Dev Innovation Summit
Wednesday, August 3, 2022
With remote work and collaboration now the new norm, there is little doubt about the usefulness of creating more immersive ways of connecting. Augmented reality, virtual reality, and the metaverse are starting to provide businesses with compelling use cases – bringing people together to interact in virtual spaces that was only ever possible in person. Going well beyond what’s possible with a digital white board, some virtual meeting spaces can now represent interactive 3D models with real depth, opening new possibilities for immersive training, design and engineering collaboration, and gaming in digital spaces. Despite the advances, creating high-quality representations of real objects for the metaverse remains an immense challenge.
Three major alternatives have emerged for building the type of holograms or models needed to create believable virtual experiences: light fields, point clouds, and polygons. Join Cullen Jennings, CTO Security and Collaboration, Cisco, for a deep dive into these three cutting-edge technologies, their benefits and drawbacks, real-world uses, and how each one can be effectively deployed. Come away with a new understanding of how humans and objects will be represented in the metaverse, and the practical knowledge to choose the right technology to create the most authentic experiences for your unique virtual use-case.
This session will aim to introduce the audience to the basics of cloud security and the security model for Public clouds. Further, the emphasis will be mostly on Cloud Security Posture management, introduction and overview of cloud native CSPM services (like AWS Security Hub, Azure Defender ) and a short demo on how these services help automate best practice checks, aggregates alerts, and support automated remediation.
A Security Champions program is key to a modern cybersecurity strategy. Learn how to start your own.
Known vulnerabilities are a fact of life, especially with open source software. Cyber Security Intelligence tracked over 18,000 CVEs and at least 66 Zero-Day Vulnerabilities in 2021. According to the Sonatype 2020 DevSecOps Community Survey, 24% of organizations surveyed revealed a breach within one of their web applications in the prior 12 months. The average cost of a data breach was $4.24 million, according to the IBM 2021 Cost of a Data Breach Report.
The only way to keep up with the fast pace and demands of cybersecurity today is to scale up the security expertise of your technical workforce. This talk explains why setting up a Security Champions program is such an important part of an overall security strategy. Then it goes into detail on how to get your own Security Champions program running, the realistic costs of such a program, and what benefits you can expect from it. We’ll talk about grassroots programs at three companies: IBM, Red Hat, and NatWest Group.
A Security Champions program is repeatable, cost effective, and can be applied to a broad range of industries. Attendees will come away with a step by step approach that can improve cybersecurity practices at their own companies.
Simplicity certainly has its virtues. The KISS Principle [keep it super simple] favors simplicity over complexity in system design and operation. As software engineers are vanguarding into innovation work to deliver features, from the outside they might seem like they thrive on complexity constantly solving unknowns. Though there is a long road between the idea and production. Even when developers are on and off-boarded to different teams, mileage might vary in the same organization due to very different paths to production.
Cognitive load and context switching can really slow feature velocity down. Also having overly complex routes to production puts a damper on Developer Experience [DX]. With what seems like a bulk share of the technology verticals shifting left since they can be provided as code/configuration e.g YAML, expertise can be lost without a proper platform engineering domain. A major goal of platform engineering is to keep the experience similar across teams.
Learn in this session about keeping goals to KISS and how that can be achieved to even create a “consistent one-line developer experience” [they say the easy button is hard to create]. Reducing toil and complexity can lower the bar of entry for software engineers to focus more on innovation. As technologies and ecosystems change, providing a consistent experience is key. Supporting faster iteration allows organizations to consume new technology and build internal expertise quicker and provide a quicker time to value.
Git is the defacto standard version control system in use today. Every developer learns the basics of add, commit, branch, merge, pull, and push, and that is about all they learn about Git.
However, if you ask how Git actually works under the covers, most people will tell you they don't really know. Worse yet, when most developers see Git output messages like "detached HEAD state" or "CONFLICT (content): Merge conflict", they get a stress-induced panic.
This session will peel back the shroud of mystery that envelops Git, showing that there is nothing overly complex or terrifying about the inner workings of the world's most popular version control system. This talk is for everyone, from the complete Git novice to folks who have been pushing code for years but maybe have never stopped to look at how Git does its thing.
Being an elite dev team isn't just about merging faster, it's about being able to deliver consistently. Developer happiness and retention is often based on the type of work a team is doing and the amount of frustration involved trying to get code merged. In this session, we will discover how elite teams are creating a state of continuous merge by optimizing non-coding time and customizing how Pull Requests are treated based on their unique characteristics.
Developers who still thumb their nose at low-code application development probably harbor a number of misconceptions that are quickly becoming outdated. False notions that low-code “is only for non-professionals or ‘citizen developers’,” “is just for prototyping,” or “can’t handle enterprise-grade scalability, performance and security needs” only postpone developers from realizing its actual potential. In truth, low-code done right can multiply efficiency and put advanced emerging technological capabilities within any developer’s grasp.
