The list of presentations is subject to change without notice.
Beyond the initial feeling of wonder while building mobile interfaces easily and quickly, React Native adopters can feel frustrated when comes the time to transform a proof-of-concept into a production-ready application. Let us take a look at how React Native works under the hood to have a good grasp of the framework architecture and how to deal with advanced concepts like layout, styling, navigation, performance, testing and so on.
"Every outage is like a murder mystery" is a common complaint. But it doesn't have to be! This talk gives an overview on how to monitor PHP applications from all possible sides — operating system, webserver, database, logs, metrics, and tracing across systems.
Ruby 2.5 was released on Christmas day and it came with a bunch of new features! We'll take a look at how they can by implemented in pure Ruby and explore practical use cases. Finally, we'll take a peek at a couple of exciting features planned for Ruby 2.6.
Data have to be sorted and stored before they can be analyzed. Your data sets as mines are big enough to give a hard time to our laptops, but not big enough to require the fanciest big data solutions. Building simple data lakes and labs can help you get what you want without deployment headaches. In this talk, we will see how to build simple data lakes and labs using Ruby, Python, and common PaaS, and IaaS.
In just over 10 years, smartphones have permitted for powerful computing in the palm of our hands, allowing for rich social media, to online banking and interactivity. However, their fragility is revealed when faced with forceful downloads of frameworks, superfluity of styling and scripts. We look @ how these circumstances create classic performance bottlenecks and less obvious occurrences resulting in the erosion of #ux, to hardware failures.
Web accessibility is a set of principles and patterns to ensure everyone can access your content regardless of their abilities. This session covers core concepts of web accessibility starting with considering the question, “Why be accessible?” Learn about the core principles of accessibility, what legal requirements exist for web accessibility, best practices from development & business perspectives and common accessibility dev tools.
Core ML a new foundational machine learning framework used across Apple products, including Siri, Camera, and QuickType. Core ML enables you to build apps with intelligence using just a few lines of code. In this session, you'll learn how to use features such as Computer Vision, Image Recognition, and Natural Language Processing (NLP) with immersive code samples and demos.
CSS is becoming more and more powerful and nowadays it allows a lot of possibilities. This talk is a compilation examples for more advanced tips and techniques to add to your CSS skills. Have you ever wanted to curve text around a floated image? Or maybe style broken images? How about using attribute selectors more effectively? Then this talk is for you.
How do you mix SQL and NoSQL worlds without starting a messy revolution?
This 100% live coding talk will show you how to add Elasticsearch to your legacy application without changing all your current development habits. Your application will have suddenly have advanced search features, all without the need to write complex SQL code!
In this talk we are going to use the latest version of Angular and ngrx
(v5) to learn advanced state management. We will introduce Redux principles
before moving into ngrx/store, ngrx/effects for asynchronous actions,
ngrx/entity and ngrx/schematics. ngrx/store uses an implementation inspired
by Redux but using Observables from RxJS 5.5. We will also cover best
practices and how to implement error handling.
Let's build our first Alexa skill with the Serverless framework. We we will walk through the key concepts of an Alexa skill and the Alexa ecosystem, build a skill, test and deploy it to Amazon Lambda. Alexa responds with both voice and visual clues depending on the device you use, so we will look at how to make the most of our users device be it an Echo, Echo Show, a FireTV or a Fire Tablet
One of the common mistake that Rails beginners will make is to put too much business logic code inside controllers, because they don't know which model is responsible to this logic, or they are not sure where to put them.
This session will explain what situation that interactor is needed and how it can be used to encapsulate your application's business logic to help controllers lose weight.
What happens after you type the web address before the page renders? Is it a black box to you? It doesn't need to be. We'll peel back the onion and look at DNS, HTTP, TLS, and briefly discuss the client render pipeline and windows metaphors. Ultimately we'll see the internet is not a black box. Open the lid and look inside.
Laravel makes it really easy to build APIs, we will explore how to use it to build powerful and flexible APIs. We will cover how to use Passport to support oAuth authentication, how to build flexible responses with Transformers and how to rapidly build RESTful logic in our application.
Docker is carefully tucked between virtualization, continuous deployment, and pure awesome. ASP.NET Core is a cross-platform, open-source reimagination of the Microsoft stack. They come together in beautiful synchrony. Whether you're targeting Linux or Windows workloads, you can build your ASP.NET app into containers, and still have the F5 debugging experience you expect.
À l’automne 2014, M6 décide d’adapter le programme Rising Star en France, un concours de chant en direct, mais dont le jury est le public, qui vote en direct depuis son application mobile.
A travers cette conférence, je me propose de vous présenter l’architecture mise en place pour être capable de traiter plusieurs dizaines de millions de votes dans un délais de quelques secondes, tout en se synchronisant avec une émission de télé en direct.
Le top 10 de l’OWASP est une référence mondialement reconnue dans les communautés infosec et devops. Malgré tout, l’émergence de nouvelles technologies web ainsi que des fonctionnalités de plus en plus riches amènent de nouveaux vecteurs d’attaque. Nous présenterons plusieurs exemples de vulnérabilités moins connues mais tout aussi dangereuses et également des recommandations afin de s’en protéger.
Proper and correct authentication is a fundamental requirement for authorization and access control. Plain passwords logins is ubiquitous, but no longer state of the art. This talk will give you an overview of various alternatives and their crypto starting with password hashing over Unix sockets, 2FA, certificates, and hardware tokens to federated Single Sign-On solutions like Kerberos or OpenIDC.
