Loading…
DevConf.US 2022 has ended
Registration is now OPEN! Please register HERE as soon as possible!

DevConf.US 2022 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston this August!!

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Modern Software Development [clear filter]
Thursday, August 18
 

10:30 EDT

Using JWT safely: the do's and don'ts
JSON Web Tokens (JWTs) became widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However merely using a JWT is not enough to ensure your information is handled in a secure way. As a result of JWT's simplicity, it is easy to change the configuration or misuse the data that is sent, thus creating a potentially vulnerable application while thinking it is totally secure.
This talk will explain what JWTs are and how to avoid common security mistakes when using them. We will discuss proper token validation, settings that disable the JWT signature and should be avoided, and what information should not be sent when creating JWTs.


Speakers
avatar for Ira Cherkes Levinshteyn

Ira Cherkes Levinshteyn

Senior Software Engineer, Synopsys
Ira is a senior software engineer working on Seeker, the Interactive Application Security Testing solution from Synopsys.Ira's experience is diverse - she has a BA in Computer Science, a BSc in Biochemistry, and a MSc in Quantum Mechanics and she is now back to the Cybersecurity field... Read More →


Thursday August 18, 2022 10:30 - 10:55 EDT
Conference Auditorium

11:00 EDT

Unleashing the Power of the Container Registry
Containers are one of the driving forces supporting many modern cloud native applications, and thanks to its ease of distribution within container registries, container images have become one of the most popular packaging formats in use. Registries have become the backbone for anyone making use of containers as they play a role in not only the development, but more importantly, the deployment of containers. However, we have only scratched the surface of what container registries can provide.

Approaches defined within the Open Container Initiative (OCI) and implementations, such as the ORAS project, have enabled additional content types, like Helm charts and image signatures, to be stored within OCI compliant registries. But, this is just the beginning of the possible integrations OCI based registries can provide.

In this session, attendees will learn how container registries have evolved from serving only container images to enabling the distribution of varying content types and the opportunities that they have provided for managing content within OCI registries.

Specifically, attendees will:
  • Learn how container registries have evolved to support additional content types beyond container images.
  • Review common artifact types stored in container registries.
  • Comprehend the format and structure of content stored in container registries.
  • See how container registries can serve any content to a consumer based on attributes within the OCI manifest.
  • Understand the potential integrations and opportunities provided by these capabilities.

Speakers
avatar for Andrew Block

Andrew Block

Distinguished Architect, Red Hat
Andrew Block is a Distinguished Architect at Red Hat who works with organizations to design and implement solutions leveraging cloud native technologies. He specializes in Continuous Integration and Continuous Delivery methodologies to streamline the delivery process and incorporate... Read More →
avatar for Alex Flom

Alex Flom

Senior Field Engineer, Red Hat



Thursday August 18, 2022 11:00 - 11:50 EDT
Conference Auditorium

13:00 EDT

GitOps + Podman == FetchIt!
FetchIt is a research project with the aim of remotely managing fleets of small devices. There are plenty of GitOps tools such as ArgoCD that allow for lifecycle management of containers running on Kubernetes. Wouldn’t it be great if there was a GitOps tool for the lifecycle management of containers on systems without the need for Kubernetes? Sometimes, Kubernetes is so much more than what is needed! Sometimes, all you need is a single pod to run your critical applications and anything else is overkill! What if your system lacks the resources to run Kubernetes! Or, what if your devices require remote-only management?

Enter FetchIt. FetchIt is a tool for remotely managing workloads with Git and Podman, and without requiring Kubernetes. Podman provides a socket to deploy, stop, and remove containers. This socket can be enabled for regular users without the need for privilege escalation. Combining Git, Podman, and Systemd, FetchIt offers a complete solution for remotely managing machines and automatically updating systems and applications. Since the instructions for FetchIt can also be managed through a Git repository, a system running harpoon can be remotely managed from the start. This session will walk the audience through the different features of FetchIt. The audience will learn how to manage containers, pods, and other files on remote machines with FetchIt and a periodic push to Git repositories.

Speakers
avatar for Sally O’Malley

Sally O’Malley

Senior Software Engineer, Red Hat
Sally Ann O'Malley is a software engineer at Red Hat.  She has worked on various teams within OpenShift over the past 6 years. Currently, she is with the Emerging Technologies group within Red Hat.


