RSA, TLS, SHA, MD5. So many acronyms and so little time dedicated to security. Security is more and more of a concern for enterprises nowadays. With some of the recent data leaks, and the astronomical fines associated with them, users and businesses want to know that their data is safe and secure. As a developer, though, security sometimes comes as an afterthought. Cryptography is a complex world, but it doesn’t have to be complicated to implement. In this talk, the speaker will introduce the basic concepts of hashing and encryption and will follow to present how to use those encryption algorithms to store data in a database securely.

When it comes to distributed, event-driven messaging systems, we usually see them supporting either one of two types of semantics: streaming, or queueing, and rarely do we find a platform that supports both. In this presentation, we’ll first get an introduction and some clarifications of event-driven versus message-driven systems, event streams, and stream processing. We’ll then take a look at Apache Pulsar which offers a very unique capability in modern, cloud-native applications and architecture, in which its platform supports both Publish-Subscribe and Message Queues, and extends into streams processing as well as performs message mediation & transformation. We will see how it works closely with and relies on Apache Bookkeeper for its durable, scalable, and performant storage of log streams, and leverages on Apache Zookeeper to manage the otherwise very complex ecosystem. We will then compare Apache Pulsar with the popular Apache Kafka platform to understand some of their key differences as to how Pulsar can overcome some of Kafka's limitations. With Pulsar's flexible architecture and cloud-native readiness, we will take a look to see how it can be integrated and work collaboratively with the popular Spring framework.

Do you want to test all of your Entity Framework queries without setting up a test database? Do you want to test your API without leaving Visual Studio? Do you want to add integration tests to your CI build without adding another library? Do you want to "cheat" and hit 95%+ code coverage? In this talk, I will walk through using the WebApplicationFactory (Microsoft.AspNetCore.Mvc.Testing) library to spin up your API in memory. I will then show how to add an in-memory data connection. Finally, I will pull it all together and show a full integration test.

Typescript continues to grow in popularity and is the standard for javascript precompilers. In this talk, we will explore some of the more useful language features that help you be more productive and confident in your code.

The majority of our time will be spent with live coding examples. Bring your laptop so you can clone my git sandbox and explore these features along with me. Some exposure to typescript is recommended, but not required.

Some key metrics to look at/review to do a quick health check for those utilizing Agile.

There are many agile pieces but most companies have the ability to look at a metrics and see what is missing, and more importantly, dive into the why of where they grade lower on the health scale.

• Team chemistry
• Team metrics
• Stakeholder engagement
• Prioritization
• Product review
• Feedback loop

This workshop is a very hands-on and guided activity to learn about, architect, and implement a real-world, serverless solution in the Microsoft Azure ecosystem.

The tools utilized for the solution will include Azure Functions, Cosmos DB, Event Grid, Logic Apps, Application Insights, Azure Computer Vision, and Azure storage.

After completing the workshop, attendees will be able to take the skills they've learned and apply them to solutions for both enterprise and personal projects, and will have a much better understanding of how information can flow between Azure serverless platform services to implement a robust serverless solution.

In 2014 Dave Thomas, one of the founders of the Agile movement, famously stated that ‘Agile is Dead’. But the reality is that agile isn’t dead, it has become something far worse - the ‘undead’. Shambling managers of ‘agile’ organizations are continually debating/embracing process to seek out the ‘Braaaiins’. Those with actual agility are scrambling to safety in hopes that they aren’t consumed by the zombie horde.

Can you avoid those who are infected by their captivation to procedure? If not, can you gain immunity by selectively embracing effective aspects of their process? Furthermore, can this immunity aid in finding a cure through empirical observation and the rejection of ineffective practices? Is it possible to achieve this without endangering oneself?

Join Joel and Ellie… er….. an Agile Survivalist in an exploration of the infected, how to endure and survive, and maybe even how to purge the zombies in your environment.

As agilists, we are told to "stop starting and start finishing more" - but what does that really mean? We are told to "limit your WIP" - but why? We're supposed to avoid un-planned work - but how can a little un-planned work hurt us?

Let's explore flow theory through the lens of Kanban Systems. We will cover the basic value and principles of Kanban and then experience working in a Kanban System using the getKanban Board Game.

The getKanban Board Game is a physical simulation designed to teach the concepts and mechanics of Kanban for software development in a class or workshop setting. It's hands-on, engaging, and fun!

If you’re like a lot of developers, you’ve probably used Redis. You’ve probably used it as a cache—which it does amazingly—and you’ve probably cached strings. But Redis is much, much more than just a cache. It can be a message broker using queues, streams, and pub-sub. It can be a multi-model, in-memory, NoSQL database storing all sorts of data structures like hashes, lists, sets, and binary data. It can even be extended using modules to add new commands, new data structures, and new capabilities.

In this workshop, I’ll show you how to take full advantage of all that Redis can do from your Node.js applications—starting from the very beginning with a primer on Redis. We’ll cover the basics—talking to Redis from the command line and exploring its capabilities. Then, we’ll take advantage of those capabilities from Node.js, building some simple yet surprising powerful applications using the low-level Node.js client—Node Redis. After that, we’ll look at ways to extend Redis with modules, with an emphasis on using RediSearch to find the data and RedisJSON to store documents.

Redis does a lot more than you probably thought. The whole point of this workshop is to show you that “more” and give you the knowledge to take greater advantage of the Redis you are already using. So, let’s start learning and start using!

It's one thing to read about spring boot, spring data JPA and other technology. It's even better to generate a short, self-contained, correct ready-to-run example quickly. Thomas Surmann's Bootify.io web application is fabulous for learning or starting a new application.

Come learn about the SaaS web application Bootify.io, the "Best developer experience for starting Spring Boot apps ‐ best practices included."

