The Linux Foundation Member Summit

The landscape of computing has changed and the majority of software developers are looking to use architectures with multiple types of processors, in particular GPUs. The emergence of modern AI techniques has further accelerated the usage of GPUs and new AI processor architectures to achieve the performance required by neural networks. The challenge developers are seeing is that different architectures often require unique languages, tools and libraries, adding complexity and limiting code reuse. The solution is to provide a single way to develop across these architectures, and the basis for this must be rooted in an open, standards-based programming model and libraries. The UXL Foundation was formed to tackle this, and we are working together to build a solution to these challenges – providing an open, standards-based way to develop software and deploy across vendors. This presentation will show how the UXL Foundation is evolving its projects to meet the vendor neutral demands of software developers by adopting open standards and open source, and how our members are using the projects to enable projects like PyTorch and TensorFlow.

Open Source projects in the JS ecosystem that are typically directly depended on are widely known: React, Babel, TypeScript, Vue, node.js, etc. These projects are affirmatively chosen by millions of humans. They get the lion's share of the (wildly insufficient) amount of available funds, contributions, sponsorships, and contributors.

What about the proverbial xkcd 2347 maintainers? Typically transitive dependencies, who are affirmatively selected by a mere dozens of humans, but whose code runs on hundreds of millions of developer machines, and serves billions of users? These projects are unknown, unsung, underfunded, and under-considered. Virtually every impactful security incident in the npm ecosystem has been due to a transitive dependency maintainer either going rogue, having their account taken over, or handing over the reins to an unvetted contributor - what levers can we apply to support these people's stability and vigilance?

As a prolific maintainer of almost entirely this category of package, Jordan Harband will offer his perspective on what proactive steps companies, governments, and individuals can take to improve this reality.

As open source projects strive to deliver generative AI-powered features and functionality, they must set the stage for their communities to deliver progress against the right priorities. This panel discussion will explore how established projects can foster innovation from seasoned project contributors while encouraging new community members to collaborate and build together. Panelists from Aryn, Uber, and Amazon Web Services and the OpenSearch Project will share perspectives on practices that open source projects and contributors can use to bring GenAI innovations into production.

Picture the WHOLE software supply chain, beginning to end; it's a little like that olde tyme classic, "Candyland". Designed NOT with preschoolers in mind, AI Supply Chain Candy Land is for everyone interested in learning about the software supply chain for AI/ML. Travel through exotic locations like The Peppermint Forest of swirly-twirly dependencies, The Fudgy Swamp of Compliance, and much more! AI/ML is a fast-moving space within technology. However, everything we've learned in software engineering of the last few decades ALSO applies to this "new" world of AI/ML. We'll apply traditional software supply chain security techniques and, wherever able, tools to help developers and consumers win AI Supply Chain Candyland. Through an enjoyable and colorful game, with useful examples taken from standards and frameworks, the audience will have a better appreciation and ability to apply supply chain security concepts and tools to the development and support of AI/ML-based solutions.

There is a looming threat to all on the horizon. Today’s data and communications are secured using various forms of public-key encryption. These schemes are all (principally) based on the surprising complexity of factoring large numbers. The issue with modern-based cryptography is that, in 1994, Peter Shor discovered a quantum algorithm that can break modern encryption when executed on large enough quantum computers (QCs). What can we do today to protect from this looming threat? The QC and cryptography communities have been hard at work on devising new encryption algorithms that can be resistant to QCs. Working closely with the Linux Foundation and leaders of the cryptography and OSS community the Post-Quantum Cryptography Alliance (PQCA) was created to host and lead a collection of initial post-quantum projects that can be used to make the world’s software quantum safe. As part of the original representative members of the PQCA, Max has seen the progression of the alliance from its inception at the LF Member’s Summit 2022 to its current form. In this talk, he will present the foundation and its charter along with an overview of the current projects and algorithms.

We all depend on the Linux kernel for critical parts of our society's infrastructure. Yet, our capacity to keep our Linux systems up to date with the latest features, security, and stability fixes is rather limited. Companies are collectively wasting millions and millions of dollars upgrading their systems to new kernels. I am sure you can relate to that! The Linux kernel community does a fantastic job developing the Linux kernel. It is an ever-evolving operating system that becomes more secure, stable, and feature rich every day. However, rebasing existing infrastructure on new kernels is not straightforward at all. We still lack processes, tools, and culture to make that job smoother in the Linux kernel ecosystem. KernelCI, a project under the Linux Foundation, is on a mission to change that. Our goal is to support the community and companies to ensure the quality, stability, and long-term maintenance of the Linux kernel while also reducing product integration costs drastically. In this talk, you will learn what KernelCI is, what we are doing to improve this situation, and, more importantly, what you can do to help!