Program conference

Confiance.AI is a French public project dedicated to the study and development of tools for securing, making reliable and certifying AI-based systems.. Since its launch in 2020, access to open-source codes and datasets has greatly facilitated the work carried out by industrial and academic partners. In addition to the use of software tools, access to implementations of state-of-the-art AI methods has enabled numerous tests to be carried out to assess their robustness, explainability or contribution to trustworthy AI. The presentation will give an overview of the work achieved thanks to open-source and present in more detail a study on the use of synthetic and AI-generated data for the validation of deep learning models in the autonomous driving application context.

/e/OS is a smartphone operating system forked from AOSP/LineageOS, created in 2018. It offers default features freeing users from the permanent collection of their private data: complete deGoolization, deletion of application trackers, masking of the IP address…
It also offers additional cloud services to the OS (drive, email, calendar, office document management, etc.), also completely based on free software.
Compatible with over 200 smartphone models, it offers a new life to old ones, sometimes as much as 10 years old – all through open source!

Free and Open source software were born in frugality. Often lacking money for devs, it came a long way until global exposure and massive adoption. We will show that in these roots lies some very useful culture and future solutions. For IT to be part of the solutions and not part of the problem.

We will remind why digital is in exponential growth, and why this is a problem. Using Figures and recent studies to help understand trends and issues.

We will present a few principles heading towards digital sobriety, directly in the open source field or massively using it.

The Shift project is a Lobby intending to “stay under +2°C” regarding climate change, influencing stakeholders : companies, institutions, governement and policy.
https://theshiftproject.org/en/home/

Initially created in 1995 as a simple and effective content creation tool for technically-minded users, wikis have become part of business as a natural response to a need for the circulation of knowledge indispensable for team success. As a result, wikis have been enhanced with features designed to facilitate access for non-technical users, and increasingly with ways of describing and presenting data to users which are relevant to their field (structured data, mixed formats). Today there are tools renamed “corporate collaboration tools” with major players that offer their solutions to this need, open source or not, with artificial intelligence input. This presentation will discuss these recent evolutions and visions of corporate partnership by showing how the Open Source XWiki platform responds.

At the heart of winning strategies of digital industry, Africa attracts technological giants from all over the world. This attractiveness generates major geopolitical stakes, and the continent has become a battleground for the USA and China, both keen to consolidate their influence in this part of the world. A form of neocolonialism is also emerging, through partnerships where European businesses play a significant role. This talk will cover the dynamics, opportunities and challenges of this “new eldorado”, questioning the strategic autonomy of African countries. While these partnerships can have beneficial effects both on the development of infrastructure and of upskilling services, they nevertheless raise crucial questions on the strategic autonomy of these countries that are highly dependent on world powers.

Every open source project is following some version of product-led growth, which means relying on the project itself to recruit new users, discover new features and then get existing users to spread the word about the project. But the vast majority don’t do so with any kind of intentionality and, if they do it right, it’s through luck rather than design. In this talk, Emily Omier will introduce attendees to the major principles of product-led growth and walk them through how those principles can be applied to an open source project. She’ll discuss what maintainers need to measure, optimize for and avoid if they want to intentionally use product-led growth strategies to expand their user base and community. Attendees will leave with a clear understanding of how to apply product-led growth strategies to accelerate community and usage growth in their projects. This talk will focus only on free open source projects, not commercial open source.

Most organizations and developper know what is Open Source and Open Core. Few of them really know the incredible playground it offers to developers and the global dynamic to which large compagnies (CAC40/Fortune 100) are already contributing. LINAGORA recently conducted a study to reinforce the “open source contribution reflex” and identify for a large organizations opportunities to give back code to the communities. During this conference Raoul Delpech will present the decision-making framework he designed, to determine the interest of giving back a project, in whole or in part, to choose an Open Source / Open Core model and its licence according to a specific competitive environment, the relationship with the Open Source foundations, and the business interest for an organization and its developers.

Recently, the French interministerial department for digital technology (DINUM) opened the way to factoring in free software in the durability index of the hardware supporting it, by publishing a positive answer to the following question: “Do you think it is possible to install a free operating system that increases the sustainability of computers and smartphones?”

This answer is supported by a synthesized report by OW2, to which Electrocycle has contributed alongside several players. It shows that free software contributes to sustainability well beyond operating systems.

The main factor is found in a free software / hardware repurposing mix. Hardware represents 75% of the impact of electric equipment. Free software helps delay its obsolescence. Other areas appear essential like APIs and open protocols that give a new lease of life to several connected objects besides computers and smartphones.

Presentation of the Data Visualization managed service integrated in Orange Cloud systems, based on Apache Superset open source SW.
We will share with you:
– how did we decide to chose Apache Superset vs other data visualization alternative solutions in order to better meet our business needs
– our Return of Experience on the service we have integrated within Orange Cloud ecosystem, making it compliant to the company rules, including security aspects (authentication, vulnerabilities checks, backup & restore)

To fulfil their public service remit, local authorities have major IT requirements. Office automation, business software, servers, hardware, (digital) relations with residents: the technical choices involved are obviously not politically neutral, and must respond to imperative considerations of public interest.

This round table, hosted by April, will review experiences in different local authorities to show the possible leverage available to them to set up freer and more sustainable computing and think more holistically about their role in the development of more responsible IT. This will be the opportunity to talk about, among other things, pooling, public commissioning, sustainability, digital sufficiency and free software, of course.

The main feature of the talk is Boris Van Der Beken’s presentation of the case use of LinShare within the ART (French transport regulation authority). Whether sharing large files, collaborating on sensitive documents or keeping precise file versions, LinShare has played a crucial role in improving the ART’s data management.

LinShare is open source secured file-sharing software. It is designed for businesses that need to share sensitive documents safely. The main functions of LinShare include file sharing, the sending of large files, access right management, end-to-end encryption, two-factor authentication and tracking of activities.

LinShare has been broadly used within the French administration and also at the European Parliament for several years.

ADEME, the French Agency for Ecological Transition under the authority of the French Ministry of Ecological Transition, helps implement public policies in the fields of the environment, energy and sustainable development. One of the agency’s concerns is the growing importance of digital technology and its environmental and social impact. In France, the digital sector is responsible for 2.5% of the country’s carbon footprint and accounts for 10% of electricity consumption. This talk will provide an opportunity to present ADEME’s work on digital responsibility: the regulatory framework, freely-available studies/calculators/data on the direct and indirect environmental impacts of digital technology, benchmarks designed to extend the lifespan of equipment, such as the reparability and durability index, as well as programs to support organizations and local authorities in deploying eco-design and digital sufficiency.

The use of phones in business is constantly changing. In recent years the IT and telecom departments of organizations have moved closer together in recent years. IP phones and physical servers are gradually completed or even replaced by workstations on PCs and virtualized servers or even by solutions offered in SaaS mode by service providers. The increase in work from home demands solutions allowing the mobility of users and brings with it new network security and communications issues. Finally, the rise of smartphones since the 2010s has rapidly led to the emergence of proprietary communication applications for the mass market, which raises new challenges for telecommunication solutions developers. We will present the full open source client/server software solution to deploy and modernize voice on IP infrastructure.

Thales, as major big tech companies, are consuming massively open source. What about contribution? What’s for? For which Business rational?
We will explore some ongoing Thales DIS initiatives in terms of Open Source, emphasizing 3 key topics
1. Open Source as business advantage
2. Open Source as a change in culture and mindset
3. Open Source as attractiveness of tech skills
Especially, we will go through Open Source Hardware, linked to RISC-V, that will capture more than 14% of all processor cores and more than $1.1 billion in revenue by 2025. We will present how Thales managed to combine open source and its strengths by designing SPRITZ, a secure version based on the open source CVA6 processor on which Thales is highly contributing, offering sovereignty, security and performance.

