KubeCon + CloudNativeCon + Open Source Summit + AI_dev China 2024

With the deployment of service mesh technologies like Istio, reducing latency overhead caused by data plane proxy architecture has become a critical concern for mesh providers. In this conference, Zhong Hu and Song Yang will propose a fresh solution for the service mesh data plane from an operating system perspective. By leveraging eBPF + kernel enhancements, they enable native traffic governance capabilities in the OS. Unlike other solutions, this approach significantly simplifies the forwarding path of the mesh data plane, resulting in a 60%+ reduction in data plane forwarding latency. In addition, it features low resource overhead and secure isolation. The project redefines the mesh data plane, with Istiod as the control plane, and Huawei is currently conducting internal verification. Furthermore, they will discuss the future evolution of service mesh and exploring the potential of sidecarless architecture in diverse deployment scenarios.

随着像Istio这样的服务网格技术的部署，减少由数据平面代理架构引起的延迟开销已成为网格提供商的一个关键关注点。在本场演讲中，钟虎和宋洋将从操作系统的角度提出一种全新的服务网格数据平面解决方案。通过利用eBPF +内核增强功能，他们在操作系统中实现了原生流量治理能力。与其他解决方案不同，这种方法显著简化了网格数据平面的转发路径，导致数据平面转发延迟降低了60%以上。此外，它具有低资源开销和安全隔离的特点。该项目重新定义了网格数据平面，以Istiod作为控制平面，华为目前正在进行内部验证。 此外，他们将讨论服务网格的未来演变，并探索在不同部署场景中无边车架构的潜力。

An open source project holding immense value and with massive potential fails to build an exciting community. A community that is interactive and scaling at the start becomes stagnant after a point. A project has good github traction but doesn't have a good community traction. These are some of the many problems that arise while building an open source project community and are still very much prevalent. This talk summarises the right ingredients essential in nurturing a project community and ensuring its growth over the years to come through Prithvi's experience. He will be highlighting steps and best practices to be ensured in terms of the right metrics, content curation, social portrayal and building the right culture amongst stakeholders and the broader audience. He will also share tips and tricks on creating the right special interest groups, ensuring constant contributions and incentivising the community.

一个拥有巨大价值和巨大潜力的开源项目，却未能建立一个令人兴奋的社区。一个在开始时互动并扩展的社区在某个时刻变得停滞不前。一个项目在GitHub上有良好的关注度，但却缺乏良好的社区关注度。 这些是在建立开源项目社区时出现的许多问题，而且仍然非常普遍。这次演讲总结了在培育项目社区并确保其未来增长方面至关重要的正确要素，通过Prithvi的经验。 他将重点介绍在正确的指标、内容策划、社交表现和在利益相关者和更广泛的观众中建立正确文化方面应确保的步骤和最佳实践。 他还将分享有关创建正确的特殊兴趣小组、确保持续贡献和激励社区的技巧和窍门。

Building OSPOs can be easy, but evolving and maintaining them to continue delivering sustainable and widely recognized value is challenging. Our goal is not only to assist companies in establishing their first OSPOs but also to ensure them continually generate value through community-led approaches. With this mission, the LFAPAC OSPO SIG, collaborating with OSPO Group and SegmentFault, successfully held OSPO Summits in 2023 and 2024. These summits convened OSPO practitioners, corporate project leads, and community leaders, facilitating collaboration, and earned high praise. Nonetheless, we also encountered numerous inquiries and discussions about the difficulties of sustainably developing OSPOs. In this panel discussion, we gathered the co-chairs of the OSPO Summits. They will explore these challenges, share their insights and strategies to make overall "OSPO maintenance" easier with the support from OSS Zen and methodologies.