We present an automatic analysis method that clusters requests, based on their response times, extracts and organises their features in a tree-based data structure, and mines the association rules among the different groups of requests. This aims to comparatively analyse the groups of slow web and database requests to find the possible root-causes of their latency problems. Three real world use-cases will show the usefulness of this method.
"There is no cloud, it's just someone else's computer…" But when this someone is Microsoft, you can redirect the maintenance resources to other important tasks, such as adding features for your users. However at first sight, Microsoft Azure and its huge offering can seem daunting for a new user. In this presentation, Laurent Bugnion will show you how he got started and what the Microsoft Cloud has to offer to a developer.
Are you building high throughput, low latency application? Are you trying to figure out perfect JVM heap size? Are you struggling to choose right garbage collection algorithm and settings? Are you striving to achieve pause less GC? Do you know the right tools & best practices to tame the GC? Do you know to troubleshoot memory problems using GC logs? You will get complete answers to several such questions in this session.
Unit tests are great, but on their own, they don't tell you whether your application behaves as expected. Can a user access someone else's records? Do your translations work correctly based on request headers? Learn how to write relevant Behat tests, how to set everything up and how a backend and a frontend can be developed in parallel.
When Bruce Lee started his own martial art, he took all the best traits from the different flavours of Kung Fu and adapted it, to make his own unique version that suited him best. In this talk, I will draw parallels between software craftmanship and how Bruce Lee approached honing his skill. In the end, I will prove to you that Bruce Lee was, in fact, a software architect.
Build vendor-agnostic cloud images using Packer, and provision the necessary software dependencies using Ansible, including your application code. Terraform will deploy these images, and create loadbalanced computing instances on various cloud environments. All this happens in a single configuration format.
Avoid vendor lock-in, and apply a single strategy that works with multiple Cloud vendors.
In this talk learn about what it takes to build your own token on the Ethereum platform. Learn how to build a simple token designed to run on the Ethereum Virtual Machine with the contract-oriented language Solidity. Smart contracts are in their infancy and building them while much easier on the Ethereum Virtual Machine, are still a change in mindset for any typical web developer.
Running a platform that receives 6 million requests, serves 70 gb of bandwidth and sees 75 thousand unique visitors every day is normally the domain of teams -- or even of many teams. In this talk, I will describe the fundamental principles, and the technologies used to implement them, that have allowed me to run a platform at web scale alone and in my spare time.
Bots and conversational apps give you the opportunity to bring your apps to your users right where they are. Users can interact with you via various messaging services, including text messages. Not only does this mean they don't need to install yet another app, they can access the information and services they want directly, without navigating a UI. This session will show you how to get a bot up and running quickly using Bot Framework.
Progressive Web Apps are the new hotness with Google pressing hard to make them the defacto choice for building mobile applications but what's to be done about iOS where many of the key API's are not supported. That's where Apache Cordova/PhoneGap comes in by polyfilling the missing functionality. In this talk I'll show you how to create a PWA that runs on the web, Android and iOS from a single code base. Take advantage of some new tools to easil
At Elastic — the company behind the open source tools Elasticsearch, Kibana, Beats, and Logstash — everything is distributed; both the company and all our products. Building distributed systems is notoriously hard ... building a distributed team even more so. This talk dives into the details how Elastic is thriving on its distributed model.
Laravel is an extremely popular framework for developing well-architected PHP applications. Amazon Web Services is a de-facto standard in cloud computing, allowing developers to scale their development operations to any level their user base requires. In this talk we will introduce Laravel 5.6 to build a sample application with all the bells and whistles, and then how to deploy that application at scale using Amazon Web Services.
Artificial intelligence and Machine learning are in big demand! You can take data science courses and learn how to build your own neural networks, but let's face it, we coders are basically lazy. We don't want to write more code than necessary! In this session, I will show you a variety of APIs and tools that allow you to add intelligence to your applications without coding from scratch!
Does your web API expose your database structure and provide GET/POST as way to perform CRUD operations? Do your clients know the control logic/workflow of your API? Web APIs that represent your database couples your clients to the internals of your app, making it much harder to change your API.
In this presentation we're going to learn how to go beyond serializing a database row into json by leveraging hypermedia to write self-describing APIs
Come here the creator of the popular MVVM Light Toolkit explain to you how you can leverage the MVVM architecture and cloud computing to build cross-platform applications easily. You will learn how to architect and refactor your applications, how to simulate data for testing and design purpose and how to code in a decoupled manner with modern tools and techniques
If you're building a startup, one of the tedious tasks is to create imagery to make it pop on mobile devices or the web. The process of gathering images and formatting them is very necessary, but tedious. In this sessions, you'll get shortcuts to optimize images for your app using ImageMagick, learn about the best sites to get images, and how to scrape them using Bash.
Is caching data in your application still relevant today with all those HTTP caches, very fast key value stores, and micro services?
During this presentation, the attendee will learn the basics of caching (TTL, TTI, invalidation, tiering, etc.), key figures in the caching world, how the Java community came up with a specification (JSR 107) and how you can leverage it in your application with the implementation of your choice (EhCache 3).
Apache Cassandra is one of the most renowned NoSQL databases. Although it's often associated with great scalability, improper usage might result in shooting yourself in the foot. In this talk I'll present a set of ideas and guidelines - both for developers and administrators - which will help you to make your project an epic failure.
Are you responsible for the code you write? Ask the Volkswagen engineer who's in prison for creating software that allowed their cars to “cheat” on emissions tests. Or think of the ethical issues if you're programming IoT devices that spy on users and report back to the company. The technology we create affects people's lives. We need to be aware of how much power we've been given and start taking responsibility for what we build.
