DevConf.US 2022 has ended
Registration is now OPEN! Please register HERE as soon as possible!

DevConf.US 2022 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston this August!!

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Conference Auditorium [clear filter]
Thursday, August 18

10:30 EDT

Using JWT safely: the do's and don'ts
JSON Web Tokens (JWTs) became widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However merely using a JWT is not enough to ensure your information is handled in a secure way. As a result of JWT's simplicity, it is easy to change the configuration or misuse the data that is sent, thus creating a potentially vulnerable application while thinking it is totally secure.
This talk will explain what JWTs are and how to avoid common security mistakes when using them. We will discuss proper token validation, settings that disable the JWT signature and should be avoided, and what information should not be sent when creating JWTs.

avatar for Ira Cherkes Levinshteyn

Ira Cherkes Levinshteyn

Senior Software Engineer, Synopsys
Ira is a senior software engineer working on Seeker, the Interactive Application Security Testing solution from Synopsys.Ira's experience is diverse - she has a BA in Computer Science, a BSc in Biochemistry, and a MSc in Quantum Mechanics and she is now back to the Cybersecurity field... Read More →

Thursday August 18, 2022 10:30 - 10:55 EDT
Conference Auditorium

11:00 EDT

Unleashing the Power of the Container Registry
Containers are one of the driving forces supporting many modern cloud native applications, and thanks to its ease of distribution within container registries, container images have become one of the most popular packaging formats in use. Registries have become the backbone for anyone making use of containers as they play a role in not only the development, but more importantly, the deployment of containers. However, we have only scratched the surface of what container registries can provide.

Approaches defined within the Open Container Initiative (OCI) and implementations, such as the ORAS project, have enabled additional content types, like Helm charts and image signatures, to be stored within OCI compliant registries. But, this is just the beginning of the possible integrations OCI based registries can provide.

In this session, attendees will learn how container registries have evolved from serving only container images to enabling the distribution of varying content types and the opportunities that they have provided for managing content within OCI registries.

Specifically, attendees will:
  • Learn how container registries have evolved to support additional content types beyond container images.
  • Review common artifact types stored in container registries.
  • Comprehend the format and structure of content stored in container registries.
  • See how container registries can serve any content to a consumer based on attributes within the OCI manifest.
  • Understand the potential integrations and opportunities provided by these capabilities.

avatar for Andrew Block

Andrew Block

Distinguished Architect, Red Hat
Andrew Block is a Distinguished Architect at Red Hat who works with organizations throughout the world to design and implement solutions leveraging cloud native technologies. He specializes in embracing security at every phase of the Software Development Lifecycle and delivering software... Read More →
avatar for Alex Flom

Alex Flom

Senior Field Engineer, Red Hat

Thursday August 18, 2022 11:00 - 11:50 EDT
Conference Auditorium

13:00 EDT

GitOps + Podman == FetchIt!
FetchIt is a research project with the aim of remotely managing fleets of small devices. There are plenty of GitOps tools such as ArgoCD that allow for lifecycle management of containers running on Kubernetes. Wouldn’t it be great if there was a GitOps tool for the lifecycle management of containers on systems without the need for Kubernetes? Sometimes, Kubernetes is so much more than what is needed! Sometimes, all you need is a single pod to run your critical applications and anything else is overkill! What if your system lacks the resources to run Kubernetes! Or, what if your devices require remote-only management?

Enter FetchIt. FetchIt is a tool for remotely managing workloads with Git and Podman, and without requiring Kubernetes. Podman provides a socket to deploy, stop, and remove containers. This socket can be enabled for regular users without the need for privilege escalation. Combining Git, Podman, and Systemd, FetchIt offers a complete solution for remotely managing machines and automatically updating systems and applications. Since the instructions for FetchIt can also be managed through a Git repository, a system running harpoon can be remotely managed from the start. This session will walk the audience through the different features of FetchIt. The audience will learn how to manage containers, pods, and other files on remote machines with FetchIt and a periodic push to Git repositories.

avatar for Sally O’Malley

Sally O’Malley

Senior Software Engineer, Red Hat
Sally Ann O'Malley is a software engineer at Red Hat.  She has worked on various teams within OpenShift over the past 6 years. Currently, she is with the Emerging Technologies group within Red Hat.

