A small review of QCon 2018
At the end of June, the QCon 2018 conference was held in New York where I was fortunate enough to attend. For this opportunity I want to thank my employer. Konfa lasted 3 days, there were about 140 speakers and more than 900 participants.
Disclaimer: of course, this article expresses my personal opinion.
Since the conference is large and takes place a long time ago, everything is organized at a high level. Audience, sound, broadcast, recording, presentations - everything worked out, clearly. But no, on the first day of the first keyout, the clicker cluttered. :-) This was probably the only problem in 3 days.
For 3 days, the organizers covered 15 different topics. Those. Every day there were 5 main streams (+ sponsored presentations and Ask Me Anything to the audience), every day the streams were new. In my opinion, such wide coverage is good in terms of quantity, but quality suffers from it. It turned out that out of 6 reports per day that I attended, 1-2 were really useful and interesting for me. Some reports simply did not match their name, which was a pity for the time spent.
I had several other expectations on the amount of new information for me. Something new, interesting and unexplored was less than we would like.
Before the beginning of each day, everyone gathered in the largest hall, and some people from the famous company told something common, but interesting. These stories were about developing software in one form or another. I liked all 3 keyout.
Developers as a Malware Distribution Vehicle (Guy Podjarny, SnykSec)
Guy works for a company that explores open source products for vulnerabilities. Described how vulnerabilities are embedded in different development tools and how it is then distributed among the end users. I rarely thought about it and, moreover, did not think that this phenomenon has a large scale. With a few interesting examples, Guy showed how it could be. It turns out that the malware can be embedded in the IDE (an example was XcodeGhost), and injected into the executable file during assembly. And you can also put the malware in the plugin library.
The main ideas of the presentation, I would highlight:
- with great authority comes great responsibility;
- you cannot trust code that you didn’t write from scratch;
- Be careful and attentive to the tools you work with.
A Opinionated History of the API (Joshua Bloch, Carnegie Mellon)
Joshua Bloch told when and who first came up with the API (Application Program Interface) and how this term has evolved to this day.
It turns out that the API was invented before the construction of the first computer! Little use, but very interesting!
Ease of use, no errors and a good description are what you should think about when developing a new API.
The History of Fire Escapes (Tanya Reilly, Squarespace)
Tanya told the story of the emergence and development of fire escapes in New York since 1838. The cause of the emergence and development of this phenomenon, of course, became fires. In historical perspective, it showed why they happened and what steps were taken to combat them in the future. “Fires” in the software world also happen, but based on the experience we already have, we can minimize their consequences.
Minimize the risk of fire in principle. Provide means of early fire detection. Isolate potentially dangerous areas of ignition so that fire does not spread. Have a fire brigade and current evacuation plans.
I, perhaps, will write only about those reports that I personally liked, from which I could learn something new and benefit.
Serverless Patterns and Anti-Patterns (Joe Emison, Branch)
The last time I dived into the serverless theme, Backendless was widely heard and now deceased in the Parse Bose. But several years passed, and when I listened to Joe, I wondered how many services now appeared in this area and how famously they manage to combine them to achieve various goals. Joe told how on serverless (serverless is a set of any external services to achieve the product's purpose), they wrote down a software for collecting statistics and monitoring the quality of fuel, as well as an application for selecting properties for rent. These applications can do authentication, validate data, moderate images, work with a map, read in the clouds and much more. And all this through external services! Your main task is to monitor the availability of these external services.
From this report, I learned about many new services that I wanted to “touch” and learn more closely. And by the way, they are:
- Segment is a single platform for collecting, storing, analyzing and routing your users' data.
- DocRaptor - generates PDF / Excel from HTML
- Cloudinary is a platform for managing media content (pictures, video).
- Auth0 - the platform provides advanced user identification capabilities.
- Webtask - FaaS platform, runs your code in the cloud.