L'équipe d'expérience client de Busbud fournit un support 24/7 via Zendesk. Nos clients ont grandi en nombre, et notre temps de réponse moyen aussi, et nous voulions faire mieux. Cette présentation examine comment Busbud a utilisé les données disponibles dans Zendesk pour former et utiliser un classificateur qui choisi quoi envoyer à quels clients pour les aider à résoudre la plupart de leur problèmes beaucoup plus rapidement qu'avec un agent.
Leveraging the power of the cloud and microservices, this session demonstrates how music can be analyzed and composed in real-time to augment musical performance with a futuristic instrument. This session contains an introduction to relevant cloud technologies, and an introduction to music theory and composition. This session also has musical demonstrations and code snippets scattered throughout.
CQRS & event sourcing are very popular topics. However, most blogs and talks focus on the theory or introductions to a framework, not necessarily the challenges of a production deployment.
This session bridges that gap and looks at some of the pitfalls of a real-world deployment. I'll discuss topics like concurrency & scale, refactoring events and updating read models. Attend this talk to learn from my experiences and be better prepared.
We'll take a simple web component from idea to implementation, effectively and simultaneously targeting vanilla JS all the way to webpack. The highlights include inputs, events, dependency management, polyfill strategies, performance, payload size, managing updates, and more!
For years, front-end developers fumbled with hacking floats for layouts, limited by how floats work. Now with the new Grid specification in CSS, we can easily define behaviors for each cell in our layouts in two dimensions. When combined with media queries, we can specify where each cell will be placed under a variety of conditions, in horizontal and vertical space. Similarities and differences with Flexbox will also be identified and discussed.
Most talks about DevOps focus on a specific technology stack or recipes that worked in a specific organization. But what these talks don't tell us is actually the most important one: the story of the journey. What challenges did they face and how (and why!) did they solve them? Each DevOps journey is different, but they share some common traits.
In this talk we'll reveal a the secret ingredient and a recipe for a successful DevOps journey.
Does your application use a database, and have you ever changed the database schema? Then you probably know these database migrations can lead to downtime and can be an obstacle to implementing continuous delivery.
In this talk we’ll discuss non-destructive changes, rollbacks, large data sets, useful tools and a few strategies to migrate our data safely, with minimum disruption to production.
Async/await and the Task model are the main features of C# 5/.NET 4.5. While asynchronous programming can be done in most languages, all have different specifics, usage and trade-offs. You will see, in this presentation, what is the asynchronous Task model in .NET and why it matters for web apps. This will be accompanied with code examples in C# and F#.
You're not the DevOps guy, and you hate bash scripts. You want to deploy a scalable and secure application, but you spend most your time in application code. This talk will show you just how easy it can be to achieve security and scalability with PHP and Python using Docker containers. By the end of the talk, you'll be able to deploy an autoscaling Kubernetes cluster of frameworks and microservices.
Kotlin is one of those “new” JVM languages that are currently rocking the boat. Although it’s made a great impact on Android, it’s equally good on the server side. As Domain-Specific Languages are constrained by the language they run on, Kotlin frees developers from Java fluent builders to propose something better.
Using the Vaadin web framework as an example, I’ll demo how one could design its own DSL with Kotlin.
Developers often have to make decisions that will affect the usability of the finished site, such as choosing appropriate input types, maximizing performance, and including accessibility features. Learn to think like a user and uncover usability problems that might not be apparent at first glance. Hear some tips make your site more usable and accessible. User experience isn't just for designers to think about.
In this presentation I will show you how to leverage HTTP headers in your PHP application to achieve a maximum hit rate, without losing touch with the challenges of real-world web projects.
We'll talk about cache-control headers, ESI, AJAX calls, vary headers, accept-language, separating stateful from stateless content, conditional requests, and content invalidation.
I'll apply these concepts to a Symfony 3 application to prove my point.
In the past, C# developers’ could only look in envy as the world moved to container based micro services and cloud deployment – until now.
With the new ASP.NET Core a C# developer can write REST based microservices using the latest and greatest Visual Studio and deploy them in a different OS - or the cloud using Docker, quickly and effortlessly.
Let’s talk about stream data processing; where it originated, how it works,
and when to use it. We’ll examine some of the popular platforms used in the
industry today: Storm, Spark, Flink, Kafka Streams, and Microsoft Orleans.
Each uses a conceptually different approach, has a plethora of features,
and works (or doesn’t) best for different use-cases. Understanding how and
when to use which streaming data framework is key.
The blockchain is a hot new topic in the technology due to the rise of various cryptocurrencies, Bitcoin being a most prominent example. How does it work? What advantages does it give? What problems do they solve? What problems can be solved that way? I want you to dive with me into the immutable world of blocks where I will explain everything, from a simple hash, through Merkle trees, up to implementing your own blockchain.
There is a lot of talk about Progressive Web Apps these days, but what apps actually need to be progressive? Maybe users don't NEED a push notification every time you post a picture of your pet. Maybe users will be fine WITHOUT having offline access to their list of favorite recipes. Let's talk about what kind of apps can really be benefited by the advancements of modern web technologies and in the end walk through how to spin one up.
Vous pensez que votre taux de conversion est à son maximum ? Nous pouvons faire mieux ! Nous verrons 10 actions à mettre en place pour augmenter vos ventes. Améliorons votre tunnel de vente et regardons comment avoir un taux de conversion qui pourrait gagner jusqu'à 20%. Ces solutions peuvent s'appliquer à la plupart des boutiques en ligne.