We'll discuss and work through the following (bring your laptop if you'd like to play along):

1. A tour of the free tier of great SaaS that is Bootify.io
   1. Generating many to many relationships with JPA (spring data)
   2. h2Database.com - Quick & easy all Java Database with an easy-to-use web console
      1. Then we'll swap h2 out for PostgreSQL.
   3. API generation with swagger (OpenAPI) using Bootify
   4. Thymeleaf GUI that sits alongside the APIs
   5. HTMX.org is an excellent (language-neutral) way to mix AJAX into your application for single-page app-like interactivity.
2. We'll do all the mvn install work in the cloud -- no heavy downloads on wifi. How? We'll demo two cloud development environments.
3. See how quick & easy it is to use GitPOD.io's free tier. GitPOD.io is a cloud development environment that makes it easy to explore a GitHub repository.
4. See how quick & easy GitHub's Codespaces are to use. Currently, GitHub gives away "up to 60 hours a month free" of Codespaces to each user.

We'll use the sample repo https://github.com/payne/team2 that was created in minutes using Bootify.io.

The short link for this presentation is MattPayne.org/bootify.

Welcome to this full-day workshop on creating a MAUI application! We are going to jump into the world of MAUI, Microsoft's framework for building cross-platform applications. Whether you're a seasoned developer or just starting out, this workshop will provide you with everything you need to know to build a complete MAUI application from start to finish.

We will cover topics such as MAUI architecture, user interface design, data binding and navigation. By the end of this workshop you will have a solid understanding of MAUI and the skills you need to create your own cross-platform applications.

During this workshop we will collaborate, design, and implement a solution that will result in a working, business-focused, event-driven application in modern C# (dotnet). If you want to be involved from building a solution from scratch this is your opportunity.

We will begin by Event Storming, which is a workshop-based method to quickly find out what is happening, or needs to happen, in the domain of our software application. This means of business-process modeling and requirements engineering will enable us to begin designing our application. Our application will instill Domain-Driven Design concepts so we can bake business logic into our code to be expressive, understandable, and maintainable. We will also utilize CQRS and Event Sourcing to capture state changes and intent, allowing us to make an application that is robust, performance-minded, and observable.

We will discuss how these strategies can reduce business complexity, make our applications far easier to maintain and evolve, and going over the open source software that can make it happen.

If you want to see "real world" development that is focused on the domain and how that translates into powerful, modern, asynchronous software then this is a workshop you do not want to miss.

Note: A code repository will be publicly available to provide a helping hand in interest of time and comprehension so no one is left behind. This course assumes you some knowledge in C#, SQL, and Docker. Working experience in a language comperable to C# like Java could certainly follow along.

At the beginning of the year, I was Real Mad at how powerless I felt around everything: relationships, my day job, my schedule, my side gigs, the economy and also the UFOs (wth 🛸)

So I decided to do something about it.

15 things actually 👀

And in the last 45-ish days, things have change DRAMATICALLY for the better.

Suddenly everything is looking extremely good. A whole bunch of opportunities have shown up. I dictate my day job now. I set expectations with my relationships. I filled my calendar with things I am excited about. I cut out ALL kinds of drama llamas.

I'm done sitting around waiting for things to happen to me. I’m going to happen to THINGS. And I want YOU to happen to things too.

In this unfiltered, no nonsense talk, you will hear 15 very tangible things that you can do to regain your power and build your OWN Power Playbook.

Whether you're a UX designer, developer, or product manager, creating great things is hard. Resources are tight, deadlines are tighter, and there is almost always more research that needs to be done. Creating continuous discovery habits in the face of real-world constraints can be the difference from feeling owned by those constraints or owning them.

Come listen to how the product team at Quantum Workplace foster a culture of empowered squads to better navigate obstacles, be relentlessly resourceful, and build great experiences for customers and users!

“Bad libraries build collections; good libraries build services; great libraries build communities.” Whether you are building a class library containing common functionality to use within your company’s products, a class library for your customers to be able to use your services, or the next great open-source project; you should take great care when building a class library so that it is easy to use and widely adopted. During this session, we will talk about coding standards you should apply, documentation, dependencies, publishing, versioning, and handling breaking changes so that you can build class libraries that developers will enjoy using instead of those they curse at.

At first glance, ingress is an easy concept: you route traffic from the wider world into your cluster. As you layer on SSL and load balancing, the principles stay the same and everything works with minimal thought and effort. But as your infrastructure grows, your clusters grow, the interactions get more complex, and your security requirements explode. In this session, I’ll walk you through how we designed and built an Ingress Controller and have converted our clusters to use it in production to support millions of requests. It wasn’t easy but running it as an open source effort from the start encouraged our team and customers to review, explore, and consider situations outside our original plans.

Objective

Attendees will consider the importance of architecture on the success of a product over time and be introduced to how Domain Driven Design interacts with clean architecture.

Keys

• Attendees thinking about architecture
• Share we've learned from reading Clean Architecture by Uncle Bob Martin in an Omnitech book club and presenting about the subject.
• Introduce Domain Driven Design (DDD) and new things I've learned since reading Clean Architecture at Omnitech through a series of lunches using Pluralsight and through Domain Modeling Made Functional: Tackle Software Complexity with Domain-Driven Design and F#: by Scott Wlaschin book.

A text-based user interface (TUI) is a way to create a GUI in your terminal. Textual is a Python framework for creating TUIs that is inspired by modern web development.

Textual uses your existing Python skills to create beautiful, cross-platform TUIs that will even work on a single board computer

You will discover how to do the following in this talk:

• An Intro to text-based user interfaces
• The elements of a Textual application
• How to create your first TUI
• Examples of other cool TUIs

This will be a code heavy talk and cover a lot of ground. However by the end of the talk, you will walk away with the knowledge of how to create your own application with Python!

Learn the fundamentals of cryptography, including public/private and symmetric encryption, hashing, and digital signatures. Discover which techniques are appropriate for various situations. Review practical real life examples for storing passwords, protecting URL parameters, securely exchanging information with partners, and safely encrypting sensitive information on public web sites. Concepts apply to all platforms, examples will be in C#.

