Key Takeaway Points and Lessons Learned from QCon London 2018

| Posted by Abel Avram Follow 7 Followers , reviewed by Charles Humble Follow 798 Followers on Apr 18, 2018. Estimated reading time: 65 minutes | NOTICE: The next QCon is in New York Jun 25 - 29, 2018. Join us!

QCon (the international software conference for senior developers, architects, and tech leads) recently celebrated its twelfth year in London. Located at the Queen Elizabeth II Conference just steps from Westminster Abbey and Big Ben, this year’s event attracted 1,350 tech leaders in software and offered 136 technical deep dives, open spaces, and AMAs (Ask Me Anything) to attendees.

While the conference featured 18 curated tracks that covered nearly all of the major trends in software today, there were three that seemed to thread throughout the conference: Artificial Intelligence / Machine Learning, Microservices, and Ethics.

Andrew Ng famously called “AI the new electricity”. Dave Snowdon discussed building Neural networks with DL4J, Tim Kadlec asked us to consider the role our algorithms play in important life decisions for our users, and Eric Horesny led a full day track that covered the full spectrum of how AI is affecting each of our lives.

Microservices has moved from the stage of figuring out how to decompose the monolith to actually operating them. Sam Newman’s day one track on Microservices covered scaling, debugging, observing, and security with a Microservice architecture. In the Architecture’s You’ve Always Wondered About track, Expedia’s Mariano Albera discussed how the company replatformed their B2B APIs while continuing to support their $5 billion business.

Everywhere we look in software, we are starting to see larger and more pressing ethical concerns. Anne Currie (Chief Strategist Container Solutions) and Gareth Rushgrove (Product Manager @Docker) led one of the first ethics tracks we’ve seen in software. This all-star lineup featured talks like A Young Profession Coping With Ethical Debt from Editorial Board Member of the ACM Queue Theo Schlossnagle and Tim Kadlec’s Focusing on What Matters (where Tim challenged the audience with “It’s up to us to build web that truly is for everyone”).

QCon London 2018 featured over 140 speakers from innovative software shops like Google, Sky Bet,, Data Artisans, Mozilla, UBA, Uber and more, the keynote lineup this year was especially noteworthy. @RealMrGloverman: I have attended the last 4 @qconlondon and I can honestly say the closing keynote from @RichardWiseman is the highlight of them all. Outstanding. Thanks for another great year #qconlondon team.

Opening the 2018 conference, Rob Harrop (CEO @SkipJaq and Co-Founder SpringSource) delivered a motivational talk for developers to open the black box of machine learning. Harrop’s talk illustrated that artificial intelligence and machine learning are approachable by all of us (it even spawned an infographic on the topic). Additionally, Laura Bell (Founder of New Zealand’s SafeStack), Randy Shoup (VP Engineering @WeWork), and Richard Wiseman rounded out the 2018 keynote lineup with talks on culture+security, imposter syndrome, and a recipe book for changing your luck surface.

InfoQ had a number of editors at the event (you can read the coverage online). This article summarizes the key takeaways and highlights from QCon London 2018 as blogged and tweeted directly by attendees that were there.


Artificial Intelligence and Machine Learning for the SWE

by Rob Harrop

Rainer Hahnekamp attended this keynote:

The keynote was a motivation speech for software developers to learn the basics of artificial intelligence (AI) and machine learning (ML). It is a competency that software engineers should know about for various reasons. Mr. Harrop sees it as a tool that enables us to create things that weren't possible before. This is in contrast to technologies or patterns, like microservices, that only improve applications.

There is no magic. The same principles we find in software engineering apply to ML….

To learn it, you have to invest in theory, practice and — most importantly — intuition. He suggests using pytorch for starters instead of TensorFlow, since it leans more towards classical programming.

He recommended especially the book “Doing Data Science” and Andrew Ng’s Coursera course “Deep Learning Specialization”.

Rachna Mehta attended this keynote:

Harrop laid out some points as to why he believes ML is important and how engineers can embrace and learn to use it in their everyday working lives. These include:

  • That ML is a competitive advantage and shouldn’t be ignored.
  • ML should be considered a part of software engineering.
  • The languages used are Python or R; although he suggested to start with Python if you are new to ML or a new developer.
  • There are various frameworks you can learn, including PyTorch, TensorFlow, Keras and mxnet. PyTorch can be a good start because of its features, e.g. good debugging, which you need when you are experimenting.

Some good learning books for ML include:

Twitter feedback on this keynote included:

@danielbryantuk: Starting strong with @robertharrop at #QConLondon “machine learning is rapidly becoming competitive necessity”

@kriswager: A lot of focus is on how to build software better, according to @robertharrop, but with machine learning it is possible to focus on what we are building #QConLondon

@timanderson: Machine Learning is “what's next” for software engineers says @robertharrop #qconlondon - building good models is an engineering challenge

@kriswager: We are seeing the mistakes from the past, letting people working with machine learning stay apart from the general programmers. You want them in the same team - @robertharrop #QConLondon Individuals can specialize but the team generalize

@danielbryantuk: “ML is what's next for software engineering, but this will take new skills in order to be effective” @robertharrop #QConLondon

@kriswager: Good point by @robertharrop Nobody does machine learning just to do machine learning. It is part of a greater goal (or product) which the team works towards #QConLondon

@techiewatt: #QConLondon keynote @robertharrop: #MachineLearning should not be an activity done by an isolated data science team. As with #DevOps and #DevSecOps, should be part of collaborating team

@danielbryantuk: “You haven't got to learn everything up front, but ML requires quite a bit of specialist knowledge. However, you can be productive early” @robertharrop #QConLondon

@charleshumble: The importance of intuition in machine learning. #QConLondon with @robertharrop - great Einstein quote.

@charleshumble: R vs. Python for ML. Choose Python - so much familiar for a software engineer to understand. Likewise, Pytorch is a good library to start with. #QConLondon with @robertharrop

@kriswager: “You will find learning the theory [of machine learning] much easier after some practice” @robertharrop on why theory should come last when learning machine language #QConLondon

@danielbryantuk: Several great references for learning ML and Data Science from @robertharrop at #QConLondon

@charleshumble: Many of the books are terrible. Luckily for you I've read and wasted a lot of money on them and can recommend these two. #QConLondon with @robertharrop

@charleshumble: This series of four lectures plus the books will be enough to get you started #QConLondon with @robertharrop

@kriswager: #QConLondon @robertharrop disagrees with people who says that it is too dangerous to build a model without knowing (all) the theory behind it, since this presumes building a model can't be done with common good engineering practices

@danielbryantuk: Be aware of bias when building ML systems -- both human bias, and data bias (which is relevant to GDPR)... @robertharrop #QConLondon

@charleshumble: Dealing with learned bias in machine learning is hard; adversarial approaches are one technique to consider. @robertharrop #QConLondon

@kriswager: The only way to make sure that bias can't be learned, by the machine learning model, is to make sure to test for it - a very good point by @robertharrop #QConLondon

@timanderson: ML a competitive necessity says @robertharrop #qconlondon time to do some learning (and not to neglect the ethical aspect)

@justincormack: “now more than ever, ethics matter” #QConLondon - there is a track for that on Wednesday!

@danielbryantuk: “Whatever your ML solution is, it's not magic. You will eventually need to explain why decisions were made (algorithmic transparency), and you may need humans to double-check results” @robertharrop #QConLondon

Attitude Determines Altitude- Engineering Yourself

by Randy Shoup

Twitter feedback on this keynote included:

@RogerSuffling: Lack of complaint is praise enough @randyshoup @WeWork @qconlondon #QConLondon

@cpswan: “The most effective way to improve is to know that you can” @randyshoup #QConLondon

@RogerSuffling: 10,000 hours (5 years) of effort, focus, attention and improvement makes you great at what you do @randyshoup @WeWork @qconlondon #QConLondon

@RogerSuffling: Intuition does not come to the unprepared mind - Albert Einstein @randyshoup @WeWork @qconlondon #QConLondon

@RogerSuffling: Happiness equals reality minus expectation @randyshoup @WeWork @qconlondon #QConLondon

@floydmarinescu: Love this distinction from this mornings keynote at #QConLondon - Theory Y is where modern psychology is pointing to be true

@RogerSuffling: If you can't change the organization change the organization @randyshoup @WeWork @qconlondon #QConLondon

@r39132: A rank novice will always be more confident than an expert. Unconscious vs conscious ineptitude! #QConLondon

@dastoik: 'Practice isn't the thing you do once you are good. It's the thing you do that makes you good.' - Malcolm Gladwell. Great inspirational talk by @randyshoup @qconlondon #outliers #focus #grow #meditate #QConLondon

Guardians of the Galaxy: Architecting a Culture of Secure Software

by Laura Bell

Rainer Hahnekamp attended this keynote:

Continuous security requires integrating security into the development process rather than making it a separate function.

