Hot on the heels of SCaLE 22x I found myself on the way to Bangkok for the 2025 edition of FOSSAsia Summit.
This meant an eleven hour flight from Los Angeles to Tokyo (Haneda), a seven hour layover in Japan followed by a seven hour flight to Bangkok.
In coach. (sigh)
But it was worth it.
I had never attended a FOSSAsia event before. I was supposed to speak at the one last year but a last minute work conflict required me to cancel. My teammate Rich did go, and he was supposed to return this year but he had a last minute issue so I went in his place.
I had been to Thailand once before, in 2010, and I had really enjoyed it so I was looking forward to coming back. The traffic can be a nightmare so I made sure to book a hotel near the BTS Skytrain. The venue for the conference was True Digital Park West and it was right off the Sukhumvit line.
Now I’ve been in a lot of major cities but I’ve never seen a public transit system this clean, with the possible exception of Tokyo. I really want to meet the person who designed the BTS Skytrain, as it is an elevated track but in addition to the track itself there is a pedestrian walkway just underneath it (if the track is about 10m above the ground then the walkway is around 6m to 7m high positioned directly under it). This gets you out of the noise and exhaust of the traffic, and gives you cool views like this one.
I got into Bangkok late Wednesday evening (having left LA about 1am California time) so I didn’t do much that night, but I got up the next morning eager to visit the show. One weird thing about Bangkok is that it can be hard to get from one street to another. Most of the roads that go from one street to another are private or end up being dead-ends. The maps app on my mobile took me all the way down the road the hotel was on and then I had to backtrack up Sukhumvit to get to the station. I would later figure out a shortcut through the park, and when I needed air conditioning, I could cut through a big shopping mall called the Emsphere.
Did I mention Bangkok was hot? (grin)
The first challenge I faced was getting a ticket for the Skytrain. I had done some research so I knew that I could get one from a ticket machine, but the machine only took coins. Every time I return from another country I tend to save the local currency in an envelope, so I had grabbed the money I had left over from our trip in 2010 before I left. According to the machine I needed to pay ฿57 but all the change I had added up to ฿49. I had notes but the machine didn’t take them. (sigh)
I then went up to the kiosk and attempted to buy a Rabbit card. This is a pre-paid transit card (similar to an Oyster card in the UK) but I couldn’t buy one without my passport and I had left my passport in the hotel. I was able to buy a day pass for ฿150 which is what I would end up doing every day I was in Bangkok because I ended up using the BTS a lot and it paid for itself after three trips.
I boarded at the Phrom Phong station and took it six stops to the Punnawithi station. On the first day I walked down to street level and then followed the road to True Digital Park West. I would learn that I could have just used the elevated walkway that would allow me to walk directly into the venue close to the level the conference was on, and that’s what I would do for the rest of the Summit.
I was somewhat confused over the name “True Digital Park” as my first thought was that implied there was a “False Digital Park”. I learned that True is the name of a major communications conglomerate and these facilities were created to foster entrepreneurship in Thailand by providing things like co-working space (and space to hold conferences such as FOSSAsia Summit).
It was a really cool building, very high tech. I liked that AWS got a shoutout on the large central columns that were also screens.
Once I signed in and got my badge I wandered around the venue. The main entry area held most of the Exhibition booths with several more overflowing into the first meeting room. The second meeting room was where most of the keynotes were held, and there were other training rooms available for specific breakout sessions (mainly during the PostgreSQL sub-conference on Friday).
While I knew I would see at least one familiar face, Peter Farkas from FerretDB (he was also at SCaLE and told me he was coming), I was surprised to hear someone call my name just before the keynotes started.
It turns out it was Bernd Erk, who runs a company in Germany called Netways and is also one of the maintainers of the Icinga network monitoring application. He hosts a monitoring conference every year and back when I was focused on monitoring I was always eager to attend. He was speaking at the conference and I would also end up hanging out with him and his coworker Sebastian (along with Peter) for much of the time I was in Bangkok.
My main goal in attending FOSSAsia was to understand how open source is viewed in Asia (and ultimately how to promote it even more). I spend a lot of time in the US and Europe but very little time elsewhere.
