DEV Community: Emilien Devos

FOSDEM 2026

Emilien Devos — Tue, 10 Mar 2026 12:52:59 +0000

Feedback from FOSDEM in Brussels (Belgium) in 2026: https://fosdem.org/2026/ and https://fosdem.org/2026/about/.

Vibe

Like last year, I focused more on the social aspect and discussions than trying to cram as many presentations as possible into two days.

There were more people than last year. FOSDEM is becoming increasingly popular. This year was the first time I was unable to attend the closing presentation of FOSDEM because there were too many participants in a room that can accommodate 1,500 people!

In particular, gyptazy, a member of the community, shared the feeling that this year has been a turning point, with a sharp increase in attendance:

But in 2026, it felt like something had shifted.

Interesting discussions

This year, I wasn't able to participate in a BoF (Birds Of a Feather) session, and unfortunately there weren't any organized around geospatial topics.

But I did get to chat with a few people from the community, including:

Vates, a virtualization solution that positions itself as an open source alternative to Proxmox and VMWare but based on Xen technology.
François Lacombe, who shared his Podoma project with me, which I will discuss in the next section.

Talks

Geospatial

This is the second year that the Geospatial track has returned to FOSDEM. And the Geospatial community at FOSDEM seems to be growing, as this year the room could accommodate 190 people compared to 75 last year!

The only presentation I managed to attend was Podoma, by François Lacombe, who presented a tool for visualizing OpenStreetMap contributions. This tool was created out of a need to better understand the evolution of contributions to OSM. It includes a podium system to highlight the biggest contributors in specific areas.

Other Geospatial presentations are available here: https://fosdem.org/2026/schedule/track/geospatial/

Infrastructure

Garage Object Storage: 2.0 update and best practices

The Garage team presents its second major release. Garage is software for hosting a self-hosted S3 API.

The enthusiasm for the project is much greater than when I attended its launch presentation two years ago. This is mainly because Minio is no longer open source, so the community has turned to Garage.

I noted quite a few tips on how to use Garage, particularly regarding hosting. This could be very useful for an S3 deployment on GeoServer.

PostgreSQL and MySQL, Two Databases, Three Perspectives

A great talk that clearly explains the internal differences between PostgreSQL and MySQL. It covers areas such as replication, the database engine, client connections, and more.

This talk highlights the value of drawing inspiration from MySQL's strengths in order to improve PostgreSQL accordingly.

Building ISOs from OCI containers

I was intrigued by this talk because at Camptocamp, many of us write Dockerfiles, but to deploy an application in a container.

The idea of being able to deploy this container as a virtual machine or even physically via a USB key is interesting!

This talk discussed the Containerfile format, a variant of Dockerfile, for generating an ISO file from a syntax familiar to that of a Dockerfile.

Other very interesting talks

The Servo project and its impact on the web platform ecosystem

Servo is a rendering engine for web pages. This talk presents the impact that Servo has on the web ecosystem.

It was accompanied by a demo where the presenter showed the rendering of complex web pages such as GitHub, Wikipedia, playing on Chess.com, and even his presentation was in Servo!

This is super exciting, because only three browser rendering engines dominate the web, and one more is really welcome!

Who Pays Your Bills? Sustainability, Community, and Business: The Open Source Triangle

Closely related to geospatial technology because the presenter is part of the QGIS team.

This presentation explains how to find the financial balance between the three pillars of an open source project: community, product, and business.

To view the other 1,073 talks

All talks have been recorded and can be viewed by selecting the desired theme and then the specific talk: https://fosdem.org/2026/schedule/rooms/

GreHack 2025

Emilien Devos — Mon, 01 Dec 2025 14:37:09 +0000

Conference presentation

GreHack is a conference on IT security held in Grenoble. The first day is dedicated to talks in English by various speakers, as well as workshops at the end of the day. The second day is specifically devoted to CTF, which brings together several hundred people.

This year, the following topics were presented:

Network security / Hardware security
Enterprise application security
Physical security / Red team
Reverse engineering / Program analysis
IoT security
Web security / Browsers
Protocol security / Databases / Authentication
DevOps security / CI-CD / Supply chain
Advanced network analysis / Network forensics
Radio security / SDR

All of the talks are available for replay here: https://www.youtube.com/live/X-ZJH4d2tuE and the talk schedule is here: https://grehack.fr/program/

Interesting presentations

One does not simply walk into a building... or do they?

PDF of the presentation: https://blog.volkercarstein.com/grehack_2025_one_does_not_simply_walk_into_a_building.pdf

The presenter recounts a week spent physically infiltrating a company's premises without being caught or seen. The aim was to test the physical security of the company's premises.

This is quite interesting, as it highlights the fact that physical security depends heavily on the conditioning of employees, who are often the weakest link.