Thursday August 18, 2022 13:00 - 13:25 EDT
Conference Auditorium

13:30 EDT

Open Source SRE: Sharing How we Grow SLO Practices
Establishing and improving SRE practices is hard. That is why we established a special interest group (SIG) within Red Hat: SIG-SRE. The SIG is dedicated to collecting and sharing the best SRE practices to help new and existing SRE teams level up. The SIG contributes to Operate First, which is a concept to incorporate operational experience into software projects both inside and outside Red Hat.

In this session we will focus on one of the the SIG's areas of interests: Service Level Objectives (SLOs). Join us for a review of what's worked, what hasn't worked as the SIG tries to elevate the SLO practice for teams inside Red Hat.

Speakers
avatar for Lisa Seelye

Lisa Seelye

Sr. SRE, Red Hat
Sr. SRE at Red Hat's OpenShift Dedicated team; CKA


Thursday August 18, 2022 13:30 - 13:55 EDT
Conference Auditorium

14:00 EDT

One Platform: For the Devs By the Devs To the Devs
One Platform (https://github.com/1-Platform/one-platform) is an open-source ecosystem that powers developers for the Single Page App development and provides hosting of the app with the powering with of opensource technologies. One Platform powers the developers to integrate the major pillars of the SPA development process like

1) Feedback Framework
2) App Management Framework
3) Web component Support
4) Performance tuning
5) Notification Framework
6) Search Framework
7) Infrastructure Support

This framework fastens the development process and easify the life of an app developer. The process of development with One Platform is Framework independent. All Technologies like (React, Angular, Vue...etc) are supported. One Platform Acclelarates the development process and creates new experiences for the developers. This super-powered technology is an awesome one for app development and delivery experiences.

In this session I will be talking about how to develop your app with one platform with the mentioned features above I will be demonstrating with the process with the demo.

Speakers
avatar for Rigin Oommen

Rigin Oommen

Senior Software Engineer, Red Hat, Inc.
Rigin is a Senior Software Engineer, within Digital Experience Platform (DXP) in Red Hat, centering on development of Apps & Services.


Thursday August 18, 2022 14:00 - 14:50 EDT
Conference Auditorium

15:30 EDT

RTQA: Real-time Code Feedback for Data Scientists
The rise of ubiquitous and easy-to-use data science frameworks, programming languages, and IDEs has led to a vast expansion in the number of people participating in the software development process. This increased quantity of "cooks in the kitchen," many of whom may not have been formally trained in software engineering, creates additional opportunities for bugs, performance bottlenecks, and security vulnerabilities to enter the software development pipeline. Traditionally, many of these issues aren't noticed until the quality assurance phase (if at all), slowing down the development process and increasing the risk of exploitable bugs surviving into production.

To help address this issue, we're developing the real-time quality assurance (RTQA) framework. RTQA is an open-source plugin framework for Jupyter-based IDEs that provides code feedback to developers and data scientists in real-time during the development or experimentation phases. This feedback includes warnings about outdated dependencies, security vulnerabilities, suboptimal configurations, and performance bottlenecks — allowing IDE users to catch bugs long before their code reaches the QA phase. RTQA is also designed to be easily extensible, meaning software engineering researchers can quickly develop, trial, and gather feedback on the latest innovations in real-time code analysis. In this session, we will discuss the architecture of RTQA, demonstrate its latest features, and show attendees how they can use and contribute to the framework.

Speakers

Thursday August 18, 2022 15:30 - 15:55 EDT
Conference Auditorium

16:00 EDT

Computational Thinking for Creatives
Getting people to think about computation is just as important as teaching coding. At work I started a coding basics series for creative designers for our own digital transformation strategy. I realized that if I don’t explain to people about computational thinking then then coding won’t make much of a difference to them. This talk will review how a group of designers with zero coding experience were brought into computational thinking and how that enabled them to use coding in their projects. Outline: * What is computational thinking * Why understanding computational thinking can help coding problem solving * How to bridge the gap of learning to code for creatives like designers * Establishing the thought process of sequential problem solving * Prepare people to understand how to abstract problems down into steps * Use visual aides and diagrams to help visual learners understand key concepts of computational thinking * Leading from abstractions to problem solving with simple patterns *With patterns people can build the basis for creating algorithms * Case study of how HMC Architects used computational thinking and learning * Company wide training for designers of diverse backgrounds * Goals of creating training to learn to code while being mindful of different learning styles * The results including how people were able to get a handle on coding due to computational thinking * Review Key points and lessons learned