I didn’t have to wait long for the answer. The keynotes were hosted by Mishari Muqbil and Kamolphan Liwprasert.
They pointed out that the digital economy in Thailand has almost doubled in the last four years, and a most of that has been driven by open source software.
It was also emphasized that open source is key to digital sovereignty. Since I live in the US I often don’t think about how technology choices outside of my country need to include a discussion on where the technology is located and who controls it. Open source, by its very nature, transcends geopolitical boundaries.
The next talk was delayed because the speaker was stuck in traffic (grin) so instead we took a group photo and the hosts rearranged the schedule a bit. I haven’t been able to find the group photo online, unfortunately.
The format the Summit used has become one of my favorites for conferences. The first part of the day is a single track of presentations, with multiple, simultaneous sessions being held in the second half. This way I get exposed to talks I might not normally attend, but I can also choose the sessions I want to see later in the day.
In the updated schedule, the first talk was by Dr. Tiranee Achalakul, who talked about Thai LLMs.
A lot of the focus with foundational models has been on English language training material. Thailand has a long history and its own language and alphabet, and there are a number of efforts underway to create Thai-language based models to provide services to Thai people in their native tongue.
The term “open source AI” was used on at least one slide, and my hackles go up every time I hear it, since there isn’t a solid definition (the OSI one is deeply flawed). Any model called open source must include access to the training data.
I did like this slide which pointed out that they plan to share as much of the training data as they legally can, that they use quotes around “open” models and that they plan to openly license the models they create.
The next speaker was Pachara Naripthaphan, who was the person stuck in traffic and scheduled to go first (he was rightly teased for not taking public transportation).
Done in the form of a fireside chat, I thought this was a pretty brave talk. Naripthaphan works for the National Broadcasting and Telecommunications Commission (NBTC) and while freedom of speech is granted in the Thai constitution, in practice there are a number of cases where people have been imprisoned for things they have said. Since the NBTC is responsible for much of the communications infrastructure in the country, you can imagine that the atmosphere there is very conservative and political. When the usual “move fast” mantra of tech meets possible prison time it is sure to motivate people to be very cautious. That said there are those like Naripthaphan who are working to create more transparent frameworks even though it is a big challenge.
The next presentation was a little more upbeat. It was given by Teofilo Narboneta Zosa and Jehandad Kamal, who work for the Japanese e-commerce company Mercari.
As with many companies, Mercari is working to add GenAI features to its products. The part of this talk I enjoyed the most but still can’t get my brain around is the “evaluation” phase. While I’ve understood that it is possible to evaluate a response given by a GenAI agent and to provide feedback, I thought the process had to be manual. I took from this talk that there are ways to automate the evaluation process, which would make training models much easier. This is something in which I need to dig deeper as I didn’t quite get it during this session.
The next speaker didn’t talk about GenAI. Roger Dingledine is one of the creators of the TOR protocol. TOR stands for The Onion Router and it is a way obfuscate network traffic.
TOR gets a lot of negative press because any encryption/anonymity service can be used for illicit purposes. Heck the very first scene in the Mr. Robot television series calls out TOR as being used for CSAM. But on the other side it can also protect whistleblowers and disenfranchised people in areas with strict censorship.
You may think that your internet traffic is secure because you use SSL (the “s” in website addresses that start with “https://”) but that only encrypts the payload. The metadata: who you talked to, from where you talked to them and how long the conversation lasted, is still in plain text. For some people that information is enough for them to come to physical harm.
