DEV Community: Emilien Devos

DevOps Days Geneva 2026

Emilien Devos — Tue, 16 Jun 2026 15:17:37 +0000

Feedback about DevOps Days Geneva in 2026: https://devopsdays.org/events/2026-geneva/program

Personal Thoughts

This was my first time attending DevOps Days. I spent half my time at the Camptocamp booth and the other half attending the talks.

Overall, I really enjoyed the event. There were a lot of attendees, including numerous students, who were very interested in talking with the companies at the booths.

The talk schedule, while heavily focused on AI, was actually quite varied. However, some talks lacked truly technical content and were at times too simplified. We were only given the final result, not the technical details that led to the conclusion of the topic presented. That’s a bit of a shame for a conference that’s supposed to be geared toward DevOps.

Talks

Here’s a list of the talks I enjoyed.

Unfortunately, the slides for the listed talks haven't been shared yet. If the presentation was recorded, it should be posted soon on the YouTube channel: https://www.youtube.com/@devopsdaysgeneva/videos

In the meantime, here are some pictures of the slides from the various talks: https://drive.google.com/drive/folders/1pZhcDtrbr3Si3iKQk4wtvGANj2xJl7lj?usp=sharing

Digital sovereignty: between myth and reality. How should we approach this in 2026?

An excellent talk on digital sovereignty and the situation in Europe, which is proving to be far more complex than it appears.

Many European companies currently rely on US cloud providers. To meet European regulatory requirements, these providers now offer so-called ‘sovereign’ services, operated via subsidiaries and infrastructure located in Europe.

However, the talk highlighted that geographical location does not necessarily guarantee complete legal independence. Despite their presence in Europe, these providers remain subject to certain US laws, notably the CLOUD Act, which raises questions about the true scope of data sovereignty.

The presentation also touched on other, lesser-known but equally significant US legal mechanisms. Some of these mechanisms allow access to data without the need for conventional legal proceedings.

The main message of the talk was clear: by 2026, digital sovereignty will not simply boil down to the location of datacenters or the existence of a European subsidiary. It will involve understanding the legal dependencies of providers and making informed trade-offs between compliance, sovereignty and operational constraints.

AI in Recruitment and its Impact on DevOps Profiles: Myths and Realities

This talk, presented by a recruiter, discusses the integration of AI into the DevOps recruitment process.

She explains that it is essential to have a good, up-to-date CV containing plenty of qualitative information, as it is all this data that the AI will process to help the recruiter identify the right candidate.

The dual role of AI in cybersecurity

This talk focuses on AI’s role in the defensive aspect of security.

Three areas were discussed. The first centered on the security of existing software, which is affected by the fact that large language models (LLMs) can identify vulnerabilities in existing software more quickly. How can this be prevented, and why software needs to be secured even more rigorously than before?

The second aspect concerns products that incorporate LLMs, such as chatbots. Advice was shared, notably the guidelines listed by OWASP.

The third aspect concerns AI agents, such as OpenClaw. Great care must be taken when using them to prevent the exfiltration of sensitive data.

The presenter also highlighted the impact of LLMs on CTFs (Capture The Flag). According to him, many participants now rely almost exclusively on AI to solve challenges, to the extent that problem-solving and analysis are sometimes entirely delegated to the model.

I also asked him about the future of these competitions. His response: CTFs will probably need to be reinvented to incorporate this new reality. Among the ideas mentioned was that the number of tokens consumed could become a scoring criterion, in order to reward not only the resolution of the challenges, but also efficiency in the use of LLMs.

Sovereign AI: French-Quebecois experience

Marmotte AI is the name of the joint project between the city of Chambéry (Savoie) and Shawinigan (Quebec).

The aim of this project is to provide a chatbot, enhanced by RAG, to staff in both cities to assist them in their day-to-day work.

The talk covers sovereign AI, RAG and business data.

The conclusion is that the first version of the chatbot does not meet its users’ needs. Users are receiving results of lower quality than those from ChatGPT. Nevertheless, the team has learnt a great deal and has drawn up a plan for the next steps to improve the product.

Discussion sessions (OpenSpace)

In addition to the presentations, rooms were set aside for discussions on various topics. Anyone interested in a particular topic was free to discuss it in the designated room.

Here is the list of OpenSpace sessions:

I personally took part in the discussion on techniques for optimizing sovereign AI.

The participants were generally very well-informed on the subject, which led to some particularly interesting exchanges. One observation came up repeatedly: everyone faces the same challenges when it comes to scaling AI infrastructure.

In practice, it remains very difficult to estimate the number and type of GPUs required to meet a given need. Numerous factors come into play, such as the number of users, the size, and complexity of the prompts, the model used, latency constraints, and the optimizations implemented. This high degree of variability makes the task particularly difficult and explains why there is not yet a universal method for sizing this type of workload.

Furthermore, one participant noted that GPU prices are constantly rising and that, as a hosting provider, he faces very long lead times for GPU deliveries.

