Jump to navigation Jump to content

Speaker

Vipul Gupta

Vipul Gupta

Senior Software Engineer, Docs Lead @ balena, Runs @ Mixster, Comms Lead @ PyCon India

Noida, India

Actions

Vipul Gupta is a seasoned engineer with a niche expertise in building hardtech products, scalable pipelines, & sustaining communities. He runs Mixster, an initiative to write open-source docs for startups.

Occasionally reads, meticulously documents, and continuously automates, Vipul has been part of programs like Google Summer of Code, ALiAS AMA program & Google Code-in. He is the comms lead for PyCon India, runs a 3000+ students community - ALiAS, and organizer for GitHub's GitTogether community.

Links

Area of Expertise

  • Business & Management
  • Information & Communications Technology
  • Travel & Tourism

Topics

  • IoT
  • Hardware
  • open source
  • AI Safety
  • NodeJS
  • Containers
  • Supply Chain

Sessions

How Insecure Defaults Led to Undetected Supply Chain Incident: A CI/CD Security nightmare

As an open-source company publishing packages and contributing widely, we navigate the complex balance of open code and private signing credentials for macOS, Linux, and Windows. This combination became a serious vulnerability when insecure defaults in our CI/CD pipeline created an undetected attack vector with potentially devastating consequences.

In this talk, we unpack how a 2-year-old token - exposed via a misconfigured Action, with no expiration or alerting — enabled bad actors to potentially manipulate public images and forced revocation of our code signing credentials.

We’ll walk through:

1. Our detailed forensic investigation: diffing registry images, scanning across npm, PyPI, and Docker Hub, and tracing the exposed token.

2. What went wrong: lack of artifact scanning, weak secret hygiene, and implicit trust in CI defaults.

3. Practical security improvements you can make — automated scanners, secret permissions, security reviews, and much more.

By sharing our experience, we aim to help the community identify and mitigate this highly exploitable attack vector that can remain undetected for years to prevent supply chain attacks before they happen.

Battle Testing Javascript for the Edge: Hardware in the Loop

JavaScript has conquered the cloud, but the final frontier lies at the edge where hardware constraints meet real-time demands.

This talk will explore a methodology to validate JavaScript applications directly on the IoT device using open-source Hardware-in-the-Loop (HIL) testing frameworks like Jumpstarter, Leviathan etc.

In this talk, you’ll learn how to:

- Implement automated HIL testing pipelines that validate JavaScript performance on actual edge hardware.

- Design specialized stress tests that expose memory leaks and performance bottlenecks unique to edge environments

- Create reproducible test scenarios that mimic network degradation, power fluctuations, and hardware failures

- Build telemetry systems that capture meaningful metrics from edge deployments

Through case studies of production failures and live demonstrations with actual edge devices, I’ll show how these techniques transformed our deployment success rate from 68% to 99.4% while reducing debugging time 10-fold.

Whether you’re building for IoT, retail kiosks, or industrial applications, you’ll walk away with practical tools to ensure your JavaScript thrives where the cloud ends and the real world begins.

How Balena releases 100's of embedded operating systems with GitHub Actions in hours, not weeks

BalenaOS is an open-source embedded Linux OS supporting 90+ boards. That's 90+ balenaOS releases being built, tested, and released by GitHub Actions without any human intervention.

With hundreds of versions, high stakes, and reliability being crucial factors in IoT industry, how exactly do we release balenaOS not as fast as possible but as confidently as possible (ACAP)?

This is where a hardware-in-the-loop (HiTL) pipeline built with GitHub Runners comes in the clutch to test software end-to-end on actual devices using an open hardware test harness (jig) called Autokit.

In this talk, we dive deeper into GitHub actions for building an efficient hardware-in-the-loop pipeline. How it helped scale our toolchain to develop an OS, test it, debug it, and eventually release it to production effectively in hours, freeing weeks of manual testing done by our engineers. And, we will explain all this and more by taking you on a journey. From a GitHub pull request to release, exploring each step of the way.

Vipul Gupta

Senior Software Engineer, Docs Lead @ balena, Runs @ Mixster, Comms Lead @ PyCon India

Noida, India

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top