How you struture your team impacts every aspect of your work - who you can hire, how fast you can move, how close you are to your customers, how happy your team members are, and how much value you bring to the world.

There's no playbook out there for how to best organize engineers, product managers, designers, QA, scrum masters, leaders, and all the other roles to deliver amazing work. There's plenty of conflicting advice, though. And it just gets harder as you grow.

We've tried to be extra thoughtful at Hudl in how we organize our team. Even with the best intentions and lots of work, we've fallen on our face more times than we'd like to admit. In this presentation, I'll talk through our journey from three co-founders to a global product team of 300+ and share some lessons that will hopefully help you avoid paying tuition we've already paid.

We've organized based on products, user-workflows, platform areas, personas, markets, technology, and individual "bets". We've had "core" teams, R&D teams, Bet teams, operations teams, and everything in-between. I'll share the pitfalls and wins with some tactical advice that is meant to help anyone working on a team and anyone helping design organizations.

Do you know what Uber, CircleCI, and Toyota all have in common? They had hardcoded credentials in plaintext somewhere in their environments, which led to either a public leak or enabled an attacker to expand their footprint during a breach.

It is easy to understand why hardcoding secrets is a problem, but do you know how widespread this problem is or how fast it is escalating? Do you know how it keeps happening? Do you know what you can do about it?

This session will deep dive into the research around secrets sprawl and compare it with historical data to show how much worse the situation is becoming, as well as what type of secrets are most commonly involved. We will also explore how to evaluate the maturity of your secrets management strategies and what steps you might consider next on your security journey.

In this session, you will:

Hear about the state of secrets sprawl and Discover the most commonly leaked credentials See how you can stop secrets sprawl in your organization by shifting left Learn to measure your secrets management maturity

This session is a practical guide to turning the hashtag of #NoEstimates into workable plans that arrive on-time and on-budget. We’ll also talk about the two things you’ll have to give up to achieve that predictability.

Key Takeaways: Break everything down smaller. Use historical data, not estimates.

Target Audience: Everyone involved in transforming an idea into a working feature in production.

Attendees will understand the benefits of creating their own extended version of the Amazon Cloud Development Kit. They will see how defining rules and setting up standards around CDK can enable better, safer and more maintainable infrastructure as code.

Modern software requires the efforts of a coordinated, dedicated team of individuals. We need to work with other people, and in order to do that, we have to maintain relationships with them. But no matter how polite, conscientious, or amiable you are, there’s still something that’s always working against you - your own brain, and its host of cognitive biases. For the last several years, books and podcasts and presentations have warned of the danger of cognitive biases, but we just haven’t had the ammunition to fight against them effectively… until now.

A new wave of cutting-edge psychological research is showing us how to fight back against our cognitive biases, and you can make use of it! You’ll learn how to diminish attribution errors, how to grapple with tribalism, and how to jump the empathy gap. Find out how to knock illusory superiority down to size, and how to extinguish the halo effect. And the best part is that the only piece of hardware you’ll need to do it is the thing you already have between your ears - your own brain.

Event-driven microservice architectures provide a versatile approach to designing and integrating complex software systems with independent, encapsulated components. During this session, we will focus on the how by starting with an empty Visual Studio solution and building a complete event-driven architected microservice to solve a real-world problem. You will see firsthand how to design, develop, and deploy a decoupled, encapsulated, responsive, scalable, and independent solution. We’ll talk about potential pitfalls, and you will see how to get around them.

Azure started as a Platform as a Service with Cloud Services, but since it launched has evolved to include several newer and very useful options for compute. Depending on your hosting model and how you do DevOps, requirements for scalability and availability you have tradeoffs that affect your long term costs and decision. In this session we look at how containerization has altered the landscape and to go from a monolith mindset to microservices requires more than wishful thinking or a management edict. As the cloud advances we need to understand the tradeoffs between compute options and make smart decisions on what makes the most sense to ensure you can get where you're going.

As hardware continues to evolve, emulation is becoming increasingly important for ensuring backward compatibility. While x86 architecture remains dominant, the ARM revolution is underway, raising questions about the compatibility of existing software stacks. This presentation will explore the use of emulation in modern operating systems and provide a deep dive into the mechanics of how it works.

What better way to understand emulation than by writing your own emulator? Using the Chip8 microprocessor as an example, we will walk through the process of writing our own emulator from scratch to learn the ideas and principles of emulation. By the end of the presentation, attendees should have enough knowledge to begin creating their own retro emulators. If you are interested in running software or video games on hardware that they were never intended to run on, join us for an hour of processor architecture emulation nerd talk.

Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications. In this session, Vaibhav will cover the basics of Kubernetes including the different components that make up a Kubernetes cluster, and how to get started with running Kubernetes locally.

Robotics is one of the hottest technology sectors and holds some of the most interesting potential for changing our lives. Come join me as I explore where we are on our journey to creating our future robot overlords. We will take a look at the impact of robotics on industry and talk about where we might be headed and how you can leverage your programming skills to stay ahead of the curve. We will also walk through getting started in robotics using inexpensive electronics and open source software. Come learn how you can control our future.

In this session, you will learn how to work with ChatGPT, a cutting-edge language model developed by OpenAI and GitHub CoPilot. It will cover the basics of ChatGPT, including how it works and how it can be integrated into various applications. We will also explore the potential use cases for ChatGPT, including natural language processing, conversational AI, and more. Attendees will be guided through a series of demos that illustrate how to work with ChatGPT in a hands-on manner, using tools such as GitHub and ASP.NET Core

Conflict at work is as inevitable as the tides - like the old joke says, if you put five software engineers in a room, you’ll have seven opinions. Whether the conflict is over what language to use, what frameworks are the new hotness, or even just tabs vs spaces, conflict can get ugly. Tempers flare, positions are staked out in absolute terms, feelings are hurt, working relationships are destroyed… if only there were a way to avoid the negative consequences.

