addressing future threats.

This presentation will explore CIP's pivotal role in strengthening cyber resilience and enhancing system reliability. It will also delve into the CIP Security Working Group's efforts to align the platform with the IEC 62443 standard for industrial control system security.

The key topics covered will include ensuring IEC-62443-4-x compliance, bridging gaps for updates and long-term support, traceability between code, tests, and requirements for standards compliance. The presentation will also discuss CIP's role in building sustainable and cyber-resilient critical infrastructure, integrating security throughout the CIP ecosystem using the IEC 62443 framework, and the benefits of this alignment for improved risk management and threat mitigation.

Attendees will gain insights on how CIP can help build future-ready, cyber-resilient systems

Speakers

Yoshitake Kobayashi

TSC Chair, Civil Infrastructure Platform (Toshiba)

Yoshitake Kobayashi is the Technical Steering Committee Chair for the Civil Infrastructure Platform Project, hosted by The Linux Foundation. He is actively working to leverage open-source software for a secure and sustainable society. Additionally, he leads a software R&D department... Read More →

Dinesh Kumar

Engineering Manager, Toshiba Software India pvt Ltd

Experienced, in developing Embedded linux software , Secure boot, Debian packages, board support packages, development of Android Application & Framework. My research interest includes embedded linux, Linux kernel security, cybersecurity and Cloud technologies. Currently working for... Read More →

Monday October 28, 2024 14:00 - 14:40 JST
Main Hall

Critical Software Summit

Audience Intermediate

14:00 JST

Contributing to KernelCI for Better Testing and Collaboration - Arisu Tachibana, Cybertrust Japan Co., Ltd.

Monday October 28, 2024 14:00 - 14:40 JST

Hall A (4)

Many products and services are dependent on the Linux Kernel. Because of this the Linux Kernel has to be tested on many different hardware to ensure the stability and reliability of these products or services, this is why KernelCI needs more collaboration both from users and companies. The Linux Kernel upstream community has requested more contributions from companies and users, in particular on the testing ecosystem, such as adding and reporting test results. By understanding corporate usage, the community can more easily provide support and collaborate effectively. KernelCI is one of the current main Kernel testing frameworks and is helping ensure the quality, stability and long-term maintenance of the Linux kernel. As a member of the KernelCI Technical Steering Committee (TSC), I will give details on KernelCI developments and directions. I will talk about current KernelCI new projects. I will talk about KCI tool usage and how it is possible to test own patches with the current KernelCI API and running the test privately. This session will provide useful information for people interested in adopting KernelCI and encourage them to contribute to KernelCI.

Speakers

Arisu Tachibana

Senior Engineer, Cybertrust Japan Co., Ltd.

Gentoo Linux Developer and the Gentoo Kernel Project Leader. KernelCI Technical Steering Committee member. Furthermore, she is currently working as IoT Technology division as embedded software engineer for Cybertrust japan Co., Ltd.

Monday October 28, 2024 14:00 - 14:40 JST
Hall A (4)

LinuxCon

Audience Any

14:00 JST

Building Resiliency: Navigating Mental Well-Being in Open-Source and Software Careers - Sandeep Kanabar, Gen & Shivangi Motwani, Warner Bros. & Discovery

Monday October 28, 2024 14:00 - 14:40 JST

Hall A (1)

The software industry, a bastion of innovation, often overlooks the mental well-being of its builders. This session delves into challenges at all career levels including open source, from layoffs to project pressures, underscoring the need to recognize and respond to mental health fluctuations for inclusive, resilient teams. Compelling narratives include: - Leadership: A startup CEO battling burnout and imposter syndrome. - Career transitions: A young developer overcoming job loss stigma. - Personal resilience: An SRE managing personal loss during critical projects. - Open Source enthusiast: A open-source enthusiast juggling his passion in open source with his official work. Weaving in our journeys with depression during the pandemic, we'll explore strategies for: - Overcoming discrimination in the tech industry. - Taking healthy breaks and prioritizing self-care. - Seeking support from mental health professionals. Our goal is an open, inclusive conversation about mental well-being in open source software. By acknowledging the interconnectedness of personal struggles and team success, we can build resilient, supportive environments for all tech talent to thrive.

Speakers

Sandeep Kanabar

Lead Software Engineer, Gen (formerly NortonLifeLock)

Hailing from India, Sandeep is a passionate software engineer working at Gen (formerly NortonLifeLock). A frequent meetup speaker, Sandeep enjoys sharing his lessons learned from 15+ years in the tech space with the community. He's a staunch advocate for diversity and inclusion and... Read More →

Shivangi Motwani

Senior Software Engineer, Warner Bros. & Discovery

Shivangi has work experience of 3+ years, working with team building reliable products for Banking needs. Has learned how few configs of Kafka can notoriously behave at scale, along with that has experience making Observability easy for teams business teams and for teams of devel... Read More →

Monday October 28, 2024 14:00 - 14:40 JST
Hall A (1)

Open Source Leadership Summit

Audience Any

14:00 JST

The Role of Open Source Management Talent in Ensuring Software Ecosystem Stability - Ana Jiménez Santamaría, The Linux Foundation/TODO Group & Daniel Izquierdo Cortázar, Bitergia

Monday October 28, 2024 14:00 - 14:40 JST

Hall A (2)

The stability of software ecosystems heavily relies on the effective management of open source components across the supply chain. This session will highlight best practices demonstrating the strategic value of open source management talent through case studies and quantitative analyses. Ana Jiménez and Daniel Izquierdo will present practical scenarios where these professionals effectively communicate the importance of open source components to executives, identify bottlenecks affecting engineering teams, and leverage existing open source software toolkits to gather critical data for better decision-making.

Speakers

Daniel Izquierdo

CEO, Bitergia

Daniel Izquierdo is a researcher and co-founder of Bitergia and currently holding the position of CEO, he is focused on the quality of the data, research of new metrics, analysis and studies of interest for Bitergia customers via data mining and processing. Daniel earned a PhD in... Read More →

Ana Jimenez

Project Manager, Linux Foundation

Ana is a senior Project Manager at the Linux Foundation's TODO Group project, an open group of practitioners who want to collaborate on best practices and tools to effectively manage open source operations through Open Source Program Offices (OSPOs). Formerly she worked at Bitergia... Read More →

Monday October 28, 2024 14:00 - 14:40 JST
Hall A (2)

OSPOCon

Audience Any

14:50 JST

A Next-generation IoT Platform for Edge AI Apps Leveraging Sensors and Wasm - Munehiro Shimomura, Sony Semiconductor Solutions Corporation & Kenji Shimizu, Midokura

Monday October 28, 2024 14:50 - 15:30 JST

Meeting Room 1

In this session, we will introduce the construction of a comprehensive platform that uses Edge AI and sensors to cover everything from devices to the cloud. The platform enables advanced cooperation between sensors and AI control, and emphasizes seamless and dynamic replacement of AI models by using WebAssembly (Wasm). Furthermore, through open sourcing, we aim to expand the ecosystem and form a technical community. Through technical details and real-world scenarios, we will provide insights that participants can apply to their own projects.

Speakers

Kenji Shimizu

Manager, Midokura

After spending more than 20 years in Japanese telecom & mobile company as an R&D engineering researcher and manager, he, inspired by Midokura's vision, has joined and started to play a role to expand the ecosystem for open source for an edge distributed AI sensing infrastructure which... Read More →

Munehiro Shimomura

Open Source Program Manager, Sony Semiconductor Solutions Corporation

Munehiro is the division's OSPO Open Source Program Manager, where he leads open source strategy development and execution. He believes it is important to create a culture in which organizations can strategically and proactively utilize open source, and is working hard to achieve... Read More →

Monday October 28, 2024 14:50 - 15:30 JST
Meeting Room 1

AI_dev

14:50 JST

Unlocking Local LLMs with Quantization - Marc Sun, Hugging Face

Monday October 28, 2024 14:50 - 15:30 JST

Hall B (4)

This talk will share the story of quantization, its rise in popularity, and its current status in the open-source community. We'll begin by reviewing key quantization papers, such as QLoRA by Tim Dettmers and GPTQ by Elias Frantar. Next, we'll demonstrate how quantization can be applied at various stages of model development, including pre-training, fine-tuning, and inference. Specifically, we'll share our experience in pre-training a 1.58-bit model, show how fine-tuning is achievable using PEFT + QLoRA, and discuss optimizing inference performance with torch.compile or custom kernels. Finally, we'll highlight efforts within the community to make quantized models more accessible, including how transformers incorporate state-of-the-art quantization schemes and how to run GGUF models from llama.cpp.

Speakers

Marc Sun

Machine Learning Engineer, HuggingFace

Marc is a ML Engineer working on the Open Source team at Hugging Face and he collaborates with researchers and developers to add new exciting features in the HF ecosystem and have contributed to various libraries in the HF ecosystem (transformers, accelerate, PEFT). Marc is also deeply... Read More →

Monday October 28, 2024 14:50 - 15:30 JST
Hall B (4)

AI_dev

Audience Intermediate

Audience Intermediate

14:50 JST

Securing the Future: Modernising Singapore Government IT Policy Through Open Source - Hunter Nield, Government Technology Agency of Singapore & Eugene Lim, Open Government Products

Monday October 28, 2024 14:50 - 15:30 JST

Hall A (1)

In this session, we explore the Singapore Government's approach to modernising its security standards and policy development. By leveraging open formats such as OSCAL, open source tools, and integrating DevOps practices, Singapore is streamlining its cybersecurity governance, making it more lean, efficient and robust. Attendees will learn about the implementation of these technologies, the adoption of DevOps for policy development, and the benefits for government agencies. Join us to discover upcoming plans of compliance automation and security testing to further improve security and resiliency for public services.

Speakers

Eugene Lim

Lead Security Engineer, Open Government Products

Eugene is a cybersecurity professional and white hat hacker who builds resilient appsec programmes in the day and researches product security at night. His work has been featured in top cybersecurity conferences such as DEF CON and Black Hat USA as well as in industry publications... Read More →

Hunter Nield

Distinguished Engineer, Government Technology Agency of Singapore

Hunter is a Distinguished Engineer at the Government Technology Agency of Singapore, where he helps leads the Cloud and DevOps Centre of Excellence. Prior to joining the Government, he ran businesses in Asia and Australia focusing on Cloud Infrastructure, Digital Transformation, and... Read More →

Monday October 28, 2024 14:50 - 15:30 JST
Hall A (1)

Open Source Leadership Summit

Audience Any

14:50 JST

Best Practices for Reducing Patent Risk to OSS Projects - Keith Bergelt, Open Invention Network

Monday October 28, 2024 14:50 - 15:30 JST

Main Hall

At Open Source Summit Japan, within the Operation Management Summit, Keith Bergelt, CEO of Open Invention network, will address ways to mitigate risk to open source projects, developers and distributors. Few developers or businesses will show interest in contributing to an open source project if it doesn't address potential bugs, security issues, or feature additions to its repository. This is well understood by the OSS community and spurred its growth into new technological areas such as AI/ML, FinTech and Automotive, among many others. However, many of today’s most popular open source licenses do not adequately address patent risk for open source projects. As patent risk is a challenge that must be addressed, this presentation will discuss the key tenets around patent non-aggression in open source, key patent-related risks, and the best practices that open source projects and their management should consider moving forward to “address the issue.” . Key Takeaways: - An understanding of the patent threat matrix to open source projects - Ways patent litigation risks are rising & ways to reduce these risks - Best practice solutions for management to mitigate these challenges

Speakers

Keith Bergelt

CEO, Open Invention Network

Keith Bergelt is the CEO of Open Invention Network (OIN), the only institution focused on mitigating patent risk in open source software. Funded by Google, IBM, NEC, Philips, Sony, SUSE, and Toyota, OIN has nearly 4,000 community members. In his capacity as CEO, he is directly responsible... Read More →

Monday October 28, 2024 14:50 - 15:30 JST
Main Hall

Operations Management Summit

Audience Intermediate

14:50 JST

Middle-Platform Empowerment: Growing and Sustaining Open Source Projects at Ant Group - Xiaoya Xia & Peggy Dong, Ant Group

Monday October 28, 2024 14:50 - 15:30 JST

Hall A (2)

This session introduces Ant Group OSPO's approach to growing and sustaining open source projects through governance and tooling services. We employ systematic strategies to discover and nurture open source talent, providing comprehensive lifecycle support from project initiation to incubation and maturation. These governance practices ensure that projects are well-managed, leading to sustainable development and long-term success.On the other hand, we leverage digital and tooling-based open source infrastructure to create dynamic ecosystems. This includes digital growth dashboards that offer relational insights and analytics, as well as contribution incentive mechanisms that promote deeper community engagement. Join us to uncover: 1. How our governance service foundation lays the groundwork for robust open source project development. 2. Strategies for effective talent cultivation and project lifecycle management. 3. The utilization of digital tools to track and foster project growth. 4. Mechanisms to encourage and reward community contributions, driving active participation.