构建OSPO可能很容易，但是让它们不断发展和维持以持续提供可持续和广泛认可的价值是具有挑战性的。我们的目标不仅是帮助公司建立他们的第一个OSPO，还要确保他们通过社区主导的方法持续产生价值。 LFAPAC OSPO SIG与OSPO Group和SegmentFault合作，成功举办了2023年和2024年的OSPO峰会。这些峰会汇集了OSPO从业者、企业项目负责人和社区领导者，促进了合作，并获得了高度赞誉。然而，我们也遇到了许多关于可持续发展OSPO的困难的询问和讨论。 在这个小组讨论中，我们邀请了OSPO峰会的联合主席。他们将探讨这些挑战，分享他们的见解和策略，以便在OSS Zen和方法论的支持下使整体的“OSPO维护”更加容易。

As an Open Source veteran who've been working on secure container technology (Kata Containers), the speaker has been crafting Open Source governance and strategies for projects for years. The team joined Ant Group 5 years ago and was continuously focusing on Cloud Native and Trust technologies. In 2023, the speaker was appointed to assume the role of Vice President of Open Source Technical Oversight Committee for Ant Group.The TOC job requires setting up open source strategy and growth tactics, but now for a company with 25K employees and 13K engineers. It turned out that the experience leading a top level project was immensely valuable for the new position. In this session, we'll share first hand experiences for a tech leader to wear multiple hats of tech director, open source leader, and the go-to person for OSS strategies for a large corporation, and the learnings / reflections coming from the new challenges.

作为一位开源资深人士，演讲者一直致力于安全容器技术（Kata Containers），并多年来一直在为项目制定开源治理和战略。团队于5年前加入蚂蚁集团，一直专注于云原生和信任技术。在2023年，演讲者被任命为蚂蚁集团开源技术监督委员会副主席。TOC的工作需要制定开源战略和增长策略，但现在是为一个拥有25,000名员工和13,000名工程师的公司。事实证明，领导一个顶级项目的经验对新职位非常有价值。在这场演讲上，我们将分享一个技术领导者如何在大公司中扮演技术总监、开源领导者和开源战略的权威人士等多重角色的第一手经验，以及从新挑战中获得的经验和反思。

Hong Phuc Dang and Mario Behling will share FOSSASIA's journey from humble beginnings to educating over 300,000 developers in Asia. Learn how FOSSASIA scaled open-source education, engaged communities, & developed pioneering projects. Discover FOSSASIA's approach to automation and technological solutions, which streamlined operations long before the low-code movement. They'll spotlight projects like Eventyay & SUSI.AI, showcasing pioneering yet challenging endeavors. Learn about FOSSASIA's event organization best practices and their strategy of involving non-tech students in programs. Gain insights applicable beyond open source, impacting education and business operations. This session offers valuable knowledge for educators, open-source enthusiasts, developers, & business professionals. Whether you aim to expand projects or infuse startups with fresh ideas, join us to learn how a pragmatic open-source strategy can revolutionize organizations and empower tech pioneers and startups.

洪福·邓和马里奥·贝林将分享FOSSASIA从起步阶段到在亚洲教育超过30万开发人员的旅程。了解FOSSASIA如何扩展开源教育，参与社区，并开发开创性项目。 探索FOSSASIA的自动化和技术解决方案，这些解决方案在低代码运动之前就已经简化了运营。他们将重点介绍像Eventyay和SUSI.AI这样的项目，展示开创性而具有挑战性的努力。 了解FOSSASIA的活动组织最佳实践以及他们在项目中吸引非技术学生的策略。获得超越开源的见解，影响教育和业务运营。 这场演讲为教育工作者、开源爱好者、开发人员和商业专业人士提供宝贵的知识。无论您的目标是扩大项目还是为初创企业注入新思路，加入我们，了解一个务实的开源策略如何革新组织，赋予科技先驱和初创企业力量。

Scorecard is a project of the OpenSSF, which makes it simple to assess the health of any repository. It is a fully open source project built with the aim of bringing transparency and standardization around security health metrics. Scorecard is a cross-industry collaboration between big and small names in OSS/security. Scorecard checks for vulnerabilities affecting different parts of the software supply chain including source code, build, dependencies, testing, and project maintenance.