What if I told you that there is? Let’s take a journey together towards a wholly different approach to conflict - a collaborative one. In this talk, you’ll learn how to use conflict to fuel better software, better teams, and better companies. You’ll learn how to structure your team’s environment to draw out good conflict, to squelch the bad conflict, and to handle conflict when it becomes personal. We’ll discuss how to manage different confrontational styles, avoid self-sealing prophecies, and even how to deal with conflict when you lack control. Conflict should fuel your progress, not hinder it - and after this talk, you can make that happen.

Do programmers really make bad designers? And does it need to be that way?

The delineation line between the roles of developers and designers tends to be pretty stark, and often the responsibility of designing for the user experience gets put squarely on the shoulders of the designer. But what about teams without a designer? Or programmers who crave a little more creative freedom? Or perhaps our mode of thinking about UX in general just needs a bit of an overhaul.

In this presentation, we'll talk about what it means to design with the end user in mind, and why it's so important that developers think about it, too. We'll discuss: * Why we worry about user experience at all, and what happens when we don't * Basic theories of UX that apply to just about everything * How to think like a user * Designing for UX even when you don't have a UI * Simple best-practices and resources to start upping your UX game

In the end the goal will not be to replace what designers do (we still have our uses...right?), but to shed light on an important aspect of software development that doesn't just stop with the designer.

JavaScript is a little-known up-and-coming programming language with stunningly beautiful syntax, strong type-checking, and a simple, obvious API. No, wait, I have that backwards. In fact, JavaScript is the most widely deployed language in the world with a long and complicated history that frequently makes it the butt of developer jokes.

Let's dispel some myths and study the best features of JavaScript from classic ECMAScript 3 (1999) through the latest and greatest of ES2022. If you're still using jQuery or other libraries to fill functionality gaps, this session is all about modernizing your JavaScript while learning to appreciate how far it's come. Concepts include arrow function expressions, classes, template literals, generators, optional chaining, fetch, promises, and much more.

Knative is a Kubernetes-based platform to build, deploy, and manage modern serverless workloads. It provides a set of middleware components that are essential to build modern, source-centric, and container-based applications that can run anywhere: on premises, in the cloud, or even in a third-party data center. Knative components are built on Kubernetes and codify the best practices shared by successful real-world Kubernetes-based frameworks. Each of the components under the Knative project attempt to identify common patterns and codify the best practices that are shared by successful real-world Kubernetes-based frameworks and applications. Knative components focus on solving many mundane but difficult tasks such as:

• Deploying a container
• Routing and managing traffic with blue/green deployment
• Automatic scaling and sizing workloads based on demand
• Binding running services to eventing ecosystems

This talk describes how Knative enables you to focus just on writing interesting code, without worrying about the “boring but difficult” parts of building, deploying, and managing an application. It shows how developers can even use familiar idioms, languages, and frameworks to deploy any workload: functions, applications, or containers.

Many of us are dealing with aging systems in our technology environments. We are being tasked with keeping these systems updated, adding new features and finding ways to modernize the technology and the skillsets of the people who support them. System modernization is a risky, difficult and highly intellectual process involving multiple stakeholders that can take years!

We will cover this topic by sharing highlights on approaches she has taken, giving examples of how team members are key to success, talking about ways to get people excited for the changes and strategies for effective communication throughout the process.

Shelly has more than 20 years of experience leading technical teams at several major Omaha companies, with the last 8 years focused on leading software development teams. She earned her Master’s in MIS from Bellevue University. Her passion is growing highly effective technical teams who enjoy the work they do and have fun doing it.

Everyone talks about being a full-stack JavaScript developer, but what does it even mean? Can you really use JavaScript all the way through your development stack, and how to get started? All the different technologies that are needed to become a full stack developer might seem daunting at first, this workshop is aiming at making this simpler and more accessible. In this workshop, the attendees will learn how to build a full stack application using the MERN (MongoDB, Express, React, Node.js) stack.

All humans sometimes deceive themselves, and developers are no exception. From "I can get this done in a week" to "My job is to write code", developers often convince themselves of things that are only partially true - or even outright ridiculous.

These seductive-but-false notions are factors in everything from poor software quality to unnecessary stress on developers and other team members. In this session, developer/designer/architect Billy Hollis will bring out his top ten uncomfortable truths about software development, with some humor to make them easier to hear.

Want to build accessible websites, but worried you're not an accessibility expert? Let's make things easier for everyone by building accessibility supports into the entire development lifecycle.

We'll look at integrating tools in: - Design tools - Code editor - Components - Browser - Tests - Git repos - CI/CD pipelines

This will help you and your team avoid some of the most common accessibility issues, and free up more time for the a11y folks to work on bigger issues.

Want to learn about accessibility through hands-on experience? Then check out this workshop where we'll go over these highlights:

• Gain practical knowledge around disabilities and accessibility without getting overwhelmed.
• Discover tools and methods to improve how you audit your own projects for accessibility.
• Practice hand-on empathy exercises.
• Learn how to navigate applications with a keyboard and screen-reader.
• Build reusable components that enforce accessible practices.
• Recognize common pitfalls in component design.
• Incorporate tooling to catch errors in your editor, UI, Git workflow, repository, and CI/CD pipeline.

So you think you want to manage?

The transition of transitioning from being a contributing member on a team to managing in any capacity is challenging to say the least. In this session, we will discuss the differences between these roles, how to know which role is a fit for you, and navigating the transition.

Odds are, you’ve heard of Redis. Maybe you’re a total noob and want to learn all about it. Maybe you’ve used it to cache an API call or some JSON strings and want to know what else it can do. Maybe you haven’t heard of Redis and are curious what all the fuss is about.