Fort d'un doctorat en Intelligence Artificielle obtenu en 1996, ainsi qu'une longue liste de projets réalisés depuis dans ce domaine, que ce soit en tant que chercheur, mais également pour des applications industrielles - en particulier pour un projet "Big Data" de traitement automatisé de dossiers médicaux -, nous présentons en quoi ces approches diffèrent profondément de l'informatique "traditionnelle".
Modularity has finally come to Java with project Jigsaw. With it comes new syntax, new ways to structure your code and an escape from Jar Hell. But Java modularity will disrupt your code base and you’ll need effective migration strategies - or else end up in Module Purgatory. This talk will present the new syntax, demonstrate how to build modular apps and offer ways to migrate your code base.
Être pragmatique en informatique est plus rare qu'on pourrait espérer. J'ai vu toutes sortes de folies à travers les années. Architectes, analystes et développeurs faisant ou croyant des choses qui n'ont tout simplement aucun sens quand on y pense.
À l'aide d'exemples tirés de mon expérience, je vous donnerais quelques trucs pour rester pragmatique. Cela vous permettra de faire des logiciels que les gens veulent vraiment utiliser.
Much of the software we write is built to support a business process, this generally means validating and storing user data into a database. Often this is a mismatch with the actual business process, which is more reactive and task oriented. In this talk we'll look at using business events to drive the evolution of our software design and see how we can build a model which better reflects the businesses processes.
The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better.
So you've got that big pile of (hopefully) useful code. There are plenty of reasons to extracts some parts to gems, but do you know how to do it? In this talk, I will show you step by step how I extracted a gem from a production application and how I published it.
While exposing data to developers through API is getting more typical, most of the data found on the internet is only available through raw HTML, often mixed in seemingly chaotic tags. This talk aims to be a quick introduction for the data scientist to politely extract data from a website and store it in a structured database with the help of the Python library Scrapy, and how one might extend it to fits their specific needs.
La revue de code est un super outil pour attraper des erreurs, disséminer les idées et le savoir, et alimenter la collaboration entre les membres de votre équipe. Voyons ensemble le pourquoi et le comment de la revue de code, autant du côté dévelopeur que du côté business. Comment faire une requête de changement facile à réviser, quoi automatiser, à quels détails être le plus attentif et quels sont les gains pour votre entreprise.
Serverless computing and FaaS are disrupting the still-evolving world of
cloud computing as they radically change how software is organized,
deployed and charged. This session will introduce Fn Project, an Open-Source project which features a code-first approach to building polyglot sophisticated FaaS based applications. We will also discuss Fn Flow, a CompletionStage like API, used to compose multiple functions into applications.
Functional programming is a paradigm known for decades. It is gaining popularity again, due to the rise of purely functional languages like Haskell. You may wonder, how it could be useful in PHP? You need to know that it is also a set of concepts that are language independent and allows for completely different approach when writing regular application code. Using a few techniques and a slight change of perspective your code will be cleaner.
TLS is the most important and widely-used protocol for secure and encrypted communication, e.g. HTTPS. It offers more than just encryption. TLS also ensures data integrity and strong authentication with X.509 certificates. Did you ever wonder how TLS and CAs actually work? I'll give you the rundown of the basic cryptographic building blocks, protocol handshake, inner structure of certificates, PKI, and what's new in TLS 1.3.
In the past AWS and C# seemed to belong to two different eco-systems. One was a leading cloud platform while the other a widely used, powerful programming platform.
Does it mean that a developer that needs to provide a solution in the cloud must choose between the two? Not anymore.
In this talk, I will show how to write C# code that runs in a dockerized container in the cloud or as an AWS Lambda and harness, the popular AWS services.
Making the shift from individual contributor to manager is hard for developers looking to 'level up' in their career. The skills you've built over your career got you here, but they won't get you or your team to a productive place.
In this talk, we'll examine the principals of team building, how Tuckman's group development can be a barometer for your team, and ways to develop skills that will make you a better communicator and leader.
Data Science and machine learning is a hot topic. In this session you will learn why data science is a big deal, and the steps involved in the data science process. I can’t take you from zero to hero in 45 minutes, but at the end of this session you will have a clear sense of the next steps you should take to become a data scientist.
Developers often waste untold hours a week waiting for rebuilds, manually switching windows, reloading pages, restoring in-page state, and so on. This is unfortunate, as we've been gifted with numerous tools to automate reload, and even *hot reload*, for quite a while now.
In this talk, Christophe showcases workflows, tips and tricks, using widespread editors, tools and browsers, to make that web / Node developer feedback loop ever tighter.
This session will cover Regular Expressions from the basics to the darkest corners of this arcane art.
Regular Expressions at the core come in handy to achieve validation and text manipulation tasks. In the day to day life of a developer, becoming comfortable with them opens up many more use cases.
As one of the tortured souls that actually enjoys regexes, Jordi will share his passion so that you too can see there is no reason to worry.
Data transfer is freakishly expensive, especially if you're using cloud storage. At ArtStation, we bootstrapped our infrastructure to millions of users every month pushing > 300TB/month in traffic on an extremely tight budget. I'll explain how a CDN works, how to make one with commodity servers with multiple points of presence worldwide, and even when using a commercial CDN, why having your own caches is useful and reduces costs massively.
Learn a practical way to leverage WebSocket in real world situations. WebSocket allows you to communicate between client and server on a single connection simultaneously without the need for the hacks of the past. With this in-depth talk you'll learn a few key areas where leveraging WebSocket can eek out necessary performance gains, and improve your user experience.
A junior developer will join your team. If nothing is done, they are likely to be unproductive for a long time. You & me have been there too. This is not a great experience, for anybody. Still, great engineers need to be made, and this starts on day one. Based on my experience and on the EURA NOVA onboarding system, I will discuss why onboarding is important, which elements are required, how to plan and do it, and which common pitfalls to avoid.