- Netlify - cloud hosting with deployment in a few minutes. It can connect to your github repository and deploy sites from it as it is updated. Well, all sorts of other fancy chips
- Algolia - search engine for your site, as I understand it
- AWS Cognito - user management, identification, demarcation of rights
- AWS Lambda - Amazon's FaaS Platform
- AWS AppSync - synchronize data on various devices in real time
Platforms at Twilio: Unlocking Developer Effectiveness (Justin Kitagawa from, twilio)
Here is what I learned from the presentation:
- Multilanguage, microservices, DevOps is good.
- Code generation for different languages from the unified API description is good.
- Automate everything you can reach.
- Say what to do, don't say how. And then everything will be fine.
- Minimize resistance to innovation. The speaker cites the example of "gatekeepers" who do not allow for the project "potentially dangerous innovations that do not bring good." Such people build work on the principle of "work - do not touch". And this hinders the development of the product.
- Provide infrastructure transparency to see weaknesses and detect problems as early as possible.
Closer to the Wire: Real-time News Alerting (Katerina Domenikou from, Bloomberg)
For myself, I made a couple of interesting things that were mentioned in the presentation:
- Streaming search. Search in the incoming stream of information.
- Luwak is a tool that helps to fulfill point 1.
And again I was convinced that sometimes you need to look at the task from the most seemingly unexpected angle. Katerina told how they process a lot of search queries, or, more precisely, filters, to a huge array of data. Data array can also be replenished often enough. So, in their decision, the guys index not the data, but the requests to them. Thus, when new data is available, it is checked whether the new data satisfies existing requests, and if so, the data is associated with the index. Search is greatly accelerated. In general, for me it was a novelty O_o.
Complex Event Flows in Distributed Systems (Bernd Rücker, Camunda)
Modern enterprise solutions for automating business processes (workflow engine, state machine) are heavy and dull. Therefore, you should not use them, but there is a decent lightweight alternative. And somehow it happened that an alternative is being developed by the speaker’s team and called Camunda. But if the decision is good, then why not tell about it!
From this presentation, I fished out the following things that I wanted to "touch" and study more deeply:
- UBER Cadence is a distributed, scalable, reliable tool for orchestrating asynchronous, time-stretched business processes.
- Netflix Conductor is a microservice based business process automation tool.
- Camunda is a platform for automating business processes.
- Zeebee - a tool for automating business processes based on microservices with a graphic designer!
- Activiti is a cloud-based tool for business process automation based on microservices.
As I understand it, all these tools allow you to establish a balance and distribute the responsibility of microservices and the workflow-engine itself. This is done by performing routine operations (basic error handling, cycles, scheduled execution) on the workflow engine side, and the domain logic remains entirely in the microservices from which the business process is built.
Lyft's Envoy: Embracing a Service Mesh (Matt Klein, Lyft)
Mat talked about Envoy - a product that he heads up. A kind of service mesh that allows microservices to interact without thinking about the network topology. Among other buns are present:
- load balancer
- monitoring of the state of microservices,
- collecting all sorts of statistics
- service discovery service
- plugin extensions.
Matt remembered another moment. After all the presentations, the speakers sat down together on the stage and began to answer questions on a common topic (“Architectures you've always won about”). When I received a question about the presence of integration testing and the approaches to it on the faces of all the speakers, a half smile was visible. Matt was the first to answer, and everyone else silently supported him. His answer was like this - “Of course, we have integration testing, but ... Nothing gives such good results as testing in production”. Automated testing Matt proposes to limit unit tests, load tests. And to a lesser extent, rely on the results of integration testing.
Scaling Push Messaging for Millions of Devices (Susheel Aroskar, Netflix)
Unfortunately, I could not visit the report itself, but there were many positive comments about the presentation and the speaker. So, I think it is worth a look.
Buzzwords QCon New York 2018
There was also a whole track about the blockchain. But I could not get there.
In the spring I visited CodeFest 2018 in Novosibirsk. And to be honest, I liked it there more. But as they say, to each his own.
All presentations are already available here .
In general, the video will appear in 3-4 months. For participants access to the video is already open. And this video can be shuffled around to 30 different people by email.
Post Post Scriptum
I did not write about food, accommodation and transport within the article, because It seems to be the subject of Habr does not apply, but if anyone is interested - I can answer in a personal or in the comments.