Wanna find out? Join me as I explain what Redis is—a wicked-fast, memory-first database—and why you should care. I’ll share with you what it can store, how you can access it, and how you can make sure that what’s in memory is still there when the power goes off. We’ll explore how you can extend Redis—adding new commands, new data structures, and new capabilities. And, we’ll do it both from the command line and from code with examples in C#, Java, JavaScript, and Python.

When we’re done, you’ll know what Redis is and what all the fuss was about. But, more importantly, you’ll know how to put memory first to build fast applications and faster experiences.

Metrics are a good thing when we ground them in decisions we want to make. Metrics for the sake of having metrics loses its purpose.

In this session, we will walk through a simple way of grouping metrics - from easy to collect, to directional, to impactful. Along the way, we will give examples of metrics in each group - what they mean, why they are good, where they fall apart. All along working towards better metrics and the approach to collecting and using them.

Additionally we will introduce and show process behaviour charts - a technique that looks at data and helps separate noise from signal.

Leave this session with simple ways to group metrics and ways to interpret if your changes (product, process, or people) are making a difference.

Come explore how First National Bank of Omaha modernized their front-end development practices by adopting a design-focused approach that leverages UI designs, React component libraries, utility-first CSS with Tailwind, and Storybook. They also implemented mock-service-worker, which enables developers to simulate API responses in a controlled environment, reducing the dependency on real API endpoints during the development process. This approach has improved the overall speed and efficiency of their development process, while ensuring a consistent and visually appealing user experience. The success of this effort resulted in the creation of a Frontend Community of Excellence that is focused on being the authority for frontend best practices and on continuously improving frontend development at the bank.

When you feel included and engaged, do you do a better job?

Do you think teams in which people work well together produce much better results? Have you noticed the best ideas often come from unexpected sources?
Do you want to work at the top of your intelligence and give the same opportunity to others?

Conventional structures are either too inhibiting (presentations, status reports and managed discussions) or too loose and disorganized (open discussions and brainstorms) to creatively engage people in shaping their own future. They frequently generate feelings of frustration and/or exclusion and fail to provide space for good ideas to emerge and germinate.

Liberating Structures (LS) are a growing collection of group processes and methods that make it easy and quick for members of any group to radically change how they interact and work together. Their purpose is to liberate energy, tap into collective intelligence, stimulate creativity, and get surprisingly better results by engaging people and unleashing the power of self-organization.

Event-Driven Microservices architecture has gained a lot of attention recently. The trend in the industry is to Microservices to innovate faster. While Microservices have their benefits, implementing them is hard.

One drawback is the problem of distributed data management, as each Microservice has its own database. Event-Driven Architecture enables a way to make microservices work together and the talks show how to use architectural patterns like Event Sourcing & CQRS.

Another challenge is to manage transactions that update entities owned by multiple services in an eventually consistent fashion. This challenge is solved using sagas!

The objective of the talk is to show how to implement highly distributed Event Driven Microservices architecture that are scalable and easy to maintain.

In modern development, we use Platforms as a Service every day to build custom applications, create integrations, and distribute our code worldwide. PaaS providers like AWS — especially utilizing serverless technologies — allow developers to delegate the management of servers, runtimes, and operating systems to cloud providers. This allows development teams to focus on building differentiating features rather than managing low-level systems.

But what if we took this idea one step further? What if we find the platforms that we build on to be too low-level themselves? How might we take the strategies used by cloud providers to build custom PaaS products that better suit our needs?

In this talk, we will learn about the basic building blocks of a Platform as a Service, and use this knowledge to implement a custom "Netlify-like" PaaS product using AWS, CDK, and TypeScript.

The leaders of the School of Computing's Senior Design program, and of the Raikes School of Computer Science and Management's Design Studio program, at the University of Nebraska-Lincoln will discuss how they partner with industry to provide upper-level college students with experiential learning opportunities. These programs are the capstone programs for their respective schools in which their students complete a project to demonstrate what they had learned in the previous 2-3 years. Both Senior Design and Design Studio have adopted a model in which they team up with industry sponsors to provide students with projects that have real-world relevance. While the talk will focus on the benefits to students during their capstone program and during their transition to the workplace, we will discuss other benefits to all involved as well.

This panel of technology industry professionals will explore inclusion and diversity topics, focusing on the best practices for promoting diversity and inclusivity in the workplace. The panelists will discuss the importance of creating an environment that fosters inclusion and respect for all employees, regardless of their race, gender, ethnicity, or other characteristics. They will also provide practical advice on establishing an organizational culture that embraces diversity, to improve recruitment, retention, and overall employee satisfaction. The panelists will also touch on how to produce and maintain an ERG and the implications associated with fostering a diverse workplace with resource groups. Ultimately, the goal of this panel is to provide attendees with a better understanding of how to create and maintain an inclusive and equitable work environment within a technical organization. Q&A and audience participation are encouraged in during the session.

I just pushed a commit to remote main instead of my branch! Help!

We merged two features to main but now only one of them needs to go to production without losing the code for the other one ASAP - what do we do?

I messed up my branch on rebase, and I can't figure out what happened, but I think I lost my work, can you help?

I accidentally put a secret into GitHub and I need it to look like that commit never happened or I might get fired!

In this session, we'll discuss the GIT commands of Amend, Reset, Revert, Rebase, Bisect, and Cherry-Picking to perform surgery on our repository when the stuff hits the fan.

Have you ever worked on a software project that felt like a death march? Where you had no hope of success and even if you did release it, you knew it wouldn’t last long. Have you ever been afraid to make code changes because you weren’t sure if you were going to make the problem worse? Are you unsure how you should structure your code and software components? If any of these questions bring back bad memories or remind you of your current projects, then this presentation is perfect for you.

We will walk through a few examples demonstrating how simple design techniques can drastically improve development efficiency and the supportability of our code. We will begin with a complex bloated service and walk through how we can apply SOLID principles to improve the design and our productivity.

As a result, you will be armed with code design techniques that will set you up for greatness!

