FOSDEM 2025

Saturday

The state of Go

Build a Great Business on Open Source without Selling Your Soul

Pick My Project! Lessons Learned from Interviewing and Writing 20+ End User Case Studies

Stratoshark

Living the SBOM life - the good, the bad and the evil parts

14 Years of systemd

Sunday

The OpenAPI Standards Landscape

RDE: Tools for managing reproducible development environments

Minimalist web application deployment with Scheme

Constraint Logic Programming From The Perspective of Annotations

Small headed programming for performance with prescheme, nim and zig

How we are defending Software Freedom against Apple at the EU's highest court

Ten Years as a Free, Open, and Automated Certificate Authority

Communication is paramount. You must be willing to spend whatever time is needed to bring your coworkers up to speed—to help others understand—where you are going. Sometimes you will spend most of a day talking with your coworkers, not programming.

— Rasmus has started a company and is hiring

FOSDEM 2024

Saturday

The state of Go

The secret life of a goroutine

Effortless Bug Hunting with Differential Fuzzing

Maintaining Go as a day job - a year later

Using chroots in a single Linux Container as an alternative to docker-compose

Soft Reboot: keep your containers running while your image-based Linux host gets updated

A front-end journey back to Rails

Besides Web: a Worker story.

The world of Passkeys

Sunday

Opening up communication silos with Matrix 2.0 and the EU Digital Markets Act

Aerogramme, a multi-region IMAP server

Apache James: Modular email server

Post-Quantum Cryptography transition: where we are now

So you think you know Git

Version control post-Git

Homebrew's Evolution

Dapr

When looking at the talks for FOSDEM 2024, I saw Efficient Integration Testing in Go: A Case Study on Dapr. I'm pretty sure I've seen Dapr mentioned before. The talk page links to github.com/dapr/dapr. It states

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.

That's still very abstract but the README on GitHub mentions gRPC and Kubernetes a bunch of times.

Anyway, it looks like a very mature and capable project, so where does it come from?

Checking the top contributors gave the answer. That led me to diagrid.io/about-us and everything made sense.

Diagrid was founded by Mark Fussell and Yaron Schneider who created the Dapr and KEDA OSS projects and developed large scale platforms for running distributed applications at Microsoft.

And from keda.sh:

KEDA is a Kubernetes-based Event Driven Autoscaler. With KEDA, you can drive the scaling of any container in Kubernetes based on the number of events needing to be processed.

Measuring smartphone slow-mo

It seems that fake/interpolated high-framerate video, in it’s numerous consumer forms (“ultra slow-mo” & friends), is just the current target of marketing lies and needs to receive the same treatment. I feel absolutely no shame in pointing fingers to Motorola/Lenovo for deceiving advertising in the official “technical specifications”, especially when the Lenovo support team itself answers in a forum post that the feature is just interpolation.

Who Writes OpenSSL?

So in conclusion, we found that 87% of the non-trivial commits to OpenSSL in the last 12 months were from 56 people paid by their employer to work on OpenSSL. This result shouldn’t be too surprising, Open Source projects such as OpenSSL rely on commercial organisations contributing their employees’ time in order to survive.

AWS Snowmobile is an Exabyte-scale data migration device used to move extremely large amounts of data to AWS. Migrate up to 100PB in a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck.

AWS Snow Family – Move petabytes of data to and from AWS

Amazing page, some tidbits

1.2×1020 bits (15 exabytes) – estimated storage space at Google data warehouse as of 2013

I wonder what their scale is today, 10 years later?

3.4×1021 bits (0.36 zettabytes) – amount of information that can be stored in 1 gram of DNA

The future of storage?

FOSDEM 2023

Saturday

Enabling FIDO2/WebAuthn support for remotely managed users

Kubernetes and Checkpoint/Restore

Exploring Database Containers

Passwordless Linux -- where are we?

Winners and Losers in FOSS

Sunday

Zero Knowledge Cryptography and Anonymous Engineering

So you want to build a deterministic networking system

Hole punching in the wild

Decentralized Social Media with Hachyderm

Matrix 2.0

Picked this up from Year in Review 2022: Tenderlove's Ruby and Rails Reflections and Predictions by tenderlove on Shopify's Engineering blog.

Seems like they been working on it, and using it internally, for a while. It is part of their Visual Studio Code Shopify Ruby effort.

I was wondering how this project differs from Solargraph. It isn't yet spelled out in the README, but I found two pull requests on the subject:

#434 Closed in favour of #447, but provides some history and interesting details. Rendered view

#447 Will probably be merged, provides a more general overview of the differences. Rendered view

tl;dr Solargraph uses YARD and parser where Ruby LSP uses SyntaxTree and needs to be included in your Gemfile.

I suspect Ruby LSP, in the future, will use the (currently very new) Shopify project YARP (Yet Another Ruby Parser).

TIL: Grumpy

In the Hacker News thread about Pitchfork, I spotted a link to Grumpy: Go running Python!, a blog post from Google in 2017:

Google runs millions of lines of Python code. The front-end server that drives youtube.com and YouTube’s APIs is primarily written in Python, and it serves millions of requests per second!

So we asked ourselves a crazy question: What if we were to implement an alternative runtime optimized for real-time serving?

Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime.