In Rails, cookie-based sessions are encoded, signed and encrypted by default magically. However, it is hard to do the same thing with Sinatra or Rack. In this session, I will introduce how decorator pattern works in Ruby and show how flexible it can integrate with cookie-based session encoding instead of installing gems like "rack-session-encryption" or "encrypted_cookie".
.NET Core has brought new, powerful options for developers to build web services rapidly that also have well defined features that allow near infinate scalablity with just a few design considerations during early development.
In this talk, we'll examine the new powers at your disposal as a developer when starting to work with .NET Core. We'll introduce how to design idempotent web wervices via Project Orleans that allow almost infinate scale.
Wanna transform your documents on the fly before indexing them into elasticsearch? Node ingest is built for you.
The talk will also cover the reindex api, which can be used in combination with ingest pipelines to modify data while reindexing.
Last but not least, I'll tell you how to write your own Ingest processor in Java as a plugin! Our own processor will convert postal addresses from/to geo points.
Why do we do it? Why do we try so hard? Why are we paying to be here, to listen to people talk? Maybe because we’re life long learners - we want to learn new things? Commune with our own kind? But why? Come examine our motives as developers, the pitfalls we fall into, and the cost of being great.
Using Word2vec or other algorithms, you can learn vector representations of words, called "word embeddings". With this session, you'll learn how to build your own recommender system, and how to integrate it with Elasticsearch, to retrieve in real-time suggestions, and filter results with other criteria.
Did you know your IoC container can do a whole lot more than just constructor injection? Besides that it is actually packed with features. Inflectors, resolving callbacks, aliasing, method invocation to name a few. In this talk you'll learn how to leverage the power of a container to write better, testable, loosely coupled code. Well designed code put together by your IoC container will make your apps SOLID, modular, lean and decoupled framework!
Java EE 8 adds HTTP/2 support to the platform. HTTP/2 is a major revision of HTTP protocol with support for multiplexed streams, server push, stream prioritization, header compression, etc. This session will provide cover the new features of HTTP/2 and how to leverage them from the new Java APIs in EE 8.
Java EE 8 has just been released. In addition, Oracle has announced its intention to move the Java EE development to the Eclipse Foundation; a bold move supported by Red Hat and IBM.
This session will first give a technical overview of Java EE 8 and discuss enhancement s (ex. JAX-RS 2.1, Servlet 4, CDI 2, JSON-B, the new Security API). We will conclude by looking at what it means to have the Eclipse Foundation driving the platform forward.
The pace of the JS community has remained very high for several years now, and it is often easy to be overwhelmed by the amount of options and new developments. I will present a limited set of features and tools to let you join us in the future without decision paralysis.
Les moteurs de template sont de plus en plus communs aux applications Web modernes. Malgré l’intérêt que cela apporte aux développeurs dans la logique et la lisibilité du code, la mauvaise implémentation des moteurs de template amène de nouveaux enjeux de sécurité. Cette presentation a pour but d’introduire une nouvelle classe de vulnérabilité communément appelée “Server Side Template Injection” a travers différents cas d’implementation.
From chatbots to your home thermostat, it seems like machine learning algorithms are everywhere nowadays. How about understanding how this works now? In this talk, you will learn the basics of machine learning through various basic examples, without the need for a PhD or deep knowledge of assembly. At the end of this talk, you will know what the Naive Bayes classifiers, sentiment analysis and basic genetic algorithms are and how they work.
As more applications are hosted on servers, they produce immense quantities of logging data. Quality engineers should verify that apps are producing log data that is existent, correct, consumable, and complete. Otherwise, apps in production are not easily monitored, have issues that are difficult to detect, and cannot be corrected quickly. Tom Chavez presents the four steps that quality engineers should include in every app test plan.
MariaDB ColumnStore is a storage engine optimized for modern analytical workloads released under the GPL license. It is a distributed technology with parallel query processing for greater scalability, and is based on columnar storage for higher efficiency and query performance.
We will cover many of its core features and discuss examples of real-world use cases where it is being used today.
A refreshingly candid take on mental health and supporting coworkers who struggle with mental health. This presentation broaches topics that will be enlightening not only to who have depression, anxiety, or the imposter syndrome, but also to those who work with them. Guided by years of experience, Stéphane will provide participants with a better understanding of mental health as well as practical tips to help reduce stress and burnout.
A l'heure où les fameux "table, tr, td" nous arrache encore les cheveux dés que l'on souhaite faire un template d'email, MJML vient se poser depuis plus d'un an comme une alternative de luxe. Initialement développé au sein de Mailjet, ce framework Open Source est un véritable chef d'oeuvre pour concevoir ses emails. Découvrons ensemble l'éco-système qui s'est créé autour de ce framework et les différents projets open-source qui gravitent autour.
Have you struggled to diagnose sudden CPU spikes? Do you hate OutOfMemoryErrors? Do you get stuck to diagnose zombie/unresponsive applications? Are you tired of spending hours, days, weeks in troubleshooting these problems? Learn right tools, tricks and patterns to identify root cause of complex problems in seconds (not even in minutes).
Get insights for your Jenkins master and node infrastructure, job and build details including an incredibly efficient way to analyze test results! See the health of your slaves to discover hard to find issues and fix them before they become a bottleneck for development teams. Examine audit trail of user logins and job control including configuration changes — useful for security and compliance.