How, and why, do we want to automate security and privacy compliance? This session will dive into how to save time when facing compliance frameworks, whether it be regulatory or customer-driven.

Tired of tracking compliance items in a spreadsheet? Security automation tooling will help alleviate the burden of old-school audit processes. The goal is to gain an understanding of today's tooling that automates privacy compliance and other frameworks.

In this session, participants will...

• Gain an understanding of what our industry has traditionally done in SOC 2 Type II audits and other pertinent frameworks, such as PCI-DSS and ISO 27001.
  • What processes and technologies have been used to keep track of security controls
  • What manual steps had to be taken?
• Learn about new audit tooling to automate security compliance.
  • What tooling exists now?
  • What manual steps are now replaced by automation?
  • What can’t automation replace?
• Learn how 24/7/365 monitoring is utilized to bring higher levels of trust and transparency.
  • What are the benefits of constant monitoring?
  • What are the downfalls of constant monitoring?
  • Gain insight into the future of security compliance framework automation.
    • How does security automation tooling help us with new frameworks?
    • How do we scale our work to fit into multiple compliance frameworks?

There are so many amazing ways to integrate serverless functions into your existing and upcoming environments. For this presentation we will be focusing on the many different types of functionless triggers that are available both in AWS Lambda and Azure functions. Many events from HTTP triggering calls to blob storage events can be used to trigger your serverless functions with very little configuration or maintenance on your part.

This talk will be focued on discussing war stories from a product architect/engineer who lives within an information security department and is passionnate about driving change. Attendees will get to experience a few different routes that have lead to success and others that might need to avoided. As an ever-evolving space, when reducing risk and deploy safe products to the market, we all have to find the correct gear to get us down the road.

What attributes define a good software developer? Is it a degree from a 4-year institution? Will a 2-year associates degree suffice? Masters degree? What about experience? How much do you need to be a senior engineer? Are there specific languages and frameworks that make an engineer more valuable - not just in terms of salary, but their ability to make an impact on a project. If someone has 10 years of experience with Java, are they able to get a job as a senior .NET engineer?

Over the last few decades, I've been all over in the world of software engineering. Different companies, different roles, different tech stacks, etc. At this point in my career, I've started recognizing the skills, concepts, processes, etc. that make a person a great engineer. In this session, I'll talk through what I think are the most important ones.

You attend all the best tech conferences year after year. You love the varied topics, meeting up with friends, and indulging in great food and drinks. But something's still missing: your chance to shape your favorite conferences. Don't just be an attendee - be a participant by sharing your knowledge as a speaker.

Take it from someone who hates public speaking: it's actually pretty fun! In this session, I'll share how I overcame nerves and started public speaking at technology conferences all over the country. Let's discuss every part of the process: ideation, outlining, storytelling, writing compelling abstracts, creating slides, speaking tips, recommended tooling, simplifying technical topics, and much more. This session will help first-time speakers get started. Experienced speakers might learn a different way to tackle their favorite topics.

Technical agility refers to a broad range of practices that we need to hone with our teams to truly be agile. In this session we will go broad into topics like:

• Source control
• Technical standards
• Code quality / refactoring
• Test Automation
• Security testing
• CI/CD and secure pipelines

and talk about how these power or anchor the agility of your team.

Terraform is a great tool to write your infrastructure as code. It can be challenging to get started and find the best practices. This session will be packed with information and examples on how to use Terraform at scale. We'll look at best practices, Terraform within CI/CD, using Terragrunt and CDKTF. The demonstrations will be within the AWS environment, however, concepts can apply for all cloud or on premise providers. After this session you will be able to setup Terraform with reusable modules configurable by environment.

You've got your cluster running and in a steady state, but inevitably something goes wrong. A certificate expires, a firewall gets misconfigured, data gets deleted, the world takes a wrong turn and the system crashes. How do your respond and recover? If you have been testing things you should have an idea of what to expect. We test the expected and even automate how we do it, but what about the unknown? Chaos engineering is designing a way to verify you can and will come back. In this session we'll take a look at some Azure tools available to design and run experiments with things like Azure Load Test, PlayWright and Azure Chaos Studio and learn how they fit in our toolbelt.

Software architecture has a contentious reputation in the agile community. It is often seen as the cause of expensive, valueless meetings and stacks of documentation that no one ever reads. And yet, applications with poor architecture quickly devolve into buckets of technical debt, with the teams that work on them destined for feelings of stress and frustration. But my friends, this is not the way...

For software architects to be effective in a world dominated by phrases like "Agile Development" and "Product Mindset", they must be seen as an enabler of business growth, a force multiplier, and a catalyst for innovation. In this talk you will learn:

• What software architecture is, what an architect does, and why it's so difficult to define
• Embracing change with Evolutionary Architectures
• Ways to influence software architecture outside the codebase
• How to instill an architectural mindset in software development teams

In today's agile world, software architecture still plays a critical role. If you're considering software architecture as a potential next step in your professional journey, join us and learn how to be effective in the role.

Developers are bombarded with technical decisions every day. What language should I learn? What framework should I use? What software will make my life easier? The list goes on and on. A simple decision can have rippling effects in your organization, both good and bad. Technical decision making isn’t so much about which tool to pick, rather what problem to solve. In this presentation, we explore various approaches to technical decision making, including techniques for gathering and evaluating information, strategies for managing uncertainty and risk, and methods for involving and engaging team members. We also discuss best practices for evaluating the success and effectiveness of technical decisions. The aim is to provide a practical guide for technical leaders looking to improve their decision making skills and make more effective technical decisions.

It seems so simple, right? Many developers know how to deploy an application but some don't because that might be outsourced to a deployment engineer. Also, many systems engineers may know how to maintain infrastructure, but they don't know how an application is actually deployed. In this worskshop, we'll go over the basics of DevOps and provide those who may not have a current window into current automated build and deployment processes an example application to deploy to Azure using Azure DevOps.

