View this post on Hive: Yow! Conferences (by developers for developers) 2019 in Sydney, Australia
What is Yow! ?
From Yow!'s website:
The aim of YOW! is to bring together internationally recognised speakers and developers to encourage excellence and innovation in the local development community. We cover the emerging technologies and best practices in the software industry – regardless of technological platform or language – without commercial hype.
I have know Yow! a couple of years ago when I have been sent there with a colleague (a QA engineer) when working at SBS On Demand and I got a very good experience out of it and learned quite a few interesting things I could bring back and discuss with the team.
This year, I suggested to my manager that the department should send the whole dev team out so that everyone can benefit of it and we can be on the same frequency when discussing the points that were presented. It was a very nice to see that the suggestion has been approved and the four of us got a ticket for the two conference days.
The conferences being held in Sydney means that me and my colleague have to leave home 30 minutes earlier. The sky was covered by a thick screen of smoke as you can see the orange haze in the photo above. It's been like this almost every day as the bushfires have not stopped for weeks! It's so bad that a group of 21 firefigthers in Canada volunteered to give up Christmas with their family to come and help Australia after the call for help! Thank you guys, really 💖
After the registration and breakfast, we went to the introduction and first key note. I went on the "Evolving Chaos Engineering" talk by Casey Rosenthal and "Frictionless Frontends for Backend Developers" by Mandy Michael. Both talks were very good although the Mandy's talk was too basics for me but it was supposed to be.
During lunch time, we went around the different stands setup by sponsor companies to get our freebies (T-shirt, thermos, pens etc... some of them are quite cool actually) and register for the big prizes raffles organised by each of them. There were some really awesome prizes to be won, check this 7500+ Star Wars LEGOs for instance:
Or this Nintendo Switch inside a bock secured by a padlock.
Now here is a funny / disappointing (for me) story. See that instructions panel on top of the box? It says in big "Crack the Code to Win".
Having spotted "Crack the Code" from afar and seeing the padlock, I thought to myself, "Ooooh, a contest for cracking the combination of a padlock?! That's original! And they must have bought a good one", so I went there and started messing with it and unlocked the lock in less than a minute, it took me a bit long because there was not many angle I could hold the padlock due to the fact that it was attached to a light weight box. I happily showed the feat to the organisers who were not expecting the code to be cracked that early in the day. Oh well...
The prize was taken out of the box and as we were re-packaging the console into its box, another member of Auth0 asked me about the code and how I found it. When I explained that I did it by feeling she was like ...wait a minute, so you didn't go on the website and solve the puzzle..., me: "no", her: "that's cheating" and continued saying to her colleague "I'm not giving this to him, he does not even know the code...". So the console was put back into the box to be then opened again 10 minutes later by another person who solved the puzzle.
Well, did you notice the QR code in the panel above? I was supposed to scan it, go to their website, fill the form with my personal details, get the puzzle from the result page, solve it and do one single attempt at entering the code to try open the lock... 🤦♂️@gandalf, upon hearing my story said "That's absolutely brilliant illustration on how the security is often approached by the dev industry." He might want to come around and elaborate on this in the comment section for all to hear but here is my take on this anecdote.
Thinking about it again, yea not everyone has padlock cracking skills and it was fairer for everyone that the challenge to be won by solving a puzzle. But really, the instructions should have been clearer. "Crack the code to win" well, I did crack the code didn't I? Literally... This reminds me of how some websites don’t give clear instructions to their users on how to perform certain actions, UX & D is important. If the user have to guess how to do something or if they need to dig for the info then the design needs improvement.
But as @gandalf said, this is showing flaws in security similar to what you can encounter in software development. The box is locked by a good size padlock so it must be really secure. It has 4 digits which means 10000 possible combinations, even a brute force (trying all possible codes one by one in sequence) might take a while when done manually. But give it to someone who knows what they are doing and they can open it in no time. On the second day of the conference, they changed the code and at the end of the day, I tried to crack it again for fun and it took me only 10 seconds. This is to say that an app that has a login screen with login and password does not necessarily is not necessarily secured. As several talks mentioned it in day 2, even 15 year old kids in their bed room were able to breach into system of very large corporation or government's systems.