Speakers

Xiaoya Xia

Open source program analyst, Ant Group

Xiaoya Xia is a member of the Ant Group OSPO, where she focuses on catalyzing open source success through data-driven insights. Before joining Ant Group, Xiaoya was a PhD at East China Normal University (ECNU), where she concentrated on research into open source ecosystem sustain... Read More →

Peggy Dong

Open Source Governance Expert, Ant Group

I believe Open source represents a force for good. Being attracted by the concepts of open source, collaboration and sharing, I joined Ant Open Source OSPO early last year. Before this, I was mainly engaged in strategic planning, hoping to bring a different perspective to open source... Read More →

Monday October 28, 2024 14:50 - 15:30 JST
Hall A (2)

OSPOCon

Audience Intermediate

15:40 JST

From Design to Launch: Implementing AI Governance at Scale - Nathália Kuromiya & Martin Winkler, Google

Monday October 28, 2024 15:40 - 16:20 JST

Hall B (4)

What does it take to design, implement, and roll out a comprehensive AI governance program? What challenges and opportunities do companies encounter when scaling AI governance across diverse products and AI applications, and how can AI governance programs be designed to stay agile in a dynamic technological and regulatory environment? Insights on scaling AI governance programs progressively across multiple jurisdictions while keeping them agile in a dynamic technological and regulatory landscape. Practical learnings, effective solutions and challenges to watch out for. Topics discussed: - What are the building blocks of your company’s AI Governance program? - What challenges did we face when building an AI Governance program? - The AI Governance landscape is evolving rapidly – both through technical innovation and regulatory advances. How to keep an agile approach to AI governance? - What kinds of risks are front and center when you’re building an AI Governance program? What kinds of opportunities?

Speakers

Martin Winkler

Software Engineer, Google

Martin Winkler is a Software Engineer at Google as part of the Privacy, Safety and Security team. He works as a lead for privacy and governance tooling and tackled cross-company privacy challenges to ensure the safety of users and their data. Additionally, he is establishing company... Read More →

Nathália Kuromiya

Software Engineer, Google

Nathália Harumi Kuromiya is a Software Engineer at Google as part of the Privacy, Safety and Security team. She works as a lead for privacy and governance tooling and had a privacy reviewer role. For the past year, she's been working on AI safety space as one of the technical contributors... Read More →

Monday October 28, 2024 15:40 - 16:20 JST
Hall B (4)

AI_dev

Audience Intermediate

15:40 JST

Virtio-Loopback Status and Next Steps - Michele Paolino, Virtual Open Systems

Monday October 28, 2024 15:40 - 16:20 JST

Hall B (3)

virtio-loopback is a virtio Hardware Abstraction Layer (HAL) for non-virtualized environments designed and implemented by the Software Defined Vehicle Expert Group (SDV). Thanks to this technology, it is possible to abstract hardware dependencies and run the same software seamlessly on both virtualized and non virtualized systems. During this session, the latest development results related to this year activity will be shared with the community. In particular, detailed information about the development status (multi-device support, prioritization, etc) and future works will be provided.

Speakers

Michele Paolino

Virtualization Architect, Virtual Open Systems

virtualization architect active in AGL since 2016

Monday October 28, 2024 15:40 - 16:20 JST
Hall B (3)

Automotive Linux Summit

15:40 JST

eBPF-Powered Observability for Sustainable Computing - Paras Mamgain, Anmol Krishan Sachdeva, Samrat Priyadarshi & Miki Katsuragi, Google

Monday October 28, 2024 15:40 - 16:20 JST

Hall A (3)

With the advancements in the fields of Applied AI/ML, computational power, FinOps practices, and cloud services, organizations are increasingly building and deploying AI/ML workloads on Kubernetes. Cloud Computing gives the impression that the underlying resources (like Virtual Machines, CPU, RAM, Storage, etc.) are infinite, and hence many individuals don’t focus on the count of machines and resources when training their AI/ML models and proceed with training fairly large models with millions and billions of parameters. The energy-intensive nature of model training and iterations, coupled with the growing scale of AI/ML deployments, is contributing to a considerable environmental impact in the form of Carbon Emissions.

This talk introduces some key open-source cloud agnostic tools and techniques to build eBPF-powered observability solutions for practicing Sustainable Computing. By analyzing and tuning performance and energy metrics from Kubernetes resources like Pods and Nodes, AI/ML Practitioners and Platform Engineers can optimize workloads, reduce energy consumption, lower costs, and minimize environmental impact while maintaining performance.

Speakers

Miki Katsuragi

AI Consultant, Google Cloud

Miki is an AI Consultant at Google with a background in Data Analysis and Machine Learning. She has experience working at a database vendor, and currently develops cloud-based ML services and implements data analysis solutions. She is also a co-author of "Scalable Data Science" published... Read More →

Paras Mamgain

Software Engineer, Google

I am a passionate programmer and a backend developer with a special taste for information retrieval and using new ideas to collaborate with team members to solve existing challenges and attempting to convert them to Intellectual property.Currently, as a Software Engineer my work is... Read More →

Anmol Krishan Sachdeva

Hybrid Cloud Architect, Google

Anmol is an International Tech Speaker, a Distinguished Guest Lecturer, an active conference organizer, and has published several notable papers. He works at Google and focuses on Emerging Technologies. Anmol has years of rich experience in handling and configuring large-scale K8s... Read More →

Samrat Priyadarshi

Cloud Engineer, Google

Samrat is a Cloud Engineer at Google with 8 years of experience in Cloud Computing focussing mainly on Kubernetes and related landscapes. He has given several talks in Google Developers Group, Google DevFest.

Monday October 28, 2024 15:40 - 16:20 JST
Hall A (3)

CloudOpen

Audience Intermediate

15:40 JST

Open Discussion on Understanding Cultural Differences When Approaching OSS - Daniel Izquierdo Cortázar, Bitergia; Ana Jiménez Santamaría, The Linux Foundation/TODO Group; Yuki Hattori, GitHub; Willem Jiang, ByteDance

Monday October 28, 2024 15:40 - 16:20 JST

Hall A (1)

This panel aims to provide lessons learned on cultural differences when approaching OSS communities. In the past, Willem and Daniel explored the differences between China and Spain. This time we are bringing Yuki Hattori, based in Japan, GitHub employee, and Ana Jiménez from the TODO group with a wide perspective on OSS projects around the world. We learned in the past about how Chinese society works [ring-based trusted networks] and barriers to effectively bringing people into Western based organizations and the other way around, how to effectively interact with more Chinese-based OSS projects. This time we would like to expand this discussion with Japanese concepts such as 'nemawashi' which is the practice of laying groundwork and building consensus before making proposals, 'uchi-soto' dynamics which is the distinction between 'insiders (uchi) and outsiders (soto) in social groups, and others. This panel will bring this discussion to the audience with practical advice on how to engage and onboard newcomers, while we are all learning together from each other.

Speakers

Willem Jiang

Principal Open Source Evangelist, ByteDance

Willem Jiang (Jiang Ning) is the principal Open Source Evangelist of ByteDance OSPO , and serves as a board director of the Apache Software Foundation. He has contributed to various Apache projects, including Camel, CXF, ServiceMix, and ServiceComb. Prior to joining ByteDance, Willem... Read More →

Daniel Izquierdo

CEO, Bitergia

Ana Jimenez

Project Manager, Linux Foundation

Yuki Hattori

Sr. Customer Success Architect, GitHub

Primarily provides technical support for GitHub's enterprise solutions. Actively promotes the adoption of GitHub Copilot.Additionally, focuses on introducing open source culture and practices into corporations, advocating for InnerSource to break down organizational silos. Through... Read More →

Monday October 28, 2024 15:40 - 16:20 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

15:40 JST

OS Sustainability in Japan: Open Collaboration Model to Spin up the OSS 3P Cycle - Yuichi Nakamura & Ayumi Watanabe, Hitachi; Shingo Fujimoto, Fujitsu; Masato Endo, Toyota; Munehiro Ikeda, Cybertrust Japan; Moderated by Nori Fukuyasu, The Linux Foundation

Monday October 28, 2024 15:40 - 16:20 JST

Main Hall

To sustain the OS industry, we must assess the efficiency of the open source 3P cycle (Projects, Products, and Profits). Companies build products using open source software and generate revenue. This should incentivize them to reinvest in open source communities, thereby creating better products and increasing profits. However, the 3P cycle is not functioning smoothly. While companies utilize open source technologies, they often do so without collaborating with the community. This lack of interaction reduces their interest in reinvesting in the open source ecosystem. This issue significantly impacts the Japanese industry. Companies miss opportunities to leverage cutting-edge technologies and remain less inclined to invest in talent development within and outside their organizations. The resulting talent shortage poses a serious sustainability challenge for the industry. In this session, LF Japan evangelists will discuss this topic from their respective areas of expertise, including cloud, blockchain, security, compliance, and OSPO. Attendees will learn about the latest trends in open source and business and engage in discussions on how to enhance the 3P cycle in Japan.

Speakers

Yuichi Nakamura

Chief OSS Strategist, Hitachi

Yuichi Nakamura,Ph.D has been engaged with OSS over 20 years, contributed SELinux, gave presentations in many OSS events such as Linux Security Summit, Embedded Linux Conference and KubeCon. He also launched ecosystem of business and OSS contribution model based on Keycloak in Hitachi,Ltd... Read More →

Ayumi Watanabe

SBOM Evangelist, Hitachi Solutions, Ltd.

Ayumi Watanabe is a Senior OSS Specialist of Hitachi Solutions, Ltd.. She is also a core member of OpenChain Japan and known as a SBOM evangelist appointed by the Linux Foundation Japan. Her strong point is a knowledge of many tools for SBOM generation and management, a wide range... Read More →

Shingo Fujimoto

Senior Research Director, Fujitsu

Shingo Fujimoto leads the development of various blockchain technologies in Fujitsu, based on his broad knowledge in the field of internet security and protocol design. He is also involved in several blockchain PoC projects with innovative customers. Shingo is a maintainer of Hyperledger... Read More →

Masato Endo

Manager of OSPO, Toyota Motor Corporation

Munehiro Ikeda

Lead Architect, Cybertrust Japan Co., Ltd.