Thursday August 18, 2022 13:00 - 13:25 EDT
Conference Auditorium

13:30 EDT

Open Source SRE: Sharing How we Grow SLO Practices
Establishing and improving SRE practices is hard. That is why we established a special interest group (SIG) within Red Hat: SIG-SRE. The SIG is dedicated to collecting and sharing the best SRE practices to help new and existing SRE teams level up. The SIG contributes to Operate First, which is a concept to incorporate operational experience into software projects both inside and outside Red Hat.

In this session we will focus on one of the the SIG's areas of interests: Service Level Objectives (SLOs). Join us for a review of what's worked, what hasn't worked as the SIG tries to elevate the SLO practice for teams inside Red Hat.

avatar for Lisa Seelye

Lisa Seelye

Sr. SRE, Red Hat
Sr. SRE at Red Hat's OpenShift Dedicated team; CKA

Thursday August 18, 2022 13:30 - 13:55 EDT
Conference Auditorium

14:00 EDT

One Platform: For the Devs By the Devs To the Devs
One Platform (https://github.com/1-Platform/one-platform) is an open-source ecosystem that powers developers for the Single Page App development and provides hosting of the app with the powering with of opensource technologies. One Platform powers the developers to integrate the major pillars of the SPA development process like

1) Feedback Framework
2) App Management Framework
3) Web component Support
4) Performance tuning
5) Notification Framework
6) Search Framework
7) Infrastructure Support

This framework fastens the development process and easify the life of an app developer. The process of development with One Platform is Framework independent. All Technologies like (React, Angular, Vue...etc) are supported. One Platform Acclelarates the development process and creates new experiences for the developers. This super-powered technology is an awesome one for app development and delivery experiences.

In this session I will be talking about how to develop your app with one platform with the mentioned features above I will be demonstrating with the process with the demo.

avatar for Rigin Oommen

Rigin Oommen

Senior Software Engineer, Red Hat, Inc.
Rigin is a Senior Software Engineer, within Digital Experience Platform (DXP) in Red Hat, centering on development of Apps & Services.

Thursday August 18, 2022 14:00 - 14:50 EDT
Conference Auditorium

15:30 EDT

RTQA: Real-time Code Feedback for Data Scientists
The rise of ubiquitous and easy-to-use data science frameworks, programming languages, and IDEs has led to a vast expansion in the number of people participating in the software development process. This increased quantity of "cooks in the kitchen," many of whom may not have been formally trained in software engineering, creates additional opportunities for bugs, performance bottlenecks, and security vulnerabilities to enter the software development pipeline. Traditionally, many of these issues aren't noticed until the quality assurance phase (if at all), slowing down the development process and increasing the risk of exploitable bugs surviving into production.

To help address this issue, we're developing the real-time quality assurance (RTQA) framework. RTQA is an open-source plugin framework for Jupyter-based IDEs that provides code feedback to developers and data scientists in real-time during the development or experimentation phases. This feedback includes warnings about outdated dependencies, security vulnerabilities, suboptimal configurations, and performance bottlenecks — allowing IDE users to catch bugs long before their code reaches the QA phase. RTQA is also designed to be easily extensible, meaning software engineering researchers can quickly develop, trial, and gather feedback on the latest innovations in real-time code analysis. In this session, we will discuss the architecture of RTQA, demonstrate its latest features, and show attendees how they can use and contribute to the framework.