Alice and Bob have covered the basics of secure communication but cryptography can offer us more than this. After a brief refresher on the basics, we'll take a look at some of these other aspects of cryptography including hash functions, elliptic curves and quantum cryptography. Then we'll take a look at some practical applications answering questions such as: can I trust a web of trust? or should I use a block chain for this?
One of the biggest problems when dealing with legacy is any change to the software might break the old system. Refactoring is usually slow and dangerous. In this talk I will discuss how we successful migrated an ancient legacy project to an event-driven architecture using just the power of events and Kafka.
In the realm of testing, the code coverage metrics is the most often talked about. However, it doesn’t mean that the test has been useful or that an assert has been coded.
I'll explain how Code Coverage is computed and what its inherent flaw is. Afterwards, I'll describe how Mutation Testing work and how it helps pointing out code that leaves out corner cases. I will also demo PIT, a Java production-grade framework that enables Mutation Testing.
This session demonstrates how all of the world’s knowledge may be semantically navigated by a web application that utilizes the facilities of Wikimedia.org projects (e.g. Wikipedia and Wikidata). The web application was created specifically for this session, and demonstrates technologies that include Java, HTML5, Spring Data, Neo4j, Spring Boot, Spring Cloud, and Cloud Foundry.
MariaDB has been adding lots of cool new features in the latest 10.2 GA release, and this trend continues with the upcoming 10.3 version. We will discuss some of most valuable features for developers.
Learn how to powerfully analyze data with windowing functions and Common Table Expressions. Learn how much easier MariaDB is to use if you are moving from other databases with our new Oracle compatibility features to name but a few…
Everybody is consuming NuGet packages these days. It’s easy, right? But how can we create and share our own packages? What is .NET Standard? How should we version, create, publish and share our package? How can we use the NuGet client API to fetch data from NuGet? Can we build an application plugin system based on NuGet? What hidden gems are there in the NuGet server API? Can we create a full copy of NuGet.org? Let's explore.
Optimize Prime is a presentation about internet misdemeanours : megabytes of images. In this talk, we deep dive, and look @ the challenges that are web images, and discuss the available image formats from the old, new and experimental, their impact on browsing from a technical cost to #ux, the accessible tools for their management, and why vigilance is an absolute priority when dealing with images.
"Pas de problème, quel nuage?"
"Je sais pas"
"Ok. On va les faire tous et on verra après"
Prendre une application Java. La déployer sur autant de cloud que possible dans le temps imparti. Amazon Web Services, Google Cloud Platform, Microsoft Azure, Heroku, Cloud Foundry, Digital Ocean et j'en passe. Pour voir la différence.
PHP continues to evolve, and PHP 7.2 offers developers significant improvements in security, cryptography, and programming features. In this talk we will explore the various improvements, deprecations, what it means for your code bases new and existing.
PSR-7 describes common interfaces for representing HTTP messages. This talk will explain the interfaces defined by PSR-7, how they define the future of interoperability between frameworks and tools. After that there will be a showcase of several tools such as zend's diactoros package, Guzzle v6, and other packages that show the real power of shared interfaces for HTTP. Learn how you can start using these typed objects in your applications today.
Some things when it comes to working with databases are obvious to everybody. Other things are hidden from everybody. Yet some can be obvious to an experienced DBA, but come as a big surprise to application developers, and these can often be different between different databases.
In this talk I'll go through some of the common mistakes I've seen in applications built against PostgreSQL that made perfect sense, yet were suboptimal or failed.
There is no single tool that does a full accessibility assessment of a web page. Developers use a variety of tools to help them evaluate websites. This is a practical talk with lots of demos. I will share my favorites, free and easy to use, tools to measure the level of accessibility of web page.
Organizations are interested in DevOps because it is tied to extraordinary business results. Developers and Operations adopt DevOps because.. well.. it's just fun, really. The problem is that DevOps is a journey which takes time and money. It might be hard to sustain the kind of investment required when the reasons are so hard to articulate.
This talk will explain the key metrics that management will understand and how to produce them.
Reactive programming is a great tool for the skilled developer, enabling us to deliver more scalable, resilient, & responsive services...but only if we leverage the reactive model throughout the entire stack!
Using Spring Data & your favorite NoSQL data store, you can exploit the full power of reactive systems, all the way to the metal. The presenter compares reactive support for several DBs, then *live codes* real-world examples.
We’ve been building hypermedia APIs in one shape or another for a long time. As JSON continues to take over the world, many new specifications promise to deliver an easier way to create and evolve our APIs. After covering what problems ReST 3.0 tries to solve, we’ll evaluate the specifications and tools we can leverage. To the cloud and beyond!
Designed for developer happiness, Ruby is expressive, powerful, and fun. With it's ideal mix of object-orientation, functional features and capable metaprogramming, Ruby code is concise and readable in ways that other languages can't match. Want 3rd party libraries? Ruby has the best.
Join us and see why Ruby is an ideal choice for web apps, microservices, scripting and your next project.
Join us as we expose database design anti-patterns. We'll model a shoe store and show both a simple design with flaws and more flexible alternatives. We'll discuss how to represent trees, and see that the simplest solution is the hardest to query. We'll explore scenarios where a polymorphic relationship looks like a good choice, but isn't (and one where it is). Learn these pitfalls, and save yourself from sloppy querying and poor performance
Elasticsearch is a scalable text-search engine that replicates its index onto many instances. Managing many clusters can be daunting as their configuration drifts and their intrinsic data distribution diverges. At Shopify, we built an internal search operator with Elasticsearch, written in Golang and using Kubernetes as its foundation to allow deployment on k8s fleets, like Google Cloud. I’ll share lessons learned and benefits of this system.
We being surveilled! Governments and companies collect data. Hackers want that data.