Ikeda Munehiro is a key engineer in the IoT Technology Division at Cybertrust Japan, working on leading-edge technologies and contributing to the Open Source Security Foundations(OpenSSF) activities on OSS security and supply chain.

Nori Fukuyasu

VP of Japan Operations, The Linux Foundation

VP of Japan Operations at Linux Foundation.

Monday October 28, 2024 15:40 - 16:20 JST
Main Hall

Operations Management Summit

Audience Intermediate

15:45 JST

Recent TPM Security Enhancements to the Linux Kernel - James Bottomley, Microsoft

Monday October 28, 2024 15:45 - 16:25 JST

Hall A (4)

Recent security updates to Linux, such as the new Systemd Unified Kernel Image[1] rely on the discrete or firmware integrated TPM (Trusted Platform Module) to verify boot and release secrets securely. However, there are many known attacks against the TPM chip itself. We will discuss the newly upstreamed Linux Kernel TPM security patches[2], which not only provide a basis for securely communicating with the TPM but also provide a novel defences against a wide variety of TPM based attacks by using a unique (to Linux) null key scheme. This talk will cover what TPM based attacks are (including interposer attacks), how the Trusted Computing Group expects you to tell you're talking to a real TPM and how you can communicate with it securely and use its policy statements to govern key use and release. We will then move on to how the new Linux Kernel patches extend this and can be leveraged to validate the TPM on every boot and continually monitoring it for any TPM interposer substitutions in real time. [1] https://github.com/uapi-group/specifications/blob/main/specs/unified_kernel_image.md [2] https://lore.kernel.org/all/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/

Speakers

James Bottomley

Partner Architect, Microsoft

James Bottomley is a Partner Architect at Microsoft working on Linux. He is also Linux Kernel maintainer of the SCSI subsystem. He started at AT&T Bell labs to work on Lock Manager technology for clustering. In 2000 he helped found SteelEye Technology to bring HA to Linux, becoming... Read More →

Monday October 28, 2024 15:45 - 16:25 JST
Hall A (4)

LinuxCon

Audience Intermediate

16:20 JST

Coffee Break

Monday October 28, 2024 16:20 - 16:40 JST

Special Events / Exhibits / Breaks

16:40 JST

Leveraging Zephyr and ML to Bring Smart Devices to Market, Faster - Kate Stewart, The Linux Foundation

Monday October 28, 2024 16:40 - 17:20 JST

Hall B (4)

End point devices are resource constrained, either in terms of power, memory or communication capabilities - sometimes all three. However, being able to apply machine learning on these end point devices is possible and when applied strategically enables system wide efficiencies to be realized. This talk will explore the requirements and tradeoffs for such system to be considered when using the Zephyr RTOS and Tensorflow Lite for Embedded Microcontrollers projects.

Speakers

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Monday October 28, 2024 16:40 - 17:20 JST
Hall B (4)

AI_dev

Audience Intermediate

16:40 JST

Establishing a Software-Defined Multi-Display Framework with Unified HMI - Kenta Murakami, Panasonic Automotive Systems Co., Ltd.

Monday October 28, 2024 16:40 - 17:20 JST

Hall B (3)

In recent years, more in-vehicle displays have created a need for flexible application displays across multiple screens, opening new UI/UX development opportunities. However, achieving this flexibility with current graphic frameworks is costly as each hardware platform requires custom display interconnections. The automotive industry needs a "Software-Defined" display framework to separate software from hardware. Our open-source Unified HMI framework meets this need with display virtualization, enabling flexible cockpit UI/UX development across multiple displays, regardless of hardware. Unified HMI supports software-defined development on different SoCs and OS like AGL and Android, reducing development time and costs by developing seamlessly in cloud virtual ECU. It also supports continuous OTA updates throughout the vehicle's lifecycle. In this presentation, we will highlight the new feature of Unified HMI and give an outlook for future enhancements.

Speakers

Kenta Murakami

Employee, Panasonic Automotive Systems Co., Ltd.

Kenta Murakami has three years of experience at Panasonic Automotive Systems Corporation, focusing on the development and research of graphics framework for automotive embedded operating systems. He is committed to contributing to the field of automotive software. Outside of work... Read More →

Monday October 28, 2024 16:40 - 17:20 JST
Hall B (3)

Automotive Linux Summit

16:40 JST

Secure and Efficient Data Sharing with Federated Cloud Storage - Masataka Mizukoshi, NTT

Monday October 28, 2024 16:40 - 17:20 JST

Hall A (3)

As the importance of data utilization for AI grows, enterprises aim to securely exchange data with their customers and leverage external data.Many services and open-source software related to data sharing and governance have attracted attention and extensive research and development, such as Snowflake Marketplace and Databricks Delta Sharing, among others. However, sharing data between different companies presents numerous challenges in terms of data security and efficiency, including efficient access to geographically dispersed data and access control for data managed by multiple organizations. To address these challenges, we have developed virtual data lake system that achieves efficient and secure data sharing using federated cloud storage. In this approach, virtual data integration is performed by collecting and managing only metadata without collecting the original data. In this session, we’ll take a look at how to build a safe and efficent data lake system by using existing OSS for data governance and data federation tools, such as LinkedIn DataHub and Alluxio ..etc.

Speakers

Masataka Mizukoshi

Reseacher, NTT

I am a researcher at NTT Labs, focusing on developing a data platform using a variety of open-source software. Previously, I conducted research in distributed computing related to Hadoop/Spark. I have spoken at international conferences such as IEEE Congress on Evolutionary Computation... Read More →

Monday October 28, 2024 16:40 - 17:20 JST
Hall A (3)

CloudOpen

Audience Intermediate

16:40 JST

Improving Bpftrace Reliability - Daniel Xu, Meta

Monday October 28, 2024 16:40 - 17:20 JST

Hall A (4)

bpftrace is a popular and powerful dynamic tracer for Linux systems. In the vast majority of uses cases, bpftrace does its job quickly, efficiently, and accurately. However with the rapid growth of users, use cases, and features, the bpftrace community has started to feel (technical) growing pains. In particular, we've started to uncover various reliability issues. In this talk, we will cover what is already done as well as what is currently broken and how we will systematically fix and prevent these issues from re-occuring. Because bpftrace sits at the intersection of operating systems, compilers, and observability, we have the fortunate advantage of being able to absorb techniques and tricks from these fairly different disciplines. We hope that some of the knowledge we share will be both interesting as well practical to attendees. Audience participation is highly welcome. In particular, we are quite interested in receiving feedback in the form of bug reports, feature requests, complaints, etc.

Speakers

Daniel Xu

Software Engineer, Meta

I mostly work in the eBPF / kernel networking space these days. I contribute to and help maintain bpftrace along with other bits and pieces of software in the Linux world.

Monday October 28, 2024 16:40 - 17:20 JST
Hall A (4)

LinuxCon

Audience Intermediate

16:40 JST

Enhancing Open Source Collaboration: From Incentive Programs to Data-Driven Contribution Metrics - Xiaoya Xia, Ant Group

Monday October 28, 2024 16:40 - 17:20 JST

Hall A (1)

In this session, we will explore, analyze, and compare various existing models of incentivizing open source developers and the effectiveness of these models in promoting sustained contributions. We will cover different types of incentive programs such as: 1. Project-Based Internships: Programs like Google Summer of Code (GSoC), Open Source Promotion Plan (OSPP), and Outreachy. 2. Bounty Models: Platforms like IssueHunt and IssueBounty. 3. Direct Funding Models: Initiatives like GitHub Sponsors and Open Collective. Based on this foundation, this session will introduce a series of validated practices from various open source projects, corporate environments, and academic communities. These practices leverage an algorithm that precisely measures developer contributions within the community through collaborative behaviors. The contributions are quantified and scored, and the results are used to reward developers, thereby promoting better open source collaboration and community engagement. We call this measurement methodology Openrank.

Speakers

Xiaoya Xia

Open source program analyst, Ant Group

Monday October 28, 2024 16:40 - 17:20 JST
Hall A (1)

Open Source Leadership Summit

Audience Intermediate

16:40 JST

A Practical Guide to Using International Standards for Open Source Procurement - Shane Coughlan, OpenChain Project

Monday October 28, 2024 16:40 - 17:20 JST

Main Hall

International standards addressing specific challenges around open source provide organizations significant opportunities for increasing efficiency and reducing risk. This talk will explain practical ways for procurement departments to use these standards to benefit product teams, IP departments, legal departments or OSPOs supporting corporate policy. The focus will be on ISO/IEC 5230 (license compliance), ISO/IEC 18974 (security assurance) and ISO/IEC 5962 (SBOM), all mature standards maintained by Linux Foundation Projects. The audience of this talk will be equipped to immediately improve their supply chain management as either customers or suppliers in any industry sector.

Speakers

Shane Coughlan

General Manager, OpenChain Project

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated OIN into the largest patent non-aggression community in history and establishing the first global network for open... Read More →

Monday October 28, 2024 16:40 - 17:20 JST
Main Hall

Operations Management Summit

Audience Intermediate

16:40 JST

LFX Mentorship Showcase (Open to All Attendees; No Additional Fee or Registration Required)

Monday October 28, 2024 16:40 - 18:10 JST

Hall A (2)

Speakers

Vivek Vishal

Student, SLIET Longowal

Layer5

Nitish Kumar

Software Engineering Intern, Akuity

Nitish is a Software Engineer at Akuity and a CNCF Ambassador. In the past, Nitish has served as a Linux Foundation Mentee under the Kubernetes Release Engineering Team, where he built the OBS library that is used by the Kubernetes project to automate the process of managing release... Read More →

Yash Khare

Software Engineer, Keploy

Yash Khare - currently a full time open source developer, a member of CNCF sandbox project Clusterpedia , focused on multi cluster resource management and LFX Mentee at Konveyor. My ongoing projects revolve around easy adoption of applications to Kubernetes. I recently contributed... Read More →

António Pedro

Software Engineer, Kinsari - Sistemas de Informação | Angola Open-source Community

António Pedro is a final-year Computer Science and Engineering student at Indraprastha Institute of Information Technology, Delhi, India. With a strong interest in distributed systems, cloud-native and related technologies, António is an LFX mentorship graduate contributing to Strimzi... Read More →

Gurmannat Sohal

Student, IIT Roorkee

I am a 21-year-old from India, studying electrical engineering at IIT Roorkee. I am deeply engaged in open-source projects, notably Gasper, which is an intelligent PaaS solution enhancing app and database management across cloud environments. My contributions have focused on improving... Read More →

K Sanjay Kumar

Student, University of Mumbai

Sanjay Kumar is a final year Computer Science undergraduate student with 3 years of experience in tech, having worked in positions as a Product Designer, Full-stack Engineer, and AI/ML Engineer. In addition to his professional experience, he launched his own AI SaaS application, TimeStamper... Read More →

Tarek Elsayed

Student, Mansoura University

I’m Tarek Elsayed, a software developer passionate about open source technology. My areas of expertise span machine learning, DevOps, and blockchain. Over the years, I've contributed to projects like mlpack in machine learning, Hyperledger Solang in blockchain, and various Bitcoin-related... Read More →

Suyash Nayan

None, None

My name is Suyash Nayan, currently in my Senior Year. I just finished my internship with Hyperledger where I worked optimising and improving the performance of Hyperledger Besu.Prior to this, I interned at Google during my Freshman year working on the Chromium team where I worked... Read More →

Sarthak Negi

Student, CNCF

I had experience of speaking in various events like delhiFoss, pyDelhi and on weekly meetups within our university students groups.