ChatGPT was a revolution nobody was ready for. All the social channels have been flooded with prompts and answers which look ok at first glance but turn out to be counterfeit. Factuality is the biggest concern about Large Language Models, not only the OpenAI product. If you build an app with LLMs, you need to be aware of this.
Retrieval Augmented Language Models seem to be the solution to overcome that issue. They combine LLMs’ language capabilities and the knowledge base’s accuracy. The talk will review possible ways to implement it with humans in the loop.

Current developments in quantum computing are a growing threat to cryptographic algorithms used today, for example in secured voice on IP and instant messaging applications. Even though such a quantum computer has not yet been officially announced, some governments recommend protecting data against this type of attack by 2030. Encrypted data shared today could be stored and decrypted in the future by these quantum computers. That is why it is important to encrypt them now with algorithms that can fend off such an attack. The Linphone application is a global pioneer in open source communication software, implementing the award-winning algorithm in the encryption key category, CRYSTALS-Kyber. One of the key stages is the development of a modified version of the normalized ZRTP encryption protocol.

Despite their exceptional capabilities, the most advanced machine-learning models lack scrutability, which prevents their integration into critical systems. The key challenge for explainability methods lies in their ability to unveil the inner workings of these black boxes. This involves revealing the decision-making strategy, understanding their internal states, and studying the underlying data representation. To address this challenge, we have developed Xplique: a software library for explainability that includes representative explainability methods as well as associated evaluation metrics. It interfaces with one of the most popular learning libraries: Tensorflow as well as other libraries including PyTorch and Scikit-learn.

Eco-designing, producing and distributing hardware commons supported by the free software production cooperative process. In the first part, we will present the FabCity program which is an initiative engaged in promoting and developing actions linked to local, circular and digital production. In the second part, we will look at the feedback conducted within “third places” (Entre Dore et Allier media library and Manufacture de Saint Etienne fablab).

As AI models demonstrate more and more capabilities, there is a growing need for robustness, reliability, and transparency to enable their application to safety-critical systems. The DEEL (DEpendable and Explainable Learning) project emerged five years ago as the first collaborative project on AI for Certified Systems. In five years of R&D, it has become a major player in safety-critical AI with many publications in top-tier venues and released several open-source libraries and datasets.

In this talk, we will showcase these libraries and illustrate their importance on a real-world open-source benchmark, also designed within DEEL, that consists of visual runway detection for automatic aircraft landing. We will show how the libraries of the DEEL software suite allow going beyond simple object detection and achieving explainability, data bias identification, probabilistic guarantees, anomalous data detection, and robustness against adversarial attacks.

Goroutines are an exciting part of the Go language, but what are they? How are they created? How are they paused? How are they resumed? There are a lot of questions that the regular go programmer doesn’t need to know and usually doesn’t know, but if you, like me, are a curious person, you probably want to know more about what is going on under the hood.

Come with me on this interesting trip through one of the most outstanding features of the Go language, the goroutines, and discover what makes your Go programs tick!

8 years ago, SNCF Connect & Tech opted for open source bricks then shared “The Open Conversation Kit” with the community on its Tock platform, which claimed to be an innovative producer of commons (Acteurs du Libre prize 2019), opening the way to unexpected collaborations.

A few years and several chatbots later, different types of organizations cooperate with and benefit from this open platform for their own projects, products and even to test new LLM and generative AI solutions.

In this session, we will see how several businesses use and contribute to Tock:

– SNCF Connect & Tech, for which Tock is at the heart of the customer experience as with in-house chatbots
– ENEDIS, which structured its in-house and external chatbots with Tock
– Crédit Mutuel Arkéa, which contributes a lot to Tock and uses it to test different LLMs
– Linagora, which integrates Tock with its voice technology in the LinTO.ai product

The problem of making telephone communications accessible to the deaf, hard-of-hearing and aphasic population.

These people need to interact via specific means of communication that are not limited by voice: sign language, completed spoken language, subtitling, icons, etc. These means of communication require native support of multimedia calls.

More broadly, the idea of universal accessibility design in telecommunications is emerging. It aims to allow their inclusion in society and in the workplace and in exchanges with government departments and large companies.

We will discuss the regulatory framework of accessible telecommunications. We will look at the solutions proposed but also relevant technical standards and the role of open source in this area.

2023: Digital Workplaces no longer ring the death knell of email! They have finally understood the importance and ubiquity of the leading communication channel.
Collaborative messaging challenges are huge:
– The challenge of extending the scope of collaboration and integrating further into the Digital Workplace
– The challenge of sovereignty for the most widely used and exposed application
– The challenge of scalability and resilience for the most widely used and critical application
– And above all, the challenge of usage and respect for user habits, without which users will reject the solution.
Native Outlook support, revamped UX at the heart of development, instant upgrades and PRA, extensibility and collaborative interfaces.

This talk will discuss how BlueMind, the French open source messaging solution, has become the first alternative to Exchange and 365 by responding in practical ways to these challenges

In the wake of Go language, a small but robust derivative has appeared: Tinygo.

Initially designed to program microcontrollers, its use has been extended to the world of Web Assembly.

I propose a review of what can be done with this language in the vast ecosystem of microcontrollers.

The gods of demos will be put to the test and we will try to code a few examples into micro:bit boards, Raspberry Pico or the fabulous Adafruit Pygamer.

If you are good and the gods are with us, we will look at what it is possible to do with a GameBoy Advance.

Elm is “an exquisite language for reliable web apps”, “easy to learn with user-friendly error messages”. It also promises that “in production, your web apps are efficient and do not generate any execution errors”.

We saw an opportunity here to reduce our maintenance costs. In 2017, we chose to use it for our web application projects. We have never regretted this choice. This presentation will explain why. We will also present a few contributions to the ecosystem that we have created over the years.

After 50 years of existence, the notion of emails continues to play a critical role for all organizations. Today, as always, one challenge dominates: resilience. The aim is to have a stand-out vision of the resilience of messaging in 2023. The key words of this program will be sovereignty, security, availability, deliverability, monitoring and attributability. We will provide possible solutions to the different strategies and commitments announced, giving a vision of the direction of the sector in the coming years.

A key factor in efficient software production, the CI/CD chain must be standardized so that its own design and implementation are no longer an event in themselves.
How do you guarantee:

* your team’s capability to approach and maintain them?
* their quality and regularity throughout your projects?
* the maturity of DevSecOps workflows set up?
* coverage of security in your supply chain?
* integration into your business ecosystem?

CS Group and Orange reveal how to be continuous which answers these questions and industrializes CI/CD pipelines on Gitlab.

The necessity of abandoning fossil fuels is a vision shared by all. Electrification, as a key technology in this transition, has to cope with high price increases. At a time when energy vulnerability is rising, its accessibility for all has become a major issue. We are convinced that the democratization of technology outside industrial circles offers users greater autonomy and freedom.
Arduino succeeds in democratizing IoT by reducing complexity. . How can we find inspiration in revolutionary methods?
How can we apply these methods to the field of energy and open new prospects in the key sector of power electronics?

Track: Business solutions: from internal collaboration to external communication

In the face of increasing cyber-attacks and the diversity of the Information Systems to be protected, the implementation of a Disaster Recovery Plan must be accompanied by an Operational Survival Platform (OSP), enabling the organization to carry out its essential missions, and in particular its communication.

Apitech and Métropole de Lyon present the challenges and implementation conditions facing an Operational Survival Platform. Métropole de Lyon thereby protects its communications (email, web, etc.) in the event of a cyber-attack.

The data contained in a database is invaluable as it is a resource that interests people with malevolent intentions. The use of data contained in the database is capable of jeopardizing users referenced in the base and is liable to damage the image of the institution which is in charge of its operation.

To give you the best possible chance of success, Christophe and Sébastien reveal a set of best practices for securing databases and their content with the MariaDB database. Data security is a major challenge involving all development and infrastructure elements.