Thursday August 18, 2022 15:30 - 15:55 EDT
Conference Auditorium

16:00 EDT

Computational Thinking for Creatives
Getting people to think about computation is just as important as teaching coding. At work I started a coding basics series for creative designers for our own digital transformation strategy. I realized that if I don’t explain to people about computational thinking then then coding won’t make much of a difference to them. This talk will review how a group of designers with zero coding experience were brought into computational thinking and how that enabled them to use coding in their projects. Outline: * What is computational thinking * Why understanding computational thinking can help coding problem solving * How to bridge the gap of learning to code for creatives like designers * Establishing the thought process of sequential problem solving * Prepare people to understand how to abstract problems down into steps * Use visual aides and diagrams to help visual learners understand key concepts of computational thinking * Leading from abstractions to problem solving with simple patterns *With patterns people can build the basis for creating algorithms * Case study of how HMC Architects used computational thinking and learning * Company wide training for designers of diverse backgrounds * Goals of creating training to learn to code while being mindful of different learning styles * The results including how people were able to get a handle on coding due to computational thinking * Review Key points and lessons learned

avatar for Tadeh Hakopian

Tadeh Hakopian

Developer, HMC
Tadeh is a developer and designer in Architecture (buildings not computers). He has been a course author, trainer and open source contributor. Over the years he has taught other designers the value of coding and automation and wants to continue to spread that message to as many people... Read More →

Thursday August 18, 2022 16:00 - 16:25 EDT
Conference Auditorium
Friday, August 19

10:30 EDT

Prod-like Integration Testing for Modern Java
Integration testing is a new challenge for developers to validate functionalities, features, and business requirements in a local development environment as it works exactly the same as the production using databases and messaging brokers based on containers and Kubernetes. It can be also a big roadblock to accelerating the inner and outer loop development lifecycle. To solve this challenge, you might think of Testcontainers, a framework to provide common lightweight test services like databases that can run on a container engine. But, developers still need to inject particular code and configurations into applications for enabling Testcontainers. What if the Java framework offers an out-of-the-box feature that automatically starts containers for the integration tests and developers don’t even need to configure anything since the container(e.g., Postgres, Kafka) is automatically wired to the cloud-native microservices. In this talk, we will explore Quarkus Dev Services for prod-like integration testing as well as live coding development while developers implement cloud-native microservices for PostgreSQL transactions and Kafka integration automatically with zero configurations.

avatar for Daniel Oh

Daniel Oh

Senior Principal Developer Advocate, Red Hat
Daniel Oh is a Senior Principal Developer Advocate at Red Hat to evangelize developers for building Cloud-Native Microservices and Serverless Functions with Cloud-Native Runtimes(i.e. Quarkus, Spring Boot, Node.js) and OpenShift/Kubernetes. Daniel also continues to contribute to various... Read More →

Friday August 19, 2022 10:30 - 10:55 EDT
Conference Auditorium

11:00 EDT

Authorino: K8s-native Zero Trust API security
How do you handle authentication and authorization in your API projects? Do you bake them as part of your application’s code?

It turns out that decoupling your application’s runtime auth layer to an external authorization service is a good practice that improves maintainability, scalability and performance, governance, among other aspects of the software process and operation. And there are secure and practical ways to do so. Even better when the tools you rely on are made for Kubernetes and the cloud context we all live in nowadays!

This talk will introduce one of the latest developments in API protection, sponsored by Red Hat, a general-purpose Kubernetes-native external authorization service, that pairs with Envoy Proxy's external authorization protocol for identity verification and authorization policy enforcement. We will walk you through the steps of protecting an API ecosystem or API mesh, for use cases such as of authentication and authorization based on JWTs and OpenID Connect, API keys, Kubernetes TokenReviews and SubjectAccessReviews (aka Service Account tokens and Kube RBAC), Open Policy Agent, and many other patterns and auth technologies, using one single tool.

It is not a proxy, it is not another Identity Provider/SSO server, it doesn’t involve changing your application’s code. At the same time, it’s clean, versatile, cloud-native, and of course it’s open source. It’s Authorino!

After this talk, you will feel comfortable to implement state of the art Zero Trust API security for your applications running on Kubernetes, by just writing a small piece of YAML code.

avatar for Alex Snaps

Alex Snaps

Sr. Principal Software Engineer, Red Hat
avatar for Guilherme Cassolato

Guilherme Cassolato

Principal Software Engineer, Red Hat

Friday August 19, 2022 11:00 - 11:50 EDT
Conference Auditorium

13:00 EDT

Lessons after 2 years of micro front-end adoption
In this talk, we will present our vision of Micro Front-End architecture, the challenges related to the implementation of this paradigm, and the lessons learned in the experience of migrating a monolith of hundreds of thousands of lines of code, developed by 30+ developers distributed in 6 different teams, to micro front ends architecture.