Xinyu Wu

Student, Texas A&M University

Master of Computer Science in Texas A&M University

Thibaut Freedisch Batale

Student

I build and unintentionally break things (which he eventually fixes 🙂). I have a keen interest in software development, system design and love contributing to Open Source. I have been involved in many open-source projects, but my notable work is at OWASP with the Juice-Shop project... Read More →

Subhranil Raha

I have conducted a session as the Google Developers Student Club - HITK Blockchain Lead, focusing on blockchain technology. Additionally, during my previous internship at IEM Labs, I delivered sessions on various topics.

Dipendra Khadka

QA Engineer, John Snow Labs

Dipendra Khadka, a driven and accomplished individual, began his journey towards excellence at Nepal Engineering College, Nepal, where he was honored with the prestigious Chairman's Pride Gold Medal. With a strong foundation in engineering, he embarked on his professional career as... Read More →

Deep Poharkar

Intern, LitmusChaos

My name is Deep Poharkar, currently a final-year student pursuing a Bachelor of Technology in Information Technology. I am an active contributor to LitmusChaos and a mentee in both the LFX Mentorship and Google Summer of Code programs. Currently, I am working with AWS through GSoC... Read More →

Monday October 28, 2024 16:40 - 18:10 JST
Hall A (2)

LFX Mentorship Showcase

Audience Any

17:30 JST

GPU Distributed Caching for PyTorch Leveraging NVMe, GDS, and RDMA - Hope Wang, Alluxio

Monday October 28, 2024 17:30 - 18:10 JST

Hall B (4)

As GPUs become increasingly powerful, the separation between compute and storage often results in underutilized GPUs waiting for data. Meanwhile, high-performance components on GPU machines, such as NVMe storage and fast networks leveraging InfiniBand or special NICs, remain idle. Effectively leveraging these hardware resources to address GPU underutilization is a critical challenge. In this talk, we introduce a Kubernetes-native distributed caching layer that leverages NVMe disks and fast networks to optimize PyTorch training data access. Utilizing stateless workers for scalability and ETCD for membership services, this caching layer efficiently manages and serves data. Cached data is rapidly and efficiently fed into GPU memory using NVIDIA's DALI data loader, GPUDirect Storage (GDS), and Remote Direct Memory Access (RDMA), significantly reducing data transfer bottlenecks and improving overall training performance.

Speakers

Hope Wang

Developer Advocate, Alluxio

Hope Wang is a Presto Contributor and a Developer Advocate at Alluxio. She has a decade of experience in Data, AI, and Cloud. An open-source contributor to PrestoDB, Trino, and Alluxio, she currently works at Alluxio as a developer advocate and previously worked in venture capital... Read More →

Monday October 28, 2024 17:30 - 18:10 JST
Hall B (4)

AI_dev

Audience Intermediate

17:30 JST

Effective and Efficient: Learn from AGL’s Delivery Process, Backed by Data and Analytics - Agustin Benito Bethencourt, Toscalix & Daniel Izquierdo Cortázar, Bitergia

Monday October 28, 2024 17:30 - 18:10 JST

Hall B (3)

AGL's delivery process is the finest and most mature example in the open of a complex automotive software-defined production system. This presentation explores the AGL's delivery process through an analysis of basic flow metrics, attendees will gain an understanding of its performance and its evolution over time. As automotive companies balance internal software development requirements with working in the upstream AGL project, we offer a data-first approach to help align those efforts. The session dissects the fundamental principles of advanced data analytics applied to the production of software-defined products, using AGL's delivery process as a case study. Attendees will gain insights into leveraging analytics for optimizing software delivery in their respective domains. Additionally, practical strategies will be offered for translating the concepts, metrics, and methodologies, into actionable plans for adoption within automotive corporations. Finally, the speakers will provide hints about those open source development and delivery practices that can increase delivery performance in commercial environments, based on the analysis described in this talk.

Speakers

Agustin Benito Bethencourt

Independent Consultant, Toscalix

Business Intelligence applied to the production of software-defined products. Agustín has guided organizations throughout the life cycle of OSS based products and services cross-markets. As an independent consultant, he is focused on helping organizations in two ways: applying advanced... Read More →

Daniel Izquierdo

CEO, Bitergia

Monday October 28, 2024 17:30 - 18:10 JST
Hall B (3)

Automotive Linux Summit

17:30 JST

Bug Hunting in Distributed Systems: Using Robustness Tests to Test Your Code Better - Chun-Hung Tseng, Swisscom & Arka Saha, Broadcom

Monday October 28, 2024 17:30 - 18:10 JST

Hall A (3)

Traditional testing methods like unit and integration tests are great for functional validation in isolation, but are they enough for distributed systems? Distributed systems need to deal with real-world failures such as network issues, hardware errors, and race conditions. One of the proven ways to test these systems is to inject failures during testing and see if the system still works as expected. This is called robustness testing, where you run the system like it would be used in real life. Jespen is one of the first frameworks to test distributed systems by simulating such real-world scenarios and validating the operational history. Inspired by Jespen, etcd, the backbone of Kubernetes, built its own testing framework. This framework is written in Golang and for Golang projects, allowing even more failure types on the fly and verifying if the data stays consistent using Porcupine. As etcd contributors, we will share our challenges in writing tests to force failure via gofail and our journey of developing, leveraging, and debugging issues caught by this ever-evolving framework, so that you can apply the findings to your projects with minimal tweaks.

Speakers

Arka Saha

Software Engineer, Broadcom

Arka Saha, a Broadcom Software Engineer, leads Kubernetes releases & maintenance for Tanzu Extended Support. He manages VMware by Broadcom's Prow infrastructure, ensuring long-term support for k8s, etcd, containers, Golang & related components. Previously he managed Red Hat OpenShift... Read More →

Chun-Hung Tseng

DevOps Engineer, Swisscom

Henry is a CK* certified DevOps Engineer who works in a team building the cloud-native 5G core at Swisscom. He brings a rich background from his prior experience as a software engineer. His passion for automation and problem-solving leads him to contribute to open-source projects... Read More →

Monday October 28, 2024 17:30 - 18:10 JST
Hall A (3)

CloudOpen

Audience Intermediate

17:30 JST

eBPF BoF - Shung-Hsi Yu, SUSE

Monday October 28, 2024 17:30 - 18:10 JST

Hall A (4)

Since its introduction 10 years ago, eBPF has steadily gain grounds in networking, tracing, observability, and security applications. But a great technology cannot not thrive on the technical part alone, the people part matters, too. This session hopes to bring eBPF user, developers, and enthusiasts together to exchange novel ideas, discuss best practices, share pain points, and most importantly, collaborate and grow together as a community.

Speakers

Shung-Hsi Yu

Kernel Engineer, SUSE

Mainly working on maintaining the eBPF stack of SUSE Linux Enterprise Server (SLES) distribution. Currently drawn to the inner working of eBPF verifier and formal verification. Based in Taitung, Taiwan.

Monday October 28, 2024 17:30 - 18:10 JST
Hall A (4)

LinuxCon

Audience Any

17:30 JST

OSS Bird’s Eye View : a Comprehensive Picture of the Open - Taishi Yoneshima, Japan OSS Promotion Forum / NEC & Shinji Enoki, Japan OSS Promotion Forum / LibreOffice Japanese Team

Monday October 28, 2024 17:30 - 18:10 JST

Hall A (1)

“The OSS Bird’s Eye View” provides a comprehensive picture of the open source ecosystem. “The OSS Bird’s Eye View” is a tool for visualizing OSS projects, created by community within Japan. This diagram helps to understand the categories and trends of the OSS ecosystem. In this session, we will explain how to create the OSS Bird’s Eye View and how to use it. Also, by comparing past OSS Bird’s Eye Views, we will introduce what kind of transitions have occurred in OSS over the past 10 years, and show how the OSS Bird’s Eye View has deepened our understanding of the OSS ecosystem. This session is beneficial for all people who are beginners in OSS, community leaders, developers, researchers, educators, and those who want to utilize OSS in business. We look forward to your participation.

Speakers

Shinji Enoki

Japan OSS Promotion Forum / LibreOffice Japanese Team

Shinji Enoki ia member of the OSS Bird's Eye View team of the Japan OSS Promotion Forum. His other community activities are a member of the LibreOffice Japanese Team, a substitute member of Membership Committee of The Document Foundation, a volunteer staff of Japan UNIX Society, a... Read More →

Taishi Yoneshima

Leader / Assistant Manager, Japan OSS Promotion Forum / NEC

He is a leading member of the Open Source Program Office in NEC Corporation, and promoting OSS utilization and risk mitigation within the company, developing solutions related to SBOM and OSS security, and proposing secure utilization of OSS. He is a leader of Bird's-eye View WG of... Read More →

Monday October 28, 2024 17:30 - 18:10 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

17:30 JST

SBOM Implementation Reality: From Crawl to Walk - SPDX Lite Profile for the First Step - Norio Kobota, Sony Group Corporation & Takashi Ninjouji, Toshiba Corporation

Monday October 28, 2024 17:30 - 18:10 JST

Main Hall

This session will introduce the SPDX Lite profile, its background, and what and how it solves with many JSON examples. The Lite profile of SPDX 3.0 is designed to make it quick and easy to start creating a Software Bill of Materials (SBOMs) when a company has limited capacity for introducing new items into its process. Over the past few years, the importance of SBOM has increased. As interest in SBOM from government agencies and industries grows, the SBOM specification extends significantly to meet these various needs. SPDX Lite is a lightweight and compact SBOM specification. The OpenChain Project Japan WG explores and promotes SBOM. The focus is on making the SBOM practical from security assurance and license compliance perspectives and on sharing and transferring SBOM across the global software supply chain in any industry. SPDX Lite is one of the achievements of collaboration between the OpenChain project and the SPDX project. Attendees in this session will learn the first steps to creating an SBOM using the Lite profile of SPDX 3.0 by several examples of SBOM documents that address regulations and requirements.

Speakers

Norio Kobota

Senior Open Source Strategist, Sony Group Corporation

Norio Kobota is a Senior Open Source Strategist in Sony Group Corporation. He is the chair of Open Source Software License Committee in Sony and works to improve OSS compliance and relationships with OSS communities. He represents Sony as a board member of OpenChain Project. And he... Read More →

Takashi Ninjouji

Chief Specialist, Toshiba Corporation

Takashi Ninjouji, Chief Specialist at Toshiba Corporation, works on open source, open standards, and compliance and was the first head of OSPO. He is strongly attracted to open source to collaborate with diverse communities. He is a member of the OpenChain Project's governing board... Read More →

Monday October 28, 2024 17:30 - 18:10 JST
Main Hall

Operations Management Summit

Audience Intermediate

18:10 JST

Tux Trek

Monday October 28, 2024 18:10 - 19:30 JST

Solutions Showcase

When day 1 sessions conclude, connect with fellow attendees over refreshing drinks, and tasty appetizers, at the Tux Trek! Head to the Solutions Showcase to network, explore cutting-edge sponsor products and check out the latest tech trends. Here's to an evening of enjoyment and technological innovation!