FOSDEM 2026

Emilien Devos — Tue, 10 Mar 2026 12:52:59 +0000

Feedback from FOSDEM in Brussels (Belgium) in 2026: https://fosdem.org/2026/ and https://fosdem.org/2026/about/.

Vibe

Like last year, I focused more on the social aspect and discussions than trying to cram as many presentations as possible into two days.

There were more people than last year. FOSDEM is becoming increasingly popular. This year was the first time I was unable to attend the closing presentation of FOSDEM because there were too many participants in a room that can accommodate 1,500 people!

In particular, gyptazy, a member of the community, shared the feeling that this year has been a turning point, with a sharp increase in attendance:

But in 2026, it felt like something had shifted.

Interesting discussions

This year, I wasn't able to participate in a BoF (Birds Of a Feather) session, and unfortunately there weren't any organized around geospatial topics.

But I did get to chat with a few people from the community, including:

Vates, a virtualization solution that positions itself as an open source alternative to Proxmox and VMWare but based on Xen technology.
François Lacombe, who shared his Podoma project with me, which I will discuss in the next section.

Talks

Geospatial

This is the second year that the Geospatial track has returned to FOSDEM. And the Geospatial community at FOSDEM seems to be growing, as this year the room could accommodate 190 people compared to 75 last year!

The only presentation I managed to attend was Podoma, by François Lacombe, who presented a tool for visualizing OpenStreetMap contributions. This tool was created out of a need to better understand the evolution of contributions to OSM. It includes a podium system to highlight the biggest contributors in specific areas.

Other Geospatial presentations are available here: https://fosdem.org/2026/schedule/track/geospatial/

Infrastructure

Garage Object Storage: 2.0 update and best practices

The Garage team presents its second major release. Garage is software for hosting a self-hosted S3 API.

The enthusiasm for the project is much greater than when I attended its launch presentation two years ago. This is mainly because Minio is no longer open source, so the community has turned to Garage.

I noted quite a few tips on how to use Garage, particularly regarding hosting. This could be very useful for an S3 deployment on GeoServer.

PostgreSQL and MySQL, Two Databases, Three Perspectives

A great talk that clearly explains the internal differences between PostgreSQL and MySQL. It covers areas such as replication, the database engine, client connections, and more.

This talk highlights the value of drawing inspiration from MySQL's strengths in order to improve PostgreSQL accordingly.

Building ISOs from OCI containers

I was intrigued by this talk because at Camptocamp, many of us write Dockerfiles, but to deploy an application in a container.

The idea of being able to deploy this container as a virtual machine or even physically via a USB key is interesting!

This talk discussed the Containerfile format, a variant of Dockerfile, for generating an ISO file from a syntax familiar to that of a Dockerfile.

Other very interesting talks

The Servo project and its impact on the web platform ecosystem

Servo is a rendering engine for web pages. This talk presents the impact that Servo has on the web ecosystem.

It was accompanied by a demo where the presenter showed the rendering of complex web pages such as GitHub, Wikipedia, playing on Chess.com, and even his presentation was in Servo!

This is super exciting, because only three browser rendering engines dominate the web, and one more is really welcome!

Who Pays Your Bills? Sustainability, Community, and Business: The Open Source Triangle

Closely related to geospatial technology because the presenter is part of the QGIS team.

This presentation explains how to find the financial balance between the three pillars of an open source project: community, product, and business.

To view the other 1,073 talks

All talks have been recorded and can be viewed by selecting the desired theme and then the specific talk: https://fosdem.org/2026/schedule/rooms/

GreHack 2025

Emilien Devos — Mon, 01 Dec 2025 14:37:09 +0000

Conference presentation

GreHack is a conference on IT security held in Grenoble. The first day is dedicated to talks in English by various speakers, as well as workshops at the end of the day. The second day is specifically devoted to CTF, which brings together several hundred people.

This year, the following topics were presented:

Network security / Hardware security
Enterprise application security
Physical security / Red team
Reverse engineering / Program analysis
IoT security
Web security / Browsers
Protocol security / Databases / Authentication
DevOps security / CI-CD / Supply chain
Advanced network analysis / Network forensics
Radio security / SDR

All of the talks are available for replay here: https://www.youtube.com/live/X-ZJH4d2tuE and the talk schedule is here: https://grehack.fr/program/

Interesting presentations

One does not simply walk into a building... or do they?

PDF of the presentation: https://blog.volkercarstein.com/grehack_2025_one_does_not_simply_walk_into_a_building.pdf

The presenter recounts a week spent physically infiltrating a company's premises without being caught or seen. The aim was to test the physical security of the company's premises.

This is quite interesting, as it highlights the fact that physical security depends heavily on the conditioning of employees, who are often the weakest link.