For a long time, proprietary approaches and obscure protocols dominated industrial automation. Things started to change in 1999 with the introduction of the MQTT protocol. Operational technology (OT) and business applications supplied by information technology (IT) teams exist and evolve separately in most organizations. This well documented gap between OT and IT often confines MQTT alongside OT of things. The open Sparkplug specification of the Fondation Eclipse aims to fill in this gap.

In this presentation, you will learn how open source MQTT implementations can speed up digital transformation. You will also discover how Sparkplug simplifies things by defining a “topic namespace”, payloads centred on industrial process variables, and “stateful session awareness” mechanisms that avoid the classic “polling/response” pattern.

In today’s fast-paced digital landscape, securing the software supply chain has become a top priority for organizations of all sizes. One critical step in securing the software supply chain is vulnerability scanning. In this talk, we will explore the vulnerability scanning process and its importance in identifying weak spots in software code and dependencies. We will discuss how vulnerability scanners use the Software Bill of Materials (SBOM) to identify vulnerabilities, prioritize them, and mitigate risks. We will also review the inputs and outputs of vulnerability scanning and the vulnerability scanning architecture and ecosystem. Additionally, we will examine the different types of software and systems that need to be scanned, as well as when to scan them. By the end of this talk, attendees will gain a better understanding of vulnerability scanning and how it can be used to strengthen their software supply chain.

The technical challenges of AI quality are immense. How can you explain errors in neural networks? What quality criteria should you use? We’re going to explain why testing the quality of machine learning is an important, but difficult task. We’ll also show how Giskard is helping ML engineers deploy artifical intelligence systems to production, while putting in place a framework of tests built around performance, robustness, and ethics. We’ll then show how we can integrate these testing frameworks into the deployment pipeline to automate the quality assurance process with each new model version deployed.

This session will go through various open-science projects conducted by a group of aviation enthusiasts working in the field of aviation and sharing a common objective to share open knowledge about all what is available to analyse aviation data. The presentation will go through sources of data, software projects (mostly Python and Javascript libraries) and dissemination initiatives. Use cases encompass large-scale simulations, pattern and anomaly detection, environmental impact of aviation and GPS interference monitoring.

I will be delivering a presentation on how to improve the developer experience by using the Backstage Developer’s Portal. Backstage is an open-source platform that allows you to create your own developer portal. Many well-known companies, including Unity, Netflix, and Spotify, have already implemented this highly adaptable platform.

My discussion will center around the key features of Backstage, such as software templating, cataloging, searching, and a straightforward portal for all documentation. By utilizing Backstage, you can overcome various developer challenges, such as managing documentation, clarifying relationships between different parts of your software, identifying the responsible person for a particular module or source code piece, or launching a new project with best practices.

Furthermore, I will demonstrate how you can manage multiple applications from a single portal by creating plugins in the backend, and how you can enhance the user experience by offering.

80% of biographies on Wikipedia are about men. 80%… Which means barely 20% women. Did they not exist? Did they not make history? Why is there such a gap between the genders and how can we fill it?

Presentation of a few figures and the great “Les sans pagEs” initiative, a collective that refuses to give up. Because on the free encyclopaedia, everyone can contribute, whether they know something or not, and thus restore a little more equality.

Because #RepresentationMatters

Member companies of TOSIT (Crédit Agricole, Enedis, BPCE, RTE) will report on the use of plugins compatible with SonarQube grouped into “ecoCode” libraries.
How does the analysis of source code in integration chains continue to make our digital technology more responsible?
Software exists through the hardware (computers, smartphone, servers, network hardware, etc.) on which it runs.
These devices have an environmental impact through their energy consumption, their production and their end of life.
One of the solutions is to build lighter sites, eco-designed applications that avoid unnecessary battery consumption and fight terminal obsolescence.
ecoCode offers an open source solution through the awareness and feedback of indicators directly linked to the code produced.

Beyond all the hype about ChatGPT and vector databases, how can you build a conversational search engine (aka “chatbot”) based on data that needs to remain private?

Elasticsearch has been known for a long time for its conventional full text searches by keywords. For several years it has integrated the latest advances in the field of semantic research: semantic analysis (dense vectors), vector research and now hybrid research with ESRE, the Elasticsearch Relevance Engine.

In this presentation, we will see how to integrate Elasticsearch and LLM with LangChain for semantic indexing of documents, then a chatbot to question this corpus without calling on third-parties.

Zephyr is an open-source RTOS which has been gaining traction in the recent years.
Combining a small footprint and modern software development concepts, it bridges the gap between traditional micro-controller development and high-level software developers. In this talk, we’ll present the Zephyr OS and discuss what developers can expect from it. We will focus on how Zephyr can be used from a Linux Kernel developer, how it can be used for your connected platform, and how you can use it to build complex embedded product.

In France, GIE Sesam Vitale coordinates data exchange between healthcare professionals and medical insurance funds. To do this, the GIE has set up an email exchange platform.

Docapost operates the new version of the platform on an open source base: Apache James, the email server of the Apache foundation, proposes a high availability, geo-replicated and scalable infrastructure. We are talking about 5 million emails and 500 GB of incoming emails per day.

This deployment is proof that critical infrastructure documents can be handled by open source techniques.

In a world where utopia is often perceived as dangerous or unrealistic, the vision of a better future through technology seems to have vanished. It would nevertheless seem that this lack of vision has impacted our exponential productions in a dangerous and imbalanced way. Blind belief in perpetual progress has made any questioning about the usefulness and impact of technology impossible.
This talk aims to promote the idea that belief in well thought-out technological utopias promotes the development of their positive impacts both socially and ecologically. It is time to think again about our approach to technology, to move away from simple production without consideration of the consequences and to commit to more in-depth thinking about the values and objectives that we wish to achieve.

How can we rethink technology and our relationship with it during this ecological and social crisis?

Nix, with its functional philosophy, revolutionizes package and configuration management, offering unmatched control, reliability, and flexibility. This session will explore the basics of Nix, its unique features, and how they can enhance your experience as a developer or system administrator. We’ll cover topics such as reproducibility, dependency isolation, atomic transactions, and rollback mechanisms. Whether you’re a developer, system administrator, or simply interested in open-source, this session aims to provide valuable, practical insights.

Are GAFAMs the symptom of a systemic problem: surveillance capitalism.

There are many and often damaging technical, political, economic and of course ecological impacts of this extension of capitalism.

The Framasoft campaign “COllectivisons INternet, COnvivialisons INternet” (“COIN COIN”), which runs from 2023 to 2025, does not aim to be exceptional, but to show that it is possible with very limited means to create ethical digital environments outside this system.

Whether we’re talking about training programs to support the digital transition (“Emancip’Asso”), making 10,000 Nextcloud spaces available free of charge (“Framaspace”), promoting PeerTube as an alternative platform to YouTube (“Peer.tube”), or learning and sharing between European players with common values (“ECHO Network”), we believe another Internet is possible.

One session to present our collective Tech’Care planet initiative which currently brings together more than 55 national or regional associations and almost 900 signatories (businesses, training stakeholders, local authorities, etc.).
Or our actions to promote diversity or inclusion within our Femmes du Numérique program, which we are conducting ourselves with a focus on retraining, but also with our partners such as Femmes@Numérique of which we are founding members or even Social Builder.

The effort to simplify the law is reflected in the use of other media than legal writing to meet the obligation to provide information. In 2000, the creative commons opened the door to the use of icons. Personal data law is moving in the same direction. The aim is to highlight the specifying character of these icons by drawing parallels with the creative commons. The adoption of these icons was facilitated by communities of artists and efforts made by the legal community.

In the age of modern web development, the adoption of Single Page Application (SPA) frameworks such as React, Angular, Vue, Svelte, etc. has brought in unprecedented innovation. However, this technology has also introduced significant complexity. Is it possible to benefit from the flexibility and interactivity of SPAs while maintaining the simplicity of Web 1.0? The answer perhaps lies in a forgotten or often neglected technological principle: hypermedia.