Scorecard 是 OpenSSF 的一个项目，它简化了对任何代码仓库健康状况的评估。这是一个完全开源的项目，旨在为安全健康指标带来透明度和标准化。Scorecard 是开源软件/安全领域大大小小公司之间的跨行业合作。Scorecard 检查影响软件供应链不同部分的漏洞，包括源代码、构建、依赖关系、测试和项目维护。

Service mesh technology has revolutionized service governance among microservices, but as clusters expand, challenges arise. Proxy programs can strain resources, with memory consumption reaching GB levels and CPU overhead peaking at 30%. Furthermore, this expansion often leads to noticeable delays in microservice access. This call for proposals seeks to address these challenges head-on by exploring innovative solutions within the kernel-native sidecarless service mesh framework. We invite submissions that delve into: Efficient Resource Management: Novel strategies to minimize memory consumption and CPU overhead in proxy programs, ensuring optimal resource utilization. Latency Optimization: Techniques to reduce microservice access latency without compromising on service governance effectiveness. Real-world Implementations: Case studies or examples showcasing successful deployments of kernel-native sidecarless service mesh in diverse environments.

服务网格技术已经在微服务之间的服务治理方面发生了革命，但随着集群的扩大，也带来了挑战。代理程序可能会消耗资源，内存消耗可能达到GB级别，CPU开销可能达到30%。此外，这种扩展通常会导致微服务访问出现明显的延迟。 本次征集旨在通过探索内核本地无边车服务网格框架中的创新解决方案来直面这些挑战。 我们邀请提交以下内容的提案： 高效资源管理：采用新颖策略来最小化代理程序的内存消耗和CPU开销，确保资源的最佳利用。 延迟优化：通过技术手段减少微服务访问延迟，同时不影响服务治理的有效性。 实际应用：展示在不同环境中成功部署内核本地无边车服务网格的案例研究或示例。

Cloud native is rapidly developing towards multi-cloud, hybrid cloud and edge computing, which are becoming key trends in cloud native development. However, in the edge computing scenario, the traditional VPC-based security model is difficult to ensure safe production. There are more and more challenges faced, including weak edge security mechanisms, vulnerable service interfaces exposed to the outside network, vulnerable end device access protocols, and supply chain security risks. In 2023, KubeEdge completed its security audit. This talk will presents the work around the audit, including the threat model, fuzzing efforts and Tips about how to get started with contributing to KubeEdges continued security. Since the completion of the audit, KubeEdge has worked on several initiatives to improve the security of its consumers, and the talk will cover these. One of these initiatives was SLSA L3 compliance, and the presentation will present what has been done and how it helps the community.

云原生正迅速发展为多云、混合云和边缘计算，这些正在成为云原生开发的关键趋势。然而，在边缘计算场景中，传统的基于VPC的安全模型很难确保安全生产。面临的挑战越来越多，包括边缘安全机制薄弱、暴露于外部网络的易受攻击的服务接口、易受攻击的终端设备访问协议以及供应链安全风险。 2023年，KubeEdge完成了安全审计。本次演讲将介绍围绕审计的工作，包括威胁模型、模糊测试工作以及如何开始为KubeEdge持续安全做出贡献的提示。 自完成审计以来，KubeEdge已经开展了多项改进其消费者安全性的倡议，本次演讲将涵盖这些内容。其中一个倡议是SLSA L3合规性，演示将展示已经完成的工作以及它如何帮助社区。

Each Linux distribution has a lifecycle; this refers to when the OS developers stop providing updates or any form of support. Continuing to use EOL Linux poses risks such as security vulnerabilities, compatibility issues, and lack of official support. Cloud providers face the challenge of quickly and safely migrating OS to a supported distribution. There are several challenges involved in the process of migrating OS: 1. Ensuring the safety of application data, which is especially significant during OS migrations between different Linux distributions; 2. Customizing the OS based on the Linux distribution, which includes changes to the kernel, deb packages, specific configurations, and tools; 3. How to quickly rollout new OS to the production environment. Achieving the goal of transitioning over 100,000 physical nodes each month without affecting customer operations and minimizing node downtime. This talk will detail the issues encountered in OS migration and the proposed solutions.