But the biggest advantage is that interoperability with Go code becomes very powerful and straightforward: Grumpy programs can import Go packages just like Python modules! For example, the Python snippet below uses Go’s standard net/http package to start a simple server:

Apple is also improving its two-factor authentication support by letting users secure their accounts with hardware keys starting early next year. Hardware keys, like YubiKeys, have become increasingly popular tools to provide an extra layer of security for your online accounts, and soon, you’ll be able to use a key with your iCloud account as well.

At East Sweden Innovation Day 2022, when Mathias Cederholm spoke, I learned about the C2PA specification: a form of PKI ("TLS certificates") for media files. It was mentioned as a way to battle deepfakes.

The Evidential value of cryptographic integrity section on Wikipedia is a good read:

The cryptographic integrity of a C2PA-compliant file does not provide evidence that it contains an authentic representation of reality. Instead of the scene captured by the lens, a C2PA-compliant camera or camera app could store and cryptographically sign a freely invented, e.g., AI-generated, image. Similarly, any C2PA-compliant system can freely invent or arbitrarily falsify any metadata that is to be stored and then properly sign that data. The result would be a file that fully complies with the technical specifications of the standard. A C2PA-compliant check would show that the hashes stored in the signatures match the contents of the file and therefore declare the file valid in terms of the C2PA standard.

Sounds to me that the standard needs to be adopted by publishers (e.g. news organisations) and not only tool makers.

End of year AI recap

Re: More creative than mere humans by DHH.

Because why would we assume that AI won't actually be more creative than mere humans? AI chess and go competitors are in part so superior now because they're capable of wild leaps of ingenuity that stump human players. Moves that would never have been considered by a mere human because of their out-of-norm "thinking". In this domain, it's the humans executing mechanical moves based on memorized patterns, the computers making novel inferences.

Why shouldn't the same be true of AI generated novels, plays, or movies? What realm of creative production does not benefit from the out-of-the-norm inferences that computers have already proven they can make within the bounds of chess and go to great effect? Is what we call human creativity all that different from a large language model anyway? A distillation of observations, inputs, mimetic tendencies, and a wetware random generator?

Isn't playing Chess/Go very different problems (math) from writing creatively (for a certain audience)? I have a hard time seeing general AI doing that the way humans do.

Re: the phrase human AI trainers used in the ChatGPT announcement, is that a nice name for Mechanical Turk workers? 🤔

Interesting tidbit that the models was trained using Azure:

ChatGPT is fine-tuned from a model in the GPT-3.5 series, which finished training in early 2022. You can learn more about the 3.5 series here. ChatGPT and GPT 3.5 were trained on an Azure AI supercomputing infrastructure.

That makes sense considering (from Wikipedia on OpenAI):

In 2019, OpenAI transitioned from non-profit to "capped" for-profit, with profit cap set to 100X on any investment. The company distributed equity to its employees and partnered with Microsoft Corporation, who announced an investment package of US$1 billion into the company. OpenAI then announced its intention to commercially license its technologies, with Microsoft as its preferred partner.

ChatGPT links:

OpenAI: ChatGPT: Optimizing Language Models for Dialogue

Building A Virtual Machine inside ChatGPT by research scientists at Deepmind

The Verge: AI-generated answers temporarily banned on coding Q&A site Stack Overflow

Stack Overflow Help Center: Why posting GPT and ChatGPT generated answers is not currently acceptable

Meta Stack Overflow: Temporary policy: ChatGPT is banned

GPT Labs with UPG (universal program generator)

commitgpt: Automatically generate commit messages using ChatGPT

Wikipedia: History of GPT (generative pre-training)

Other recent AI happenings:

stability.ai: Stable Diffusion 2.0 Release

Waxy.org: Exploring 12 Million of the 2.3 Billion Images Used to Train Stable Diffusion’s Image Generator

Apple Machine Learning Research: Stable Diffusion with Core ML on Apple Silicon

GitHub project: Stable Diffusion v 2.0 web UI

Hugging Face: website, github

Currently planned for Q1 2022 – Jan-Mar according to the roadmap issue.

I wonder if it will be supported by the /markdown endpoint in the REST API? (If it will include the SVG code for it.)

These assistants are all deeply flawed.

John Gruber comments on Alexa tells 10-year-old girl to touch live plug with penny

The sticky bit

I recently discovered the Apple Data & Privacy website, launched May 2018. A few days ago I initiated an export and downloaded the zip files with my data. After unziping, while transfering the files to my FreeBSD/ZFS server, I noticed rsync reporting errors:

rsync: [generator] failed to set permissions on "ActivitySharing/Activities.json": Inappropriate file type or format (79)

Turns out some of the files in the Apple export had the sticky bit set:

$ ls -ahl ActivitySharing total 16 drwxr-xr-x@ 3 dentarg staff 96B Mar 31 18:03 ./ drwxr-xr-x@ 13 dentarg staff 416B Mar 31 18:04 ../ -rw---x--t@ 1 dentarg staff 5.7K Mar 18 14:30 Activities.json*

After removing the sticky bit from the files, rsync had no complaints.

find . -type f -perm -1000 -print -exec chmod -t {} \;

Credits: The Stack Overflow post "Find all sticky bit files on my FreeBSD Server"