In this talk, we will explore htmx, a lightweight JavaScript library that extends HTML and allows rich interaction with the server without having to resort to the SPA approach. It revitalizes the Web 1.0 paradigm by combining the simplicity of traditional HTML and modern interaction capacities.

Digital accessibility has the power to simplify the private, social and professional life of hundreds of millions of people worldwide. And open source, with its growing popularity, can play a crucial role in the promotion of this accessibility.

International standards and references have been set up to help developers, decision-makers and project managers. However, many challenges remain. Are you ready to rise to them?

Three challenges will be presented, with several work areas and/or possible solutions?

1. “Development” challenge Contribute to the introduction of accessible Web
2. “Development” challenge: Choose the right tools for sustainable accessibility
3. “Management” challenge: Manage accessibility without hindering your projects

Depending on your mission and the level of maturity of your organization, you can choose to rise to one or several of these challenges. Help the internet keep its Universality promise!

In today’s rapidly evolving world of machine learning, deploying, monitoring, and updating models has become a critical aspect of ensuring their effectiveness and reliability. This presentation aims to provide a comprehensive overview of the key considerations and best practices for effectively managing the lifecycle of machine learning models. Through an example we will try to explore each step at a time with their specific alerts and triggers. Our goal is to have a simple and fully automated pipeline.

This talk will provide background of Open Source and UK, how this connects to European policy progress and what this means for the opportunities for Open Source in digital health.

This leads in to the emergence of the Custodian Model and how it formed from the NHS Open Source programme.

Health & care has a great deal to benefit from good data and there is significant spend. However in many cases, users and citizens report that their experiences with technology are often less than expected.

Policy, digital technology, financial capacity and demand are all there – so what is getting in the way?

We will explore how these resources can be better aligned to deliver real-world outcomes, with a UK case study of an Open Source application that has displaced proprietary incumbent, and how the Custodian model brings this together.

As a result of having the right information at the right moment whilst respecting privacy and security creates an opportunity to improve health outcomes for all.

The ambition of “responsible digital technology” is clear: transform the information technology sector to adopt a general approach taking into account environmental, social and ethical issues. However, like CSR (Corporate Social Responsibility), it sometimes feels that it is confined to ecology and the reduction of the carbon footprint.

I am a project leader that supports changes on the SNCF Digital Workplace: chatbot to help with digital tools, knowledge management and digital sufficiency. Every day I observe that increasing efforts are made in favour of more responsible digital technology.

This talk will present the FACT framework, a way to create and publish easily Fair API Commitment Terms, making API Terms of Service that are easy to read and understand.
Indeed, the biggest threat on trust in the digital infrastructure we know is the threat on APIs you consume for your software. What if the API provider breaks the API? What if the API provider change its licence? Its version abruptly making it a breaking version without notice? Its pricing making it unaffordable for all users? This is why we have worked to make a framework to make it easy to provide clear open commitment about your APIs to your community.
It is like a Creative Commons for APIs, as it is also easy to read and understand for users about what they can expect about API provider commitments about trust for their API.
This project has been supported by the Ford Foundation, Mozilla foundation and Open Society foundation.

Open source is used to increase lifespan and requires fewer IT resources in general. These two aspects are some of the major factors to make an information system more sustainable. What is the estimated environmental gain (greenhouse gases, mineral resources, etc.)? and in what cases are these gains possible? What is missing, and therefore what would be needed, to broaden this spectrum and thus make IT more sustainable in as many cases as possible?

Review of the technical architecture and operation of a SAAS-hosted HDS solution based on Jitsi, Jitsi-admin and Keycloak.
The project, which is already in production, enables health insurance medical officers (the organizer) or their secretaries to make an appointment with a private practitioner (the guest) for peer-to-peer discussions on medical topics, on a platform interconnected to the health insurance SSO for authentication. Guests pass through an airlock, then remain in a waiting room until the organizer opens the video conference and validates their arrival. Sessions are automatically closed five minutes after the departure of the organizer.

The open source policy of organizations is still too often limited to a selection of open source licences compatible with the strategies of use and operation of open source components.

This first step secures the most visible risks (infringement action, contractual liability, etc.) when combined with the identification, validation and monitoring of the actual use of each Open Source component or dependency in line with their licence(s). When effectively done, such an approach is an excellent opportunity to extend to other organizational issues: sustainability, vulnerability, export control, open chain and even GDPR. The list is long.

The aim of this presentation is to share the state of the art of existing practices in terms of open source compliance, as well as an overview of all the other risks and opportunities that an open source policy is likely to cover.

When you’re not used to producing software, especially open source software, you sometimes mistakenly think that publishing open source software is the culmination of the work you’ve done… when in fact it’s the beginning of the adventure.
Efforts made to publish and the pride of seeing the project come to fruition do indeed make you think that!
We have brought together 5 players, 1 ESN and 4 major users, of which 3 are members of TOSIT who have been involved in this adventure for a long time.
They will tell us what best practices or pitfalls they have identified.
The software and maintainers present at this round table will be:
• ToBeContinuous > Girija SAINT ANGE of Orange Innovation
• .Stat Suite > Eric ANVAR of the OECD
• Orekit > Sébastien DINOT of CSgroup
• Otoroshi, Izanami, Daikoku,… > François DESMIER of MAIF
• Lutèce > Philippe BAREILLE of Paris City Hall

VMware is the world leader in business virtualization solutions. Proxmox-VE is the most widely used Open Source hypervisor.

By reviewing Proxmox-VE’s advanced features, we’ll try to see whether it offers a viable and definitive alternative to VMware in business.

The talk will focus on the most innovative aspects of the Proxmox offering, and in particular on the following points:

– an overview of Proxmox Cluster File System (pmxcfs)
– hyper-converged infrastructure with Proxmox-VE and CEPH
– SDN and PVE infrastructure for business
– Overview of Proxmox APIs

This overview should give CIOs and professionals a better understanding of the opportunities offered by Proxmox-VE in business.

“Open Science Prize for Free Research Software 2023”
“When open source meets the needs of open science”
“Can Open Source Save Biodiversity”

The CRA, a test for the European open source community

How to create a sustainable business based on an open source project: the story of Linphone.
Do business now with your open source project

IIoT or Industrial automation projects mainly use proprietary and closed solutions!
Is it possible to create an open and secure PLC (programmable logic controller) based on open-source projects?
From the programming environment (dedicated automation engineer) to the execution runtime what are the existing open-source projects ?
What are the obstacles to the adoption of open-source in the field of industrial automation?
Open-source factory? what open-source control systems (SCADA) exist? who develops them and where are they installed?

Terms such as “cryptocurrency”, “metaverse”, “NFT” and “web3” are increasingly bandied about. They are invariably presented as essential innovations in tomorrow’s world, without it ever really being explained why or how… Apart from one thing: it all comes down to“blockchain”. In addition to these facets of new technology, “blockchain” is also supposed to revolutionize certain existing practices: for example the certification of certain documents (legal, diplomas) or traceability (supply chain, food industry).

But what actually is a blockchain? What is it in practical terms? Does this technology live up to its promises? Are all these uses really justified?

Digitalization of infrastructures entails new security challenges which needs to be addressed. This includes the secure transmission of sensitive data. Among its key characteristics, OPC UA includes native cybersecurity mechanisms which are evaluated by the BSI (German equivalent of the french ANSSI) on a regular basis. As a consequence, OPC UA is widely adopted for systems which need to fulfill security requirements for regulatory constraints.
During this talk, after an introduction to these features, several uses cases will be discussed. Finaly, we will see that open source solutions exist to secure your system with OPC UA.

Have you never dreamed of a world where everyone can create and manage DNS records? That’s now possible with OctoDNS.

Since it has been made available to the community, it has become increasingly possible. The aim of this talk will be to explain how it works and to give you some practical examples.