Exploring Browser Permissions and Exploiting Permission Hijacking

PDF of the presentation: https://albertofdr.github.io/web-security-class/browser/browser.permissions

Presentation on managing permissions (e.g. camera) in the browser, which also apply to malicious components that may be found on the site, such as an iframe. This could be the case if the iframe was injected following a website hack or a poorly configured website.

The presentation highlights the importance of defining HTTP headers in order to more finely manage the browser permissions authorised on a website. Similar to a Content Security Policy (CSP) but for browser permissions.

From YAML to Root: CI/CD Pipeline Attacks and Countermeasures

Video of the presentation: https://www.youtube.com/watch?v=YUbN6MuiuFM

The presenter explains the potential exploitation and recovery of secrets via compromised CI/CD. With different types of access, how it is possible to exfiltrate secrets each time. Focused mainly on Azure DevOps but also applies to GitHub actions.

Workshops and CTF

I was unable to participate in the workshops or the CTF because I bought my tickets at the last minute.

There were 12 workshops where participants had to solve exercises while being guided by the organiser. The exercises ranged from application exploitation to hardware.

List here: https://grehack.fr/workshops/

The CTF took place in a large room at ENSIMAG, where participants formed groups of up to eight people. The groups had to solve challenges in the following categories:

Cryptography
Reverse Engineering
Exploit
Web
Forensics
Hardware

Mood

The atmosphere was very student-oriented, and it was nice to discuss security issues with students and young workers.

Many French companies were present, including Synacktiv (a branch in Lyon), Orange, DGSE, EDF and many others: https://grehack.fr/sponsors/.

Conclusion

I was personally very pleased to have participated in this conference.

Although many of the talks did not apply to Camptocamp's field of activity, some of them still provided me with additional knowledge that I can apply in my work (see the list of presentations above).

Bonus

At the end of the day, participants in the audience can give short presentations, in the style of ‘Lightning talks’. It was almost exclusively students, and the atmosphere was rather light-hearted, with everyone laughing about the intrusions they had each managed to pull off.

These talks are called ‘Rump session’.

The one that made me laugh the most was a student who began his presentation with:

I need to eat and I don't have any money. So it's either work at Burger King or hack Burger King.

He then explained how he abused the Burger King app's coupon system to get free burgers (in very large quantities).

FOSDEM 2025: Less walking but more talking

Emilien Devos — Fri, 14 Feb 2025 15:02:33 +0000

This post is feedback about my experience at FOSDEM 2025 at Brussels, Belgium: https://fosdem.org/2025/ and https://fosdem.org/2025/about/

Vibe

Last year, I went to FOSDEM 2024. My agenda was full of talks and the two days were just running between the building. As demonstrated by the famous FOSDEM dance:

FOSDEM 2024 was exhausting for me, so this year I made the decision to attend less talk and do more socializing.

Exchange with the Open Source community and gaining experience

I decided to spend more time in exchanging with other people. Discussing with the open source community: discuss new projects, get experience on how other open source projects are managed or how other people work.

In bars every night after the FOSDEM or at the cafeteria.

And I also attended one "Birds Of a Feather" (BOF) conference. Which is a session in a small room where everyone that want to discuss the defined subject is free to join. This year I attended the "Archlinux BOF" one.

There were the maintainers of ArchLinux which answered all the questions from the users. The atmosphere of the room made it very pleasant to discuss and listen to the different people.

Maybe next year FOSDEM could get a BOF room about geospatial?

Talks

Geospatial

This year is the return of the geospatial track. We had some great talks, of which one of them was presented by Olivia Guyot about OpenLayers! The list is here: https://fosdem.org/2025/schedule/track/geospatial/

One talk that interested me was "MapTCHA, the open source CAPTCHA that improves OpenStreetMap". It's a proof of concept of a CAPTCHA with OSM geospatial data.

A reCAPTCHA like but open source and with OSM data instead of Google Maps data.

About Open Source funding

A Camptocamp, we have to finance a lot of open source projects. I bookmarked a lot of interesting talks in order to discover how others are doing and also gather interesting ideas that could get used at Camptocamp. (I did not attend all of them)

Other very interesting talks that I attended

Immich: Self-hosted photo and video management solution

Google photos "clone" but that you can host yourself and is open source.

Open source should have an answer to Teams

The speaker talked about how Nextcloud talk can be an open source alternative to Microsoft Teams.

Ten Years as a Free, Open, and Automated Certificate Authority

Let's Encrypt explained what has changed since the project was created, 10 years ago. And with a new feature that they are offering to the public!

All the other talks

There are many talks that I wanted to attend but was unable to. It's fine because FOSDEM has a recording of all of them, and it's available in the schedule: Saturday and Sunday.

The list is huge, so you might want to find talks that might interest you by topic instead: https://fosdem.org/2025/schedule/tracks/.

Final notes

FOSDEM has turned 25 years. This year there have been many more speakers compared to last year, 1184 speakers this year compared to 933 last year!

I'm looking for next FOSDEM 😃!