We will also show many examples and implementation options and discuss BFFs, sync and async services, event bus, federated modules, and other opportunities for decoupling your front-end architecture.

Also, we will present how it was possible to decouple Drools and jBPM web applications and take the same 'micro front-end' to different media such as Web, Desktop, VS Code, and Chrome Extension without only a few changes to the source code.


Friday August 19, 2022 13:00 - 13:50 EDT
Conference Auditorium

14:00 EDT

Building a REST API from the Ground Up
In this session, we will build a fully-functional OpenAPI-compliant REST API using Quarkus, the supersonic, subatomic, Kubernetes-native Java stack. Starting at the database schema and moving up to the OpenAPI layer, we will create all the necessary component implementations and explain the libraries used including Flyway, JPA, Panache with Hibernate, MapStruct, RESTEasy, SmallRye OpenAPI, and more

avatar for Stephen Nimmo

Stephen Nimmo

Staff Specialist Solution Architect, Red Hat
Stephen Nimmo is a Staff Specialist Solution Architect for Red Hat. Stephen is a seasoned application architect focused on Red Hat’s Application Services portfolio, including runtimes, integration, and process automation. He comes with over 20 years of experience, including a decade... Read More →

Friday August 19, 2022 14:00 - 14:25 EDT
Conference Auditorium

15:00 EDT

10 Design Tips for Microservices Developers
In 2008 Amazon released their death star, a very complex graph of their MicroServices architecture. Twitter and Netflix released their own versions in 2015. The complexity and interconnectedness that was shown in those graphs highlight long-running challenges in microservices development that have been killing us for 15+ years. A world where Microservices is agile and code quality meets the needs of the business sounds amazing, but in reality managing, the complexities of typical Java programming standards and techniques is challenging to say the least

Following the success of the “10 Design Tips for Microservices Developers” talk at Red Hat Summit, DevConf.us, GovLoop, and Straight Talk for Government, this session will explore 10 Design Tips for Microservices Development with Java.

In this talk, we will explore the idea that the JVM and non-traditional Java programming techniques can be used to provide a compiler enforced JVM firewall that limits the undesirable traditional broad and public access given with typical Java development. We will funnel all requests into one well-known, tested, and validated access point. This technique will limit the amount of code we write and deliver great abstractions with robust and well-tested capabilities. What we cover aligns nicely with the principles of Domain-Driven Design, allowing you to simplify the typical 100s of artifacts in each of just a few packages. This talk will also explore ideas around telemetry and reporting on throughput. We will look at test-driven development and finish up with some specific items to consider when creating your microservices using this technique.

To round out the theory an example will be used. This example saves tens of hours and many decisions on how to get started with a recommended practice and some prebuilt scaffolding.

avatar for Jim Tyrrell

Jim Tyrrell

Senior Principal Solutions Architect, Red Hat
Jim Tyrrell founded Design 4 Developers an Open Community targeting the intersection of Design and Software Development. Jim is a 25 year Java veteran, who has spent more than a decade thinking about how Design intersects with Software Development. To further his skills in Design... Read More →

Friday August 19, 2022 15:00 - 15:25 EDT
Conference Auditorium

15:30 EDT

Memory Barriers 101 - The Linux Kernel edition
Are you curious about the dark magic behind the lock-free code in the kernel? Did you ever wonder when you need to use READ_ONCE and WRITE_ONCE calls? Are you confused about the role of smp_mb? If you said yes to any of these questions, then join me in this beginner tutorial about the memory barrier primitives of the Linux kernel!

avatar for Wander Costa

Wander Costa

Senior Software Engineer, Red Hat
Wander is a Senior Software Engineer from Red Hat. He works in the Kernel Security team, mainly handling CVEs for the RHEL/Centos-Stream Kernel.