Monday October 28, 2024 18:10 - 19:30 JST
Solutions Showcase

Special Events / Exhibits / Breaks

07:30 JST

Registration & Badge Pick-Up

Tuesday October 29, 2024 07:30 - 16:40 JST

Main Foyer

Tuesday October 29, 2024 07:30 - 16:40 JST
Main Foyer

Special Events / Exhibits / Breaks

09:00 JST

Keynote Sessions: To Be Announced

Tuesday October 29, 2024 09:00 - 10:25 JST

Main Hall

Tuesday October 29, 2024 09:00 - 10:25 JST
Main Hall

Keynote Sessions

10:25 JST

Coffee Break

Tuesday October 29, 2024 10:25 - 11:10 JST

Special Events / Exhibits / Breaks

10:25 JST

Sponsor Showcase

Tuesday October 29, 2024 10:25 - 15:50 JST

Solutions Showcase

Tuesday October 29, 2024 10:25 - 15:50 JST
Solutions Showcase

Special Events / Exhibits / Breaks

11:10 JST

Monsters in the Deps: How to Protect Your AI/ML Systems from Supply Chain Attacks - Erin Glass & Patrick Smyth, Chainguard

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall B (4)

Love developing AI/ML systems, but don’t want to become the next front-page cyberattack? We got you! In this fast-paced, meme-a-liscious, hands-on workshop, we’ll take a deep dive into the murky waters of the AI/ML supply chain, explore its many threats and terrors, and then – with our trusty box of supply chain security tools – build an island of safety for our AI/ML systems! Participants will come away with the skills and knowledge to significantly improve AI/ML supply chain security at their organization, as well as the unpleasant awareness about what might happen if the industry doesn’t do the same. Sorry! Hands-on activities will include vulnerability scanning, creating/consuming SBOMs/AIBOMs, digital signing using Sigstore tools, and provenance tracking. We will also provide a conceptual background on AI/ML supply chain components, attack categories, and global regulation and standards related to AI/ML security. Led by software supply chain and AI deployment experts at Chainguard, this workshop will enable participants to harden their AI/ML systems and evangelize others to do the same.

Speakers

Erin Glass

Senior Product Manager, Chainguard

Dr. Erin Glass is a product manager at Chainguard, where she focuses on supply chain security education and meme R&D. She has published widely in developer education and other digital topics, including the courses Securing the AI/ML Supply Chain and Painless Vulnerability Management... Read More →

Patrick Smyth

Staff Developer Relations Engineer, Chainguard

Dr. Patrick Smyth is Staff Developer Relations Engineer at Chainguard, where he shows developers how to deploy AI and other applications with 0 CVEs using Chainguard Images. Patrick has a PhD in the digital humanities and in a previous life led technical bootcamps for researchers... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall B (4)

AI_dev

Audience Beginner

11:10 JST

Deep-Dive in VirtIO: Virtualized AGL with VirtIO to Achieve Cloud-Native Environment Parity - Kazuki Kuzu, Panasonic Automotive Systems Co., Ltd.

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall B (3)

VirtIO, a widely adopted device virtualization technology, is becoming increasingly important in the trend of Software-Defined Vehicles. It decouples operating systems from physical devices, paving the way for hardware agnostic software to function seamlessly across diverse environments, be it cloud-based or on various automotive edges. In this presentation, we'll be taking a deep-dive into the technical essences of VirtIO-based device virtualization. We will also explore how to leverage this technology to build and deploy the same Automotive Grade Linux (AGL) virtual machine binary on both cloud and automotive hardware platforms. This session is recommended for developers and architects looking to gain a comprehensive understanding of VirtIO and its practical applications in an automotive cloud-native environment. By attending, you will gain valuable insights into how to achieve environment parity using VirtIO, and understand its vital role in the future of Software-Defined Vehicles.

Speakers

Kazuki Kuzu

Engineer, Panasonic Automotive Systems Co., Ltd.

Kazuki Kuzu has five years of experience at Panasonic Automotive Systems Corporation, focusing on the development and research of virtualization for automotive embedded operating systems. He is committed to contributing to the field of automotive software. Outside of work, He enjoys... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall B (3)

Automotive Linux Summit

Audience Advanced

11:10 JST

Exploring Best Practice for Implementing Authn and Authz in a Cloud-Native Environment - Yoshiyuki Tabata, Hitachi

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (3)

Authn/authz are some of the most important considerations for cloud-native applications, which is clear from OWASP Top 10, and at the same time, these are big challenges for many implementers today. Fortunately, regarding "authn," there are standards such as OpenID Connect and there is a CNCF project, Keycloak, so the concerns are somewhat alleviated. On the other hand, regarding "authz," there was no clear standard, and there are several superior OSSs such as OPA, OpenFGA, and Topaz, so implementers are faced with a difficult choice.
Currently, OpenID Foundation AuthZEN WG works on authz standards, and it is difficult to predict the situation after the standards are established, which also makes the choice difficult.
In this session, Yoshiyuki Tabata introduces how to authorize requests using the OSSs including the AuthZEN perspective, and integrate them with Keycloak. It helps implementors explore a best practice for implementing authn/authz in a cloud-native environment.

Speakers

Yoshiyuki Tabata

Senior OSS Consultant, Hitachi

Yoshiyuki Tabata is a Senior OSS Consultant at Hitachi, Ltd, responsible for IAM and API-related solutions. As an authentication and authorization expert, he has provided numerous consultations, for example, designing and building API/SSO systems in various fields such as finance... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (3)

CloudOpen

11:10 JST

Revolutionizing Cross-Platform AI in Containers: The Future with WebGPU - Aditya Soni, Forrester & Seema Saharan, Autodesk

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (2)

This talk explores groundbreaking methods for enhancing cross-platform AI workloads within container ecosystems. The focus will be on integrating the WebGPU standard into containers, enabling them to utilize host GPUs and other AI accelerators through a flexible API. This approach eliminates the need for creating container images specific to individual GPU vendors and their proprietary drivers. Explore 1. How the WasmEdge project leverages the WebGPU standard to develop portable LLM inference applications in Rust. 2. How containers can efficiently manage and orchestrate these applications, simplifying AI deployment across diverse environments.

Speakers

Seema Saharan

Site Reliability Engineer, CNCF Ambassador, Autodesk

Meet Seema, the tech whiz at Autodesk. She's not just about fixing things – she loves sharing what she knows! Whether speaking at cool events like GitLab Commit, and GitHub Universe or breaking down tech on her YouTube channel, Seema makes the complicated stuff easy and fun. Join... Read More →

Aditya Soni

DevOps Engineer ll, CNCF Ambassador, Forrester

Aditya Soni is a DevOps/SRE tech professional He worked with Product and Service based companies including Red Hat, Searce, and is currently positioned at Forrester Research as a DevOps Engineer II. He holds AWS, GCP, Azure, RedHat, and Kubernetes Certifications.He is a CNCF Ambassador... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (2)

ContainerCon

Audience Any

11:10 JST

Desktop Linux War Stories - Anna Aitchison, Callcare

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (4)

Linux is incredibly versatile, being a major player in server, mobile and embedded systems, yet your average person can comfortably live their entire life never even seeing a desktop or laptop running Linux. It's hard enough for individual users to overcome this intertia, but it's even harder for organisations. Implementing desktop Linux reaps rewards like digital sovereignty, security, cost reductions and more, but it takes you out of the cozy Windows ecosystem. This talk is an high level overview of what a corporate journey to desktop Linux can look like, the problems that have to be solved along the way, from provisioning to configuration management and most importantly why these migrations fail. It will draw on the speaker's experiences of managing a Linux Desktop estate, and from the wider community.

Speakers

Anna Aitchison

Senior DevOps Engineer, Callcare

Anna is a Senior DevOps Engineer at the British callcentre outsourcer Callcare, working with their Kubernetes private cloud and Linux infra as well as supporting their introduction of AWS into the estate. She is an experienced and passionate speaker, having given 15+ talks, at events... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (4)

LinuxCon

Audience Intermediate

11:10 JST

Surviving Project Abandonment: Meteor.js Case Study - Jan Dvorak, Literary Universe

Tuesday October 29, 2024 11:10 - 11:50 JST

Hall A (1)

When a project is abandoned by its inventors, core contributors, and the most prolific community members, it often spells the end. Yet, Meteor.js managed to rebound from the brink of oblivion. This talk explores the critical factors that led to Meteor's fall from being one of the hottest new projects to its near-demise and the remarkable turnaround. We'll delve into the issues that created the crisis, and more importantly, the strategies and actions that enabled a successful comeback. The discussion will cover the pivotal errors that contributed to the project's initial decline and the challenges faced by the community in reviving Meteor, including the lack of comprehensive internal documentation. We will examine the solutions that facilitated the recovery, while also addressing the ongoing challenges and unresolved issues within the Meteor community. Finally, we will explore practical steps and tools you can employ to safeguard your own open-source projects from similar pitfalls.

Speakers

Jan Dvorak

Founder & CEO, Literary Universe

Born in Prague, Czechia, Jan finished his Masters in IT at Rochester Institute of Technology in 2016 and shortly thereafter became involved in the Meteor.js community and OSS in general. Since then, he has been increasingly involved in OSS (Meteor in particular) as a contributor... Read More →

Tuesday October 29, 2024 11:10 - 11:50 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

11:10 JST

What's Happening in Japan? The Current Situation of SBOM - Ayumi Watanabe, Hitachi Solutions, Ltd.

Tuesday October 29, 2024 11:10 - 11:50 JST

Main Hall

This is an updated version of my previous CFP for OSS Summit EU. I will add deeper analysis of unique supply chain issues of Japan and SBOM best practice of Japanese companies. It would be a special insight of current SBOM practice of Japan. I believe this is a best topic to be discussed at OSS Summit Japan. Three years have passed since the issuance of the U.S. Executive Order (EO #14028), the adoption of SBOM in Japan has gradually progressed. Japanese companies are learning the minimum elements of SBOM which was published by NTIA, and are converting to a development process that takes automated SBOM generation into account. In July 2023, the Ministry of Economy, Trade, and Industry (METI) published a guide on the introduction of SBOM for software management, then the second version is scheduled to be released this summer. In this session, Ayumi Watanabe, a Japanese SBOM evangelist and an advisor to METI's SBOM PoC project, will discuss the status of SBOM in Japan, including the content of METI's guidelines, and the maturity and challenges of SBOM implementation in Japanese companies.

Speakers

Ayumi Watanabe

SBOM Evangelist, Hitachi Solutions, Ltd.

Tuesday October 29, 2024 11:10 - 11:50 JST
Main Hall

SupplyChainSecurityCon

Audience Any

12:00 JST

Exploring Pillars of Trustworthy AI: Robustness and Fairness - Niharika Shrivastava, Workforce Optimizer

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall B (4)

Due to the ever-increasing adoption of AI into the lives of daily users, trustworthy AI is of utmost priority. Even though advocates of AI globally have started talking about ethical considerations during ML model building, in reality, very few people know how to create robust, privacy-preserving, and fair AI models. In this talk, I'll explore 2 concrete technical concepts of trustworthy AI, namely ensuring robustness and fairness in ML models. Robustness: 1. Attendees will go through an in-depth understanding of critical vulnerabilities of common AI models and how to exploit them to adversarially attack the model (e.g., inference attacks, data poisoning). 2. This will be followed by simple defence strategies to increase robustness (e.g., gradient obfuscation, transformations). 3. This will be further followed by adaptive attacks on previous defence strategies thereby motivating the concept of certified robustness of AI models. Fairness: 1. Attendees will get to know how they can unconsciously encode bias (representational bias, model bias, etc) during training AI models. 2. This is followed by strategies to correct this bias using domain knowledge to create fair AI models.

Speakers

Niharika Shrivastava

Data Scientist, Workforce Optimizer

Niharika's current interests lie in NLP and Applied Data Science. She holds a Master's in AI from the National University of Singapore. She was also an Outreachy fellow for The Fedora Project and has been the recipient of multiple awards such as the Red Hat Women in Open Source Award... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall B (4)

AI_dev

Audience Intermediate

12:00 JST

Volvo Cars' OSPO Journey - Drive OSS Maturity Level - Mary (Meixia) Wang, Volvo Car Corporation

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall B (3)

we would like to share with audience about volvo cars' open source journey, and how we drive open source maturity within Volvo Cars.