What can software as a service providers do to protect data at rest? What if you need to work with that data? End-to-end encryption isn't an option, so where do we turn?
In this talk, Ben discusses and demos ways to securely and anonymously handling and distributing sensitive information between users, without allowing the raw data to give anything away.
Security best practices are often generic and language agnostic. This makes the life of a developer much harder than it should be. In this talk, a survey of the most common vulnerabilities in .NET context will be presented. Different vulnerability classes will be explored including XSS, injections and application misconfigurations. This will be done through live demos using open-source vulnerability finding tools specialized for .NET.
Learn how to use proven patterns & OSS to rapidly build a robust portfolio of microservices that provide a solid foundation for your dynamic & growing microservice architecture. This session addresses service configuration, registration, load balancing, routing, async, & more. The presenter will demonstrate how to develop, secure, & effectively manage microservices using OSS tools employed by Netflix to keep movies streaming globally 24x7.
I'll try to spark off interest in Big Data by showing application areas and by throwing ideas where you can later dive into.
Where is the truth in sentences like "ORMs are slow" or "SQL is insecure" ?
We will walk through the reasons that shaped ORM architecture, their potential and limitations.
After this talk you will be in a better position to choose the best fit for you and your next application.
Yes, okay, ES2015 rules, and ES2017 brings about a lot of cool things (most notably async/await), but a ton of cool stuff is expected to land in the next few years, too… and we can play with it already!
Christophe takes you through a whirlwind tour of the upcoming features he’s most excited about, due to become official in 2018, 2019… or 2020 ;-)
Considered by many as the successor to Hadoop, Spark is today used by many major players such as Amazon or Ebay. With its ability to perform fast in-memory computing on clusters with thousands of nodes, Spark has become one of the most promising technology regarding large datasets analysis. After a quick overview of how distributed systems evolved, we'll introduce Spark's core functionalities and briefly cover its libraries.
In this presentation I will talk about as many SEO / SEM / WPO facts as I can in 30 minutes. Learn how to setup your site up properly to optimize your local business on search engine, how to handle sites with multiple languages or internationally and how to properly implement AJAX for maximum search engine bot crawlability.
Are your queries slow? Learn how to speed them up through better SQL and use of meaningful indexes. You will understand what works well and what doesn't, and will walk away with a checklist for faster databases. Through examples and benchmarks, I will demonstrate how to go from almost a minute of SQL execution to less than a millisecond. I expect that you will all be itching to analyze queries to see how much you can shave off.
PHP 7.2 includes the libsodium cryptography library by default in the base language - the first time that a popular language has shipped with strong, modern crypto support as standard. Everyone can build secure apps without the risks of rolling your own crypto or using outdated libraries. So what's in libsodium? What kind of things can you do? What mistakes does it prevent you making? What risks remain?
Quand j’ai voulu utiliser Sylius, j’avais en tête qu’il s’agissait d’un « moteur e-commerce » pour Symfony. Maintenant que je l’utilise, j’ai compris pourquoi on parle en fait d’un « framework e-commerce complet ».
Prenons un moment pour faire le tour des fonctionnalités proposées par Sylius, et pourquoi vous devriez vous y intéresser.
I'm the maintainer of a very popular open-source PHP package - PHPMailer. In December 2016, two critical vulnerabilities were found in PHPMailer, affecting potentially millions of sites. I'd been involved in reporting minor security issues in the past, but nothing of this magnitude, and never at the receiving end. I found myself at the start of a steep learning curve and an emotional roller-coaster; a story of open source, CVEs, and people.
Designing softwares with an object oriented approach is hard... really hard! In fact, making good object oriented design (aka OOD) is very difficult for many developers as it goes far beyond basic concepts like classes, objects, inheritance and interfaces. This talk will provide tips and techniques to help you design better object oriented code. We'll cover topics like SOLID principles, composition vs inheritance, value objects, entities, etc.
For more than 45 years, everyone thought the problem was the processing power. For us, it was clear the problem was the B-Tree because the cost of processing a find operation grows as the logarithm of the file size.
This ideology is the opposite of intelligence because while we are growing up, we generate more and more data, but with time, we are not getting slower, in fact, we just become more intelligent!
We reinvented database, come see
Although CSS has been part of the web for over 20 years, one of the least understood parts is the cascade and inheritance. Today, we see many developers actively fighting the cascade, class-itis permeating HTML, and site builders adding !important all over their stylesheets. Learn what the cascade is, how it works, and why it makes sense, and you'll be ready to implement cleaner, DRYer stylesheets.After all, without the cascade, CSS is just SS.
Learn how to easily add Auth0 powered authentication to your JAM Stack app, and sleep soundly knowing your users secrets are safe.
Most web developers test their experiences in Chrome, Firefox, Safari, IE, and Edge. Many haven't even heard of UC Browser. But UC Browser is the #1 browser in India and Indonesia, both emerging markets which tons of potential. Using Instagram's mobile web experience as a case study, this talk will explain why UC Browser is popular in these countries as well as the opportunities available in growing users in these locations.
In today's increasingly connected world, the word "culture" appears in communities a lot. Unfortunately, it's not a single-value term. In many cases the founders of a culture are unaware of how their ideals have morphed, and acquired altered or additional definitions. In this talk I intend to describe some of the factors that contribute to this sort of 'fuzzing' of consensual understanding of the term.
Everybody is talking about big data, and NoSQL technologies are all the rage these days. But do you really have "big data", or is your database server just slow? In this session you'll learn about the various families of NoSQL data stores, their pros and cons, and which problems each one is designed to solve. You'll get a better understanding of when to use relational vs. NoSQL databases and how to migrate from one to the other.