每个Linux发行版都有一个生命周期；这指的是当操作系统开发者停止提供更新或任何形式的支持时。继续使用EOL Linux会带来风险，如安全漏洞、兼容性问题和缺乏官方支持。 云服务提供商面临着快速且安全地将操作系统迁移到受支持的发行版的挑战。 在迁移操作系统的过程中涉及到几个挑战： 1. 确保应用数据的安全性，在不同Linux发行版之间迁移操作系统时尤为重要； 2. 根据Linux发行版定制操作系统，包括对内核、deb软件包、特定配置和工具的更改； 3. 如何快速将新操作系统推出到生产环境。实现每月迁移超过10万个物理节点的目标，同时不影响客户运营并最小化节点停机时间。 本次演讲将详细介绍操作系统迁移中遇到的问题和提出的解决方案。

The IBM Z platform, known for its security, reliability, and high-volume transaction processing, has long been a cornerstone of enterprise computing. However, the traditional closed-source approach to Z development has limited innovation and collaboration. This talk explores the growing movement towards open-source software for Z, examining the technical and strategic considerations. Discuss the challenges of the closed-source model for Z, highlight successful examples of open mainframe projects like Feilong project. Discuss technical challenges of developing open-source software for Z, offering potential solutions and strategies to overcome these hurdles. Discuss the benefits of open-source Z development for developers.

IBM Z平台以其安全性，可靠性和高交易处理量而闻名，长期以来一直是企业计算的支柱。然而，传统的封闭源码开发方式限制了创新和合作。本次演讲探讨了向Z开放源码软件的不断发展，审视了技术和战略考虑因素。讨论了Z封闭源码模型的挑战，重点介绍了像Feilong项目这样的开源主机项目的成功案例。讨论了为Z开发开源软件的技术挑战，提供了潜在解决方案和克服这些障碍的策略。讨论了开源Z开发对开发人员的好处。

The creators of the original Illustrated Children’s Guide to Kubernetes have written a fourth book, this time focused on the emerging technology that is WebAssembly, one of the fastest growing cloud native trends. As with previous books, we broach a complex technical topic with a fun and friendly format designed for all skill levels. On their camping trip with Blossom the Wasm Possum, Phippy and Zee’s adventures illustrate the basics of Wasm, introduce key terminology, and frame how it compliments existing cloud technologies like containers and Kubernetes. In the first half of the talk, we will do a reading of the book in Mandarin. We will then follow up (in English) with a technical overview of Wasm, latest updates to the ecosystem, and details on where to find the community.

原《插图儿童 Kubernetes 指南》的创作者们已经写了第四本书，这次的焦点是新兴技术 WebAssembly，这是增长最快的云原生趋势之一。与之前的书籍一样，我们以有趣友好的格式涉及复杂的技术主题，适合各种技能水平的读者。在他们与 Wasm 负鼠 Blossom 一起露营的旅行中，Phippy 和 Zee 的冒险展示了 Wasm 的基础知识，介绍了关键术语，并阐述了它如何与容器和 Kubernetes 等现有云技术相辅相成。在讲座的前半部分，我们将用普通话朗读这本书。然后我们将用英语进行技术概述，介绍 Wasm 生态系统的最新更新，并详细介绍社区的位置。

Container supply chain threats are on the rise; to mitigate these threats, enterprises and open-source project maintainers are exploring new safeguards. Signing and verifying images, enforcing policies to block untrusted deployment, generating SBOM, provenance attestation, and vulnerability scanning are ways to keep attackers from compromising software. To safeguard the software supply chain with Gatekeeper policy, we built Ratify for Gatekeeper which acts as an external data provider and returns verification data that can be processed by Gatekeeper. Ratify as a verification engine enables users to enforce security policies through the verification of image signature, vulnerability reports and SBOM. We’ll demonstrate how you can establish trust for container images by enforcing security policies with Gatekeeper and Ratify. You can admit for deployment only the images that comply with your admission control policy, resulting in a more trustworthy container supply chain.

