Open Source Summit North America 2025

Generative AI (GenAI) is ushering in a new era of human innovation, but building your own GenAI application can feel overwhelming. Which Large Language Model (LLM) should you choose? Should you incorporate Retrieval-Augmented Generation (RAG)? How can you ensure your application runs securely and efficiently on Kubernetes, with robust observability and debugging? And how do you manage API calls and control costs for external LLMs?

This demo-driven session will guide you step by step through building, running, securing, and managing traffic for a GenAI application from scratch. Starting with a native setup, we’ll then transition to Kubernetes, simplifying the entire process. You’ll learn how to enhance your application with domain-specific knowledge using RAG and leverage cloud-native tools like Kubernetes, Prometheus, Kiali, Istio, and the Kubernetes Gateway API to run your application securely and effectively.

As organizations rapidly adopt Large Language Models (LLMs) in production environments, understanding their unique security vulnerabilities becomes crucial. This session provides a deep dive into OWASP's Top 10 LLM risks, examining real-world examples and practical mitigation strategies.

In the original Matrix movie, Neo learned Kung Fu through an upload. Imagine if your ML could learn the same way. That's what a pickle file does for ML - "I KNOW KUNG FU" or whatever was in the file that was supposed to be "learned" by your ML model.

What if there was a plot twist where Agent Smith tampered with the Kung Fu module so that it included a fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was trying to find an exit?

That's what's happening in Pickle Files, and that's the setup for ML and AI.

This talk will explain the threat, provide some examples, and discuss emerging detection capabilities. When it's over, you will know kung fu.

Okay, besties, real talk. Your code's dependencies? They're giving… chaotic energy. Like, are you even SBOMing? 💅
We've all seen the drama. log4j? xz utils? Straight-up trauma. But like, where do you land on the security spectrum? Are you accidentally downloading typosquatted packages because you're living your best, most chaotic life? Or are you a security queen, catching backdoors before they even exist? ✨
This talk is basically a giant vibe check for your security habits. We're gonna do a quick, brutal quiz – think 'are you the drama?' but for your code – and find out which iconic supply chain meltdown matches your energy.
We'll spill the tea on real-world attacks, from the 'oops, that’s a backdoor’ to the 'someone’s running Doom on Minecraft servers again' level. And we’ll give some practical advice on how to have good security posture. Stretch, queen!
If your security is giving 'main character energy' (and not in a good way), you need to be here. Let's level up our security game, avoid becoming the next trending security disaster, and maybe even get some clout for actually knowing when lockfiles actually help. 😉

TL;DR: Quiz, memes, securi-tea. 🫖 Don't be a vulnerability.

Debugging Linux kernel crashes is a fundamental skill for developers working in kernel development. In this session, we’ll dive into four of the most common crash types—null pointer dereference, stack overflow, use-after-free, and divide-by-zero. Using real-world examples from an Azure Linux VM, we’ll analyze dmesg logs, walk through kernel crash reports, and demonstrate how to effectively debug these issues using tools like gdb and KASAN.
Beyond debugging, we’ll explore the performance impact of kernel configurations. Specifically, we’ll examine how kernel command-line parameters influence performance, using the SRSO mitigation as a case study. This session will provide practical insights into debugging crashes and optimizing kernel performance, helping developers strike a balance between stability, security, and efficiency in real-world deployments.

Linux is widely regarded as being a strong choice for those who value a secure operating system, but what is it about Linux that earns it this reputation? In addition, while it may be more secure than alternatives, it is by no means impenetrable. What are the weaknesses in a Linux system and how are they commonly exploited by malicious actors? More importantly, what can be done by administrators to ensure that their system is as secure as possible? We will use an example of somebody setting up an Ubuntu web server as a starting point and discuss ways in which the web server can be hardened. We will highlight the importance of implementing best security practices such as using Linux Security Modules, configuring firewalls, and more. As we discuss these best practices, we will demonstrate ways in which failing to use them can leave the web server vulnerable to malicious actors. Ultimately, the audience will leave the talk with an understanding of how Linux systems are vulnerable to attacks, what can be done to harden a Linux system, and how implementing some of these best practices can prevent attacks.

This session provides a comprehensive overview of essential Linux networking concepts, from IP addressing and routing to practical troubleshooting techniques. Participants will learn to configure network interfaces, diagnose common network issues, and gain the confidence to manage Linux network environments effectively.