The practical examples will be presented in short demonstrations like for example: “Migrating from on-premises to the cloud in one command”, so that you may see the power of the tool for yourself.

When we talk about the security of production platforms, we strongly rely on vulnerability scanners. There are many of them and they do an amazing job by helping us identify security problems (missing configurations, identification information, CVEs, etc.). But as powerful as they may be, we should not put our blind trust in them. There are whole swathes of information that security scanners cannot even see so how can they help us secure it? In this talk, I would like to share my experience in security scanners of all kinds, their advantages and their disadvantages. But above all, and even more importantly, how to offset their shortcomings and offer the highest possible level of constant security.

Domain names are an essential yet neglected aspect of the internet.
Why?
They are mandatory because they are a key factor in traffic routing. But how many professionals have the technical knowledge that these domains require? It is easy to make mistakes when using them.
They are often neglected because they are complex to use Yet they are nevertheless indispensable and would help private users to better control their privacy on the internet.
Here we give a short overview, ranging from the private user to the most seasoned sysadmin.

After experimenting with the Spring Native project, the Spring team has added AOT (Ahead of Time) support to Spring Boot 3. The aim of this effort was to deploy applications as native executables with GraalVM but also improve efficiency in JVM.

During this session, Stéphane will present the general architecture of the solution, what to expect as a developer and how to get started. He will conclude by a brief description of ongoing projects.

Devfile is “An open standard defining containerized development environments”.

When you develop on your local system, you probably use a Makefile, which is listing all the commands you may want to execute during the development, the build, or the installation of your application.

The Devfile,similarly, defines a list of commands, but provides container and Kubernetes-related abstractions to simplify the definition of these commands.

Examples of command types are:
– applying a resource to a Kubernetes cluster,
– executing a command inside a specific container,
– building a container image and pushing it to a registry.

The Devfile also defines groups of commands (build, run, debug, test, deploy), so that tooling can understand the intent of commands.

To explore these possibilities, Philippe will demonstrate an inline editor to create a new Devfile, and a CLI, leveraging the information into a Devfile to help you loop over the Edit-Build-Run cycle during your development.

Nowadays, many of you (devs, sysadmins, etc.) use Kubernetes, in one way or another. You know what a container is and that you can trust Kubernetes to deploy it reliably in production.

But beyond that, have you ever asked yourself “how” Kubernetes works?

What happens between the moment you do a “kubectl apply” (or “helm install”) on your computer and the moment the application becomes accessible?

When a node breaks down, what can you do to restart the application on another node without having to wake up the human on call?

How come we can access any container in our cluster without calling on a seasoned network admin for every new deployment?

I propose that we look together at all the internal components of Kubernetes to conclude that “no, Kubernetes, is not automagic”.

In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, that will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that comes with time, as well as increased experience with your deployments, stacks, and security posture.

The recipe for magic potions is usually only the preserve of druids. But, here is the exception. The druid council of the Carnutes forest has authorized me to reveal a few of the ingredients in this potion.

I may even unveil the secret ingredient!

In this slidefree session, I will tell you how open-source completely boosted my career. The ideas:

* contribute however you can,
* don’t be scared,
* open source yourself!

Grafana is a popular open-source monitoring tool, but often, new users are unable to utilize its full potential to efficiently monitor or visualize data.

In this talk, we will demonstrate an example of how to monitor your Discourse forum using JSON API. Later, we see more advanced features to get better observability.

It will be an introduction to the Dashboards, and also an excellent opportunity to learn more about the advanced features, including troubleshooting & debugging.

join us to learn more about Grafana dashboards, community contributions and share your feedback and suggestions!

An ecosystem of interoperable, sustainable and accessible solutions for the agricultural sector supported by its network of local experts to reinvent the agriculture of the future.
Innovation is now needed to reinvent agriculture but remains inaccessible to farmers (cost, maintenance, interoperability, support). The OSFarm project aims to lift these obstacles through open source and its assets (sharing, community, etc.). This project will also bring software and hardware solutions for all agricultural activities.

A lot has been said about eco-design and sustainability in the Tech world in recent years.

The “Green Software Foundation” is one of the latest daughter foundations of the Linux Foundation.
Founded in 2021, this foundation tries to bring together Tech players to share a joint vision and scalable actions.

Who is involved in this initiative? Are there any ongoing actions?

Come and discover how to share best practices in eco-design through GSF.

Do you think that a sovereign open source digital workplace could never be as comprehensive and efficient as the Microsoft 365 proprietary solution? We will prove to you that it is possible and will give you all the information you need to make up your own mind!

Come and discover how the French open source digital workplace and integrated platform eXo covers the Microsoft 365 functional field and satisfies organizations’ security and sovereignty requirements.

If there is one place where you can dream of a freer, more ethical and more logical internet, it is OSPX! Whether you are familiar or not with Fediverse concepts, I will present a short session to review the largely underexploited opportunities afforded by the Fediverse, well beyond social media.

In a first conceptual and philosophical part, we will look at the fundamental principles to understand how it works and why it is a political choice in the same way as free software

In a second part, we will look in more detail at the technical aspects to understand RDF, ActivityPub, Webfinger, Solid, etc. Powerful and functional standards and tools are already available!

And while some people lose themselves in the chaos of the metaverse, join us to build a real and concrete Fediverse, where freedom and ethics are much more than simple virtual promises.

Presentation of quantum computing based on the principles of quantum mechanics

From Richard Feynman’s original idea to the present day.

How do Qubits replace traditional computing bits?

The main quantum gates for superposition states, quantum entanglement, etc.

Shor, Grover algorithms, quantum teleporting, etc…

QML and its outlook

Quantum creativity, quantum cryptography, the future quantum internet, etc.

Join me as I take you on a deep dive into the world of Node.js security. As a member of the Node.js Security team, I’ve witnessed firsthand how all languages are or were vulnerable to some kind of threat. In the year 2022, our team performed numerous Security Releases, some of which presented challenging situations that required creative solutions.

If you’re interested in the technical aspects of hacking and securing Node.js, you won’t want to miss this talk. I’ll share with you 5 ways in which Node.js can be hacked, and delve into the tactics used by the Node.js team to deal with vulnerabilities. Moreover, I’ll also reveal how you can earn money by finding critical vulnerabilities in Node.js. So, whether you’re a developer, a security enthusiast, or simply curious about Node.js security, this talk is for you. Join me and let’s explore the exciting world of Node.js security together!

Acceptable digital technology should answer three major questions: does it emancipate or alienate? Is it chosen or imposed? Is it environmentally and humanely sustainable?

Free software brings elements to answer these three questions. But is it enough? Certainly not, and this talk aims to get people thinking about the limits of an exclusively free software approach to responsible, sustainable and acceptable digital technology.

This conference will strive to demonstrate that free software is one of the indispensable ways to build acceptable digital technology. Acceptable digital technology should not be restricted to values, imaginary worlds and the realities of free software. We want to share thoughts and open the debate!

In an increasingly connected world, ransomware represents a serious threat to data security. How do we establish robust defence mechanisms against ransomware in the open source field? In this talk, we will explore how the open source nature of some projects can influence challenges and opportunities in terms of cybersecurity. We will discuss the testing and back-up strategies and practices to strengthen our defences and prevent ransomware attacks. The aim is to give participants an overview of effective methods to detect and fight ransomware in the open source ecosystem.

The no-code/low code movement is taking over businesses.
The sector’s heavyweights are proprietary SaaS platforms.
However, a number of open source players are emerging, trying to capitalize on their openness and strengths.

The French no-code community has more than 10,000 members and is one of the most active in the world. It includes people from all backgrounds (most of the time not even in IT). It often works through recommendations.

Let’s explore this ecosystem together and the problems it faces in establishing itself. We will also talk about how to present the philosophy behind free software to the lay public.