Friday August 19, 2022 15:30 - 16:20 EDT
Conference Auditorium

16:30 EDT

Stratis: Integrate Device Mapper in Early Boot
There have been a number of advancements in both storage and the Linux boot process in recent years. This talk aims to take a look at the process for fully supporting Stratis, a userspace volume manager, in early boot. While many newer Linux storage solutions are kernel based, our process for early boot support can provide some insight into design recommendations, usability considerations, and best practices for userspace volume management code in early boot. This talk will primarily focus on how best to abstract complexity in the boot process for storage solutions and provide simple, usable interfaces for projects aimed at user experience while designing a robust systems solution. The audience will gain understanding with how to integrate a device mapper stack and daemon in early boot using Stratis root filesystem support.

avatar for John Baublitz

John Baublitz

Senior Software Engineer, Red Hat

Friday August 19, 2022 16:30 - 16:55 EDT
Conference Auditorium
Saturday, August 20

11:00 EDT

Implementing High Availability for the Cloud
One of the top priorities in every company nowadays is to ensure High Availability(HA) and Disaster Recovery in their services. Despite this emphasis, you can hear news almost every single day about businesses losing part of their revenue due to inoperative applications or outages! While moving applications to the cloud helps improve availability, additional modifications are needed to take full advantage of the cloud. If you are interested in learning more about how to support High Availability in your applications, join us in this talk as we walk through the process the Open Data Hub team went through to implement HA for the JupyterHub. We will also explain how to implement load balancing with Traefik for networking, and how to ensure only one HA instance is “actively” running via leader election. Finally, we will discuss some common traps as well as lessons learned.

avatar for Lucas Fernandez Aragon

Lucas Fernandez Aragon

Developer, Red Hat
I'm a technology fan and I love to explore as many fields as I can, such as Development, Ciber-Security, Artificial Intelligence or Blockchain.

Saturday August 20, 2022 11:00 - 11:25 EDT
Conference Auditorium

11:30 EDT

“Tea, Earl Grey, Hot”: UX in Science Fiction
UX designs that once were science fiction are now integral parts of our lives. Star Trek communicators became the first flip phones. HAL from 2001: A Space Odyssey navigates our cars and runs our kitchens. The Dick Tracy video wristwatch has morphed into Fitbits and smart watches.

As a UX writer, I notice that the UX designs in SciFi miraculously don’t require user guides. Frankly, you don’t see documentation in movies or on TV at all, unless it’s a joke about how difficult the instructions are to understand. That may be because SciFi interfaces are more stagecraft than good design, but I think there’s more to it. For one, the audience needs to understand what’s happening without any training. But also the artists that are designing these new user experiences are imagining the world that they want to live in, and that doesn’t include documentation.

Science Fiction in movies and television is the playground where artists can imagine new UXes that engineers and UX designers can some day make a reality. The best part of all this is that the designs on screen are open for everyone to see and experiment with. This talk is a deep dive into those SciFi UX designs with a focus on what they mean for our own futures and freedoms.

This presentation explores how SciFi has influenced both past and current UX designs.
  • The talk will shows lots of video clips and screenshots, so attendees can see UX designs from both older and recent media. I have gathered many examples and am excited to share them. 
  • The talk teases out which UX designs are a byproduct of filmmaking and which are actually innovative design. 
  • We’ll explore some of the more recent UX design trends in various media and investigate whether similar trends are already appearing in current designs. 
Attendees should leave this session feeling as if their brains have been opened up to new design possibilities.

avatar for Ingrid Towey

Ingrid Towey

Principal Technical Editor, Writing Coach, Red Hat
As a lifelong reader of comic books and science fiction, I am pleased that so much of science fiction has become a reality in my lifetime, but I am still anxiously awaiting my own personal jetpack and flying car. The clock is ticking!I have a Master’s degree in Folklore and 18 years... Read More →

Saturday August 20, 2022 11:30 - 11:55 EDT
Conference Auditorium
Filter sessions
Apply filters to sessions.