容器供应链威胁正在上升；为了减轻这些威胁，企业和开源项目维护者正在探索新的保障措施。签名和验证图像、强制执行政策以阻止不受信任的部署、生成SBOM、来源验证和漏洞扫描是防止攻击者损害软件的方法。 为了通过Gatekeeper策略保护软件供应链，我们为Gatekeeper构建了Ratify，它作为外部数据提供者返回验证数据，Gatekeeper可以处理这些数据。 Ratify作为验证引擎，使用户能够通过验证图像签名、漏洞报告和SBOM来执行安全策略。 我们将演示如何通过Gatekeeper和Ratify强制执行安全策略来建立对容器图像的信任。您可以仅允许符合入场控制策略的图像进行部署，从而实现更可信赖的容器供应链。

• Contribute to the Linux Kernel - Juntong Deng

The showcase is my complete experience in the Linux kernel Bug Fixing Fall 2023 Mentorship. This included applying the LFX Mentorship, learning how to contribute to the Linux kernel under the mentoring of Shuah Khan, and fixing multiple bugs in the Linux kernel. At the end I also added new features to the Linux kernel that can help us find the cause of memory bugs. I want to encourage more people to apply for the LFX Mentorship and encourage more people to contribute to open source software.

• Introducing Support to Spatial and Geographic Data into Vitess' Datasharding Engine - Ayman Nawaz

Join us for an enlightening session as we delve into the integration of spatial and geographic data into Vitess' renowned data sharding engine. In today's interconnected world, businesses face increasing demands to manage and analyze vast amounts of location-based information efficiently. Traditional database solutions often struggle to scale and perform optimally when dealing with spatial data, presenting significant challenges for organizations seeking to leverage geographic insights.

• From Query to Insight:  A Look Inside Thanos Query Observability Features - Nishchay Veer

If you're someone curious to gain insights of your application's performance and behavior with the Thanos's enhanced PromQL engine and its groundbreaking observability capabilities then this session is for you. In this session we will explore the foundational work that has paved the way for query observability within Thanos.

Our speaker will take you behind the scenes, showcasing the integration of query telemetry, which includes crucial insights such as time consumed per operator. Learn how this feature transforms Thanos into a robust platform for monitoring, allowing you to gain deeper visibility into your data and queries.

So whether you're a seasoned monitoring professional or just starting out, tune in to get some valuable insights into the world of query observability and how it can empower your monitoring and observability practices. Don't miss out on the chance to stay ahead in observability technology and see firsthand how Thanos is leading the charge.

• From Mentorship to Mastery: Navigating My Way from Mentorship to Full-Time Kernel Developer - Anup Sharma

Join me as I go into my transformative journey from participating in the Linux Kernel Bugfix Mentorship Program to securing a role as a full-time kernel developer. Throughout this session, I will share the invaluable lessons and experiences garnered during my mentorship, which equipped me with a diverse skill set essential for navigating the complex landscape of the Linux kernel.
 
From mastering the conversion of device bindings to DT schema to improved my understanding of networking code, I'll uncover the pivotal moments that shaped my growth. Additionally, I'll illuminate the techniques I acquired for utilizing semantic patching tools and crafting driver code alongside corresponding device tree bindings.

• From Novice to LitmusChaos Maintainer: Learn to Make Valuable Contributions to Open Source Projects through LFX Mentorship - Namkyu Park

When individuals ask for advice on how they can contribute to open source, experts often suggest fixing documentation as a starting point. However, what comes next? This talk aims to provide a practical answer to that question. He will share his experiences as a newcomer to open source and offer guidance on how to begin your open-source contribution journey. Specifically, He will discuss the LFX Mentorship Program, which is a structured relationship between a mentor and a mentee designed to assist the mentee in achieving their open-source contributions. As a mentee in the program, he contributed to the CNCF's incubating project, LitmusChaos, and became a maintainer. He will also provide tips on how to find issues and emphasize the open-source community.

• Building Web Applications in Open Source - Mohit Mohit

During my LFX mentorship, I delved into the realm of building web applications in open source, a journey that culminated in the creation of a dynamic website. From conceptualization to deployment, I navigated the process with precision and creativity. Utilizing tools like Figma for design, React for frontend development, and Tailwind CSS for styling, I brought my vision to life with seamless functionality and aesthetic appeal. Leveraging the power of GitHub workflows, I ensured smooth deployment, marking the successful integration of design, coding, and deployment phases into a cohesive open-source project.