Security usually lies in the scope of a group working in isolation. This is very hard, since these guys are usually responsible if something goes wrong. Consequently, that work is not very enjoyable.

Builders usually know best how to fix security flaws in their product, so there is no need for a specific security person. After all, security specialists don’t have the deep technical insight than the author.

Good tools might be dependency checkers, static analysis tools or vulnerability scanner. It is important that you respect those tools and stop when they show you a problem. Regard it as a build failure.

Twitter feedback on this keynote included:

@jessitron: “How many of you failed in the last week? ... the rest of you, Try harder.” @lady_nerd #QConLondon

@jessitron: “How many of you failed in the last week? ... the rest of you, Try harder.” @lady_nerd #QConLondon

@kriswager: Security by the numbers in New Zealand according to @lady_nerd #QConLondon I wonder what the numbers are for Denmark

@dimitris_baltas: If you are in security, you might get fired. It's not like we had a flaw in production, then a retrospective, and then a hug in the end. #QConLondon

@robertharrop: The process and philosophy are more important than the technical details #qconlondon

@charleshumble: “The best technical people I know work really hard to make themselves redundant through automation. Security is no different.” @lady_nerd #qconlondon

@robertharrop: What's true for ops, is true for security, is true for data science. #QConLondon

@danielbryantuk: “Security teams are often rag-tag bands of people, or people wearing many hats. We need to pay more attention to security principles, and move towards continuous implementation” @lady_nerd #qconlondon

@charleshumble: “Integrate security into your pipeline. Dependency checkers, static analysis, and code review, vulnerability scanners,...” @lady_nerd #QConLondon

@jessitron: If you have to remember to do it, You won’t remember to do it. #automation @lady_nerd #QConLondon

@eoinwoodz: Security tools need to be respected enough to stop things when a problem is found. @lady_nerd at #qconlondon

@charleshumble: “Security fails when it's a special event. It has to be repeatable.” @lady_nerd #QConLondon

@jessitron: The best technical people I know work really hard to make their present selves redundant. ~ @lady_nerd #automation #QConLondon

@charleshumble: “Those of you doing greenfield projects I just want to remind you that the greenfield projects of today are the legacy systems of tomorrow so be nice. “ @lady_nerd #QConLondon

@RogerSuffling: Immutable architecture is more secure #Laura bell @qconlondon #QConLondon

@charleshumble: “Every action has a cost, value the time and resource needed to complete an action. Be respectful. “ @lady_nerd #QConLondon

@codescrum: Hiring security people: asking the candidate to plan a bank robbery is a good exercise! #QConLondon #security #softwaredevelopment #software #keynote

@jessitron: Getting things fixed is way harder than finding them. @lady_nerd #security #qconlondon

@charleshumble: “Extend blameless culture to security. We can’t fire people because of a breach.” @lady_nerd #qconlondon

@charleshumble: Use understanding attack and risk as problem-solving, creative lateral thinking. Think about the most dangerous thing you can do with the data in your system; it probably isn’t selling it on the black market. @lady_nerd #qconlondon

@charleshumble: “Language matters. Consistent, concise, inclusive. The most important security changes I ever made were after taking to UX people.” @lady_nerd #qconlondon

@danielbryantuk: “We need to get good people working together -- language matters, be respectful, and work to foster skills” @lady_nerd #QConLondon

@danielbryantuk: Great advice from @lady_nerd at #qconlondon “sustainability matters. We need to stop treating all security issues as high drama -- otherwise this leads to burnout”

Architecting for Failure

How Events Are Reshaping Modern Systems

by Jonas Bonér

Rachna Mehta attended this session:

He believes they [events] drive autonomy, help reduce risks, help to move faster, as well as offering further advantages.

Events are facts and facts are immutable & accurate, he said, and I liked following quote: “An autonomous component can only promise its own behavior. Autonomy makes information local, leading to greater certainty and stability.”…

Event sourcing allows us to model time

  • Event is a SNAPSHOT in time
  • Event ID is an INDEX for time
  • Event log is full HISTORY?—?The database of our Past & the Path to our Present.

In summary, Event First Design helps us to:

  1. Move faster towards a Resilient architecture
  2. Design autonomous services
  3. Balance Certainty & Uncertainty.
  4. Reduce risk in modernizing application.

Twitter feedback on this session included:

@kriswager: There are four drivers of the focus on events according to @jboner, these include cloud and multicolored, as well as microservices #QConLondon

@kriswager: Pretty good overview of what an event is and how it relates to facts by @jboner #QConLondon

@RogerSuffling: Mutable state needs to be contained and non-observable @jboner @lightbend @qconlondon #QConLondon 

@RogerSuffling: Events are Async communications that make up the communications fabric @jboner #QConLondons

@RogerSuffling: We need to model uncertainty @jboner @lightbend @qconlondon #QConLondon s

@dastoik: The world is relying on eventual consistency systems. Embrace reality and model uncertainty with @jboner @qconlondon #akka #reactive #lightbend #uncertainty #QConLondon

@RogerSuffling: Complex systems run as broken systems - Richard Cook @jboner @lightbend @qconlondon #QConLondon

@RogerSuffling: Complex systems run as broken systems - Richard Cook @jboner @lightbend @qconlondon #QConLondon

@kriswager: Bringing the talk in alignment with the track topic, @jboner points out that failures can be treated as events #QConLondon

@RogerSuffling: Use Event Storming to understand and reason about the behaviour of the system domain @jboner @lightbend @qconlondon #QConLondon

@kriswager: “If you don't have side-effects in your system, it is almost always useless” @jboner #QConLondon

@RogerSuffling: Crud is Dead @jboner @lightbend @qconlondon #QConLondon

@RogerSuffling: The truth is the log. The database is a cache of a subset of the log @jboner @lightbend @qconlondon #QConLondon

@kriswager: There are some disadvantages of using event sources - @jboner #QConLondon

@RogerSuffling: Key Takeaways @jboner @lightbend @qconlondon #QConLondon

@Rachna81185836: #QConLondon Event is fact and mutating fact is just wrong!!

Architectures You've Always Wondered About

Inside a Self-driving Uber

by Matt Ranney

Rainer Hahnekamp attended this session:

Uber has, of course, a major business interest in driverless cars. Their target is not to produce a self-driving car that can go everywhere. There are some limits. Especially with trucks, Uber targets the long distances….

Uber does not use GPS because of its inaccuracy. Instead, they rely on lidar combined with stored map data. The three basic inputs for Uber’s self-driving algorithms are camera, radar and lidar.

Testing is the main obstacle because the software itself interacts with real world. So if something breaks, it causes physical damage. For that reason, Uber has a private track where they can test their cars. This type of testing is of course very expensive and takes a lot of time. Compared to classical software testing the potential coverage rate, is much more limited.

Uber created a simulator to address the limits of real-world testing. This gives them better control over the environmental factors. The simulator reproduces situations that happened in the real world by using the recorded log data from the cars. Additionally there is a kind of game engine that randomly produces situations where the interplay with pedestrians plays a huge role.

Twitter feedback on this session included:

@thetrilemma: “Because people are so bad at driving cars they die!” Drivers are leading cause of car accidents @mranney #qconlondon 

@danielbryantuk: “Self-driving cars will give us back our time and space. They will also make the roads safer” @mranney #qconlondon

@anatomic: The amount of information that a self driving car can handle is absolutely incredible #qconlondon

@54616d6173: Computers are better at dealing with complexity, than humans #qconlondon @mranney

@danielbryantuk: And I thought testing microservices was challenging... Testing autonomous vehicles, with @mranney at #QConLondon

@thetrilemma: Uber use the unreal 4 game engine to do offline testing of self driving cars! @mranney #QConLondon #selfdrivingcars

@danielbryantuk: “Offline simulation is essential for testing autonomous vehicles” @mranney #qconlondon

@cgbeattie: @mranney - given the challenges of over fitting recognition models have you ever thrown a dragon in the unreal 4 sim? #QConLondon

@floydmarinescu: Amazing talk on Uber’s self-driving cars software platform by @mranney at #qconlondon. The level of intelligence in these new cars and trucks are far far more capable than humans. Safer times coming.