Conventional monitoring in these days of the cloud and multiservice architectures is no longer the norm. Where monitoring spots a problem, it is necessary to answer the “why?” of the problem, its root cause. We are going to see, through the example of eBPF (Extended Berkeley Packet Filter), a real one-stop shop, how to set up such a strategy and have an overview of how things operate.
Starting with a practical example (a Kubernetes infrastructure), we will look at the installation and configuration of eBPF and how it can be used, especially for network- and security-related issues.

Moore’s law has structured the history of digital technology since 1965. Its inventor, Gordon Moore, the co-founder of Intel, recently died. What if his eponymous law were to die with him?

Tristan Nitot offers a fictional outlook to imagine together what this would mean for the hardware and software industries. But also to see what would change in terms of the impact of digital technology on the climate (spoiler alert: a lot!).

Would it be the beginning of generative AI?
Would progress come to a standstill?
Would service providers have to close shop?

Over the past 20 years Open Source monitoring and observabillity has changed quite a bit. We went from pure health checks with tools like Nagios, Zabbix , Zenoss, Icinga etc..
Trough collecting more metrics with things like Ganglia, Collectd etc and visualising them with Graphite and later Grafana etc .. We went from “Monitoring Sucks” to “Monitoring Love” …

Prometheus popped up in our industry .. and we learned to deal with logs, metrics and traces.

So where are we today .. how do you monitor and observe your ecosystem with Open Source tools.

This talk will tell you about our experiences running multiple saas platforms with 100% open source tools and how to monitor them.

When we need to open an app on a Kubernetes cluster, best practice consists of defining “request” and “limit” resources to guarantee its smooth operation while guaranteeing the health of the host cluster.

OK, but what “request” and “limit” values should be specified? If there’s not enough RAM will the application be “OOMKilled”? If there’s too much CPU will it block other deployments?

After an overview of the different options to configure these resources, I will show you a simple but effective tool to help you define pragmatic values: Goldilocks and the automatic use of Vertical Pod Autoscalers.

jQuery undeniably powers the web… Today, over 82 million websites use jQuery. jQuery changed the way developers built web applications and played a crucial role in JavaScript’s world domination.

This talk reveals some of the startling statistics and analysis of the impact jQuery has on today’s internet and the history of what made this library the powerhouse of the web.

In 2023, new frameworks, such as react, have taken over web development, but jQuery still lives on. Are there security risks? What would a world look like without jQuery? Are there modern alternatives and web standards to this library? What would be the reasons to switch to them and how? Is it possible to have too much of a good thing?

Imagine a future where the world relies less on this fundamental building block and why we might want to work towards that future.

The rise of software development forges like GitHub has dramatically reduced friction to create and run open source projects. In this context, what is the role of Foundations today, in the wider open source ecosystem?

In this talk, Thierry Carrez, General Manager at the Open Infrastructure Foundation and vice-chair of the Open Source Initiative, will share his vision on this topic. After a quick history of open source Foundations, this talk will present a landscape of the type of open source Foundations in activity today, with their differences in scope and principles, then focus on the value add of modern Foundations: enabling open collaboration across several organizations by providing a range of services to the supported project.

Join us for an exciting journey into the world of Collabora Online (COOL), a powerful office suite, seamlessly integrated into your favourite File Sync & Share or LMS provision. Experience the advancements made in the past year, from enhanced performance and interoperability, to improved accessibility and interactivity.

We have infused the underlying LibreOffice technology with a host of essential features for administrators and users alike, including collaborative editing, change-tracking, privilege and privacy controls and so much more.

Learn how Collabora Online brings scalable, secure, on-premise document editing to everyone, simplifying the way you work with an office solution that is truly exceptional.

When talking about contributing to open-source projects, it’s crucial to understand from a maintainer point of view what factors are stopping new contributors from contributing to your project. Whether your codebase is very overwhelming to the contributors for the first time or it lacks good first issues and enough responsive response to their problems. In this talk, I will explain how I built a campaign at Amplication that scaled the contributors from 30 to 200 in just one year and how it solved every problem I mentioned above.

Return of experience in a R&D context about the advantages of using OCP to build an edge datacenter.

Open Compute Project brings the following differentiators:
– sovereignty
– software driven hardware
– no vendor locking

In Thales domains these differentiators are essentials therefore we are experiencing OCP in our R&D labs to assess how we could build the future edge datacenters.

Through this talk I will give some retex about all the underlying OCP tenets :
– efficiency
– impact
– scalability
– openness
– sustainability

In embedded systems we often need multi featured system : good drivers, lots of applications, cyber resilient , of course real time and still easy to use and debug.

To have this so-called “5-legged sheep” why can we combined… several sheeps ?

We will see how to create this full featured system by gathering advantages of several embedded OS on the same SoC.

Brandolini’s law, also known as Brandolini’s principle or bullshit asymmetry principle, stipulates that the creation of disinformation or false information requires a lot less effort than debunking.
With certain data study tools, it is possible to reduce this amount of energy and give all the elements to better apprehend the world with a sceptical eye.
As specialists in search engines, we deal with searching and the relevance of results sent on a daily basis. We are going to use this experience during the presentation.
After having summarized Brandolini’s law and the law of large numbers, we will discuss some of the most common cognitive biases.
And finally, we will propose different tools and methods to help every slightly curious person embark on this adventure.

The aim of the conference is to give a practical insight into how to update an embedded system on a board using Yocto. The conference is based on a demonstration (on Raspberry Pi) and the “theoretical” part will be limited to the presentation of fundamental concepts:

– the different types of update (runtime, asymmetrical, symmetrical A/B,)
– the main frameworks available (SWUpdate, RAUC, Mender)
– the notion of “rollback”

This demonstration will introduce SWUpdate principles (sw-description file and SWU update archive) and Yocto integration, using the Yocto “swupdate” class provided by the SWUpdate project.

The first boot is the last stage in the manufacturing of an embedded product.

Often neglected by architects, developed in an ad hoc way, Linux offers tools capable of controlling this stage and providing interesting features with a limited development cost

* minimization of image size
* partitioning and automatic formatting
* possibility of a simple factory reset
* saving and generation of unique keys per product

In this session, we will look at a range of tools available on Linux systems that can solve common problems but also integrate specific processes smoothly in the first boot.

The word trust is often synonymous with unbridled capitalism. Yet it is possible to reinvent “the trust” by making it the ideal tool to structure digital commons teams while remaining economically sustainable.
Indeed, one of the issues that the digital commons have been trying to address for several years now lies in the economic unthinkability of free software. As it relies solely on licences, and therefore on copyright, free software dodges the question of how to value work done in order to continue to maintain and develop it.
The trust, and charitable trust in particular, is a solution to explore how to give value to work performed within the digital commons without compromising on the essential values and characteristics of these commons.

Have you ever had difficulty logging onto systems that have not been designed to communicate together? It is a common challenge that many microservice architectures now have to face. In this presentation, we will explore some tools and approaches that can help you break down these silos and integrate your microservices with external systems perfectly transparently. This will allow quicker development cycles and more efficient integration.
We will start by introducing Apache Camel, a powerful tool that has more than 300 connectors to transfer data between a large variety of systems. Camel has a vast array of features in terms of routing, filtering and transformation. It is a multipurpose systems integration tool which can help integrate your systems efficiently.

In the area of automatic language processing, the French language suffers from a lack of corpora that are completely free of copyright and without commercial constraints, apart from a few web-, Wikipedia- or literature-oriented corpora. In the field of business document corpora, there is practically nothing, in contrast to the English language. In partnership with the University of Toulon, France Labs is working to create such a French corpus through an etalab open licence. In this session, we will present the premises of the project, the difficulties encountered to find usable documents freely or convince institutions to liberate data, but also the technology used like Spacy, as well as the first results.

