Thoughts and Learnings from QCon Plus 2020

It has been six years since I last attended a QCon in London. This year I was lucky enough to attend Qcon Plus which (due to Covid) was online only. 

I was amazed by how professional this looked and felt.  Right from the start it felt more like watching TV than attending a virtual meeting but they were still able to make it feel interactive.  It was the best it could have been in the circumstances.  

The big problem I had with the event was actually more to do with my lack of focus.  Even attending a physical conference it can be hard to switch off from the day to day and focus on the talks which remined me of Tanya Reilly's point in her key note from CLL19.  I suffered from distractions a lot and I wonder if this may have been made worse by the fact that I knew I could always catch up later.  At a physcial conference - you either see a talk or you don't.  Virtual conferences are all too easy to put off until later when you're busy with work!

That said, I did see some great talks, some of which I have summarised below.


Wade Davis - Vice President of Inclusion Strategy at Netflix - Finding The “I” within Inclusion


Wade started the conference with a key note that I found hugely inspiring and uplifting. I personally got the most out of this when re-watching and preparing this summary. His talk was only around twenty minutes, but so many of his points were so profound that I felt compelled to pause, re-watch, think and repeat several times to help in my understanding.

He highlighted the problems of inclusion with the example of Women in the corporate world. There are more CEOs named John in the fortune 500 than there are women!

After making it clear that he wasn’t interested in blaming anyone for a lack of inclusion, he directed his attention towards “seeing the challenge before us in creating equality of opportunity fairness and equity within our organisations”. Then came an amazingly interesting point:

"This history creates a world where the over represented and the under represented don’t see their futures dependent on each other - but they are. The great challenge is to understand how. We will never understand how we depend on each other if we don’t get to know each other intimately and personally."

At the beginning of the talk, Wade asked us to list seven people outside of our family that we talk to regularly and for each list their: Gender, Race, Age, Marital status, sexual orientation, college graduate, makes 40k+ a year and any disabilities. It was notable to me that I could copy paste a lot of the attributes. This exercise showed me that I almost certainly lack cultural competence. That being the case, Wade’s point is that this is my loss and that not getting to know people in under-represented groups can lead to a lack of empathy.

Wade also quoted Lilla Watson

"If you have come here to help me, you are wasting your time. But if you have come because your liberation is bound up in mine, then let’s work together."

I found another of Wade’s compelling talks on youtube here https://www.youtube.com/watch?v=vQOm6efNVW4 for anyone interested.

In summary - a compelling talk which really made me think.


Phishing Techniques and Mitigation - Joe Gray - Senior OSINT Specialist at QOMPLX and Principal OSINT Instructor at the OSINTion

Joe is an expert in OSINT (Open Source Intelligence - gathering publicly available info to be used in an “Intelligence” context) and very passionate about the aspects of security with the “human” element.

Anastasiia Voitova asked him how the current COVID climate increases the risk of Phishing attacks. People sharing more information on social media (pictures of cats and casseroles) reveals information that will help an attacker craft an email more likely to be adopted. I could not see the link at all at first, but then Joe went on to explain how this could be executed.

Anastasiia pointed out that most phishing emails are very easy to spot (typos, broken images and being unexpected). However, Joe went on to explain that with OSINT an email can be sent to a user that looks incredibly close to real. These extra elements included:

  • Setting up genuine domains of a site to be spoofed (e.g. registering a .co.uk for a .com site)
  • Finding out how genuine emails are worded (e.g. Disney employees are called cast members. an email starting with “Dear employee” will not trick anyone)
  • Targeting an email with an offer for a specific type of food the attacker knows the victim likes

Joe went on to explain that searching on instagram for companies head office address can sometimes also reveal information.

It is incredible to think how much information is out there and what can be done when placed together.

Joe also discussed that a security flaw in a process is more powerful than a flaw in the technology. Employee ID badges can be found on Instagram

Again - a great talk that got me thinking.


Elisabeth Hendrickson Momentum > Urgency


Elisabeth’s subject was how to make teams faster (or actually more effective).

She started off by explaining a very significant conversation with an IT manager who was unhappy with her team’s output. After getting angry, he finally snapped and said “Come on, you know what developers are like, you need to light a fire under them”. She went on to explain that pressure can sometimes mean that things are delivered slower! This was due to:
  • Lots of cutting corners
  • Increased risk (e.g. due to people not fully testing their code)
  • People switching from one thing to another and never getting anything fully finished

She then went on to explain this by detailing what sounded like an ideal IT project (which was actually real). She worked on a small team purely focused on one project with a product owner that was fully engaged and able to provide very fast feedback on changes.

Elisabeth's talk was very compelling and she made some great points that stuck with me.


Architecting For Focus, Flow, and Joy: Beyond The Unicorn Project: A Fireside Chat with Gene Kim, Mike Nygard, and Carin Meier

I’m a huge fan of the Phoenix Project and read it around six years ago so it was great to virtually meet the author Gene Kim. This talk really makes me want to read The Unicorn project, his most recent book.

Here are my notes from this session.

Gene says that architecture is one of the top indicators of performance - higher than continuous delivery.

When was coding most fun for you and what made it fun?

Carin: Became fun when using clojure, due to nature of the language. Fast feedback. Removes boiler plate and focus on real problems. Get miserable when feedback cycles are slow. When it takes minutes then it sucks. Docker builds are annoying due to the time they take.


Michael: Anything that takes longer than a minute to build gets you off task and loses your concentration.

Least fun project? A vast project being delivered by 300 people which was running late. The solution was to add another 100 people! Apparently the persistence team had no idea what the domain team needed, the domain team didn’t know what the UI team needed. Apparently there were big documents and lots of meetings. Sounds like a nightmare!

A lot of points were raised about how slow build times hugely affect dev productivity

  • Interesting cut off time 10 - 30 minutes, people start to bend things. Then people start to plan their work around the builds.
  • There’s something “uniquely irritating” when you build time is too long to ignore, too short to spend the effort improving it
  • Flakey builds - Carin posted a Hulk gif due to a jar that was corrupted intermittently during the build.
  • Michael: People don’t get upset about slow/flakey builds until they realise that there are other ways.
Interesting to note that the tech giants put their best devs on dev productivity, next backend and then junior devs on front end facing features. Small tech companies tend to do the opposite which is not a good idea!


My Love Letter to Clojure - Gene Kim


This was an inspiring talk due to Gene's infectious enthusiasm! Gene learnt a totally new way of coding (functional) at the age of 47. He admitted to it being so hard at first that he didn’t even know what to google in order to make progress. This was inspiring to me because his main point was “If I can do it, then so can you” - which I loved.

Gene explained that he has removed 90% of his usual bugs due to coding in a functional style and favouring immutability. He also said that he’s now enjoying coding more and identifies more as a developer now than as Ops as he did in the past.

He recommended several talks from the creator of Clojure Rich Hickey which are a few years old but still relevant today:



Comments

Popular posts from this blog

Lessons learned from a connection leak in production

How to test for connection leaks

How to connect your docker container to a service on the parent host