Lambda Architectures: a Snapshot, a Stream, & a Bunch of Deltas

by Adrian Trenaman

Twitter feedback on this session included:

@danielbryantuk: “One faulty DB driver in a service brought down our entire app. One service had become critical, but we didn't know. We had graphs of service dependencies, but they were beyond human comprehension” @adrian_trenaman #QConLondon

@danielbryantuk: “Be aware of the impact of caching within a microservices system -- it's all too easy to trip yourself up” @adrian_trenaman #QConLondon

@danielbryantuk: The @hbcdigital team are planning to open source Calatrava for emitting changes to PostgreSQL as @awscloud Kinesis events fairly soon -- looks quite similar to Debezium for MySQL Via @adrian_trenaman at #QConLondon

@danielbryantuk: “With the Lambda architecture you can end up duplicating functionality for batch and speed layers” @adrian_trenaman #QConLondon Perhaps an argument for using @ApacheFlink or @ApacheSpark to implement both?

@andyp1per: Is this the answer to the ultimate lambda question? @adrian_trenaman #QConLondon

@danielbryantuk: “Kinesis is the gateway drug, but @apachekafka is the destination” great talk by @adrian_trenaman at #QConLondon

Logistics as a Service: Building the Ocado Smart Platform

by Alex Harvey & Paul Sweetman

Rachna Mehta attended this session:

Ocado Technology has built a scalable, AWS-based microservices architecture and Google Cloud-powered data analytics, combined with a swarm robotics grid, controlled by an intelligent air traffic system running on a private cloud that is unlike anything currently available on the market.

The Ocado technology stack is divided in 3 parts

  1. Operational Space
  2. Data Platform
  3. Real-time control System

They have used AWS as their cloud provider, where they have got about 250 microservices running. They are using various AWS elements such as Elastic Beanstalk, DynamoDB, and API gateway for exposing endpoints. They are using kitemarks for best practices & platform standardization.

They achieved autonomy by assigning microservices to different teams, have managed to do 500 daily deployments on a prod using a single team, and they have found their teams to be happy and productive….

Ocado’s warehouse system is called the real time control system. It is very complex, but it was such a mesmerizing experience to see the videos they presented, showing how their grid system is implemented to automate everything in the warehouse! When designing their logistics they use emulators that they can use to model the results of real-life hardware. They run tests on these until their designs meet their expectations. At that point, they invest in hardware.

Twitter feedback on this session included:

@charleshumble: .@OcadoTechnology microservice rules - plan for each server to fail daily, run in multiple zones. No config of boxes via ssh. They run Chaos Monkey to kill servers in production. #QConLondon

@charleshumble: @OcadoTechnology dev teams are given an impressive amount of autonomy. Also, 500 daily deploys to prod, 1 hour to get a new app into production. #qconlondon

@charleshumble: Interesting to see a glimpse at #qconlondon of how @OcadoTechnology is using ML to improve van routing, parking information in London etc. - tuning based on weather, traffic patterns etc. 

@charleshumble: .@OcadoTechnology Data platform is a mix of AWS Kinesis and Google Cloud Platform (Big Query) - data streamed from AWS to GCP. #qconlondon

@charleshumble: A high-level view of the real-time control system in an @OcadoTechnology warehouse. #qconlondon

@charleshumble: In the new @OcadoTechnology warehouse an entire customer order of 40-50 items can be picked in about 10 minutes because it’s massively parallel; so you can do same day deliveries. To do this 3000 robots running around something the size of 3 football pitches. #QConLondon

@charleshumble: “I do have some footage of what it looks like when a bot crashes but I'm not allowed to show it because it's a bit embarrassing. It's funny though.” @OcadoTechnology #qconlondon

Building Great Engineering Cultures & Organizations

An Engineering-led Culture at Scale

by Amanda Bellwood

Twitter feedback on this session included: 

@kriswager: Following traditional methods for evaluating people wasn't working at Sky Betting and Gaming, and what was worse, it was demotivating half the people, according to Amanda Bellwood #QConLondon

@kriswager: Amanda Bellwood points out that no matter which method or tool was used to rank people, people perceived them as unfair #QConLondon

Building a Culture of Continuous Improvement

by Kevin Goldsmith

Twitter feedback on this session included:

@kriswager: A Culture of continuous improvement is 'people over processes', as people can change processes - @KevinGoldsmith #QConLondon

@kriswager: A requirement for continuous improvement is transparency with clarity. It is not enough to have transparency if there isn't proper communication - @KevinGoldsmith #qconlondon Rapid growth in a company often lead to communication breakdowns

@kriswager: At Avvo they set the “wildly important goals” for the company and actually tell people about them. There are only a couple of WIPs which don't change during the year @KevinGoldsmith #qconlondon #avvoculture

@kriswager: It is important to document what you are attempting as an improvement and what the result was. Results are important because they can be revisited - me paraphrasing @KevinGoldsmith #QConLondon

@kriswager: Avvo uses RFCs for organizational changes, and also for smaller changes, eg in teams #QConLondon

@kriswager: It is important that RFCs contain information of who is the long term owner/supporter of the change. The working group desolves when change is implemented, but someone needs to keep supporting it, or it will roll back - @KevinGoldsmith #QConLondon

@kriswager: Good question 'how do you deal with people afraid to speak out because of status' Autonomy and responsibility helps giving teams and team members psychological safety according to @KevinGoldsmith #QConLondon

Building Great Engineering Cultures Panel

by Amanda Bellwood, Tom Clark, Sally Goble, Finbarr Joy, Vlad Galu & Andy Walker

Rainer Hahnekamp attended this session:

The panelists offered several suggestions to help managers build better cultures.

Allowing people to speak up and to complain is required for building trust.

When managers send emails over the weekend, it puts pressure on employees. They have the feeling that the company will make important decisions without them unless they check their email regularly. Even during the weekend.

The panelists sent more divergent signals concerning working from 9 to 5. One on the one hand, it can mean that people aren't really focused or motivated. On the other hand, it is important not to burn out and to have a private life.

Engineering Culture Revived

by Finbarr Joy

Twitter feedback on this session included:

@kriswager: Defining culture is hard, but here are two different definitions, one of them by @FinbarrJoy #QConLondon

@kriswager: “Nothing has fundamentally changed. Software engineers still program” @FinbarrJoy dismissing the idea that technology is fundamentally changing our daily work #QConLondon It is simplified, but I agree

@kriswager: “If you are not doing innovation, why are you writing software?” @FinbarrJoy pointing out that most software functionally already exists, so without innovation you are duplicating code that already exist #QConLondon

@kriswager: When I look at the office in @FinbarrJoy's slide, I understand why open offices are so hated #QConLondon Such offices are not legal in Denmark, but if they're people's mental picture, it is hard to talk about benefits of open offices for projects

@kriswager: Interesting - @FinbarrJoy thinks that the team should be end to end, but I don't see the business anywhere in that team. The work starts before architecture and code #QConLondon XP tried to address this by having business part of the team

@kriswager: “I once worked with a team that worked on a project called 'refactoring'“ @FinbarrJoy #QConLondon He rightly points out that this is demotivating, and it would be better to include some refactoring in other projects

It's People, Stupid (People Are Stupid?)

by Andy Walker

Twitter feedback on this session included:

@kriswager: Andy Walker's three laws of humanity #QConLondon We need to know them on order to work around them

@kriswager: When people have their fight/flight response triggered, they become stupid (for a number of reasons). This is something managers should avoid by not surprising people, especially not in a way which puts status at risk #QConLondon Good points by Andy Walker

@weavermj: “You are more compelling if your message is available to a wider variety of people” says Andy Walker from Google #QConLondon

@kriswager: Andy Walker just referred to the study showing that having a pen in the mouth makes you more positive. One should be careful referring to that study as it has replication problems #QConLondon

@kriswager: “Generally speaking, people would rather progress than shout at each other” - Andy Walker on why focusing on the goal is a good way to defuse #QConLondon

@kriswager: “As a manager you need to take the shark out of the water” Andy Walker building on top of a Jaws metaphor. His point is that as a manager you shouldn't leave things unclear, so people are afraid of what lurks underneath #QConLondon

DevEx: The Next Evolution of DevOps

Kubernetes: Crossing the Chasm

by Ian Crosby

Søren Hartvig attended this session:

Moving on to some Real World Examples.