• Enable Fine-grained Pod Security Admission in Kyverno - Liang Deng

Pod Security Admission (PSA) is a built-in solution that applies different isolation levels of Pod Security Standards for Pods. With the release of Kubernetes v1.25, PSA has entered stable.

Regarding the current shortcomings of PSA, we use Kyverno to extend PSA for finer-grained and flexible policy control.

In the showcase, we will introduce Pod Security Admission and its current shortcomings. Following that, we will discuss how we can achieve fine-grained Pod Security Admission through Kyverno. Lastly, we will explain the effects it can have in real-world applications.

• Multiplayer Kubernetes: GitOps with Friends - Yash Sharma

Discover the transformative capabilities of Cloud Native Playground, powered by Meshery, an open-source, cloud-native manager. Experience the self-service engineering platform, simplifying provisioning, configuration, and management of your cloud-native infrastructure, enabling seamless operation of multi-Kubernetes deployments.
With Cloud Native Playground, embrace the power of GitOps and collaborative workflows. Free yourself from YAML intricacies as Meshery's extensible platform enables visual and collaborative GitOps, fostering multi-user collaboration. Explore the Cloud Native Computing Foundation's graduated, incubation, and sandbox projects, along with many other popular open source projects, to enhance your capabilities and leverage the full potential of the ecosystem.

Join me to witness firsthand how Meshery revolutionizes Kubernetes operations, enabling seamless orchestration across multiple environments made possible by GitOps principles and multi-user collaboration.

• Getting Started with Linux Kernel Development - Ghanshyam Agrawal

We will understand how to use regular expressions to find todos/ fixmes in the kernel, how to utilise syzkaller and how are patches submitted.

• Harnessing the Power of Open Source & Structural Hacking - Rohit T

During my time as a LFX Mentee, I worked under Kubescape to set up an automated documentation publishing pipeline. From generating documentation to reflecting those changes on the website hosted on another repo, I learnt a lot about Open Source, working async, structu

RISC-V has got noticed from many areas apparently. But in the real world there are the existing challenges for running workload on RISC-V based targets. From cloud to edge you can see the trend of deploying workloads on such sandboxed microservice platforms - containers, k8s, etc. Actually the underlying sandbox technologies are also evolving with something new like WebAssembly that's been considered as the future computing. In the real world we start running WebAssembly as an alternative lightweight runtime side-by-side with Containers and VMs. Here we'd like to review if-how we can build this multi-runtime platform on RISC-V where WebAssembly and container coexists. We will enable to deploy {WebAssembly, Docker} to RISC-V Linux running on a real RISC-V target, and further enable other open source utilities to RISC-V Linux distribution in order to help fit workload into WebAssembly and containers on RISC-V for next explore accelerating open software ecosystem on RISC-V.

RISC-V 显然已经引起了许多领域的关注。但在现实世界中，在基于 RISC-V 的目标上运行工作负载存在着现有的挑战。从云端到边缘，您可以看到在这种沙箱化微服务平台上部署工作负载的趋势 - 容器、k8s 等。实际上，底层的沙箱技术也在不断发展，出现了一些新技术，比如被认为是未来计算的 WebAssembly。在现实世界中，我们开始将 WebAssembly 作为一种轻量级运行时的替代方案与容器和虚拟机并存。在这里，我们想要审查如何在 RISC-V 上构建这种多运行时平台，其中 WebAssembly 和容器共存。我们将使 {WebAssembly，Docker} 能够部署到运行在真实 RISC-V 目标上的 RISC-V Linux，并进一步使其他开源实用工具能够适配到 RISC-V Linux 发行版，以帮助将工作负载适配到 RISC-V 上的 WebAssembly 和容器，以便探索加速 RISC-V 上开放软件生态系统的可能性。

Edge Computing makes the connection broader, faster and more agile, meanwhile it also brings the threat of cyberattacks to the edge of the network, which also puts forward higher requirements for the safety at the edge side. In addition, due to any forms like Internet, 5G, WIFI and other forms are possible, the network environment will be complex and the quality can't be guaranteed in the edge scnee. Therefore, supporting weak network environments which is also a challenge at edge site. KubeEdge is a cloud-edge collaborative architecture project for Kubernetes native edge computing. KubeEdge uses its own trusted tunnel to ensure the security of data transmission, it verifies, encrypts and authenticates all communications in this tunnel. This tunnel ensures data accessibility through QoS and provides a QUIC protocol to improve the performance of network reordering in weak networks. We will share how the tunnel of KubeEdge achieves these goals in this session.