Speakers
avatar for Tadeh Hakopian

Tadeh Hakopian

Developer, HMC
Tadeh is a developer and designer in Architecture (buildings not computers). He has been a course author, trainer and open source contributor. Over the years he has taught other designers the value of coding and automation and wants to continue to spread that message to as many people... Read More →


Thursday August 18, 2022 16:00 - 16:25 EDT
Conference Auditorium
 
Friday, August 19
 

10:30 EDT

Prod-like Integration Testing for Modern Java
Integration testing is a new challenge for developers to validate functionalities, features, and business requirements in a local development environment as it works exactly the same as the production using databases and messaging brokers based on containers and Kubernetes. It can be also a big roadblock to accelerating the inner and outer loop development lifecycle. To solve this challenge, you might think of Testcontainers, a framework to provide common lightweight test services like databases that can run on a container engine. But, developers still need to inject particular code and configurations into applications for enabling Testcontainers. What if the Java framework offers an out-of-the-box feature that automatically starts containers for the integration tests and developers don’t even need to configure anything since the container(e.g., Postgres, Kafka) is automatically wired to the cloud-native microservices. In this talk, we will explore Quarkus Dev Services for prod-like integration testing as well as live coding development while developers implement cloud-native microservices for PostgreSQL transactions and Kafka integration automatically with zero configurations.

Speakers
avatar for Daniel Oh

Daniel Oh

Senior Principal Developer Advocate, Red Hat
Daniel Oh is a senior principal technical marketing manager at Red Hat and works as CNCF ambassador / DevOps Institute ambassador as well. He's well recognized for cloud-native runtimes(Quarkus, Node.js, Spring Boot), serverless function design, and deployment in multi- and hybrid... Read More →


Friday August 19, 2022 10:30 - 10:55 EDT
Conference Auditorium

11:00 EDT

Authorino: K8s-native Zero Trust API security
How do you handle authentication and authorization in your API projects? Do you bake them as part of your application’s code?

It turns out that decoupling your application’s runtime auth layer to an external authorization service is a good practice that improves maintainability, scalability and performance, governance, among other aspects of the software process and operation. And there are secure and practical ways to do so. Even better when the tools you rely on are made for Kubernetes and the cloud context we all live in nowadays!

This talk will introduce one of the latest developments in API protection, sponsored by Red Hat, a general-purpose Kubernetes-native external authorization service, that pairs with Envoy Proxy's external authorization protocol for identity verification and authorization policy enforcement. We will walk you through the steps of protecting an API ecosystem or API mesh, for use cases such as of authentication and authorization based on JWTs and OpenID Connect, API keys, Kubernetes TokenReviews and SubjectAccessReviews (aka Service Account tokens and Kube RBAC), Open Policy Agent, and many other patterns and auth technologies, using one single tool.

It is not a proxy, it is not another Identity Provider/SSO server, it doesn’t involve changing your application’s code. At the same time, it’s clean, versatile, cloud-native, and of course it’s open source. It’s Authorino!

After this talk, you will feel comfortable to implement state of the art Zero Trust API security for your applications running on Kubernetes, by just writing a small piece of YAML code.

Speakers
avatar for Alex Snaps

Alex Snaps

Sr. Principal Software Engineer, Red Hat
avatar for Guilherme Cassolato

Guilherme Cassolato

Principal Software Engineer, Red Hat


Friday August 19, 2022 11:00 - 11:50 EDT
Conference Auditorium

13:00 EDT

Lessons after 2 years of micro front-end adoption
In this talk, we will present our vision of Micro Front-End architecture, the challenges related to the implementation of this paradigm, and the lessons learned in the experience of migrating a monolith of hundreds of thousands of lines of code, developed by 30+ developers distributed in 6 different teams, to micro front ends architecture.

We will also show many examples and implementation options and discuss BFFs, sync and async services, event bus, federated modules, and other opportunities for decoupling your front-end architecture.

Also, we will present how it was possible to decouple Drools and jBPM web applications and take the same 'micro front-end' to different media such as Web, Desktop, VS Code, and Chrome Extension without only a few changes to the source code.