A simple and effective alternative to Helm. A framework to deploy applications in Kubernetes.
– One single artefact between the different environments
– Simple, Simple, Simple
– OSS
– Secured by design
The packaging of applications by Helm has won over the world with its power and very easy use
However, Helm templates are difficult to create and often long to finalize.
Although less well known, there are very interesting alternative solutions such as Acorn

Acorn claims to make life easier for developers, sysops and devops to package
and roll out applications on Kubernetes.
Acorn’s approach is radically different to Helm’s as Acorn does not need a Kubernete manifest template.
With Acorn, developers can very easily describe the components of their applications,
execute them locally to easily test their application.

GDPR requirements include an inventory of locations in an organization, which store sensitive privacy-related information. But the inventory may not reflect the reality of these locations, for example if employees save information in other places. If there is an audit, penalties can apply in case the inventory is incorrect. In this session, we will show you how to configure the Datafari enterprise search engine – in its open source community version – and to combine it with regular expressions and the extraction of entities named via Spacy in order to harvest the information system of your organization (intranet, file sharing, SharePoint, etc.) and show documents containing sensitive data.

State-of-the-art integration of digital practices and approaches within communities, projects and open source solutions. After a rapid presentation of criteria studied and the methodology used to bring together the information presented, we will review a holistic approach to responsible digital technology, a statistical overview of practices within communities and open source projects, depending on their size, their domains, their approach in terms of licences and market, etc.

When you publish your first HTTP API, you’re more focused on short-term issues than planning for the future. However, chances are you’ll be successful, and you’ll “hit the wall”. How do you evolve your API without breaking the contract with your existing users?

In this talk, I’ll first show you some tips and tricks to achieve that: moving your endpoints, deprecating them, monitoring who’s using them, and letting users know about the new endpoints. The talk is demo-based, and I’ll use the Apache APISIX project for it.

Why did the choreographer refuse to use orchestration in their distributed system? Because they wanted their components to dance to their own beat, without a central conductor! This talk explores the differences between choreography and orchestration in software development for distributed systems. Choreography involves the independent coordination of software components through message passing, while orchestration involves a central orchestrator managing the interactions between components. Through examples such as e-commerce and travel booking systems, the strengths and weaknesses of each approach are highlighted. By understanding the pros and cons of each approach, software developers can make informed decisions about which approach to use for their specific use case, ultimately finding harmony in their distributed systems.

The SDIS 57 (fire service in Moselle, France) wanted to present services available to users for the collaboration, organization and safety of data on a free platform. With Arawa, it worked on this pathway to implement a service based on Nextcloud, Callobora Online, BigBluebutton as well as Arawa Workspace and Monitor.
The project shows the existence of a free alternative offering several assets to set up a comprehensive collaboration solution.
The presentation will look at how the project is built, any points requiring attention and its major benefits.

WebAssembly (Wasm) promises to change the nature of applications. Server-side Wasm is more efficient for delivering truly portable applications. With Wasm being browser-focused, let’s take a deeper look at the needs of the server apps.

The Wasm sandbox provides a high-performance, highly portable, and secure-by-design runtime environment. There is a single byte-stream input and a single byte-stream output; closely matching HTTP request/response patterns. Only a simple bridge is required to connect HTTP clients with server-side WebAssembly.

Open source NGINX Unit is an application runtime for web apps and APIs. It handles the HTTP(S) front end, request routing and serving of static assets, including the runtime execution of application code. Unit decouples the HTTP server from the application process. And it is an excellent fit for Wasm’s sandboxed execution.

Come find out how NGINX Unit is the runtime platform for FaaS and for local developer experiences.

Logs and traces generated by applications are valuable sources of information that can help detect issues and improve performance. However, they are often treated separately from other data, even though they are no different from the data an application works with. In this talk, we will explore a different approach: treating logs and traces as part of a scalable cloud storage repository that can be analyzed with the same techniques used for big data.

By keeping all the data together, we can apply machine learning models to detect situations of interest and alert us in real-time when unwanted behavior is occurring or brewing. This approach enables intelligent monitoring that goes beyond simple threshold-based alerts and can help identify complex issues that would otherwise go unnoticed. We will discuss how to harness existing technologies to implement this approach, providing attendees with practical tips and insights that they can apply to their own projects.

Progress and challenges of alternatives facing the BigTechs

In the latest years, the subject of European Digital Sovereignty is gaining ground. Clearly the dominant position of the BigTechs is making both European companies, Countries but also individual increasingly dependent on the product and services of the BigTechs. In order to regain our sovereignty we need to look at the full stack, from hardware, to cloud and to the software running on those hardware and clouds.

In this talk I would like to present the importance of Collaborative applications as the entry point of all collaboration and the need to regain ground and move to Open Source solutions.

I will show the progress made in the last years by different providers of Open Source solutions (NextCloud, Matrix, BigBlueButton, Jitsi, XWiki, CryptPad and many others), and also talk about initiatives to build alternative solutions in Europe, such as the Sovereign Workplace Project in Germany or the initiatives in France.

CLIs (Command Line Interfaces) are used by everyone and have been around since the dawn of time. Often synonymous with productivity gains, their creation is sometimes obscure and can seem complex. It was the case a few decades ago, but for several years now, languages and frameworks are used to write simply in your favourite language.

I propose using a language that does not seem, at first sight, very intuitive to create a CLI: Java! But it will be well supported in this task: thanks to Picocli and Quarkus, ours will have all the makings of a great CLI while being easy to develop! And, as a cherry on the cake, we will create a “real” executable using Graal VM.

Come and join me for a live coding session to highlight how to create a CLI from scratch in Java with Picocli and Quarkus!

As developers, we often regard security as a distant problem and cannot see its relevance.
Yet our code is often the cause of several flaws that we ignore.
Let’s look at them and exploit them together, live, on an existing application.

After this session, you will be able to answer the following questions:

– Is security part of my domain?
– What is the developer’s role in application security?
– What best practices should be applied?

Get ready, no holds barred!

After Sexion by Assos and Assaut de Bien Fêteurs, this year we will create the Zone Associative Déjantée which aims to celebrate 25 years of LinuxFr.org and OSI.

The associative village will be similar to last year. The LinuxFr association continues to coordinate it and maintain a good general mood with part of the team. It is possible to win ENI and Eyrolles books and subscriptions to GNU/Linux Magazine France (we went all out this time!). Thanks to Diamond, Eyrolles and ENI for their donations;

Every day, on our stand, we organize a draw at 5 pm that lasts about twenty minutes.

Florence implied that there would certainly be a dedicated stage and we would like to run this event at around 5 pm and let people win prizes in indecent quantities this year. We will also serve special 25 LinuxFR and OSI beers.

Proprietary APM (Application Performance Management) solutions have provided immense value to developers, yet are very expensive, in part because there was no good way to assemble a similar feature set in Open-Source Software (OSS). Everything from the agents over the collection layers to the backends were proprietary. This is now changing with OpenTelemetry and its instrumentation SDKs and backends like Prometheus, Loki and Tempo.

This talk will show you how you could leverage the power of OpenTelemetry and Open Source backends like Prometheus, Loki and Tempo to build a compelling APM solution. We will also cover implementation risks and the upcoming improvements in the OTel community that will make things easier and more valuable. All built with and on top of OSS.

Forecasts for the development of the web in terms of both infrastructure and services point to continued growth over the coming decades. Its footprint in France (12% of electrical consumption) could triple by 2050.

At the same time, climate specialists, like many scientific experts, clearly describe the necessity of drastically reducing our CO2 emissions (and even more).

These are two clashing scenarios at different levels. Several solutions are put forward. One includes degrowth, sometimes criticized but above all misunderstood.

Let’s look at what this model proposes and how to position the web of the Future within that context.

Some free software is funded by service contracts sold to large corporations which legitimately expect a certain number of features in return.

How to implement these sometimes hyper specific needs within free software without encroaching on the needs of other users, compromising security or making maintenance more cumbersome?

I talk about my experience as a free software developer and as a consultant paid by customers to solve their problems with this same software.