Anyway, I went outside with a colleague to get some drinks as the queues were too big and this is what we saw:
That's no fog, that's smoke! The smell of it went up into the conference rooms... sigh...
The afternoon went great with some good talks especially the last keynote from James Lewis about "Scale, flow and microservices".
The second day started with an amazing keynote "Rise of the Breaches" by Troy Hunt:
Data breaches are the new normal. We’ve created ecosystems with so many moving parts and so many complex units, it’s little wonder that we so frequently see them go wrong. A combination of more systems, more people, more devices and more ways than ever of producing and publishing data stack the odds in favour of attackers breaching more systems than ever.
Troy delivers his presentation with such energy and humour it was a really easy to go through it. The information he shared was eyes opening and scary at the same time with stories such as being able to control a car remotely from any computer in the world due to security negligence from the software developers.
Another one I did enjoy was "Automating operations with Machine Learning" by Matt Callanan who talked about how Machine Learning (Artificial Intelligence) can help monitoring for signals that tells that a system is going to break soon and remediate to it by removing a lot of manual tasks.
Lunch time. This morning in the train, as I was uploading all the photos for the top part of this blog, I realised that Steemit multiple image upload was buggy (yea, this is a new feature I added that is not out yet 😜) so I started to fix it during the trip down to Sydney. I took few minutes to complete the job during the lunch break and found a spot on the floor near a power socket and submitted the extra code to GitHub while sipping my Yerba Mate to give me some caffeine kick.
After more talks, most of which have a strong focus on security, it was a very exciting time for all the attendees: the raffle! There were Nintendo Switch, PS4 Pro, Star War Legos, Wireless NR headphones, skateboards and even a 3D printer, etc... to be won!
Two of my colleagues have even won twice! Lucky bastards!
The day ended with more great talks to attend like this one called "Does agile make us less secure?" by Michael Brunton-Spall
This year, Yow! has again organised a very cool and interesting conference with so many great speakers. I'm very happy that my whole dev team was able to attend together, thank you SBS On Demand!
Some talks are OK but in general I think they were very interesting and it's great to see what others are doing. It makes you think about practices within your own team or organisation. Will we be able to apply them back at work? Maybe some, maybe it will take time to do so but at least we have learned something different.
What I did not like so much: this lanyard was noisy, everytime you moved, the clips were clinking
What I found cool: The Cognitive Pinball project by Microsoft. A camera at the top monitors the game while another one on the side monitors the score. In the morning, the machine does not know how to play but with Machine Learning it then progressively learns how to play properly.
Previously on my blog:
- Update on GINAbot new Web Portal development - 2019-12-04
- Witness Earnings Weekly Report - 2019-12-02
- Adding contextual menus to Steem Keychain
Vote for my witness
On Steem, Witnesses are playing the important role of providing a performant and safe network for all of us. You have the power to choose 30 trusty witnesses to package transactions and sign the blocks that will go in the Steem blockchain. Vote for me via SteemConnect to help me do more useful projects for the communities.
|I'm a member||of these communities|
- The image at the top has been generated with the Canva app using my own photo.
Banner by @josephlacsamana
Protect your money against Phishing Scam!
Cryptos accounts are the target of international scammers because they want your hard earned money!
Those people are very clever and in a moment of inattention, you've given them your login and password!
I've created a Chrome extension that can help you detecting scam links!
Password and Private Keys security
You all know that your Steem password is the access to all your STEEM, SBD, posting, transferring, everything... right?
So, please, follow these simple steps and keep yourself safe:
- Apart from the initial setup of your account, NEVER use your password ANYWHERE, if stolen, it will give full control to your Steem account.
- Backup your password and keep it somewhere safe. Use a password manager like Lastpass, print it on paper and put it in a safe (no kidding). If you forget your password, no one can help you out.
- To login for creating content and curating, use your Private Posting Key
- To make transfers and account operations, use your Private Active Key
- To encrypt and decrypt memos, use your Private Memo Key