The key advantage of low-code? API connectivity. The best low-code strategy will give developers a drag-and-drop UI for assembling Lego-like code blocks into complete applications. Get humming and you can make initial application development and iterative improvements 10x faster (at a minimum) than hardcoding. Low-code also automates away the block-and-tackle busywork of application development (read: a more enjoyable developer experience), while making access to emerging capabilities like AI/ML, big data, IoT, voice and messaging, blockchain, and APIs as simple as dragging an icon across a screen.
This Dev Innovation Summit talk will dig into the latest ideas and best practices that developers should know about low-code as they overcome still-common misconceptions, and as they vet potential paths forward for production use cases.
Application security is a problem in the development world, with expensive, complex, and sometimes only piecemeal solutions. But fix the problems you must, as there will come a time when someone will try to hack your app, probably (hopefully) your security team or a penetration tester. Once they find those problems, you have to then go back and fix the security bugs, 6 months to a year later, and that can be a real pain.
In this talk, you’ll learn how to turn this issue on its head, with unit security testing. Unit security testing is a tool we developed here at Bright to solve the problem of needing to rely on an external tool or team instead of being self-reliant in your approach to writing secure code. By integrating our DAST engine with unit tests, you, the developer, are empowered with the know-how of how to find vulnerabilities as early as possible in the SDLC, without the security team getting involved and having to fix problems far later on in the process.
In this session, you will learn
How to write different types of tests and which issues are important to test for
How to fix some vulnerabilities that our tests find in an example web application
An ounce of prevention is worth a pound of cure, so you will also learn how to defend against some common attacks from the get-go as you are writing code.
This is a live coding talk on building a solution for a real-world problem. In this 45 min of talk, let's challenge ourselves to build a (simplified) chat application that is accessible to the entire world! To build this we will use Vue.js for frontend and a Serverless Backend with (API Gateway, Dynamo DB).
While infrastructure has evolved from on-prem to cloud, application architectures have evolved from client-server to Cloud-native and development practices have evolved from Waterfall to Lean Agile/ DevOps, operations is still siloed and stuck in the past at many organizations. In this session we will explore how to build an integrated approach to cloud workload management that is built on Site Reliability Engineering principles and a product-oriented approach to run operations. If you are already on Cloud or thinking to migrate to cloud, join us to hear how you should be thinking about designing for reliability, cost and performance while you run cloud workloads to optimize.
In this session, Sam Dillard (Sr PM Edge at InfluxData), will discuss the needs and challenges of edge computing in the context of an edge-cloud topology. While cloud analytics is emphasized in a lot of the world, the need for edge analytics is not shrinking but rather growing. Applications have become more distributed and the data pertaining to them have become more voluminous.
Sam will discuss InfluxDB’s Edge Data Replication feature that leverages existing edge analytical capabilities of the database in order to enable edge-cloud data pipelines that fit to any business needs and constraints.
This feature automatically streams data on-write from an edge dataset to a cloud one of the user’s choosing. Adding to this automatic replication of writes, is a durability designed to withstand network outages. This feature lays the groundwork for a much larger story about how the edge and cloud can work together to produce global time series data architectures!
In this webinar, Sam will cover:
- How we define edge
- Properties of edge vs cloud
- Discuss problems faced with edge-cloud architectures
- Details of the edge replication feature and how it combined with InfluxDB solves those problems
- Demo an edge-cloud downsampling use case that retains data shape
OPEN TALK: You Can’t Code Career Development - A Technical Professional’s Guide to Soft Skills in the Workplace
Technical aptitude will take an engineer far in their career but ultimately it's the ability to navigate workplace environments through the refinement of soft skills that will determine the heights that your career can scale.
In this session, Vanky Kataria (Evangelist - Global Communities) will share how focusing on soft skills can play an instrumental role in your career development and explain how engineers benefit from thinking about their workplaces beyond their roles and responsibilities as technical professionals.
Thursday, August 4, 2022
During the pandemic we've all been feeling pretty isolated, and we've all been doing our best and wearing masks. But what if everyone wearing masks cuts off your ability to converse?
My dear mum relies on lip reading and clear sounds to understand what people are saying. But I, of course want her to stay safe. So the thought occurred. Can I make a live captioning display fit into a mask so that she can read what I'm saying as I'm speaking?
Live captioning of speech to text has so many useful applications and Cognitive Services makes it fast and easy to build captioning into your applications. Together with Ably Realtime, it is possible to make wearable devices which can display what you’re saying, in real time. Wearable Live Captions!
For many years APIs have been implemented so that the client has to keep calling the server for the latest data. The API version of needing to refresh your browser. But this can be inefficient, and wasteful in addition to risking clients using old data.
Techniques like Webhooks and network sockets have been around for a while, but new ways to implement API streams have come along.
In this session, we’ll look at how the different common options are, how they work, and their drawbacks. By the end of this session, you will have the knowledge to make a more informed decision on whether streaming APIs are right for you and which approach may support your needs best.
As web performance and user experience across both mobile and desktop devices continue to increase in importance, so do progressive web apps (PWAs). PWAs are becoming more popular because they have lots of enhancements that help your application perform better and they make apps accessible even to users with limited internet connection. In this talk, you are going to learn the advantages of using PWAs and how to turn your web application into a PWA.