What can tracing tell us about an application? We will use modern tracing tools to follow a request across several languages to see what their frameworks are doing and how well they are doing it. We will look at the call stack for Ruby on Rails, Express.js, and Wordpress. Additionally, we will use tracing to identify latency and improve performance. Finally, we’ll cover the OpenCensus initiative to standardize tracing across vendor and language.
Gérant plus de 1M de routes dans plus de 60 pays desservis par divers fournisseurs, chacun de prouesse technologique variée, le cache Busbud balance l'actualité des horaires et le volume de requêtes aux fournisseurs. Cette présentation aborde la façon dont Busbud a construit un cache plus intelligent qui va au-delà des TTLs et qui s'adapte à l'évolution des modèles de trafic. Nous présenterons nos succès, nos erreurs et nos prochains efforts.
How often have you rewritten your unit tests from scratch just because the code it was testing evolved sligthly ?
In this session we will explore some unit testing techniques from other languages to produce more robust tests in PHP.
You won't have to give up or send your unit test to the trashcan (ever) again.
Do you work with product managers but don’t know what they do? Does the way they talk confuse you? Do you wish you had more influence on your roadmap, or at least understood how it’s made? All these questions answered and more by Sean Yo, a Sr. Product Manager. Learn about what product management is, how to decode their jargon and tips and tricks on how to work with product managers to help give your customers better products.
For the past 10 years, I have been using positive communication strategies while working in and leading teams. The results are staggering. Increased happiness, increased productively, better products, ability and willingness to go above and beyond, increased creativity, happier clients, etc.
Learn and practice 3 positive communication techniques to help your team work better together.
Recently, Ruby came in handy helping one developer calculate how to get out of debt. When trying to pay off debt, it's difficult to keep up with accrued interest, payments amount, and more. A moderately complex calculation turned into an easy to use command line tool with Ruby.
Learn how to build a command line tool with Ruby to address everyday problems while offloading your mental variables and state into Ruby.
Interruptions are a fact of life. Power failures, network outages, hardware failures -- all can be *really* irksome when you have some long-running complex task or calculation underway. And inventing ways to save & restore state can be drudgery and error-prone.
Ruby's Marshal module can help. It serialises data, instances, whatever, into a saveable state -- and lets you restore from it later. I'll show you how, with examples.
Does adding a new feature require you to modify files across multiple projects in your UI business and data access layers? Tired of mapping DTOs through the various layers of your system? A layered architecture can be a painful when you really develop in vertical slices.
We're going to rewrite an existing app into features instead of technical layers. Covering the benefits and how to create a vertical slice using SOLID principles.
Web accessibility is usually described as the degree of usability of your website for people with disability. But do you know that EVERYONE benefits from an “accessible” website? This talk is about me watching my favorite show on Netflix in various environments where I was relayed upon “accessible” features. Using real examples, I am hoping to share ideas to improve your website to all your clients by ensuring your website is conform to WCAG.
A long time ago, the human race started writing software. Fast forward to today, and the way we expect software to be built has not changed: it always gets done, late, over budget, under-featured, too late to market, and many other failures we all encountered. With so much failure part of our day-to-day work, the time has come to accept that we're doing it all wrong.
While Object Oriented Programming provides a basis for structuring code, the question "How do I make sense of all those business rules?" remains unanswered. Domain Driven Design (DDD) main goal is to manage complexity by defining how to translate domain logic to code. In this presentation, you will see the main concepts of DDD and how it facilitates communication between developers and domain experts.
PostgreSQL 10 is out -- with a brand new style of version numbering. But beyond that it of course also comes with a large number of interesting improvements for both developers and DBAs. This talk will outline some of the bigger ones, and how they can be used for better or easier service.
Java 9 introduces many new exciting features and enhancements to the Java platform. The changes to the platform range from the new module system, jshell (REPL), and enhanced process API to the defaulted G1 garbage collector, compact Strings, and ECMAScript 6 support for Nashorn. This session will provide an overview of the important changes and what you need know to effectively upgrade to Java 9.
Instagram was famous for being "Mobile First", but in 2017, it started doubling down on its mobile web experience by bringing a creation flow, stories, as well as search and explore functionality to mobile web. This talk will explain why Instagram decided to do this as well as discuss technical details about how it uses modern best practices in web to provide a fulfilling experience for their users.
We will go over some of the most common attack vectors in code and how to protect against them while you write or edit a theme or plugin. This will include:
Escaping in WordPress
SQL and Data sanitization
Permissions with current_user_can()
Using Nonces to protect against CSRF
WordPress and PHP Security Gotchas
WebWorkers have been very useful for performing computation-intensive tasks in parallel, preventing browser lockup. Recently a new beast has appeared: the ServiceWorker. I will show how to use both WebWorkers and a ServiceWorker to add new features to the web development: rendering HTML from data without blocking the main thread, supporting offline mode, computation-intensive tasks.
Stopping viruses is hard. They're clever, evolve, and become more resilient over time.
So let's write one! We'll see how they hide, how they propagate.
In this presentation, Ben takes you on a live-demo journey of self-replication, cryptographic obfuscation, and payload delivery.
Now you're thinking like a virus writer, you can anticipate which areas of your applications need hardening. Just remember, we're doing it for good, not profit!
The logical place to put view-related logic is in your view, right? “A little logic here, a little logic there,” but all of a sudden you hardly recognize your views! A quick glance at the code and you can’t tell your server side language apart from your HTML. Don’t worry; this is a fun opportunity for some refactoring! Learn several approaches you can start using today to clean up your views.