It’s never too late to opt for open source! From their career choices at high school, in their university courses or even during their conversion to open source, we will look at the experiences of 4 women who have built their career around it.
Technical, sales, consulting/research or marketing jobs… open source is open to all profiles. By making their code accessible to all, open source projects allow them to work collaboratively. Open source has become a field of excellence in a booming digital market and provides solutions to build a more innovative and responsible digital world. Join us in this round table and find out why open source deserves your interest.

This round table is part of French Digital and Computer Science Week running from 4 to 9 December, aimed at improving knowledge of digital careers, and promoting the teaching of Digital and Information Science (NSI) in French high schools.

The Sovereign Workplace project is a true Open Source based office productivity suite. It features already established and enterprise-ready Open Source Software with a higher level of integration between the individual software components. Ultimately the Sovereign Workplace will provide for a standardized environment for office productivity tools especially for the public hand where administration tasks will be delivered in full control and in compliance with Data Privacy and Digital Sovereignty. The Sovereign Workplace is a cloud-borne solution which provides scalability and supports mission critical use cases. It is the future of a Digitally Sovereign office productivity.

Open Food Facts, the open data database on foodstuffs, celebrated its 10th anniversary in 2022 with a brand new application, almost 3 million products in its database, more than 200 additional reuses of data and a first plan to participate in high impact projects like Nutri-Score and Eco-Score. In this conference, we will look at how this Digital Commons works and develops. What are the issues involved? How the projects create bonds with the general public, food industry, re-user applications, scientists, public organizations, private foundations and the contributor community. How can we be as open and transparent as possible?

From the start of 3D printing, about ten years ago, to free telephones and computers, open source hardware has seen its spectre but also its adopting public expand. Huger projects, lowering component prices, direct access to manufacturers… Everything, or almost, is possible.
But there still are many challenges facing the community to develop further: patents, software lock, bottom-up innovation, crowdfunding, financing and licences are major and constantly changing subjects.

Machine Learning relevance is a matter of data.
But data must contains meaning to be useable.
If we talk about how to detection of cyberattacks through data we need to talk about:
What is a cyberattack?
What kind of data could describe it ?

Fortunately Open Source standards appeared in the community to help us.

This session aims to describe the diffculty to have proper data to train machine learning model for cyberattack detection and what Open Source standards could change in this situation.

In the last year we saw the rise of AI systems like ChatGPT, Stable Diffusion, Dall-E and others. This rises a lot of questions and challanges for the Open Source community. How can we make sure that the AI system are not discriminating underrepresented minorities? What is the CO2 footprint and is AI truthful. This Talk will cover the current Open Source AI features in Nextcloud that are developed by Nextcloud and also covers our Ethical AI framework. We at Nextcloud are committed to develop 100% Open Source and ethical AI systems.

I would like to take you on a fascinating journey through emerging initiatives and technology (such as Web3, Web3.0 and Fediverse) which could shape the future of a decentralized Internet. Discover how you can become involved in this movement in favour of the (re)decentralization of the Web and the Internet. Join us to explore the opportunities given by these inroads, and help create an Internet where users control data.

“We’ve lost the bid, our WCSG (Web Content Sustainability Guidelines) was only AA” Is it science-fiction to have an equivalent of accessibility for ecodesigning web services? Not in 2025! The W3C gathered dozens of profesionnals around the world this year to write together Sustainability Guidelines to implement GreenIT in the design of web services. They will be announced at the TPAC in september and released in their first draft end of the year. Both of us contributed to these workgroups and tell you all about the processes and outcomes of this upcoming guidelines

PyTorch-Ignite is one of the open source tool for training and evaluating neural network in PyTorch. It helps simplify code while maintaining flexibility and transparency.

Initially, we are going to do a brief introduction to PyTorch and then a brief introduction and use case of PyTorch-Ignite.

The we are going to talk about the open source ecosystem of PyTorch-Ignite: code-generator and other open source projects

We will round off with a discussion of the PyTorch-Ignite project community:
– contribution to open source projects
– course programs: GSoC, Quansight, GSoD
– project support by NumFOCUS, Quansight, Agenium Space and others
– how to join our community and help us with the project

Ada is a well-established language, specifically designed to develop real time, secure applications. Mainly used in industrial applications, it is behind many successes in avionics, rail, air traffic control, defence, etc. This presentation shows its main characteristics and new features provided by the new ISO Ada 2022 standard. And of course, it is supported by a free compiler and by proprietary implementations.

The presentation wil introduce an open source dataset tailored specifically for the aerospace industry, focusing on the detection of runways. Comprising 17,000 images, each equipped with relevant metadata, this dataset serves as a valuable resource for training neural networks to identify runways accurately. The creation process adheres to stringent Operational Domain Definition (ODD) requirements, incorporating images sourced from Google Earth and real-life landing videos on YouTube.

In addition to the comprehensive image collection, we present scripts that empower the community to expand and diversify the dataset further. By fostering collaboration, this dataset serves as a catalyst for pioneering research in object detection, instilling robustness, explainability, and confidence in artificial intelligence applications developed for aeronautical contexts.

According to a French government report, in 2019 French GHG emissions from the digital sector was 2% and, if nothing is done, this number will rise to 7% by 2040. While 14% of these emissions are due to data centers, cloud providers try to reduce this environmental impact by using different cooling techniques. However, the efforts remain at hardware level. A new opportunity for improving and optimizing data centers power consumption lies in the software that runs inside them.
To make such software more energy-efficient, it is necessary to measure their power consumption. Software-defined power meters, like the PowerAPI OSS toolkit developed by Inria, enables users to build this kind of power meters on demand. Thanks to them, it is possible to estimate power consumption of software at different granularity levels. Besides Inria, this initiative is supported by different industrial sponsors via an open source consortium created in 2022: OVHcloud, Davidson consulting, and Orange.

The world of work is constantly changing and this trend has speeded up during Covid. Nowadays some sectors find it hard to recruit and need to adapt their HR policy to new individual and collective aspirations.

The digital sector does not escape this phenomenon. But beyond the imbalance between employment supply and demand, we can look at the impact of employer practices.

How can community values and practices inspire HR policies to recruit and retain talents?

Virginie Jourdan is the HR director of Dalibo, an SME specializing in the free PostgreSQL DBMS. She has also been its co-director since 2018.

After having touched on current issues regarding tech recruitment, she will share the organizational practices of Dalibo and other companies, directly inspired from free and cooperative mindsets.

Claroline is a free software created more than 20 years ago. Many things have changed since then. The development of a large community and its suffocation, the creation and death of an international consortium, the rewriting “from scratch” of the software, the evolution of the financing model from subsidies to an economic model… In this session, I will share the highlights of the life of an “old” free software and try to understand its successes and failures. The aim will also be to share a human adventure because a free software, community and society is a human story even for a fundamentally corporate software like Claroline, as I will explain.

As elsewhere, masculine domination is a problem in the IT world and in free software. To change things and allow women and gender minorities to feel comfortable, it is necessary to be empowered and to act.

April proposes to present and discuss actions that it has taken in recent years on gender diversity and inclusion within the association and its activities.

There will be a focus on the organization of the “Libre à vous !” radio program which aims to promote and give value to the women present in the free software world.

We will also cover the question of inclusive language, training, self-training, event organization, etc.

This presentation looks at gender diversity, even though diversity needs to be discussed and treated as a whole.

18 months of studies and research allowed us to build the “Observatoire de l’accessibilité”, a free software to regularly measure the application of the RGAA (Référentiel Général d’Amélioration de l’Accessibilité).

50,000 public sector websites have been initially analyzed. We offer an objective and quantified look at this colossal mass of data published in open data, with its share of questions:

– Are cities more accessible than ministries?
– Are the municipalities, with a population that is older than average, more accessible?
– Who is responsible: providers? public buyers? Groups for disabled persons?