experiences
On Thursday, May 7, I visited another NLUUG conference together with ProcoliX, the spring edition this time. During the day, I attended several sessions that showed how technology has become much more than just 'something technical'. Topics like policy, digital independence and security came up a lot throughout the conference.
Photo via NLUUG
The opening presentation by Beau Woods focused on the relationship between open source communities and public policy. He explained how dependent society has become on open source software, while policymakers and technical communities still often do not fully understand each other. According to Woods, the open source community can no longer afford to stay out of discussions when new laws and regulations are being created.
Using examples of European cybersecurity legislation, such as NIS2 and the Cyber Resilience Act, he showed how collaboration between hackers, developers and policymakers can help create better regulations. What stayed with me most was the idea that open source is about much more than just developing software. According to him, the open, transparent and collaborative way of working in open source could also work very well in policymaking and regulation.
During his presentation, Jeroen Baten talked about digital autonomy in software development in a way that was funny AF. He introduced Forgejo Actions as an open source alternative to CI/CD platforms such as GitHub Actions and GitLab CI/CD. He showed how relatively easy it is to run workflows on your own infrastructure without depending on large commercial platforms.
Besides the technical explanation of Forgejo servers, runners and workflow files, the presentation mainly focused on the strategic value of self-hosting. It was not just about CI/CD, but also about the question of how much control developers still want to hand over to large platforms. He also mentioned Codeberg as an example of a growing European open source ecosystem focused on transparency and independence.
The session by Frank van Vliet was all about the 'hacker mindset': looking critically at systems and constantly asking yourself what could go wrong. Using examples from Kubernetes security and GenAI prompt injections, he demonstrated how small design choices can create major vulnerabilities.
What made this presentation strong was the combination of technical depth and clear explanations. Even without deep knowledge of Kubernetes or AI, it was easy to understand why certain patterns can be dangerous. The presentation clearly showed that security starts with being curious and thinking critically. By looking at systems from the perspective of an attacker, risks become visible that might otherwise be overlooked.
A talk about AsteroidOS, a Linux distribution for smartwatches, showed how it offers an alternative to the closed ecosystems of major smartwatch manufacturers. Jessica Tran explained that the system runs entirely locally on Linux, without requiring mandatory accounts or proprietary software.
Besides the technical side, she also showed several supported smartwatches and demonstrated what is possible with a fully open system on your wrist. Once again, the idea of staying in control of your own technology played an important role. That idea, using technology without becoming fully dependent on large companies, was actually a recurring theme across several talks during the day.
JC van Winkel talked about his fifteen years as a Site Reliability Engineer at Google in Zรผrich. His presentation gave a unique look into working for a hyperscaler, where systems operate on a global scale with billions of users and massive datacenters. The presentation focused not only on technology, but also on Google's culture: problems should not just be identified, they should also be solved. JC spoke about his work on Monarch, Google's monitoring system, and about SRE EDU, a training program where new engineers learn how to handle realistic outages and incidents. He also discussed how Google has changed over the past fifteen years, from a 'mobile first' company to one that is now heavily focused on AI and automation.
The NLUUG Spring Conference clearly showed how broad the open source world has become. It was not only about software or infrastructure, but also about policy, digital independence, security and ownership of technology. Almost every presentation eventually came back to the same question: how much control do you still have over the technology you use every day? That combination of technology, social impact and digital autonomy is what made this conference interesting to me.