  • First example was a startup that didn’t have legacy code and therefore naturally would fit in Cloud Native strategy.
  • Second example is a company that had geographical barriers, needing to run the Kubernetes cluster within the geographical region of china. The Chinese firewall blocks Google, so when Kubernetes fires  up it gets modules from google, which will not work. Ended up doing a more manual approach using Ansible. Kubernetes Federation came to the help. Federation has several Kubernetes clusters and has a master cluster that can handle deployments on both sides
  • Third was Ericsson, wanting to move to a cloud native architecture. Making all services to micro services , containerize and deploy in some sort of container. Ericsson chose to use HELM to make packages and hence be able to deploy their software packages.
  • Forth was the horror story. A company with very high security restrictions. They were not allowed to adopt public cloud and has to be on internal closed net. The tools were not really build to work in an environment without access to the internet. When you create a pod, Kubernetes get’s a Pause container when deploying. So it accesses the internet, this doesn’t work if it has no connection to the net. Ended up recommending Swarm, OpenShift or similar…

Key takeaway is that Kubernetes is a “Whole” product with Mature tooling, Advanced Features and an Active Community.

Taking Back “Software Engineering”

by Dave Farley

Michael Gillett attended this session:

Farley surmised that engineering and the application of the Scientific Method has led to some of humanity’s greatest achievements, and yet when it comes to software there is a tendency to shy away from the title of “Engineering”….

Without a scientific approach to software development it’s perhaps an industry that follows a craft-like approach to production where because it works, it’s good enough. For example, if a software specification was given to several organizations to build, one could expect widely different levels of quality with the product. However, the same cannot be said of giving a specification for a building, car or rocket to be built—they could appear different but would be quality products based on rigorous tests and standards.

Farley went on to talk about how Test-Driven Development and Continuous Delivery are great at moving the software industry to be more scientific and rigorous in its testing standards. Though they are helping the industry to be better at engineering, there is perhaps another step needed—Hypothesis-Driven Development (HDD)—to truly move the industry to being one of engineers instead of developers.

Through HDD, theories would be created with expected outcomes before the software development aspect was even considered. This allows some robust testing to do be done further down the line, if the hypothesis stands up to the testing then it can be concluded that this appears to be correct. Further testing of the same hypothesis could be done too, allowing for repeatable tests that demonstrate the theory to be correct. The theories could be approached on a highly iterative basis, following a MVP like approach, if at any point the theory no longer holds up then the work on that feature could be stopped.

The theories wouldn’t need to come from developers and engineers themselves, although they could, but could come from other aspects of the business and stakeholders who request work to be done on the products being built. This would result in more accountability for what is being requested with a clear expectation around the success criteria.

Rainer Hahnekamp attended this session:

The main theme was to focus on proper experimentation and not rely on simple guessing. That’s what makes an engineer.

There are many different disciplines in engineering. One can‘t for example compare chemical engineering to aircraft. Still, they are all engineers. Software engineering is no different — it must base itself on experimental data rather than guesswork.

Along those lines, Mr. Farley declared that Scrum and craftsmanship are project processes, and not software processes per se.

This is due to the resulting lower-quality code. Craftsmanship is hand-made, individual and can‘t usually reach the same level of quality as automated machines.

Twitter feedback on this session included:

@danielbryantuk: “As software engineers we are currently working as craftspeople -- we should move more towards lean production techniques” @davefarley77 #QConLondon

@mileswilson: Wonderfully put by @davefarley77 #QConLondon

@danielbryantuk: “Software engineering must be iterative in order to mitigate risk” @davefarley77 #QConLondon

@weavermj: “Is this the biggest user story ever?” Quite possibly says @davefarley77. @neil_vass would like this talk! #QConLondon 

@danielbryantuk: “Continuous delivery as an engineering discipline...” @davefarley77 #QConLondon 

@thetrilemma: Risk increases exponentially with size of change @davefarley77 #QConLondon

@rzanner: Constantly try to prove your initial theories wrong by experimenting and observing - be engineers! @davefarley77 at #QConLondon

@jimshep: What’s the difference between a developer and an engineer? Developers guess, engineers test their guesses. Use the scientific method, be engineers! - @davefarley77 #QConLondon

Distributed Stateful Systems

Cloud-native and Scalable Kafka Architecture

by Allen Wang

Yaroslav Tkachenko attended this session:

They solved the problem by scaling the number of clusters, not the number of brokers. With proper automation and custom producers they’re able to quickly add extra capacity by creating additional clusters when needed. Producers know how to deal with it and as a bonus they also know how to failover quickly when necessary….

Netflix also uses Kafka ACL and quotas for proper multi-tenancy.

Real-Time Decisions Using ML on the Google Cloud Platform

by Przemyslaw Pastuszka & Carlos Garcia

Twitter feedback on this session included: 

@r39132: Make sure to use explainable models for debug-ability as illustrated by a model that correctly classified an image based on the wrong assumption. It detected a husky based on background snow. #QConLondon

@matthewpskelton: “Lack of rapid tools made ML development very slow. Then we found Google #BigQuery and now we're happy.” - Przemyslaw Pastuszka of @OcadoTechnology #qconlondon

Taming Distributed Stateful Pets With Kubernetes

by James Munnelly & Matthew Bates

Søren Hartvig attended this session:

Stateful Set. You want to have separate disks and have a unique disk to each resource.

Custom Resources

  • API “as a service”
  • Kubernetes API primitives fro ‘custom’ types

CRD – Custom Resource Definition

  • Quick and easy
  • Great for single extension
  • No versioning, admission control

Custom API server

  • Full power of Kubernetes
  • Requires etcd

Evolving Java and the JVM: Mobile, Micro and Modular

Modular Java Development in Action

by Sander Mak

Rainer Hahnekamp attended this session:

With a migration to Java 9, the problem is not only the modularization. There are also other ones. Often, an application won’t run in Java 9 even though it isn’t defined as module.

The app on your classpath without module definition is automatically named “unnamed module”….

Using exports and opens keywords in module definition is very important — especially when working with frameworks like Spring that rely heavily on reflection. Otherwise, Spring could not instantiate beans from other modules.

If your application has a module definition, all your other libraries must be modules too. If that is not the case, the so-called auto module mechanism simply transforms a jar file to a module which exports everything.

Serverless and Java in the Real World

by John Chapin

Rachna Mehta attended this session:

Chapin showed us how to set up projects, how various Lambda references can be made and how to set up a Maven-dependency project. A number of useful Java libraries can also be used.

He also described “The Lambda diet” and other basic configuration:

  • Fewer classes = faster startup
  • Ruthlessly cull dependencies
  • Beware?—?AWS libraries can be bloated!
  • Command to dig out dependencies…

How to set up logging

  • System.out/err goes to CloudWatch Logs
  • One “log group” per Lambda (by default)
  • Within “log group”, one “log stream” per container
  • From CloudWatch, can aggregate/forward…

How to monitor a Lambda using CloudWatch Metrics:

  • No build-in business metrics
  • Lambda platform metrics
  • Native metrics collection approach is dangerous!

Cloudwatch has account-level API limits.

Twitter feedback on this session included:

@danielbryantuk: How do you choose a serverless runtime? @johnchapin explains at #QConLondon 

@danielbryantuk: “We recommend designing serverless apps using DDD principles, and this doesn't necessarily mean a single function per project” @johnchapin #QConLondon

@ServerlessCity: “Maven is probably the best packaging tool for serverless applications” @johnchapin #QConLondon

JavaScript and Beyond: The Future of the Frontend

WebAssembly (And the Death of JavaScript?)

by Colin Eberhardt

Twitter feedback on this session included:

@timanderson: Reminder: JavaScript was created in 10 days by Brendan Eich in 1995 says Colin Eberhardt #qconlondon

@jessitron: WebAssembly is an impressive collaboration between all the browser vendors. Finally a new bytecode for the web! @ColinEberhardt #QConLondon

@jessitron: Just what the web stack needed: more WAT! #embraceTheWAT #QConLondon /tag @ColinEberhardt

@timanderson: WebAssembly first release is “minimum viable product”, hence quick progress but important missing features eg exceptions, garbage collection #qconlondon

@timanderson: Compiling Java and C# to WebAssembly likely to come in 2019 says Eberhardt #qconlondon (yes there is already Blazor but not ideal as you have to download runtime along with with app code)

Leading Edge Backend Languages

Rust 2018: An Epoch Release!

by Steve Klabnik

Søren Hartvig attended this session:

Key Takeaways:

  • A language for systems programmers
  • Things that you would use C++ for example
  • For C++/C developers, python , ruby, javascript developers, functional developers. 
  • Blazing Fast, No segfaults, threadsafe
  • Made as bit more high level version of system languages, hence approachable by for example java developers…

New features, areas :

  • Webservices. RUST is used to program microservices quite a lot
  • Async/Await as inspired by ES6
  • WASM – WebAssembly. This is quite interesting, since web assembly could be a new way of making frontend solutions
  • CLI command line applications
  • Embedded Devices

Microservices/ Serverless: Patterns and Practices

Insecure Transit – Microservice Security

by Sam Newman

Twitter feedback on this session included:

@danielbryantuk: “Software developers shouldn't abdicate responsibility for security -- we should all strive for 'just enough security' “ @samnewman #QConLondon

@danielbryantuk: How should you approach infrastructure security? @samnewman references “rotate, repair, and repave” at #QConLondon

@danielbryantuk: Security patching madness! Although, using a public cloud does help, via @samnewman at #QConLondon

@danielbryantuk: A shout for the potential benefits of service meshes like @linkerd and @IstioMesh by @samnewman at #QConLondon -- many cross-cutting concerns can be handled here!