Speakers

Meixia Wang

Director of Open Source Ecosystem, Volvo Car Corporation

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall B (3)

Automotive Linux Summit

Audience Beginner

12:00 JST

A Case Study in API Cost of Running Analytics in the Cloud at Scale with an Open-Source Data Stack - Bin Fan & Hope Wang, Alluxio

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (3)

The migration of data-intensive analytics applications to cloud-native environments promises enhanced scalability and flexibility but introduces complex cost models that pose new challenges to traditional optimization strategies. While on-premises setups focused on speed, cloud deployments require a more nuanced approach, factoring in cloud storage operations costs, which can escalate rapidly in real-world scenarios. In this presentation, Bin will analyze these challenges through a case study on Uber's large deployment analytics SQL platform on HDFS and GCS. They will show their findings of unexpected cost implications with standard I/O optimizations like table scans, filters, and broadcast joins when implemented in cloud environments. He will also highlight the need for a paradigm shift in optimizing data-intensive applications for the cloud and advocate for developing new I/O strategies, balancing performance and costs while tailored to cloud ecosystems' unique demands.

Speakers

Hope Wang

Developer Advocate, Alluxio

Bin Fan

VP of Technology, Alluxio

Bin Fan is the founding engineer and VP of Technology at Alluxio, Inc. Prior to Alluxio, he worked for Google to build the next-generation storage infrastructure. Bin received his Ph.D. in Computer Science from Carnegie Mellon University on the design and implementation of distributed... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (3)

CloudOpen

Audience Beginner

12:00 JST

Running Containers on a Resource Constrained Embedded Device - Jeff Shaw, Digi International

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (2)

Security is paramount in today's online world. To enhance security, most small routers have a read only operating system and read write storage for configurations and general storage. Adding functionality usually requires uploading new firmware to the device which can be costly in both data charges and time. Wouldn't it be great to be able to maintain the security of a read only filesystem, but still be able to install new features? Containers are isolated from the host system, maintaining security, but are able to be installed in the read write portion of storage, or even run completely in RAM. The problem with containers is the resource requirements just to run said container. In this talk, we will demonstrate how a minimal, but fully functional container subsystem can be run on a small, resource constrained embedded device. We will show how containers enable edge computing where the user can run their own software on the device without compromising security, or needing to integrate their application with the host operating system. Containers can turn even the meekest of devices into an edge computing powerhouse!

Speakers

Jeff Shaw

Senior Principle Engineer and SoftwareAarchitect, Digi International

Jeff first started running Linux after an unknown student posted a message in the minix newsgroup asking for people to have a look at his minix clone. He hasn't looked back since. He has spent his entire career using Linux, which has culminated in his current position as senior principle... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (2)

ContainerCon

Audience Any

12:00 JST

Analyzing Your System with Tracing Libraries - Steven Rostedt, Google

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (4)

trace-cmd is a front end tool to the tracefs infrastructure as well as ftrace (the mechanism that supplies function tracing). But like all tools, it's limited in what it can provide by the interface it has. Luckily, the guts of trace-cmd is being extracted into libraries. The libtracefs library is an interface to facilitate any application to access the tracefs kernel interface. This makes it easy for applications enable tracing of various events with various filters. Then there's the libtracecmd library that can be used for creating and reading the trace.dat file (the file that trace-cmd creates). By using this library, you can enable tracing on a system and then do offline analysis. Finally, there's a new library called libtraceeval that is used to help keep track of the interactions of various trace events. This talk will show some simple tools that utilize these libraries (for example, a tool that shows how much tasks are sleeping, blocked, running, and preempted). And also show i bit of the interface of the libraries to demonstrate how simple they really are.

Speakers

Steven Rostedt

Software Engineer, Google

Steven Rostedt currently works for Google on their ChromeOS team. Steven is the main developer and maintainer of ftrace, the official tracer of the Linux kernel, as well as the user space tools trace-cmd, the ftrace tracing libraries and co-maintainer of KernelShark. Steven is one... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (4)

LinuxCon

Audience Intermediate

12:00 JST

The Role of Open Source in the Telco Domain: How to Accelerate the Adoption? - Anuradha Udunuwara, Sri Lanka Telecom PLC

Tuesday October 29, 2024 12:00 - 12:40 JST

Hall A (1)

Telco operators/SPs are going through a massive transformation. This includes the imperative of DT & softwarization (SDN, NFV & cloud). While de-facto std. developing orgs. dominated the stds. space for telcos for years, lately we've seen the open source (OS) projects taking the lead in many of the nwk virtualization, automation, orchestration & telco cloud-related activities. As more control & programmability are abstracted towards SW layers in the telco stack, the use of cloud-native (CN) tech & tools has become unavoidable. But, unlike the OS communities, vendors, or enterprises, the telco adoption of OS and CN is much slower due to multiple reasons. These include cultural, educational & organizational challenges. I'd like to openly discuss these challenges & propose some solutions so that we all can collaborate to accelerate the OS and CN adoption in the Telco domain. My objective is to make OS and CN general & universal in the Telco domain for all operators/SPs, especially in developing economies.

Speakers

Anuradha Udunuwara

Sr. Engineer, Sri Lanka Telecom PLC

Anuradha is an expert in the field of Telecom & Tech and currently working as a Senior Engineer at Sri Lanka Telecom. He has 20Y+ of industry experience in strategy, architecture, engineering, design, planning, implementation, & maintenance of CSP/DSP Networks. He is actively involved... Read More →

Tuesday October 29, 2024 12:00 - 12:40 JST
Hall A (1)

Open Source Leadership Summit

Audience Any

12:00 JST

Trials and Tribulations of Updating Dependencies for Vulnerability Remediation - Xueqin Cui & Michael Kedar, Google

Tuesday October 29, 2024 12:00 - 12:40 JST

Main Hall

Developers are often faced with an overwhelming number of vulnerabilities reported against their dependencies. The best way to deal with this is to keep all dependencies up to date, however, this is not possible for everyone. There is a lot of work to get all dependencies up to date for older projects, or to figure out what dependencies and versions to update in response to vulnerabilities. The open source OSV project built a feature called “guided remediation” to automatically update dependencies while minimising breakages. Upgrades with greater number of vulnerabilities fixed at once are prioritised. Mechanisms such as vulnerability dependency depth are also developed to further help prioritise the work. While developing these functionality to tackle these problems, we discovered that this is not as easy as it sounds. There are complexities in every step of the whole process - from scanning project files, to resolving dependencies in ecosystems with complicated rules, to determining possible updates, to writing back to the files. This talk explores the many challenges faced within npm and Maven, their complicated rules, and potential solutions for wider ecosystem support.

Speakers

Xueqin Cui

Software Engineer, Google

Xueqin is a Software Engineer working on Google's Open Source Security team.

Michael Kedar

Software Engineer, Google

Michael is a Software Engineer working on Google's Open Source Security Team.

Tuesday October 29, 2024 12:00 - 12:40 JST
Main Hall

SupplyChainSecurityCon

Audience Intermediate

12:40 JST

Lunch Break

Tuesday October 29, 2024 12:40 - 14:00 JST

Special Events / Exhibits / Breaks

14:00 JST

Building a Thriving Open-Source AI Community with LF AI & Data Foundation - Vini Jaiswal, TikTok

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall B (4)

Ever feel like contributing to groundbreaking AI projects but unsure where to start? Have a cool project that you are looking to find a neutral entity for? Through the session learn how the LF AI & Data foundation empowers open-source projects. Discover the framework to support for open development, governance models, and resources like legal assistance, marketing, and events. Gain exclusive updates from the LF AI and Data Technical Advisory Council (TAC). Learn about their vision, technical roadmap, success stories and how you can contribute. The session will cover practical tips and tricks to dive into project contributions, navigate the initiation process, and ultimately guide you towards project graduation. Also discover the diverse work streams within LF AI and Data foundation and how you can leverage your skills to make a real difference in the open-source AI community.

Speakers

Vini Jaiswal

Chair of Technical Advisory Council, Linux Foundation AI & Data

Vini Jaiswal is a renowned expert in AI and Data, acclaimed for her significant contributions to Apache Spark, MLflow, PrivacyGo and, notably, Delta Lake. Holding pivotal roles such as Chair of the Technical Advisory Committee (TAC) at Linux Foundation Data and AI, Governing Board... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall B (4)

AI_dev

Audience Beginner

14:00 JST

Possibility of Dynamic Rebalance in Multi-node HPC Vehicle Environment for SDV - Bucci Kawabuchi, EPAM

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall B (3)

As SDV gains popularity, the importance of edge orchestration is being addressed. However, the automotive oriented limitation makes this pursuit difficult, as cloud-native technologies sometimes might not be so suitable in such context.

In this session, I'd like to highlight our case with the years of building AosEdge (https://aosedge.tech/), where we started from noticing the need of vehicle-limitation-oriented orchestration tool, enabling mixed-criticality orchestration with unikernel realized by Zephyr RTOS and Xen hypervisor, and then on to adhering the operational scalabity needed from industry perspectives.

Especially, the dynamic rebalance in multi-node vehicle environment opens more possibilities foreseeing the upcoming SDV era, where user experience demand would increase while the vehicle resource would still be limited to some extent.

This session would be inspired by EPAM's Artem Mygaiev's previous presentations, adjusted to the local/global audience, with latest activity updates.

Speakers

Bucci Kawabuchi

Senior Business Analyst, EPAM

Previously a project manager at Japanese eVTOL startup, utilizing agile practices and team engagement to manage develop the new mobility platform of which the expertise ranges from structure, power train, avionics, aerodynamics to embedded software.

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall B (3)

Automotive Linux Summit

14:00 JST

Careless Use of Memory-Backed Ephemeral Disks in Kubernetes Can Result in Node Crashes - Shu Muto, NEC Solution Innovators, Ltd.

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (3)

Modern applications increasingly require the output of large files such as videos and images, and the generation of more comprehensive logs. As a result, the use of RAM disks - ephemeral disks backed by memory, which are faster than traditional HDDs and SSDs - has become more common. In Kubernetes, RAM disks can be utilized through the abstraction of memory-backed emptyDir, which is based on tmpfs. However, if used carelessly, memory-backed emptyDir can pose significant risks to the stability of the Kubernetes cluster. When used as storage, the use case differs from typical memory usage by applications. Sharing files between different applications can obscure the responsibility for file garbage collection, increasing the risk of files not being deleted. If tmpfs usage excessively consumes node memory, the application containers using this tmpfs may be killed. In some cases, the deletion of tmpfs might not be timely, leading to memory exhaustion and potentially causing node crashes. This talk will share risk mitigation strategies for node crashes from the perspectives of cluster administrators, namespace administrators, and application developers.

Speakers

Shu Muto

Open Source Strategy Professional, NEC Solution Innovators, Ltd.

Shu Muto is a maintainer for the Kubernetes Dashboard since Autumn 2019 and a chair for SIG UI. Previously, he contributed to the OpenStack Dashboard and its plugins as a core developer from 2015. Shu also develops WebRTC applications. He organizes Kubernetes Upstream Training Japan... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (3)

CloudOpen

Audience Intermediate

14:00 JST

Dynamic Scaling of GPUs for Container Apps with Composable Disaggregated Infrastructure for AI Era - Jin Hase & Lei Zhang, Fsas Technologies Inc.

