This year was the 20th edition of FOSDEM, and the third time I managed to attend it. FOSDEM is a yearly Free & Open Source Software meeting taking place in Brussels, Belgium and organized by the Free University of Brussels (ULB). This edition gathered more than 8000 FOSS enthusiasts from all around the world for 837 talks, making it an exceptional event for anyone interested in learning more about open-source projects and communities.
One of the very first talks I managed to see this year was about SpecFuzz, a tool made by Oleksii Oleksenko and his colleagues to help to test against Spectre vulnerability. The talk does an amazing job of explaining what causes the new speculative execution vulnerabilities, how can we detect them and how can we fix them. Since there’s no doubt these vulnerabilities will remain a major hardware and software security issue it’s an essential talk for anyone wanting to understand the topic. If you want to know more about SpecFuzz, Oleksii Oleksenko’s paper is available on arXiv and the source code is on GitHub.
Then I managed to see two talks about Falco, a new Kubernetes threat detection engine. The first one by Lorenzo Fontana, explained how they managed to find a reliable way of monitoring Linux system calls. The second one by Kris Nova, shows practical use cases of k8s threat detection against real attacks.
At the end of the first day of talks, Daniel Stenberg (curl’s developer) gave one of the most important lectures of this Fosdem, titled HTTP/3 for everyone. This talk is in my opinion largely enough to answer every question developers might have about HTTP/3 and QUIC, except maybe for “when will it release?”.
On Sunday, Ecaterina Moraru came to talk about UI and UX. Her talks contain great and easily applicable tips for developers to build more accessible applications. I feel like this is an extremely important talk since too many open source projects focus on being technically perfect while forgetting that they need to be usable first.
Last but not least, in the Go room, Derek Parker presented the state of Delve. For those who don’t know it already, Delve is a debugger for Go, usable from the command line or with integrations in Vim, Emacs, IntelliJ… This talk explains Delve’s support for “deterministic debugging” through Mozilla RR (Record and Replay Framework) which is a feature allowing you to capture and replay a bug until you fix it.
I sadly can’t make an exhaustive list of all the great talks that I might have missed at Fosdem this year. Hopefully, I will be able to see talks of the same quality next year. As usual, I thank all the Fosdem organizers and the ULB for their amazing work and allowing this event to happen for free.