Microservices Lessons Learned From a Startup

by Susanne Kaiser

Søren Hartvig attended this session:

Lesson#1 . Don’t take too many steps at once. This will slow you down.

Lesson #2. Deferring solving Authorization handling hurts. Make sure you have authorization services ready before all the other services. If you don’t you will start implementing authorisation everywhere. This is pretty much true in all kinds of system and is not really related to serverless.

Lesson #3. Less aligned strategy is expensive. separate apps, teams, services get’s bundled anyway. I’m not sure why this is a problem, isn’t it mostly a problem that it is deployed together. true micro services should be deployed separately.

Lesson #4. Data related overhead. Data have to be in sync. Solved by using Apache Kafka Streams.

Kafka is a strong streaming system and helps secure that all events that happens in the system, will be handled. A Scalable, Fault tolerant and fast solution.

Microservices & Scaling of Rational Interactions

by Mark Burgess

Twitter feedback on this session included:

@danielbryantuk: “The internal communication links typically determine how well a system performs at scale” paraphrasing @markburgess_osl at #QConLondon

@danielbryantuk: “Messy networks communicate deep and well. Is the want of modularization really for benefit, or is it to satisfy a need we have for coherence as humans?” paraphrasing @markburgess_osl at #QConLondon

Securing Serverless – By Breaking In

by Guy Podjarny

Twitter feedback on this session included:

@timanderson: Code upon code upon code: 19 line demo app for storing something in S3 becomes 191K lines of code if you take into account its library dependencies, and their dependencies. #qconlondon

@danielbryantuk: “Be aware of your application dependencies (including transitive dependencies), as it is possible to bring in vulnerable libraries” @guypod #QConLondon

@danielbryantuk: Great live serverless hacking DDoS (and billing exhaustion) demo with @guypod at #QConLondon

@danielbryantuk: “The @awscloud security policy is easier, but this is safer” @guypod on our tendency to be a little lazy with security #QConLondon

@kriswager: When you bundle functions together in serverless you open them up for all the roles in the functions. A function is a perimeter that needs to be secured - @guypod #QConLondon

@danielbryantuk: “With serverless think of a function is a perimeter, and also don't rely on immutability of the underlying infra” @guypod #QConLondon

@timanderson: In future, you might not dare to delete your serverless functions just in case someone is still using it ... becomes a security issue #qconlondon

@danielbryantuk: “Even though serverless functions cost nothing when they are running, it can be challenging to keep awareness of all function code/deps/permissions deployed throughout your estate” @guypod #QConLondon

Modern CS in the Real World

Formal Methods at Amazon Web Services

by Michael Tautschnig

Twitter feedback on this session included:

@timanderson: Humans prevent us from achieving perfection observes Michael Tautschnig, development engineer at AWS Security #qconlondon - can formal methods save us?

@justincormack: Split responsibilities for security. #QConLondon

@danielbryantuk: The evolution of automated reasoning in mathematical logic #QConLondon

@timanderson: AWS no longer uses OpenSSL, rather its own internally developed (and also open source) s2n  which is smaller and easier to verify #qconlondon

@danielbryantuk: Interesting insight into how @awscloud uses formal methods to verify s2n, their OpenSSL alternative #QConLondon

@timanderson: Allow/Deny policies are confusing says Tautschnig especially when combined with wildcards. It's the old “do what I mean” problem (my comment not his!) #qconlondon

@timanderson: AWS solution is to test policies against compliance rules so you would discover for example if you had inadvertently allowed public write access to an S3 bucket #qconlondon

@timanderson: Consider “all possible subtle interactions between NAT gateways, AZs, ACLs, VPC peering endpoints, load balancers etc” - AWS has a query engine that lets you ask simple questions like “which EC2 instances are exposed to the internet” including all factors, impressive #qconlondon

Java at Speed

by Gil Tene

Rainer Hahnekamp attended this session:

Mr. Tene stressed the fact that Java starts interpreted, gets compiled and eventually optimizes to run fast. A huge benefit of s JIT compiler is that, as it runs on the rather than on a vendor‘s machine, it can take into consideration specific CPU features. This does not just mean 32-bit versus 64-bit, but also things like the different features of each Intel chip generation.

Some features a compiler can do for optimization include removing dead code, changing code and value propagation for which the volatile keyword is important….

In contrast to static compilers, JIT compilers can do some speculative optimization for a very simple reason: it can always throw away and recompile the code. The JIT compiler can take more risks as it tries to squeeze out even more performance.

A typical speculation optimization would be removing null pointer checks. Should a null occur, the compiler must react — a far more expensive operation compared to doing the original null check. Still, as nulls happen far less frequently than non-nulls, the net result is a performance improvement.

One quite well-known performance pattern is the so-called pre-warm-up. Execution of the application is simulated with fake data. This should compile the code, before the application really starts. A good example might be in trading, where we warm-up the application before the markets open.

The problem here is that these pre-warm-ups can differ from the real usage. As a result, JIT optimizes for the fake process itself, which can result in a de-optimization. A better solution might be to store the profile of a past real execution and reuse it.

Next Gen Banking: It’s not all Blockchains and ICOs

Disrupting the Banking Experience: Building a Mobile-Only Bank

by Yann Del Rey & Teresa Ng

Twitter feedback on this session included:

@robertharrop: “Iteration is key” seems to be the pervasive message of #QConLondon

@robertharrop: Reactive architecture for iOS applications #QConLondon

@robertharrop: Ultimate dogfooding: devs @StarlingBank are all testing new app releases on their real bank accounts #QConLondon

@robertharrop: Fragmentation is the biggest issue for UI testing in Android #QConLondon

FlexiTime Token: Building dApps with Ethereum

by Alex Batlin

Twitter feedback on this session included:

@charleshumble: Why Etherium? Lots of developers working on it but it's also the only smart contact platform with the ability to monetize - it has a very clear business model behind it. Alex Batlin #qconlondon

@charleshumble: Hearing a lot about formal methods at #qconlondon this year; the Ethereum foundation has people working on a formal proof for their smart contracts for instance; presumably easier to prove a smart contract than something like, say Java code.

@charleshumble: Why Ethereum? Lots of developers working on it but it's also the only smart contact platform with the ability to monetize - it has a very clear business model behind it. Alex Batlin #qconlondon

ID Crisis! Take Back Control with Self-sovereign

by Sharat Koya

Twitter feedback on this session included:

@robertharrop: System roles for digital identity. #QConLondon @skoya

@floydmarinescu: A view is the future of identity and privacy at #qconlondon 2018

@robertharrop: Passports exemplify the poor state of identity today #QConLondon @skoya

@robertharrop: Decentralised, user-centric identity @skoya #QConLondon

Observability: Logging, Alerting and Tracing

How to Build Observable Distributed Systems

by Pierre Vincent

Twitter feedback on this session included:

@sarahjwells: If we fool ourselves into thinking we're immune to failure, when the failure DOES happen we won't be ready for it. Be prepared. @PierreVincent quoting @mipsytipsy #qconlondon #observability

@RogerSuffling: Reaching production is only the beginning @PierreVincent @qconlondon #QConLondon

@RogerSuffling: Monitor tells you if the system is working: Observability informs you what's wrong @PierreVincent @qconlondon #QConLondon 

@sarahjwells: Timestamps in logs can be treacherous. What do they mean: is it when it happened, or when the logs was consumed? Are the systems in sync? Trace ids are much more helpful @PierreVincent #qconlondon

@sarahjwells: Structured logs are your friend... @PierreVincent #qconlondon

@sarahjwells: “Within the first half day of using zipkin we found things we had no idea were happening” @PierreVincent #qconlondon - tracing is valuable but instrumentation required makes it expensive to add to a system that already consists of large numbers of services. So do it early!