For Java developers, the Just-In-Time (JIT) compiler is key to improved performance. However, in a container world, the performance gains are often negated due to CPU and memory consumption constraints. To help solve this issue, the Eclipse OpenJ9 JVM provides JITServer technology, which separates the JIT compiler from the application.

JITServer allows the user to employ much smaller containers enabling a higher density of applications, resulting in cost savings for end-users and/or cloud providers. Because the CPU and memory surges due to JIT compilation are eliminated, the user has a much easier task of provisioning resources for his/her application. Additional advantages include: faster ramp-up time, better control over resources devoted to compilation, increased reliability (JIT compiler bugs no longer crash the application) and amortization of compilation costs across many application instances.

We will dig into JITServer technology, showing the challenges of implementation, detailing its strengths and weaknesses and illustrating its performance characteristics. For the cloud audience we will show how it can be deployed in containers, demonstrate its advantages compared to a traditional JIT compilation technique and offer practical recommendations about when to use this technology.

Next.js is a powerful React framework that provides the capability to create highly performant full-stack web applications. The flexibile rendering and cashing options Next.js makes available can be used to create applications with a better developer experience that are not only fast but also have optimized SEO and are more secure. In this session, you will learn about the options Next.js provides for client and server-side rendering, API routes, image optimization, styling and more.

We all want software to run as fast as possible, and performance testing can help make that happen. But often, it's the steps before and after the testing that don't get nearly the focus they should. As a result, performance issues might get missed during testing, or they might not get properly fixed if they are identified…or they might even creep back in later during another development cycle.

To get past that, it often helps to think of performance as an entire process, instead of just a series of tests. For this session, we’ll go into detail about the “Before”, “During”, and “After” phases of this process. We’ll cover what kind of questions that should get asked before any tests even start, how to adjust during the testing phase when the unexpected happens, and after tests are done, what can be done to leverage those results and put those lessons learned to use for the future.

Description / Abstract:

Attendees will leave with a complete understanding of how open-source works and how to maintain and contribute to open-source projects. This talk is of value to open-source maintainers and contributors or anyone interested in contributing to an open-source project.

This talk will use a real-life example of a contribution I made to osquery.

Details:

Why is open-source important?

Open-source projects encourage innovation through collaboration. As we know, when multiple developers from different backgrounds work together, we are more likely to see robust and reliable results. Open-source projects allow us to build on ideas and projects we wouldn’t otherwise have access to. They also allow us to collaborate with others who we wouldn’t normally cross paths with. These aspects of open-source have the potential to create a strong, organized community. These aspects also have the potential to create a disorganized and weak community as well.

Why is contributing to open-source important?

The open-source movement aims to use and iterate on reliable frameworks and software. Essentially, we want to provide high-value tools for other developers to iterate on and use. Therefore, open-source communities need to put themselves in a position to support those interested in using and contributing to their projects.

What makes for a good open-source community?

Collaboration and culture

Strong and active open-source projects have one thing in common: their communities. More specifically, these projects rely on maintaining existing relationships with developers and recruiting new developers to use and contribute to their projects.

The importance of having a positive community culture associated with these projects cannot be understated. Slack and discord channels are great places to garner feedback and spark discussion among project maintainers and contributors. However, if these forums are not positive, it becomes more arduous to recruit new contributors and can alienate existing contributors. The value of the project itself has a strong impact on the community it serves, as well as the culture of the members who make up the community.

Technology and innovation

High-value projects provide innovative solutions to a given problem. High value projects also tend to use languages with a larger user base. Low-value projects not iterated upon frequently will present many challenges when it comes to recruiting as well as generating processes and documentation. On the other hand, high-value projects that are frequently used are naturally more collaborative, as they will often have larger communities and more members willing to contribute and answer questions.

Processes and vision

Having a core team, or group of maintainers to direct future initiatives and features is important. Issues organized within a given version control system need to be accessible and easy to self-assign. Documentation around workflows, testing, tooling and releases should be through and straightforward. Communities and decision-making processes should be outlined and readily available as well.

My contribution success story

After being in my current position for over a year, I decided to make a contribution to osquery, which is an open-source framework upon which Kolide’s launcher agent runs on.

What is osquery?

Created by engineers at facebook, osquery is an open-source framework that allows you to query endpoint devices. This framework provides insight into devices of all operating systems by allowing a user to write SQL queries to find information about a given system.

osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

osquery has a core team, slack channel, extensive documentation and clear guidelines for creating and submitting pull requests.

My contribution

After spending a brief amount of time scrolling through the open issues in the osquery repository, I settled upon one that had a request for making an addition to an existing table, the ‘video_info’ table associated with macOS. However, after some initial research into how this would be done, I decided it would be more straightforward to create a new table with the information requested in the Github issue at hand. This particular use-case would need to render information associated with any display associated with a given endpoint. Specifically, the user who filed the issue was looking for serial numbers and display ages.

I was able to follow the setup guide for osquery and set up my development environment quickly. Then I read over their guide for creating a new table, decided on a table name, and got to work. Not having much experience with objective C++, I was able to find numerous resources written by maintainers and members of the osquery community. One of which was this blog post.

I named my table ‘connected_displays’, and began fleshing out the data. After I felt confident with the new table I’d written and tested, I was again able to follow the documentation and format my code properly. I did run into some snags with getting my build to run once I added my tests, but after asking some questions in the osquery slack channel I received a nudge in the right direction and was back on my way.

When submitting my pull request, I again had numerous resources to fall back on, and I was able to search the slack channel to find a fix for some formatting errors that ended up getting flagged by the CI/CD pipeline. This is another good aspect of a strong and high-value open-source project, a contribution process with a happy path! Here is a screenshot of the end result.

Conclusion

By having clear documentation in place and fostering a sense of ownership and positive culture within your open-source community, you are empowering maintainers and contributors alike. From this process I was not only able to learn how to write functions in objective C++, i was also able to make a contribution to the largest open-source cybersecurity project on Github.