Exploring Browser Permissions and Exploiting Permission Hijacking

PDF of the presentation: https://albertofdr.github.io/web-security-class/browser/browser.permissions

Presentation on managing permissions (e.g. camera) in the browser, which also apply to malicious components that may be found on the site, such as an iframe. This could be the case if the iframe was injected following a website hack or a poorly configured website.

The presentation highlights the importance of defining HTTP headers in order to more finely manage the browser permissions authorised on a website. Similar to a Content Security Policy (CSP) but for browser permissions.

From YAML to Root: CI/CD Pipeline Attacks and Countermeasures

Video of the presentation: https://www.youtube.com/watch?v=YUbN6MuiuFM

The presenter explains the potential exploitation and recovery of secrets via compromised CI/CD. With different types of access, how it is possible to exfiltrate secrets each time. Focused mainly on Azure DevOps but also applies to GitHub actions.

Workshops and CTF

I was unable to participate in the workshops or the CTF because I bought my tickets at the last minute.

There were 12 workshops where participants had to solve exercises while being guided by the organiser. The exercises ranged from application exploitation to hardware.

List here: https://grehack.fr/workshops/

The CTF took place in a large room at ENSIMAG, where participants formed groups of up to eight people. The groups had to solve challenges in the following categories:

Cryptography
Reverse Engineering
Exploit
Web
Forensics
Hardware

Mood

The atmosphere was very student-oriented, and it was nice to discuss security issues with students and young workers.

Many French companies were present, including Synacktiv (a branch in Lyon), Orange, DGSE, EDF and many others: https://grehack.fr/sponsors/.

Conclusion

I was personally very pleased to have participated in this conference.

Although many of the talks did not apply to Camptocamp's field of activity, some of them still provided me with additional knowledge that I can apply in my work (see the list of presentations above).

Bonus

At the end of the day, participants in the audience can give short presentations, in the style of ‘Lightning talks’. It was almost exclusively students, and the atmosphere was rather light-hearted, with everyone laughing about the intrusions they had each managed to pull off.

These talks are called ‘Rump session’.

The one that made me laugh the most was a student who began his presentation with:

I need to eat and I don't have any money. So it's either work at Burger King or hack Burger King.

He then explained how he abused the Burger King app's coupon system to get free burgers (in very large quantities).

FOSDEM 2025: Less walking but more talking

Emilien Devos — Fri, 14 Feb 2025 15:02:33 +0000

This post is feedback about my experience at FOSDEM 2025 at Brussels, Belgium: https://fosdem.org/2025/ and https://fosdem.org/2025/about/

Vibe

Last year, I went to FOSDEM 2024. My agenda was full of talks and the two days were just running between the building. As demonstrated by the famous FOSDEM dance:

FOSDEM 2024 was exhausting for me, so this year I made the decision to attend less talk and do more socializing.

Exchange with the Open Source community and gaining experience

I decided to spend more time in exchanging with other people. Discussing with the open source community: discuss new projects, get experience on how other open source projects are managed or how other people work.

In bars every night after the FOSDEM or at the cafeteria.

And I also attended one "Birds Of a Feather" (BOF) conference. Which is a session in a small room where everyone that want to discuss the defined subject is free to join. This year I attended the "Archlinux BOF" one.

There were the maintainers of ArchLinux which answered all the questions from the users. The atmosphere of the room made it very pleasant to discuss and listen to the different people.

Maybe next year FOSDEM could get a BOF room about geospatial?

Talks

Geospatial

This year is the return of the geospatial track. We had some great talks, of which one of them was presented by Olivia Guyot about OpenLayers! The list is here: https://fosdem.org/2025/schedule/track/geospatial/

One talk that interested me was "MapTCHA, the open source CAPTCHA that improves OpenStreetMap". It's a proof of concept of a CAPTCHA with OSM geospatial data.

A reCAPTCHA like but open source and with OSM data instead of Google Maps data.

About Open Source funding

A Camptocamp, we have to finance a lot of open source projects. I bookmarked a lot of interesting talks in order to discover how others are doing and also gather interesting ideas that could get used at Camptocamp. (I did not attend all of them)

Other very interesting talks that I attended

Immich: Self-hosted photo and video management solution

Google photos "clone" but that you can host yourself and is open source.

Open source should have an answer to Teams

The speaker talked about how Nextcloud talk can be an open source alternative to Microsoft Teams.

Ten Years as a Free, Open, and Automated Certificate Authority

Let's Encrypt explained what has changed since the project was created, 10 years ago. And with a new feature that they are offering to the public!

All the other talks

There are many talks that I wanted to attend but was unable to. It's fine because FOSDEM has a recording of all of them, and it's available in the schedule: Saturday and Sunday.

The list is huge, so you might want to find talks that might interest you by topic instead: https://fosdem.org/2025/schedule/tracks/.

Final notes

FOSDEM has turned 25 years. This year there have been many more speakers compared to last year, 1184 speakers this year compared to 933 last year!

I'm looking for next FOSDEM 😃!