@RogerSuffling: Visibility builds trust but requires safety @PierreVincent @qconlondon #QConLondon

@RogerSuffling: Visibility helps justify decisions @PierreVincent @qconlondon #QConLondon

@RogerSuffling: Visibility helps operability @PierreVincent @qconlondon #QConLondon

Observability and Emerging Infrastructures

by Charity Majors

Twitter feedback on this session included:

@eanakashima: “Many catastrophic states exist at any given time.” @mipsytipsy #QConLondon

@danielbryantuk: “Your distributed system is never entirely 'up'. We need the ability to ask new questions for debugging purposes” @mipsytipsy #QConLondon

@eanakashima: Complex systems: - the hardest problem is often identifying what to debug or trace - the health of the overall system is irrelevant @mipsytipsy #QConLondon

@danielbryantuk: “Blackbox monitoring for modern architectures are no longer effective for the type of issues we are seeing” @mipsytipsy #QConLondon

@danielbryantuk: Characteristics of monitoring modern systems, via @mipsytipsy at #QConLondon

@sarahjwells: “You don’t have observability if you don’t have these things” @mipsytipsy #qconlondon

@danielbryantuk: “A lot of observability is asking the right questions, and having tooling to support the high cardinality break down of data e.g. latency by user id” @mipsytipsy #QConLondon

@sarahjwells: “Tweaking the sampling rates is the new tweaking alerts” - set different sample ratios, you may want all 500s but a small percentage of 200s #qconlondon @mipsytipsy

@danielbryantuk: “If you an aggregating/smooshing your monitoring and logging event data, you are already presupposing the type of queries you will make against the system” @mipsytipsy #QConLondon

@danielbryantuk: “Nines don't matter if users aren't happy” @mipsytipsy #QConLondon

@danielbryantuk: “Black swans are the norm within distributed systems” @mipsytipsy #QConLondon

Observability Panel

Randy Shoup, Sarah Wells, Yan Cui, Pierre Vincent & Charity Majors

Twitter feedback on this session included: 

@edith_h: “Dr dr it hurts when I do this (dynamic sampling)” @randyshoup “don't do that” #QConLondon

@edith_h: “Can I rant just a minute about operational events? You should NOT be keeping all operational event” @mipsytipsy #QConLondon

@edith_h: “Best teams internally give the service of a good vendor, best vendors feel like they're part of your team” @mipsytipsy on Buy vs build. @randyshoup I agree, tweet that! #QConLondon

@dimitris_baltas: I feel documentation is a smell. It’s not wrong”¦ but it’s not right either. The minute you write it it’s debt. #qconlondon @mipsytipsy

Testing Observability

by Amy Phillips

Twitter feedback on this session included:

@sarahjwells: “If you have microservices but you wait and do end-to-end testing of a combination of them before a release, what you have is a distributed monolith” @amyjph #qconlondon

@danielbryantuk: Testing microservices -- watch for the lack of “hard edge” (as with a monolith) and the integration costs Via @amyjph at #QConLondon

@danielbryantuk: “The test pyramid is a great tool to get people thinking about testing, but it can be dogmatic. I prefer 'test dials', where you can adjust individual levels of testing” @amyjph #QConLondon

@charleshumble: “The price of reliability is the pursuit of the utmost simplicity.” by C.A.R. Hoare, in “The Emperor's Old Clothes” (1980 ACM Turing Award Lecture) - nice reference from @FinbarrJoy #QConLondon

@danielbryantuk: Great thinking points on testing and observability by @amyjph at #QConLondon 

The Present and Future of Serverless Observability

by Yan Cui

Twitter feedback on this session included:

@sarahjwells: Challenges of serverless such as lambda - nowhere to install agents, no background processing @theburningmonk #qconlondon

@danielbryantuk: “Eventing often goes hand-in-hand with serverless. If you want to know more, talk to @randyshoup who is sitting over there” :-) @theburningmonk #QConLondon

@danielbryantuk: “Take care with spending extra time for sending metrics as part of a serverless invocation -- this can damage the user experience” @theburningmonk #QConLondon

@danielbryantuk: A shout to @awscloud X-ray for serverless observation, by @theburningmonk at #QConLondon

@danielbryantuk: Interesting ideas on the future of serverless observability dashboards, via @theburningmonk at #QConLondon

@danielbryantuk: “I want all my observability needs on one dashboard that can switch between static and dynamic views, and queries. I don't want to have to build the mental model piece by piece, tool by tool” @theburningmonk #QConLondon

@danielbryantuk: “Situational awareness is vital -- as @swardley says, you need context, position and movement. This is equally important with data (and observability) as it is with business” @theburningmonk #QConLondon

Operating Systems: LinuxKit, Unikernels, & Beyond

Making the Windows Command-Line Great Again!

by Rich Turner & Tara Raj

Twitter feedback on this session included:

@teamKatacoda: Windows and Linux processes running on the same kernel, side-by-side!! Great technology and super lightweight processes #QConLondon

@timanderson: Main thing to get your head round with respect to Windows Subsystem for Linux is that it is completely nothing in the least like a VM. It's “another route to the kernel” says Rich Turner #qconlondon

@timanderson: disk i/o perf poor in WSL, improvements coming apparently #qconlondon

The Modern Operating System in 2018

by Justin Cormack

Rainer Hahnekamp attended this session:

Linux and Windows are the main candidates for use as servers. Operating systems are the last large monoliths.

Unikernels are an alternative. You can start them on bare metal and only install the libraries and drivers you need for your application. An example for a working Unikernel is Microsoft’s SQL Server for Linux.

SSD’s and 10Gb networks created tremendous performance improvements that forced operating systems to adapt to new hardware speeds.

One approach was to avoid the slow kernel/userspace switch and instead try to run all code only in userspace. SeaStar is a framework for making drivers available in userspace.

The other option would be to run everything in the Kernel. eBPF is a framework for that strategy and is similar to “AWS Lambda for the Linux kernel”.

Security: Red XOR Blue Team

Attack Trees, Security Modeling for Agile Teams

by Michael Brunton-Spall

Twitter feedback on this session included:

@kriswager: “My assumption is that you haven't done much risk analysis or any of all. You think risk analysis is the most boring thing in the world. Even if you are an accountant, you think accounting is more interesting” @bruntonspall #QConLondon

@kriswager: “Almost every company in every field has experienced a breach. The breaches becomes bigger and bigger” @bruntonspall starting up a happy note #QConLondon

@kriswager: “Security is not compliance” @bruntonspall #QConLondon Sad that is has to be said, but it does

@kriswager: Hadn't expected to see the Agile manifesto on the security track, but I guess it makes sense. Agile focuses on things that needs to be in focus when addressing security #QConLondon

@kriswager: Attackers don't care which technology you use. You have to know the business, because that is what is under attack. The technology is just a method for attacking - @bruntonspall #QConLondon

Bigger, Faster and More Secure

by Laura Bell

Twitter feedback on this session included:

@kriswager: For many in the software space, security falls in 'freeze' (of the fight, flight, freeze) pattern according to @lady_nerd #QConLondon

@kriswager: Layered defenses have some security issues, including the situation where the architecture change - @lady_nerd #QConLondon

@kriswager: “We call this a 'cup of tea problem' . You stop what you are doing, get a cup of tea, and sit down with your team of developers and talk about what you have done” @lady_nerd on storing passwords in plain text #QConLondon

@kriswager: “The important thing about being a security minded person is stories, communication and connecting, not whether they know every language” @lady_nerd #QConLondon I find this holds true for any roles in software development

@kriswager: We should think of tiny houses rather than castles when thinking of security. Tiny houses are build for functionality and leaves out stuff you don't need. @lady_nerd Tiny houses, in security sense, should fit the list below #QConLondon

@kriswager: When you have 3rd party platforms, how do you monitor them? This is something you need to figure out - @lady_nerd Important and not a trivial task #QConLondon

@kriswager: “Be aware of the bubble you live in” @lady_nerd “don't base your controls on your biases” #QConLondon It is important to try to find different views and figure out the things people think of outside your bubble (another point for diversity)

Encryption Without Magic, Risk Management Without Pain

by Anastasiia Voitova 

Twitter feedback on this session included:

@kriswager: Cryptography is a method to manage the attack surface - the attack surface is any place where sensitive data can be stolen - @vixentael #QConLondon This should be small enough to monitor etc

@charleshumble: If this is all getting a bit much I have a cat video. Just look at this kitten. Feel better? Great, let’s carry on. @vixentael on the security track #QConLondon

@kriswager: Good use of kitten slides to put in breaks and interact with the audience by @vixentael #QConLondon

@charleshumble: ZKA has a small attack service; good for trusted client site like mobile. @vixentael on the security track #QConLondon

@charleshumble: Cryptography is well implemented if it narrows the attack surface, and increases the control over the data. Think of Echelonization - add more layers of defense. @vixentael #QConLondon