It is because of these positive aspects associated with this particular project that I, along with many other contributors, are able to contribute efficiently and in a meaningful way.

Imagine a Java application that can start up in milliseconds, without compromising on throughput, memory, development-production parity or Java language features. Sounds out of this world, right? Well, through the use of technologies like CRIU support in Eclipse OpenJ9 and Liberty's InstantOn, we've taken one giant leap forwards for innovation within Java, offering exactly this! Join this session to learn more about these innovations and how you could utilise OSS technologies to deliver highly scalable and performant applications that are optimized for today's cloud-native environments.

Do you want to get started with data science without fighting crypto fanatics for GPU cards? Do you want to see what Azure has to offer for training/deploying models?

In this talk, I will walk through the whole process. I will start with setting up the job, I will show how to connect to your workspace, I will then submit the job for training, I will walk through validating the model, and finally I will deploy the model

Hear "Test Driven Development" and cringe? Hear it and rejoice? Hopefully we'll have something for both of you!

I intend to offer up my approach when it comes to unit and integration tests in a project that uses React. We'll go over tools available (such as Jest / Testing Library) and how we can implement them, along with some Storybook in the mix. But overall the goal is to provide automated tests that are NOT fragile, are consistent, and aren't a pain to write.

You mileage may vary, and this approach may not suit everyone, but it's an approach that gives me a greater appreciation and satisfaction when it comes to automated tests in a Frontend / React space. Not to mention, an approach that helps lead to better code design and scalability.

Story Mapping is a technique that provides the big picture that a pile of stories in a backlog so often misses. By arranging stories in a useful shape, a map, you can see what you are working on, validate nothing is missing, and promote stronger product understanding throughout the development lifecycle. In this session, I will go through a couple of story mapping processes to help build confidence and therefore quality into your product development.

We'll go over a couple use cases for using Pulumi to manage AWS infrastructure with Typescript as the primary language for your Pulumi configuration. Attendees will have the opportunity to learn some basic Pulumi functions, even if they're not familiar with Typescript!

You are a developer and you have knowledge of secrets. You're aware that you should not be putting secrets into GitHub (or any other SCM service). How do you prevent the secret from getting checked in? Is there a tool at Azure that can be easily leveraged for managing secrets?

When you deploy, how do you get the secret from Key Vault into your Azure App Service? Is there a way to share a secret across multiple services at Azure?

This talk will show how to quickly and easily leverage Azure Key Vault to hold secrets, and how to make them available to developers on their local machines as well as to your deployed resources at Azure.

Have you ever felt left out of scoping a project? Maybe management issued directives without talking to customers and you didnt' have the data to push back? If those have happened to you...this session is for you! Learn a proven structured analytical process to manage your customer research process, master interviews by identifying key jobs to be done and constantly refine your learnings. It will empower you to quickly and effectively communicate customer needs to your stakeholders.

The Edge is the new frontier of computing possibilities, offering promises, opportunities, and it’s own set of challenges. In this talk, we’ll break down what it is, why it’s awesome, and how it fits into your application architecture.

We’ll cover things like: - What are the benefits - What are the limitations - When it makes sense - When it doesn’t make sense - How to get started

You see it on the front of URLs. You know that it's important to APIs. When you write applications that are connecting to services on other machines you're using it. So you're likely using it in everything you build. But, what the heck is HTTP, really?

In this talk, we'll dive into the mechanics of HTTP starting from requests & responses, diving into nouns & verbs, and going deep into the mechanics of how authentication works over the protocol. Come join us as we learn all about something that most of us use everyday.

AWS created the cloud computing segment and is the biggest player in the space. It has a lot of good parts but across over 200 “two pizza teams” some confusing things have shown up. In this talk, we will cover some of the more problematic parts of AWS and what you can do to get through it.

When attackers gain access to a system, they immediately look for ways to gain more control. One of the easiest ways to expand their presence is to find plaintext credentials lying around in code, config, or logs.

By the time an intrusion is detected, it is likely too late. What you need is an alarm to let you know someone is intruding while they are intruding. That is where honeytokens come in.

Honeytokens are credentials that don't actually grant any access, instead triggering alerts that report the intruder's activity.

If you are working to detect and stop intruders in their tracks, then this session is for you.

Takeaways: Understanding how honeytokens work Maximizing the impact of honeytokens Deploying honeytokens at scale with automation Open Source and Enterprise options

This session will explore the value of an Internal Developer Platform (IDP), including a discussion of the potential benefits and an in-depth demo of an enterprise-grade IDP implementation. An IDP unites different techs/tools to automate repetitive tasks & lower the cognitive load developers require to operate in complex cloud-native environments.

This real-time demo will walk through an IDP with cloud provisioning, automated app deployments, self-service dev features, and integration with key open-source tools like K8s, ArgoCD, Crossplane, and Backstage.

Jaime will also cover the potential benefits of an IDP, including:

• Bringing a "self-service" approach to enterprise developers, allowing them to focus on bringing business value rather than the complex configuration needed to support application workloads.
• Avoiding rogue architectures and cloud overspend by maintaining enterprise alignment on standard applications stacks, cloud provisioning, and compliance guardrails
• Providing a "single pane of glass" for application management — consolidating the myriad of tools often needed to create, manage, and monitor apps in the cloud

Stop asking your neural network to "Select one of the following ..." and start asking it to "Write a paragraph explaining ...". When you give your model more information in the training output, you are teaching your model from an essay instead of multiple choice. This increase of information can lead to an increase in accuracy and is why you should consider giving your model multiple "tasks" or problems to solve with prediction.

In this presentation, I will discuss how Hudl is using multi-task models to clip sports videos into plays and also how we determine the formation of an offense in American football. After we talk about what multi-task models are and how they can be used, I will share the some of the challenges we have run into that differ from a traditional model output.