When you are running an application that contains primary ingredients such as Java, MySQL, Mail Service etc. and all fused up together to be as one, then it is no surprise that you need to rely on more than one monitoring solution. But imagine if there is a one single solution that can bring up the Logs, Metrics, Traces and even Profiling and on top of that, it is completely Open Source? Well, you are in luck, as in this talk we will demonstrate an example on how to monitor your applications by using Grafana and use various integrations and plugins. Later, we will see more advanced features to get key metrics for better observability.

It will be an introduction to the Dashboards, and also an excellent opportunity to learn more about the advanced features, including troubleshooting & debugging.

Join us to learn more about Grafana dashboards, community contributions and share your feedback and suggestions!

Welcome to this exciting session that's all about diving into the world of quantum computing!
🚀 Whether you're just starting out or already have some knowledge, we're here to guide you through the basics and help you get hands-on with programming quantum computers using cool open-source tools.
Forget all the jargon – we're here to break it down for you in a friendly and easy-to-understand way. From qubits to quantum gates and circuits, we've got you covered! You'll get to play around with frameworks like Qiskit, Cirq, and Pennylane while writing and running simple quantum algorithms. It's like a fun tech playground! 🎮 Curious about how quantum computing differs from classical computing and its real-world applications? We'll explore that too! And let's not forget the amazing open-source quantum frameworks that are driving innovation in this field. We're talking Qiskit, Cirq, Pennylane, and more – all waiting for you to explore.

By the end of this session, you'll be equipped with the basics and practical skills needed to kickstart your journey into the quantum computing world. Perfect for developers, researchers, and tech enthusiasts like yourself!

🌟 Ready to take the plunge? Join us for an exciting adventure in the quantum computing ecosystem!

Topics we'll cover: - Introduction to Quantum Computing: Think qubits, superposition, and quantum gates – we'll make it crystal clear! - Quantum vs. Classical Computing: Let's explore the differences and get a glimpse of the potential applications. - Open-Source Quantum Frameworks: Discover the wonders of Qiskit, Cirq, Pennylane, and more! - Hands-On Programming: Get your hands dirty writing and running simple quantum algorithms – it's all about learning by doing! - Real-World Use Cases: See how quantum computing is making waves in cryptography, optimization, and machine learning. - Community and Resources: Find out how you can be part of the quantum journey and leverage open-source projects.

🌈 So, grab your virtual seat and get ready to unlock the magic of quantum computing with us! Let's make learning together a blast! 🌌🪐

You can commit, pull, and push—but do you truly understand Git? Does it feel more like a fragile system you tiptoe around than a tool that empowers your workflow? If navigating your repository makes you hesitant, it's time to go beyond the basics and build real confidence.

In this hands-on workshop, you’ll learn to:

1. Navigate with confidence: Jump between commits without fear using Reflog, ensuring you never lose your place
2. Refine your workflow: Embrace the safety of version control with patches, diffs, and resets to commit first and edit later
3. Keep your best work: Shape your commit history with checkout file, cherry-pick, and interactive rebase to express your intent clearly

Version control isn’t just a safety net—it’s a tool that amplifies your impact as an engineer. Equip yourself with the professional’s toolkit and make Git work for you!

Have you ever botched your git repo so badly that you needed to delete it and reclone it? You're not alone!

This talk dives into the dark side of Git - exploring common disasters like accidental force-pushes, tangled merge conflicts, unrelenting rebases, and the dreaded detached HEAD. We'll look at how and why these situations arise, exploring the underlying Git mechanics that got us into the situation and how we can undo or resolve these problems.

You'll come away from this talk with a greater understanding of Git internals, and the knowledge and tools necessary to rescue yourself from any Git workflow gone awry!

Discover the power of open collaboration with this behind-the-scenes journey into the creation of RISC-V. This session unveils how a global community of engineers, researchers, and innovators work together to design and refine the RISC-V instruction set architecture, bringing open-source principles to silicon. From the challenges of aligning diverse contributions to the triumphs of groundbreaking breakthroughs, you'll learn how the RISC-V ecosystem fosters creativity, accelerates innovation, and democratizes hardware development. Whether you're a seasoned developer or new to hardware design, this talk will inspire you to join the movement redefining the future of computing. Don’t miss this opportunity to see open collaboration in action and learn how you can contribute to shaping the RISC-V revolution!

When we think of Open Source and CVEs, only bad things come to mind—problems and headaches.

But what if I told you that’s not the case? That, in fact, OSS and CVEs form one of the greatest love stories humanity has ever known. Forget Romeo and Juliet; think Log4J and other "love tales" .

In this talk, we’ll explore how, like every beautiful love story, there are villains, triumphs, and a vibrant community behind it all.

Join us for this fairy tale where we uncover why OSS and CVEs have always been in love with each other.