边缘计算使连接更广泛、更快速、更灵活，同时也将网络威胁带到了边缘，这也对边缘安全提出了更高的要求。此外，由于互联网、5G、WIFI等各种形式可能存在，边缘场景中的网络环境将变得复杂，质量无法保证。因此，支持弱网络环境也是边缘场景中的一个挑战。 KubeEdge是一个针对Kubernetes原生边缘计算的云边协作架构项目。KubeEdge使用自己的可信隧道来确保数据传输的安全性，它验证、加密和认证该隧道中的所有通信。该隧道通过QoS确保数据可访问性，并提供QUIC协议来改善弱网络中的网络重排序性能。在本场演讲中，我们将分享KubeEdge隧道如何实现这些目标。

Feeling stuck in a rut with traditional Java development? This session injects a shot of AI innovation to supercharge your Java skills! Daniel will dive into Quarkus, a modern Java framework perfectly suited for building microservices, and explore how it seamlessly integrates with cutting-edge AI functionalities. Get ready to: - Boost Your Java IQ: Learn how Quarkus streamlines development and empowers you to build scalable, high-performance microservices. - Unleash the AI Powerhouse: Discover how to leverage AI capabilities within your Java applications. Daniel will explore real-world use cases, from intelligent data analysis and machine learning to chatbots and recommendation engines. - AI Made Easy: See how Quarkus simplifies the integration of AI models and services into your Java codebase, making AI development more accessible than ever. - Witness the Future: Uncover the exciting possibilities that emerge when you combine the power of Java with AI.

在传统的Java开发中感到困境？本次会话将为您的Java技能注入一剂AI创新的强心剂！Daniel将深入探讨Quarkus，这是一个现代化的Java框架，非常适合构建微服务，并探索它如何与尖端的AI功能无缝集成。准备好了吗： - 提升您的Java智商：了解Quarkus如何简化开发，让您能够构建可扩展、高性能的微服务。 - 发挥AI强大功能：发现如何在您的Java应用程序中利用AI功能。Daniel将探讨真实的用例，从智能数据分析和机器学习到聊天机器人和推荐引擎。 - AI变得简单：看看Quarkus如何简化AI模型和服务与您的Java代码库的集成，使AI开发变得比以往更加易于访问。 - 见证未来：揭示当您将Java的力量与AI相结合时所产生的令人兴奋的可能性。

Imagine the inevitable has already happened—you’ve had a security breach—and you’re now dealing with the aftermath. Organisations must act fast to ensure business returns to operations quickly while also figuring out how to prevent similar incidents in the future. By adopting new use cases, engineering teams are simultaneously accelerating the deployment of sensitive data across multi-cloud architectures and tapping into new risk factors. In this talk, we will use the “Data Security Bang” analogy and learnings from resilience engineering to answer questions such as: How could we do more left of bang (prevention) to help with the speed of right of bang (remediation)? The audience will be guided through a set of example scenarios in a 90s-style game, using Kanister, OPA, and Prometheus, in which they can make decisions on data security to guide the way towards a more robust infrastructure.

想象不可避免的事情已经发生了——您遭遇了安全漏洞——现在您正在处理后果。组织必须迅速采取行动，确保业务迅速恢复运营，同时还要想办法防止将来发生类似事件。通过采用新的用例，工程团队同时加速了跨多云架构部署敏感数据，并利用新的风险因素。 在这次演讲中，我们将使用“数据安全爆炸”的类比和弹性工程的经验教训来回答诸如：我们如何可以在爆炸之前做更多的事情（预防），以帮助加快爆炸之后的速度（补救）？观众将通过90年代风格的游戏中的一系列示例场景，使用Kanister、OPA和Prometheus，来做出关于数据安全的决策，引导通往更健壮基础设施的道路。