Speakers

Friday August 19, 2022 13:00 - 13:50 EDT
Conference Auditorium

14:00 EDT

Building a REST API from the Ground Up
In this session, we will build a fully-functional OpenAPI-compliant REST API using Quarkus, the supersonic, subatomic, Kubernetes-native Java stack. Starting at the database schema and moving up to the OpenAPI layer, we will create all the necessary component implementations and explain the libraries used including Flyway, JPA, Panache with Hibernate, MapStruct, RESTEasy, SmallRye OpenAPI, and more

Speakers
avatar for Stephen Nimmo

Stephen Nimmo

Staff Specialist Solution Architect, Red Hat
Stephen Nimmo is a Staff Specialist Solution Architect for Red Hat. Stephen is a seasoned application architect focused on Red Hat’s Application Services portfolio, including runtimes, integration, and process automation. He comes with over 20 years of experience, including a decade... Read More →


Friday August 19, 2022 14:00 - 14:25 EDT
Conference Auditorium

15:00 EDT

10 Design Tips for Microservices Developers
In 2008 Amazon released their death star, a very complex graph of their MicroServices architecture. Twitter and Netflix released their own versions in 2015. The complexity and interconnectedness that was shown in those graphs highlight long-running challenges in microservices development that have been killing us for 15+ years. A world where Microservices is agile and code quality meets the needs of the business sounds amazing, but in reality managing, the complexities of typical Java programming standards and techniques is challenging to say the least

Following the success of the “10 Design Tips for Microservices Developers” talk at Red Hat Summit, DevConf.us, GovLoop, and Straight Talk for Government, this session will explore 10 Design Tips for Microservices Development with Java.

In this talk, we will explore the idea that the JVM and non-traditional Java programming techniques can be used to provide a compiler enforced JVM firewall that limits the undesirable traditional broad and public access given with typical Java development. We will funnel all requests into one well-known, tested, and validated access point. This technique will limit the amount of code we write and deliver great abstractions with robust and well-tested capabilities. What we cover aligns nicely with the principles of Domain-Driven Design, allowing you to simplify the typical 100s of artifacts in each of just a few packages. This talk will also explore ideas around telemetry and reporting on throughput. We will look at test-driven development and finish up with some specific items to consider when creating your microservices using this technique.

To round out the theory an example will be used. This example saves tens of hours and many decisions on how to get started with a recommended practice and some prebuilt scaffolding.

Speakers
avatar for Jim Tyrrell

Jim Tyrrell

Senior Principal Solutions Architect, Red Hat
Jim Tyrrell founded Design 4 Developers an Open Community targeting the intersection of Design and Software Development. Jim is a 25 year Java veteran, who has spent more than a decade thinking about how Design intersects with Software Development. To further his skills in Design... Read More →


Friday August 19, 2022 15:00 - 15:25 EDT
Conference Auditorium

15:30 EDT

Memory Barriers 101 - The Linux Kernel edition
Are you curious about the dark magic behind the lock-free code in the kernel? Did you ever wonder when you need to use READ_ONCE and WRITE_ONCE calls? Are you confused about the role of smp_mb? If you said yes to any of these questions, then join me in this beginner tutorial about the memory barrier primitives of the Linux kernel!

Speakers
avatar for Wander Costa

Wander Costa

Senior Software Engineer, Red Hat
Wander is a Senior Software Engineer from Red Hat. He works in the Kernel Security team, mainly handling CVEs for the RHEL/Centos-Stream Kernel.


Friday August 19, 2022 15:30 - 16:20 EDT
Conference Auditorium

16:30 EDT

Stratis: Integrate Device Mapper in Early Boot
There have been a number of advancements in both storage and the Linux boot process in recent years. This talk aims to take a look at the process for fully supporting Stratis, a userspace volume manager, in early boot. While many newer Linux storage solutions are kernel based, our process for early boot support can provide some insight into design recommendations, usability considerations, and best practices for userspace volume management code in early boot. This talk will primarily focus on how best to abstract complexity in the boot process for storage solutions and provide simple, usable interfaces for projects aimed at user experience while designing a robust systems solution. The audience will gain understanding with how to integrate a device mapper stack and daemon in early boot using Stratis root filesystem support.

Speakers
avatar for John Baublitz

John Baublitz

Senior Software Engineer, Red Hat


Friday August 19, 2022 16:30 - 16:55 EDT
Conference Auditorium
 
Filter sessions
Apply filters to sessions.