@charleshumble: Log and monitor events, implemented intrusion pattern detection, attack control, firewalls and so on all the attack services. @vixentael #QConLondon

@kriswager: 17% of all security failures related to cryptography are caused by errors in cryptography software. 83% are caused by misuse of cryptography software. Unsurprising by important numbers by @vixentael #QConLondon

@kriswager: A very important message by @vixentael (“don't roll your own crypto”) #QConLondon

@NAlexWhite: Encryption is easy. Key management is hard. @vixentael #QConLondon

Security Champions: Only YOU Can Prevent File Forgery

by Marisa Fagan

Twitter feedback on this session included:

@kriswager: Becoming a security champion doesn't mean you need to know everything. @dewzi suggests sticking to the 10 things listed on the slide #QConLondon

@kriswager: “Hopefully a security champion program will lead development teams and security teams holding hands in the fields one day” @dewzi on how security champions lessen tension between developers and security teams #QConLondon

Stream Processing in the Modern Age

Drivetribe: A Social Network on Streams

by Hamish Dickson & Aris Koliopoulos

Yaroslav Tkachenko attended this session:

Drivetribe is a popular motoring social network. Instead of relying on a classic 3-tier architecture or embracing microservices they decided to do something different. Drivetribe uses stream processing for generating all relevant content in write time. So, when you open a page everything was already pre-calculated before, including the number of likes and comments. How? They heavily rely on write time aggregation….

Drivetribe also employs various algebras to deal with duplicate and out of order events:

Tech Ethics in Action

Tim Anderson attended this track:

The most significant thing about the Ethics track at QCon London, a software development conference I attended last week, is that it existed….

Ethics has always mattered, but the power of software over our lives is increasing. It is possible be that algorithms at Facebook, YouTube and Twitter influenced the result of the last US election and the UK’s Brexit referendum. Algorithms play a large role in influencing many of choices, what to buy, where to eat, where to stay, which airline to book, which vendor to use….

AI is also poised to take over more jobs previously done by people. This could be a great liberator for humanity, or alternatively divide society even more deeply into haves and have-nots.

We need more ethics discussion then; but is it too late? Well, it is never too late to improve matters, but perhaps much harm could have been avoided if the industry had focused on this earlier.

A Young Profession Coping With Ethical Debt

by Theo Schlossnagle

Twitter feedback on this session included:

@garethr: OH: “ethics is about systemizing, defending and recommending concepts of right and wrong conduct” @postwait kicking off our ethics track at #QConLondon

@PierreVincent: @postwait “We need to prevent people from writing code that kills people”

@charleshumble: It’s really important to understand that ethics change over time - most modern physicians take a modified version of the Hippocratic Oath for example. @postwait #qconlondon

@charleshumble: The first place where ethics was applied by the clergy; religion touched everyone and you had to know that they had everyone's best interests at heart. @postwait #qconlondon

@garethr: Building trust between society and a profession is an interesting topic. Does society as a whole trust the technology profession, and those companies most associated with it? #QConLondon

@bunufi: Do you work for the benefit of the society? Ethical questions being raised by @postwait at #QConLondon. How often do you think about this in your daily life?

@charleshumble: Ethics only apply in a context when you have societal impact. With computing, we have not been applying ethical constraints to our software as we’ve got pervasive. @postwait #qconlondon

@charleshumble: After the VW emissions scandal, people went to prison, and that’s why we now have an ethics track at a practitioner conference like #qconlondon - @postwait

@PierreVincent: @postwait On Uber Autonomous Vehicle Operation: “You do not want a JIRA about a dead kid” #QConLondon

@charleshumble: Interesting context for the Uber grey-ball story - original intent was to be able to avoid assaults on drivers - the ethics context here is more complex than I realized. @postwait #qconlondon

@charleshumble: The Strava global heat map is basically a theft map - I don’t think anyone who worked on it realized this, they didn't have a side business stealing bikes, but there was a lack of questioning as to what this could be used for. @postwait #qconlondon

@charleshumble: “Our ethics your responsibility as programmers. I’ve had programmers tell me that it isn’t, and that’s why they went in computing. This is not the case.” @postwait #qconlondon

@charleshumble: Sometimes there are two choices and neither of them are ethically great. If you have ethical issues: * Be aware that you are not alone * Understand the ethics are a spectrum * Keep records * Build a dispassionate defense * Work the system * Resign @postwait #qconlondon

Ethical Tech - A Psychologist's Perspective

by Alexander Steinhart

Tim Anderson attended this session:

Steinhart talked about addiction. “We all want to unplug, but cannot”, he said.

“Now we are all connected. On average people are nearly three hours online every day. They check phones every 7 to 15 minutes. Many people have difficulties in finding the right balance.”

When is a habit an addiction? When it “gets into the way of your life and you can’t do anything else, and when you try to change behaviour you don’t manage,” said Steinhart, mentioning that “distraction” is identified as a risk by many people today, including teenagers.

Interruptions and distractions are detrimental to our productivity and also a source of stress, he said. Once you are distracted, it takes 20-25 minutes to recover your focus. “Take care that you are not connected all the time.”…

We now have abundant information. Answering a question that might once have required a trip to the library or several phone calls can now be done in an instance. That is fantastic; but are we coping well? Somehow, instead of becoming more discriminating about the sources and value of available information, humanity is prone to consuming more and more information of low quality, whether that is banal time-wasting or actual falsehoods and information that is intended to deceive or mislead us….

We need positive computing and software design that is “aligned with human goals,” he said.

Free and open source software is helpful in this respect, because the goals of the software are aligned with our needs rather then profit.

What can software developers do? “It is not your fault that technology is distracting,” said Steinhart, “but it’s your responsibility to change something.”

It is interesting to imagine what software might look like if designed for human needs rather than business interests. Steinhart’s ideas are around making software quieter, designed to get out of our way rather than to interrupt us, smartphones that encourage us to leave them alone, and of course to avoid anti-patterns which feed addiction or deliberately try to trip us up….

Despite enjoying Steinhart’s talk and others in the Ethics track, I was not encouraged. We need, of course, regulation as well as more principled businesses, and we do not know what such regulation should look like, nor how to implement it.

One thing though is worth repeating: if as a software developer you are asked to do something that is ethically unacceptable, you should refuse. Professional standards include more than quality of coding.

Twitter feedback on this session included:

@timanderson: Alexander Steinhart observes that as information has moved from a scarce resource to an abundant resource, we should be moving to a phase which is about management and quality of information but we are failing to do so #qconlondon

@timanderson: Infinite nature of online material combined with our lack of self-control makes it difficult for humans to manage their time/attention #qconlondon

@timanderson: We are addicted to notifications even though they are only rarely significant - the possibility ensures our attention says Steinhart #qconlondon

@timanderson: Pulling a screen down for refresh is like a slot machine says Steinhart, addictive #qconlondon

@PierreVincent: Paradox of digital revolution: we want to unplug but we can't. This is how addiction start. And this is all fueled by products designed purely around engagement. @quanders #QConLondon

@garethr: OH: “The current tech mix is addictive” what are we missing? “Interaction, solitude, boredom, conversations, focus/attention”. Lots in human interaction we can't do with computers says @quanders at #QConLondon

@timanderson: Listening to Steinhart explain how distractions are destructive to our productivity makes me wonder how anything ever gets done! #qconlondon

@PierreVincent: Cyborgs are already here: we all say “my battery is flat”, not “my phone battery is flat” @quanders #QConLondon

@timanderson: Automation Bias is when dependence on technology makes you forget or not learn how to do without it - affects medicine, airline pilots, all of us if we can't now navigate without Google Maps says Steinhart #qconlondon

@timanderson: Glimmers of hope: open source software, “Liberation Technology”, Positive Computing/Design whose goals are aligned with human goals says Steinhart #qconlondon

@timanderson: Problem with eg. Facebook is misalignment between what users need and what the company needs (income from ads etc) says Steinhart #qconlondon

@garethr: OH: “it's better to educate than to nudge” @quanders #QConLondon

@timanderson: Why not design for “Time well spent” says Steinhart cf Center for Humane Technology #qconlondon

@timanderson: Agile manifesto: individuals and interactions over tools, software and technology, good reminder from Steinhart #qconlondon

Responsibly Smashing Pandora’s Box

by Yanqing Cheng

Sam Warner attended this session:

Cheng … showed the importance metrics can have when we are making these more human decisions. By evaluating cost against benefit, we can maximize the impact of our technology for good. Although we commonly understand cost-benefit analysis to be somewhat utilitarian, and as such incompatible with more moral viewpoints, for example those focused on deontological concepts such as ethics, and putting a 'value' against potentially life-changing access or effect of new tools might initially seem somewhat impersonal, I can certainly see the use of it.