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (2)

As AI and ML become popular in container (K8s) environment, enormous computational resources are required more and more. On the other hand, efforts toward energy efficiency are also required for the realization of a sustainable society. It is expected to achieve the conflicting requirements that providing higher performance and reducing power consumption simultaneously. Recently, a new server architecture called Composable Disaggregated Infrastructure (CDI) is emerged. CDI can provide custom made servers by composing devices such as compute, memory, storage and GPU connected to PCIe or CXL switch fabric as a resource pool on demand. CDI can provide appropriate type and number of devices on demand depending on container workloads, therefore it would be a solution for this requirement. However, there is currently no standard way to control CDI from K8s. In this talk, we show how K8s and CDI could be a solution. We provide CDI operator and its Custom Resource Definition. Also, we introduce advanced vertical and horizontal cluster auto scaler for CDI. We demonstrate how K8s dynamically attach or detach devices to nodes combined with Dynamic Resource Allocation (DRA) function.

Speakers

Jin Hase

Manager, Fsas Technologies Inc.

Jin Hase has been tuning the performance of servers and operating systems, designing and building systems for K8s. In recent years he has led the OSS development teams for K8s and Linux. For a new architecture called Composable Disaggregate Infrastructure, he tries to establish how... Read More →

Lei Zhang

Engineer, Fsas Technologies Inc.

Lei Zhang is an engineer at Fsas Technologies Inc. Core Product Business Unit., where he is involved with system software development for high performance computing. He has been participated in the development of the Fugaku supercomputer, Japan’s latest flagship supercomputer. For... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (2)

ContainerCon

Audience Intermediate

14:00 JST

Lessons Learned on Following Security Best Practices in Zephyr - Kate Stewart, The Linux Foundation

Tuesday October 29, 2024 14:00 - 14:40 JST

Meeting Room 1

When the Zephyr project(https://zephyrproject.org/) launched in 2016, the lack of standardized security best practices in the IoT market segment was a known problem. It was one of the goals the project wanted to address, and started working on from before day 1. This talk will go through the journey of the last 8 years of applying known best security practices to an open source project, including becoming a CVE Numbering Authority, and forming a PSIRT team from volunteers from different companies. This team has been managing embargo windows, bulk vulnerability reports as well as the occasional vulnerability reported from the community. It is possible for open source projects to follow Security Best Practices and this talk will let others leverage the key lessons that Zephyr has learned over time.

Speakers

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Tuesday October 29, 2024 14:00 - 14:40 JST
Meeting Room 1

Embedded IoT Summit

Audience Intermediate

14:00 JST

The Year in Open Source Security - Marta Rybczynska, Ygreky

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (4)

This year, we have seen several events related to Open Source security. Marta will inventory the main events and show us what we have learned. - The xz backdoor scandal shed light on sole maintainers and the risks to their projects yet again. - The Linux kernel and several other projects have become CVE Numbering Authorities (CNAs). At the same time, the National Vulnerability Database (NVD) database is facing difficulties. - The SBOM generation is rising, and people are discussing how to actually use that generated data. And SPDX3 has been released. - The European mandatory cyber security regulation Cyber Resilience Act is reaching completion, with similar laws showing up around the world - Without forgetting a list of vulnerabilities, exploited or not

Speakers

Marta Rybczynska

Founder, Ygreky

Marta Rybczynska has a network security background, with 20 years of experience in Open Source. She has worked with embedded operating systems like Linux and various real-time OSes, and with system libraries and frameworks up to user interfaces. She has been involved in various Open... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (4)

LinuxCon

Audience Intermediate

14:00 JST

Empowering Growth: The Community-Driven Roadmap for Open Source Companies - Khushboo Verma, Appwrite

Tuesday October 29, 2024 14:00 - 14:40 JST

Hall A (1)

Are you struggling to scale your open-source product? You're not alone. Traditional business models don't always fit the community-driven world of open source. Join me in this talk as we explore the essential components of a community-driven roadmap for open-source companies. We will discuss the importance of inclusivity, clear communication, and creating a welcoming environment for contributors through engaging initiatives and effective use of platforms. We will evaluate different options for community platforms and explore how community appreciation initiatives like awards and giveaways can be more than just token gestures, serving as powerful tools to incentivise participation and foster a sense of appreciation among community members. Moreover, we'll discuss the art of incorporating valuable feedback from the community into the development process, leading to more robust projects and a shared sense of ownership. Drawing on real-world examples and experiences, this talk will equip you with actionable insights to chart a course for your open-source company's success through a community-driven approach.

Speakers

Khushboo Verma

Platform Engineer, Appwrite

Khushboo is a Software Engineer and is passionate about technology and building communities. She has previously worked at Microsoft and Adobe. Having a passion for public speaking, she has delivered talks at over 100 events, including Microsoft Build and PyCon India and has a solid... Read More →

Tuesday October 29, 2024 14:00 - 14:40 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

14:00 JST

Analysis of and Lessons from the Xz-Utils Vulnerability – What Might Come Next? - Taku Shimosawa & Atsuya Kato, Hitachi, Ltd.

Tuesday October 29, 2024 14:00 - 14:40 JST

Main Hall

The xz-utils vulnerability has attracted attentions from every person who are involved in not only open-source software but also any form of software that is built with a collaboration of developers. The vulnerability, or rather the social engineering attack has combined multiple attack techniques: maintainer takeover, obfuscated trigger code, and binary files pretending sample archives, and targeted Linux distributions, which are fundamental in the current software supply chain. In this session, Taku aggregates multiple existing analyses about the vulnerability, and explains how the attack was performed with a progress of the incident as well as technology details of the malicious source code and binary. Taku also presents a potential risk of similar incidents in open-source repositories by using some utilities including OpenSSF’s Scorecard and Criticality Score. This session would suggest what kind of attacks would come next for the software industry and would be mitigated or coped with.

Speakers

Atsuya Kato

Researcher, Hitachi, Ltd.

Taku Shimosawa

Chief Researcher, Hitachi, Ltd.

Taku Shimosawa is a chief research at Hitachi, Ltd. He has contributed to the Hyperledger community, and has recently joined OpenSSF.

Tuesday October 29, 2024 14:00 - 14:40 JST
Main Hall

SupplyChainSecurityCon

Audience Any

14:50 JST

Bringing AI on-Device: From Cloud to Edge - Catalin Vasile, Adobe

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall B (4)

Step into the future of AI as we break free from the constraints of cloud-based processing and unlock the immense potential of edge computing. This cutting-edge talk explores the revolutionary shift of AI from centralized data centers to the devices in your pocket, on your wrist, and all around you. Discover how this paradigm shift is not just changing the game – it's rewriting the rules. We'll journey through the landscape of on-device AI, revealing how it's transforming user experiences, supercharging privacy, and pushing the boundaries of what's possible in real-time applications. From smart homes to autonomous vehicles, from augmented reality to personalized healthcare – learn how on-device AI is the key to unlocking a world of intelligent, responsive, and secure applications.

Speakers

Catalin Vasile

Senior Computer Scientist, Adobe

Catalin is a Senior Computer Scientist at Adobe, surfing the clouds in the world of distributed systems and managing resilient high-scale solutions as part of the Cloud Platform team.

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall B (4)

AI_dev

Audience Intermediate

14:50 JST

AGL VSS Proxy and Gateway Demo Walkthrough - Scott Murray, Konsulko Group

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall B (3)

The AGL vehicle to cloud (V2C) expert group has been working for the past year towards the creation of a Vehicle Signal Specification (VSS) to MQTT proxy. This presentation will walk through the architecture and features of the new agl-vss-proxy daemon, as well its integration into the gateway demo that was shown at Embedded World 2024.

Speakers

Scott Murray

Principal Software Engineer, Konsulko Group

Scott has been a Linux user for almost 30 years, and has developed Linux based embedded products for almost 25 years at a variety of companies large and small. Currently, he works for Konsulko Group as a Principal Software Engineer, providing embedded Linux engineering services for... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall B (3)

Automotive Linux Summit

Audience Intermediate

14:50 JST

Computing Infrastructure for 2024 - Haruhisa Fukano, Fujitsu

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall A (3)

Edge computing is an important technology for a data-driven society that makes decisions in real time from data. LF Edge, a project of The Linux Foundation, is working to establish an open and interoperable edge computing framework that is independent of hardware, processor, cloud, and OS. LF Edge is also focused on enabling edge AI because of the growing need for real-time AI processing. However, there are challenges to achieving an infrastructure that is both energy efficient and flexible, such as increasing data volumes, increasing the computational complexity of AI models, and meeting application-specific requirements. So we need innovation in infrastructure technology. Therefore, The Linux Foundation and THE IOWN GF signed a basic agreement in June 2023 to integrate the Linux Foundation’s software on the infrastructure proposed by IOWN GF to develop a common infrastructure that improves performance, reduces latency, and improves energy efficiency. Based on this agreement, we planned the IOWN GF/LF Edge Joint PoC to demonstrate the convergence of the two technologies and the performance improvements. This presentation describes the content of the PoC.

Speakers

Haruhisa Fukano

Manager, Fujitsu

Haruhisa Fukano is an architect and business planner for edge computing at Fujitsu. He leads the PoC project to develop the edge computing market. He also contributes to the ecosystem and open community for the spread and evolution of edge computing. He currently serves on the Technical... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall A (3)

CloudOpen

Audience Any

14:50 JST

Building Better CI/CD Pipelines with Buildpacks - Unnati Mishra, VMware by Broadcom & Akshat Khanna, Astuto.ai

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall A (2)

Imagine a world where the hassles of configuring dependencies disappear, replaced by a streamlined and automated process. Buildpacks enable developers to focus on writing code instead of dealing with complex configurations. This session will unveil the secrets of Buildpacks, highlighting their capacity to seamlessly manage various languages, frameworks, and runtime environments. Discover how Buildpacks revolutionize your development pipeline, fostering consistency and efficiency. A sneak peek to our session: *Core principles & benefits of Buildpacks *Application packaging/deployment *Using Buildpacks to enhance collab across development teams Whether you're a seasoned CI/CD practitioner or a DevOps enthusiast, this session equips you with the knowledge to transform software development with Buildpacks. Join us to explore the exciting future and the impact of Buildpacks on the CI/CD landscape.

Speakers

Unnati Mishra

R&D Engineer Software 2, VMware by Broadcom

Unnati is working as a R&D Engineer Software 2 at VMware by Broadcom, India. Currently working with the Release Engg team of the Tanzu Kubernetes Grid. She has been active in Open Source community since 2019 and has also participated in many Hackathons, bagging prizes in few of them... Read More →

Akshat Khanna

Software Development Engineer 2, Angel One

Akshat Khanna is currently working as SDE 2, building Angel One Stock Trading Platform and previously worked as MTS 2 at VMware Tanzu. He has been working on Kubernetes solution for the edge and also actively contributing to open-source. He has good experience of developing products... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall A (2)

ContainerCon

Audience Beginner

14:50 JST

Secure and Encrypted Boot in Zephyr RTOS - Parthiban N, Linumiz

Tuesday October 29, 2024 14:50 - 15:30 JST

Meeting Room 1

MCUboot enables secure booting of Zephyr RTOS using asymmetric cryptographic signature verification with a public key. Typically, the hash of the public key is embedded within the MCUboot binary, ensuring its integrity. For enhanced tamper protection, this hash can also be securely stored and retrieved using hardware keys. Embedded SoCs, such as the i.MX RT, offer advanced security features like High Assurance Boot (HAB), Data Co-Processor (DCP), and Trusted Firmware-M (TF-M) for implementing TrustZone in SoCs like the nRF91. These features enable secure storage with hardware crypto acceleration or external security modules (e.g., TPM, EdgeLock) to store keys in a hardware vault. This presentation will explore MCUboot secure booting with hardware keys, using the NXP i.MX RT as an example. We'll delve into HAB for booting signed and encrypted MCUboot, establishing a hardware root of trust, and booting Zephyr RTOS using keys from OTP for verification. Additionally, we'll discuss using the TF-M backend and OTP for securely booting TrustZone-enabled SoCs.

