7 minute read

Fosdem logo

It was a great experience once again! ✨

This year was rich in learning and discovery.

Talks are like a big bazaar, where I can update my knowledge, discover niche software, and explore new hobbies.

My main reasons to come back each year are reconnecting with familiar faces and attending the talks.

Here’s a recap of my highlights and my key takeaways of this edition.

👋 Disclaimer: FOSDEM is HUGE. There is no way in which one can see all, so this can’t be a review. Just a personal experience, based on my preferences and sometimes also on how crowded the room was.

Databases

Upgrading to MySQL 8.4 at Booking.com

A good overall warning about the tricky parts of upgrading from 8.0. Specially authentication changes. Sadly they did not complete it yet so it’s not based on production experience.

:link: Upgrading to MySQL 8.4 at Booking.com

Migrating Massive Aurora and MySQL Databases to Vitess Kubernetes Clusters with Near-Zero Downtime

Vitess logo

Really interesting for any MySQL project as it eventually grows. They show the architecture behind it and explain how all migration strategies are based on having access to the binlog to feed the new Vitess cluster. Doing a switch at the end to the Vitess cluster.

They said that online schema changes on huge databases could go from 2 days in MySQL to 2 hours in Vitess because they are done in parallel. 👏

:link: Migrating Massive Aurora and MySQL Databases to Vitess Kubernetes Clusters with Near-Zero Downtime

Databases in the AI Trenches

It was great to understand the vector space, the training, the attention, and the RAG.

He believes that Google was too focused on using AI solely for their search business, whereas OpenAI utilized Google’s research and published papers to develop ChatGPT.

There have to be great resources online explaining this but I did not get into LLMs internals until now.

:link: Databases in the AI Trenches

APIs

AsyncAPI for Event-Driven World 101

AsyncAPI defines how to integrate with external platforms via events 🤩. It’s like OpenAPI, but for event-driven integrations. It actually started as a variant of OpenAPI first.

An interesting case is that of TM Forum, an alliance of over 800 telcos worldwide, working to provide interoperability among telcos and with integrators. They used OpenAPI but now they are migrating to AsyncAPI gradually.

:link: AsyncAPI for Event-Driven World 101

API Scoring - The Secret Weapon in the Battle for API Excellence

New world to me 😃. API scoring are tools to review your APIs when documented with OpenAPI.

During the call, they showed 3 tools, one of which was their own tool, API Scoring https://inditextech.github.io/api-scoring-doc/.

Others were:

Caution, because data could be sent to creators’ servers. Check first.

:link: API Scoring - The Secret Weapon in the Battle for API Excellence

The OpenAPI Standards Landscape: A Year of Innovation

They introduced the ovelays feature, for example to hide APIs to some consumers, and things like that.

Also interesting to see the “workflows” spec (called Arazzo), which describes and makes testable a sequence of API calls to do certain action.

:link: The OpenAPI Standards Landscape: A Year of Innovation

Mobile

Second chance: Upgrading devices from Android 9 to Android 14

A company had several thousand devices with outdated versions, making them vulnerable.

Luckily, they had the manufacturer’s “Board Support Package” in a ZIP file. Also was key to have an employee from that company expert in that device and in Android.

They explained how they had to fix and debug each layer step by step—hardware, bootloader, Linux, and Android—until everything was working, using LineageOS.

They hope that EU laws requiring manufacturers to provide updates for five years will help the ecosystem of legacy devices by making it easier to keep them up to date. (Me too :crossed_fingers:)

:link: Second chance: Upgrading devices from Android 9 to Android 14

Coding

Using LLMs to support Firefox developers with code review

They have been using cloud LLMs via API to help them improve code review. Results are good.

Main surprise for me was that the comments help PR authors to detect things to take into account, and also reviewers to check specific things.

Also used by QA to define test scenarios and not forget any.

They are having a hard time to make LLMs not be verbose and polite and nice with comments like “well done” or “this is a good piece of code” 😂

:link: Using LLMs to support Firefox developers with code review

Observability

O11y-in-One: Exploring a Unified Telemetry Database

Exploring unified telemetry database. Clickhouse could contain everything, logs, traces, metrics, in the same database. But its not there yet.

Main benefit would be that it’s a single data-source. And all open source.

I suspect there wouldn’t be significant data-storage savings since logs, metrics, and traces would still be stored in separate tables.

:link: O11y-in-One: Exploring a Unified Telemetry Database

Security

Ten Years as a Free, Open, and Automated Certificate Authority (LetsEncrypt!)

Curiosities:

  • They can’t use cloud by law (nor any cert authority). Root cert keys have a strict protocol.
  • They will migrate their MySQL to Vitess soon because it’s already too big.
  • They are around 10 engineers.

:link: Ten Years as a Free, Open, and Automated Certificate Authority (LetsEncrypt!)

Post-Quantum Cryptography in OpenPGP

The OpenPGP team has implemented post-quantum cryptograpyh protocols, but it’s not a ‘standard’ because GnuPG left the working group and implemented it in a slightly different but incompatible way.

Migration to post-quantum ciphers will take time because they first need to be interoperable, and later be installed on all clients.

Most symmetric cyphers are not breakable by quantum (yet). No algorithm breaks them as of today.

They showed this chart explaining how many qubits are needed to break classical cryptography. We are not there yet.

:link: Post-Quantum Cryptography in OpenPGP

Others

Unearthing the impact of survivorship bias on women in FOSS to build more inclusive communities

Great review of women in tech challenges and the survivor bias.

Their answer to what is hiding behind the survivor bias is privilege. Women are not all the same and the ones that don’t stay are because they miss some privileges the others had.

What they suggest to compensate that is mentorship and workplace inclusion. I learned about the intersectionality of privilege 💖

Academic wheel of privilege

I strongly encourage you to review every aspect to realize how privileged you are, or not, in some aspects :pray:

:link: Unearthing the impact of survivorship bias on women in FOSS to build more inclusive communities

Thunderbird: Building a Cross-Platform, Scalable Open-Source Design System

They defined a base design for all devices, to apply it to all applications. Until recently, every application and developer implemented what they could, but no overall design guidelines existed.

Legacy apps have more than 28 shades of blue, hardcoded.

It’s interesting that most resistance to the new design came from users who disliked the new interface. 😀 It’s hard to break habits.

:link: Thunderbird: Building a Cross-Platform, Scalable Open-Source Design System

15-minute city in 15 minutes

It was interesting to know that there is open source data and code to generate heatmaps of your town. But existing data is not great, so you might have to take your time tagging places into what kind of shop each is, for example.

Another interesting insight for me was that the “15 min cities” concept does not take into account that people often have to leave for work, somteimes for 1h or more. Where your workplace is located is just as important as access to groceries.

:link: 15-minute city in 15 minutes

Closing note

I’d like to remind also that FOSDEM happens because there are people (volunteers and speakers) investing their personal time and energy into it, besides sponsors, of course. Big thanks to all of them! 🤗

You May Also Enjoy