For example, I just looked at my Apache webserver logs and found this:
51.8.167.73 - - [25/Mar/2025:15:18:35 +0000] "GET /wp-content/upgrade-temp-backup/wp-login.php HTTP/1.1" 301 616 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:35 +0000] "GET /wp-content/upgrade-temp-backup/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:36 +0000] "GET /wp-admin/css/colors/ectoplasm/wp-login.php HTTP/1.1" 301 614 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:36 +0000] "GET /wp-admin/css/colors/ectoplasm/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:37 +0000] "GET /wp-includes/images/media/wp-login.php HTTP/1.1" 301 604 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:37 +0000] "GET /wp-includes/images/media/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:37 +0000] "GET /wp-content/plugins/wp-login.php HTTP/1.1" 301 592 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:37 +0000] "GET /wp-content/plugins/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:38 +0000] "GET /wp-includes/Text/Diff/Renderer/wp-login.php HTTP/1.1" 301 616 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:38 +0000] "GET /wp-includes/Text/Diff/Renderer/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:38 +0000] "GET /wp-includes/js/wp-login.php HTTP/1.1" 301 584 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:38 +0000] "GET /wp-includes/js/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:39 +0000] "GET /wp-includes/customize/wp-login.php HTTP/1.1" 301 598 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:39 +0000] "GET /wp-includes/customize/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:40 +0000] "GET /wp-admin/css/colors/blue/wp-login.php HTTP/1.1" 301 604 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:40 +0000] "GET /wp-admin/css/colors/blue/wp-login.php HTTP/1.1" 404 472 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:40 +0000] "GET /wp-includes/Requests/Response/wp-login.php HTTP/1.1" 301 614 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:40 +0000] "GET /wp-includes/Requests/Response/wp-login.php HTTP/1.1" 404 613 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:40 +0000] "GET /wp-content/plugins/revslider/public/assets/assets/sources/wp-login.php HTTP/1.1" 301 670 "-" "-"
51.8.167.73 - - [25/Mar/2025:15:18:40 +0000] "GET /wp-content/plugins/revslider/public/assets/assets/sources/wp-login.php HTTP/1.1" 404 472 "-" "-"
While I no longer run Wordpress, someone from 51.8.167.73 is trying to hack into my server using, what I assume, are known Wordpress exploits. That IP address is owned by Microsoft Deutschland, which I assume provides some service that a threat actor is using since I doubt Microsoft wants to hack my blog.
Websites can learn at lot about you from such connection logs.
When you use TOR, your requests are encrypted, pushed through a web of intermediate servers, and then unencrypted at the “exit” node which then connects with the site you wanted. While it isn’t impossible for a threat actor to be able to trace the entire route back to you, the chance that any one single organization would have enough control to do that is minimal.
Anyway, Roger was holding an Ask Me Anything session later that day so I’ll hold off on my TOR thoughts for a bit.
Frank Karlitschek was the next speaker. I had seen this presentation before but it was still interesting to see it again. Karlitschek founded a company called ownCloud that was building open source software to host services usually provided by cloud companies like Dropbox. He became unhappy with the direction the company was moving, so he left and forked his own project into Nextcloud.
I use Nextcloud every day, occasionally for file sharing but I use the News app constantly. It’s an amazing piece of software and I only scratch the surface of its capabilities.
Nextcloud is odd in that they don’t offer professional services, which is how many open source companies generate revenue. Instead they offer various tiers of support (which does include limited consulting in some plans for such things as custom branding of a client’s Nextcloud Hub). I’ve followed them for some time and it is hard to think of another company that has been this successful while remaining completely independent.
This presentation was followed by another fireside chat featuring Chung Wei Tat, Marco A. Gutierrez and Peter Membrey talking about how open source can change your life.
I’m an old, and when I was starting out most employers wanted experience in order to give you a job but you can’t get experience unless you have a job. It’s a Catch-22. In college I was lucky enough to participate in a cooperative education program and I did well enough that my host company offered me a job once I graduated, but for many people this isn’t an option.
Enter open source. If you get involved in a project you can build up quite a record to demonstrate how you work with other people, what you can contribute and what are your major skills. Sending someone a link to a Github page that’s all green will go a lot further than a school transcript.
The final talk of the morning was by Chanon Pattrathiranond. It was a sales pitch to get “digital nomads” to move to Thailand. Even though I am firmly planted on my farm out in the woods, I was swayed. Thailand is full of friendly people, it is very affordable and it boasts some amazing network infrastructure.
One slide reported that the average wired broadband speed is 237Mbps, which was taken from this article based on speed test results. This puts Thailand 13th in the world (the US is 7th on that list). I’m not sure I believe those numbers, especially the one for the US since until recently the best broadband speed I could get was 10Mbps, but it does mean that one shouldn’t have any issues with connectivity while working in Thailand.