Speakers

Parthiban

Engineer, Linumiz

With over 14 years of experience in software engineering, Parthiban founded Linumiz, a company that provides domain-neutral software services for U-Boot, Linux, and Zephyr, ranging from board bringup, board supported package, customization, device drivers, to over the air software... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Meeting Room 1

Embedded IoT Summit

Audience Beginner

14:50 JST

How to Make Open Source Work for Your Career - Sujata Tibrewala, Bytedance

Tuesday October 29, 2024 14:50 - 15:30 JST

Hall A (1)

If you're seeking visibility and recognition for your merits, there's no better place than open source to invest your time and energy. As the saying goes, 99% of bright minds are outside of your organization. Thus, by engaging with the right open source community, you increase your chances of collaborating with them. In this session, we'll discuss how you can leverage the visibility and relationships you cultivate in open source to secure your next job or achieve your career goals, whether it's transitioning into new technology, advancing in your current field, or refining your leadership skills.

Speakers

Sujata Tibrewala

Open Source Community and Ecosystems manager, Bytedance

Sujata leads a cross-functional, forum of open source leaders to ensure Alignment and a positive presence in communities for their 50+ Open source projects. She has grown developers' communities from scratch from 0 to thousands into vendor-neutral communities like Linux Foundation... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Hall A (1)

Open Source Leadership Summit

Audience Beginner

14:50 JST

Revolutionizing Container Security: Automated Vulnerability Patching with Copa - Anubhav Gupta, Akuity

Tuesday October 29, 2024 14:50 - 15:30 JST

Main Hall

Container image vulnerabilities pose significant security challenges. While tools like Grype and Trivy identify issues, efficient remediation remains a hurdle. Enter Copa, a groundbreaking CNCF project designed to automatically patch vulnerabilities within container images. Copa enables swift OS-level vulnerability remediation without upstream rebuilds, crucial for complex supply chains and third-party sources with delayed updates. It works with existing vulnerability scanners to streamline patching processes, reducing complexity and turnaround time. In this session, we’ll explore Copa’s integration with current workflows, its ability to patch images without requiring specific customizations, and support for containers without package managers, including distroless containers. Attendees will learn how Copa empowers DevSecOps teams to deploy secure containers faster and with greater confidence, minimizing exposure to potential threats. Join us to discover how Copa transforms container security, making automated patching accessible and effective for all practitioners.

Speakers

Anubhav Gupta

Software Engineer, Akuity

Anubhav works as a Software Engineer at Akuity. He is a graduated Summer 2023 batch LFX Mentee with the CNCF, where he worked on the Kubescape project. He is an active contributor to various CNCF projects including Kubescape and Copa. Anubhav has previously spoken at the Open Source... Read More →

Tuesday October 29, 2024 14:50 - 15:30 JST
Main Hall

SupplyChainSecurityCon

Audience Any

15:30 JST

Kate Stewart

VP Dependable Embedded Systems, Linux Foundation

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall B (4)

AI_dev

Audience Intermediate

16:40 JST

The Emulation of AD Sensors in IVI Domain Over PCI Express (Ghost Device) - Kim Rain Woosung & Dongwoo Han, LG Electronics Inc.

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall B (3)

[ How to extend AD Sensors to IVI Domain ] 1. Why we extend AD sensors to IVI Domain Can you image that AD sensors can be safely and securely used for IVI Domain, as well as Autonomous Driving ? 2. 3rd party eco system on AD Vehicle AD vehicle has more sensors then the one of smartphone, using them, we can create the more rich application in AD vehicle. 3. E/E Architecture and HPC for the future The communication between SoCs in HPC needs to have very high performance bus, and, now PCI Express is the best candidate. 4. Sensor Sharing and Functional Safety Ghost Device cannot control the physical sensor directly. So, basically there is no way for the cracker to make the high-level Security System harmful. 5. The concept of Ghost Device When numbers of SoC are weaved, a SoC needs to deal with another SoC as a kind of peripheral, because SoC is generally designed as a host of whole system. So, we need to define another SoC as a kind of peripheral, or abstract and emulate data from another SoC as one from peripherals. 6. How to implement it Using ntb_transport, NTRDMA, and ,Infiniband core, Ghost Device is implemented. 7. The example, Camera Sensor (demonstration is ready)

Speakers

Dongwoo Han

Researcher, LG Electronics Inc.

over 20 years, I has been system s/w engineer. Now, I'm working as IVI developer for LGE.

Woosung Kim

Task Leader, CTO div., LG Electronics

Software architect and task lead of the automotive high-performance computing and consolidation system at the vehicle onboard. Also digital twin and orchestration by cloud and multi-application processor on off-board. Currently, active at advanced technical PoC with SoC vendors and... Read More →

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall B (3)

Automotive Linux Summit

Audience Intermediate

16:40 JST

Decoding Serverless and FaaS: Knative Vs. OpenFaaS Vs. Kubeless Vs. Pulumi - Nitin Rathee, Microsoft

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall A (3)

"Decoding Serverless and FaaS: Knative vs. OpenFaaS vs. Kubeless vs. Pulumi" delves into the complexity of serverless computing and highlight the strengths of today’s most compelling open-source tools. We’ll dive deep into Knative’s seamless Kubernetes-native integration that automates scaling and manages workloads effortlessly, OpenFaaS’s intuitive interface that empowers developers to deploy multi-language functions, Kubeless’s straightforward approach to deploying functions as Kubernetes objects, and Pulumi’s innovative infrastructure as code that merges serverless capabilities with familiar programming languages. We will also compare these tools in real-world scenarios, providing clear guidance on when and why to choose each one based on specific project needs and operational goals. Whether you’re looking to streamline microservices, handle event-driven workloads, or simply enhance your development efficiency, this talk will provide you with the insights and practical comparisons you need to choose the right tool for your serverless journey. Let’s navigate the future of serverless together and empower our next big project!

Speakers

Nitin Rathee

Software Engineer 2, Microsoft

Nitin Rathee is a Software Engineer II at Microsoft and he graduated with distinction from the esteemed National Institute of Technology, India. His professional trajectory is marked by transformative contributions to cutting-edge projects that redefine the boundaries of technology... Read More →

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall A (3)

CloudOpen

Audience Any

16:40 JST

Kubernetes WG-LTS: Why We Need LTS? - Yuiko Mori, NEC Corporation

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall A (2)

Today, many companies are using Kubernetes in production environments, but there are various challenges in commercial use. One of the challenges is managing the Kubernetes cluster. Many companies are facing challenges related to Kubernetes version upgrades. According to a 2022 survey, most host systems run Kubernetes versions that are 18 months or more out of support. In this situation, the Kubernetes community launched the WG-LTS (Long Term Support Working Group) to promote Kubernetes LTS (Long Term Support). In this session, I will introduce the background, purpose, and activities of the WG-LTS. I will also explain why as a System Integrator, NEC needs Kubernetes LTS. On the other hand, (This is not just in case of Kubernetes, but) there is gap between community developers and users in open source community. I will discuss such gap also. I will also discuss the barriers(human resources, cost, etc…) to advancing LTS in Kubernetes community.

Speakers

Yuiko Mori

Manager, NEC

Yuiko Mori is a software engineer at NEC Solution Innovators, Ltd. on a wide range of software projects, and developing open source software. She's been an active technical contributor to Kubernetes, and also previously she had worked for OpenStack.

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall A (2)

ContainerCon

Audience Intermediate

16:40 JST

Device Management and Delta Update for Embedded Devices with SWUpdate and TUF - Koshiro Onuki, Toshiba Corporation

Tuesday October 29, 2024 16:40 - 17:20 JST

Meeting Room 1

Secure and efficient software updates are crucial in infrastructure. Our research integrates SWUpdate with The Update Framework (TUF), which enhances security by ensuring update integrity and improving resistance to well-known attacks. However, there are challenges in the TUF verification process for embedded devices. It requires downloading the entire target images and verifying its size and hash values. This process may be difficult to execute on devices with limited resources. Therefore, we have developed a device management function that manages unique information such as device version information, in addition to integrating with TUF. This function enables the generation of delta update images considering the target device information. As a result, it is believed that updates can be made even within limited resources by transmitting only delta. Furthermore, it becomes possible to meet specific needs of each device, such as reducing bandwidth and update time, customizing update images, and enhancing image encryption. In this presentation, we will showcase the practical implementation of our function that integrates TUF and delta update.

Speakers

Koshiro Onuki

Engineer, Toshiba Corporation

Koshiro Onuki has been working as a Software Engineer at TOSHIBA Corporation since 2022. His main role is to develop Linux for various industrial embedded products. He is mainly involved in research and development of software updates.

Tuesday October 29, 2024 16:40 - 17:20 JST
Meeting Room 1

Embedded IoT Summit

Audience Intermediate

16:40 JST

Real-Time Scheduling Fault Simulation - Ben Dooks, Codethink

Tuesday October 29, 2024 16:40 - 17:20 JST

Hall A (4)

There is a lot of work around how to achieve good real-time on Linux, but not as much on how to simulate faults such as jitter in the system, deadline misses or other faults. Without this it is difficult to test how your application or entire system copes with these problems. As part of work with a number of clients, especially in the safety sphere, questions have come up on how to test processes which rely on real-time scheduling. If we have a way of injecting faults we can reliably test error handling and other mitigations. Mitigations such as throttling, restarting or some measured shutdown of services. We will go through some methods we evaluated for fault injection via both user and kernel space. How existing kernel features can be used and what needs to be done in the way of either configuring or extending kernel features. There will be discussion about how each method works and the comparative merits where overlaps exist. We hope that this can help to promote thinking and improvements on how the scheduler and particularly real-time scheduling is tested under Linux.

Speakers

Ben Dooks

Senior Engineer, Codethink, Codethink

Senior open source consultant at Codethink and long-time contributor to various projects such as the Linux Kernel.

Tuesday October 29, 2024 16:40 - 17:20 JST
Hall A (4)

LinuxCon

Audience Intermediate

16:40 JST

The Telemetry of Trust, Using Attestations to Secure Your SDLC with Open Source Tools - Jesse Sanford & Jagadish Ramidi, Autodesk

Tuesday October 29, 2024 16:40 - 17:20 JST

Main Hall

Let’s be honest, delivering software can be a dirty business. Especially if you are in the critical path of delivering legacy software, or software born from mergers and acquisitions. How can we secure so many differences at scale? How can we build trust into everything we do so that we can delay evaluation until we have enough trust later? In this talk, Jagadish and Jesse show you how Autodesk is thinking about solving both of these problems simultaneously. Through the use of “attestations”. Simple, cryptographically verifiable bits of telemetry that when combined, equal a whole lot more than the sum of their parts. Get enough of them and they build a story of trust. By weaving a software lifecycle tale through a series of verifiable inputs, actions and outcomes we can decide for example, when to allow a build be deployed. Or better, decide when it’s to be deployed to a secure and compliant location. Autodesk is starting to tell those software lifecycle stories using open source software weaved into our platform, making the software we build safer for all, despite our diversity.

Speakers

Jagadish Ramidi

Software Engineer, Autodesk

Works as a security software engineer at Autodesk focusing on software composition analysis and supply chain security.

Jesse Sanford

Software Architect, Autodesk

Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. He regularly contributes to open source and frequently speaks about his work... Read More →

Tuesday October 29, 2024 16:40 - 17:20 JST
Main Hall

SupplyChainSecurityCon

Audience Intermediate