Twitter feedback on this session included:

@charleshumble: Yanqing Cheng - “A full human genome sequence cost $100 million in 2002. Today it can be done for $1000. That’s 20 years of progress.” #qconlondon

@charleshumble: Humans are inclined to make the default choice and consider it better than the alternatives. We feel greater regret for bad outcomes that result from new actions, then for bad consequences that are the result of inaction. Yanqing Cheng #qconlondon

@charleshumble: “Our intuitions were made for a smaller, slower world than the one we live in now.” Yanqing Cheng #qconlondon

@garethr: OH: “ethical choices are often unintuitive” @YanqingCheng at #QConLondon raising lots of interesting points

@charleshumble: Ethical choices are really unintuitive. The right thing can seem unintuitive, mundane and even distasteful. Yanqing Cheng #qconlondon

@charleshumble: Imagine a fully booked 747, where 3/4 of the passengers are children. Every day, this plane crashes into the Gulf of Guinea, killing everyone on board. This is malaria in one country. Yanqing Cheng #qconlondon

@charleshumble: 1.3 million people die from road traffic injuries every year. Imagine every single BA flight from London to New York crashed every day. Plus one more. Delaying progress (ie self-driving cars) can be enormously costly. @YanqingCheng #qconlondon

@devillsroom: That is like ten 747 planes crashing every single day... #QConLondon

@kriswager: “If you don't do it, someone else will do it. And wrong” @YanqingCheng on why it is not only important to apply ethics to new technology, but also important that people who will apply ethics when developing new tech are the ones that develop said tech #QConLondon

@garethr: “We need better tools for testing algorithms for things like bias.” Interesting to think about what that looks like, and good prior-art or examples? Question posed by @YanqingCheng on the #QConLondon ethics track

@charleshumble: “Courage is not the absence of fear, but rather the judgment that something else is more important than fear.” @YanqingCheng on #QConLondon

Solutions Track I

Explaining Artificial Intelligence to Schoolchildren

by Dale Lane

Rachna Mehta attended this session:

Dale Lane, a software developer at IBM, demonstrated how we can teach children about artificial intelligence by feeding data to buckets, using ML model creations and making machines that learn from the information.

He shows the children how a machine’s accuracy will improve when you feed it more data, and how it can overcome a challenge by being shown different examples. But rather than doing this using dry data without context, he captures pupils’ imagination by encouraging them to generate data for these ML challenges by playing games and recording their journeys.

Solutions Track II

The Extraordinary World of Quantum Computing

by Tim Ellison

Twitter feedback on this session included:

@eoinwoodz: “Quantum computing today is where classical computing was in the 1940s with Colossus” @tpellison at #qconlondon

@charleshumble: “We're not there yet but when quantum computers reach the same maturity as today’s machines, they will significantly outperform them at many tasks.” Tim Ellison #qconlondon

@charleshumble: Using external controls we can put the particle in a spin phase that is both 0 and 1 in our measurement system. When we observe the particle it will collapse to either 0 or 1. @tpellison at #qconlondon

@charleshumble: We can put the quantum computer into a well-defined state that gives us a random result when observed. @tpellison at #qconlondon

@charleshumble: We can combine qubits to cause a correlation of these ransom results when observed. Quantum computing power comes from the ability to combine qubits to represent an exponentially increasing set of values. @tpellison at #qconlondon

@charleshumble: IBM Q experience has more than 50,000 users, more than 500,000 executions. @tpellison at #qconlondon

Solutions Track III

JDK 9: Mission Accomplished. What Next for Java?

by Simon Ritter

Tim Anderson attended this session:

"How you deploy Java, how you get access to updates and patches is all changing. Although Oracle has told people about this, they haven't been shouting about it," Azul Systems deputy CTO Simon Ritter told attendees at QCon….

"Oracle does not plan to migrate desktops from Java 8 to later versions via the auto update feature," the official statement, er, stated. "Individuals who require Java SE for non-corporate desktop use will continue to receive updates through at least December 2020. Instead of relying on a pre-installed standalone JRE, we encourage application developers to deliver JREs with their applications."…

In addition, Oracle is limiting its official binaries to 64-bit Linux, SPARC, Windows and Mac. If you want runtimes for other operating systems, you will need to compile your own or find them elsewhere….

The idea of shipping a JRE with your application is now more efficient thanks to modularisation (Project Jigsaw) in JDK 9 and higher. A new tool called Jlink lets you specify which modules to include in a custom runtime. There is a core module called java.base which is always needed.

Java developers need to become familiar with the modulepath, by which modules are discovered at runtime, rather than the old classpath, though the classpath is still supported for compatibility….

JDK 9 was a big release and introduced features including:

  • JShell: a REPL (Read-Evaluate-Print-Loop) tool that enables interactive Java, useful for teaching and prototyping
  • Improved Streams API
  • Experimental AOT (Ahead of Time) compiler…

JDK 10, about to be released, has new features including one long familiar to C# developers – type inference with the var keyword….

Ritter also mentioned several long-term projects with no release yet set:

  • Project Amber: Language changes, including type inference mentioned above, but also pattern matching and more.
  • Project Loom: Support for lightweight threads called fibres, and continuations for easier asynchronous coding.
  • Project Metropolis: Code part of the JVM runtime itself in Java.
  • Project Panama: Improve interop with native code via a new Native InterConnect Layer.
  • Project Valhalla: Value types for more efficient code when primitive types are not suitable and object types too expensive.…

Java's new release train is more agile but this comes at a price. More of the burden of keeping applications patched and up to date passes to developers and package maintainers. Oracle is reducing its own maintenance burden and also, perhaps, trying to push more customers towards paid support.

Opinions about QCon

Rainer Hahnekamp attended the conference:

Since QCon records most of the talks, I focused more on the AMA and Open-Space sessions…. I had the opportunity to talk to speakers and other conference attendees about the problems I face on a daily basis. I could speak up very often as only 5 – 15 people attended each of these sessions.

The organizers also offered a pub crawl on the first day, which – as everybody can imagine – was very funny and brought me new acquaintances.

I can only emphasize the importance and the value you receive when you get into contact with your peers. I think the organizers understand that well, and I can only encourage them to improve this even more. Probably with a buddy program or a social event the day before the conference starts.

Yaroslav Tkachenko attended the conference:

QCon has 12 years of experience organizing top notch tech conferences and you can clearly see it in every detail. That + one of the best experts in the industry is a simple recipe for success. I’m looking forward to my next QCon!

Michael Gillett attended the conference:

Last week I attended the QCon London conference from Monday to Wednesday. It was a thoroughly interesting and informative three days. The sessions I heard ranged from microservice architectures to Chaos Engineering, and from how to retain the best people to new features of the Windows console….

QCon London describes itself as a software conference, not necessarily a developer conference. It focuses more on the practices of creating software as opposed to showing off the latest and greatest frameworks and languages, and how to work with them. This came through in the talks I attended where most showed very little code and focused on how we work as teams, how we can interact with tools, and the idea that how we treat our code can have a huge impact on what we ultimately deliver.

Impressions expressed on Twitter included:

@roycornelissen: #QConLondon has started. Love their speaker selection philosophy

@dcmihai: Back for the 2nd time. Probably the best conference in Europe. #QConLondon

@RogerSuffling: Great views from @qconlondon #QConLondon. Check out all the iconic #London landmarks

@bunufi: Amazed by the diversity of topics at #QConLondon. Scientific method, psychology, ethics, culture, motivation. So glad to be in this conference to flex my mind muscle. Thanks @qconlondon!


Takeaways from QCon London included:

@chriswk: #QConLondon Thanks for a Great conference. Great idea with open closing keynote. Great mood in the room and a top notch speaker!

@RealMrGloverman: I have attended the last 4 @qconlondon and I can honestly say the closing keynote from @RichardWiseman is the highlight of them all. Outstanding. Thanks for another great year #qconlondon team

@beaule: My main learning from #QConLondon :: #AI is becoming software engineering as well - this will clearly accelerate the deployment of AI based applications within the industry. #AI-first is not so far!

@dthume: Another #qconlondon over. Great time, as ever. Many thanks to the @qconlondon and @QEIICentre staff for all their work making the conf. awesome.


InfoQ produces QCons in 5 cities around the globe. Our focus on practitioner-driven content is reflected in the fact that the program committee that selects the talks and speakers is itself comprised of technical practitioners from the software development community. This week QCon will be in Sao Paulo. We're then in New York in June, Shanghai in October and San Francisco in November. We'll be back in London on March 4th 2019.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you