But you need to be into being hot. I might have mentioned that. (grin)
A box lunch was provided by the conference. It was tasty. It was Thai food but over there they just call it “food”. (grin)
After I went to the Ask Me Anything TOR talk by Roger Dingledine. Now that I have decent bandwidth I am thinking about participating in the TOR network, but I also don’t want to negatively impact my connectivity. He was very transparent in that I probably didn’t want to be an exit node unless I had two IP addresses, as exit nodes are often blocked by some networks. He said the easiest thing I could do would be to install Snowflake. This is a browser extension (also available as a stand-alone app) that uses the WebRTC protocol to carry TOR traffic. Since WebRTC is what is used for things like video calls, it would appear to anyone analyzing the traffic to be something other than TOR traffic. It acts as a bridge node (no exit node) and so it offers and easy way to get involved without having to worry about your IP address getting blocked.
To be honest I haven’t tried it out, but the technology looks sound.
At the end of the day’s conference I took the Skytrain back toward my hotel. I took a short video showing the station.
Friday didn’t have any keynotes and was also the start of PGDay.
AWS sponsored a booth in part to promote our involvement with PostgreSQL.
The first talk I attended was given by Michaël Paquier of AWS. He is based in Japan and it turns out we were on the same flight to Bangkok, although we didn’t know that at the time.
I have a long history with PostgreSQL. Starting in 2001 I worked on a project that had chosen Postgres over the (then) much more popular MySQL, and we caught a lot of flack for it. The main reason was that we needed stored procedures and MySQL didn’t support those at the time. Now Postgres is seen as the leading open source relational database and they have created an enviable community around the project.
The leadership is very distributed. The seven core members come from six different companies, so there isn’t a single corporate sponsor with outsized control.
Plus is it a pretty cool application.
The next talk was by my friend Bernd Erk. He talked about how the convenience of proprietary systems is leading to vendor lock-in, and that the open standards that allowed Linux and the Web to thrive are in jeopardy. I know I love the convenience I get from my Apple products, despite the lock-in, but there has been a push to open things up that resulted in support for RCS on iOS.
Since I don’t get to Bangkok very often I wanted to stop by the AWS office, so I left around noon. In the morning the BTS Skytrain can get crowded.
The office in Bangkok is the nicest one I’ve visited, and my new friend Nicha Suebwonglee said that it is the best in Southeast Asia with Singapore being a close second. It was nice to talk with her about the state of open source in the region and especially Thailand, and I came away with some ideas for how we can help make it even better.
The final day found me in a presentation by Richard Hartmann of Grafana. I’m still a network management nerd (“network management” is what we used to call “observability”) and really enjoyed his talk. He talked about how “observability” has become a buzzword and worked on defining it and describing how to do with while keeping costs down. As an old we used to define observability as the FCAPS model, but I guess that has fallen out of fashion.
The last talk I went to was by Dominik Tornow on “Squashing the Heisenbug” in distributed systems.
In the (good) old days, most applications were monolithic, i.e. they existed on one piece of hardware. Modern applications are distributed, meaning that data must be shared across multiple hardware and software instances. These data can get lost, can get out of order and can get duplicated, all of which can lead to bugs.
Tornow talked about using Deterministic Simulation Testing to address this issue, and while it went over my head pretty quickly I was reminded of TLA+ that Leslie Lamport talked about at SCaLE.
The rest of my time at the show was spent in the hallway track making new friends. I mentioned that part of the Exhibition hall overflowed into the first room. While I was there I overheard a panel going on in the same room (I can’t seem to find it on the schedule), but what caught my attention was one of the panelists (I’m pretty certain it was the third person from the left) stating loudly “There is no dash in ‘open source’” and that made me want to applaud. (grin)
[UPDATE: Rich informs me that the third person from the left is none other than Harish Pillay, and the panel was “Open Source: What’s Next?”]
One thing I like about open source is that I can go to pretty much any country and find like-minded people in the FOSS community, and this was no different. I felt a lot of energy from the attendees more so than at other shows, and I think we will see great things come out of the region.