I had the chance to go to Marseille this November for the 5th Devops D-Day conference.
More than that, I could also present how I see the relations between coding guidelines, code quality and decision fatigue. If you are interested, here are the slides, and here is my talk.
But the goal of this post is to share my thoughts on the conference.
I must start with this! It was fantastic. I’m not an Olympique de Marseille fan or a big football fan in general (soccer for the US friends), but I must admit that the Velodrome de Marseille has an extraordinary architecture. I loved it when I first saw it from the top of Marseille, form the Notre-Dame de la Garde, I loved it when I went there for an AC/DC concert with the leg-broken Axl Rose taking the lead, and my emotions haven’t changed.
Obviously, this time I had much more time to stroll and to calmly look around. At the speakers’ dinner, we could even go into the dressing rooms.
While moving around and checking the names written on the walls, you can feel the outstanding history of the club.
But did it work well as a conference venue? It did, I think. The presentation halls were spacious with a lot of air, though the keynote hall is a bit strange in form, there were a lot of screens to help on that.
It was like a T-junction with the podium in the middle.
A stadium that can host more than 67 thousand supporters is huge, so the different halls can be quite far from each other. And they were. Which means that depending on your choices you might have had to walk quite a bit from one presentation to the other. Given that the timekeeping was excellent it was not a big burden, but you couldn’t stay there talking with the presenter for a long time if the given pause was one of the shorter ones.
People were welcome with a generic French breakfast. Mini pastries, coffee, water, juice in good quality.
I liked that they were distributed in many places. After all, for 1300 people it’s better to have many small food stalls than having one giant plate
of spaghetti code, right?
I generally liked how things were organized, what I was a bit more sceptical about is how we could get water. Until late afternoon plastic bottles were scarce (that’s good), but we used paper cups. I’m pretty sure they were recyclable, but I’m not sure if it would have been better to get a thicker plastic cup for the whole day that we should have brought around in our necks like at some other places.
I’m not sure which one is more eco-friendly and we didn’t use disposable plastic cups that is good.
The lunch was of good quality. Many different bites of food, nothing to complain about. Some were particularly interesting, I think there were even some octopus and the French cheese platters are always delicious.
On the other hand, I found it difficult to eat, for two reasons.
- Though there were many smaller food stalls I always had a feeling that I’m fighting to get there.
- I think it’s because we couldn’t get enough at once. Some paper plates would have been helpful to put our food on, but there were only napkins. Not very practical.
In the afternoon, we got some tasty mini cakes. Though I loved them, I think some fruits instead could have been better, but I really don’t want to complain, because the catering was way more than satisfactory.
There was a huge Forum to host the sponsors and their stands. It was big enough for the 1300 people.
The goodies are always a good question to me? Do they come handy at all? Is a 2200mAh power bank useful? Who will wear some funky socks? I have no clear answers, but I have to say that the socks that were distributed have quite good quality.
I love stickers and I got a lot. But again, there is the question. Will I use the stickers from another company? Unless they are providing some technologies that I use, I won’t. I mean I won’t put up the sticker of a fintech company, but I will be happy to stick on the cloud tech I use.
I know, I know. I don’t judge, I leave these questions open to everyone.
I liked that most of the stands were bilingual, even if the majority of the talks were in French.
The only thing I didn’t like is how the lotteries were organized. You had to keep them in mind when to go where there was no central indication when and where there is one. One started right at the moment when the previous presentations should have ended. I mean, if you attended a talk that went a minute overtime you missed it. But even if it ended on time as humans cannot teleport. At least not yet.
I’m glad that this was the biggest issue I found.
Let’s talk about… the talks!
I won’t detail here mine. I’ll write an article based on its contents, but here is the video just in case you are interested.
A bit on management
Let’s talk about Stéphanie Giordano’s an William Bartlett’s talk. I really waited for this one as I discussed quite a lot with William and RivieraDev 2019 about our DevOps strategy. To say the least, he cheered me up and reassured me that our way is viable.
In this talk, they recognize the difficulties of management when they are losing power. Or at least when they feel that they are losing power. In agile, with the organization of scrum, they - should have - already lost many of direct impact on the daily work.
With the DevOps model, this might become even worse. The individuals have to know more and have to take more responsibility. To keep agility in the team, the manager has to give the individual contributors more freedom and autonomy. But how to keep management in power?
Stephanie and William presented the method 2-3-4.
When someone mentions a problem to you
2 - You start with two words: Bravo and thank you!
Bravo and thank you for recognizing the problem and bringing it up.
3 - You continue with three affirmations
You tell what you want, what you don’t want and what you expect. Such as you want the project to progress and you don’t want the team to suffer. At the same time, you expect the clients to understand that the team takes care of their needs.
4 - You finish with 4 questions
Once you set the frame, you finish with questions (of course you wait for the answers) and try to help.
A couple of questions to ask:
- What do you suggest?
- How should we continue?
- How can I help you?
- What results should we expect?
- How can we improve?
The speakers suggest that with this framework, as a manager you will still have the reins. You will understand what your teams in order to master the situation and you will have all the information to help them through difficult times.
As the team member, you will have the feeling that your initiatives are taken care of and that you are supported by your manager.
I will share this presentation with my management, I’m waiting for their feedback!
A bit on security
As I’m still coordinating the security-related activities within my department, it was an obvious choice for me to go and listen to Giuliano Ippoliti’s presentation on DevSecOps.
It’s been always a vague concept for me, but it mostly means that I didn’t understand it correctly.
So first what it is about?
DevOps focuses on delivering software to production frequently and as automated and possible in order to reduce the feedback loop and the time to market.
DevSecOps adds a new word into this concept. It’s about delivering secure software.
While in DevOps a team has to cooperate more closely with operations and take over many tasks from them being responsible for their own pipeline, in DevSecOps the dev team also have to collaborate closely with the security team and in each dev team there is a need for people who have a deeper understanding of the security concept.
After talking about the concept, Ippoliti also mentioned what are the most important parts of training a team to security and how to make people interested. While for the exact trainings and certification I encourage you to check his video from 8:10, I want to mention one thing specifically.
They pay a small bonus for those devs who complete certain free security training. It makes people interested and it is a low price to pay for the company.
Later in his talk, Ippoliti spoke about the different test tools that the developers have to analyze the security of the code, the binaries they deliver which tools should be part of the CI/CD workflow obviously.
Later, he switched to the operations part to show what are the key areas to concentrate on in order to secure your software in a public cloud. Nothing inherently new, but it’s important to remind and to teach people about these “golden rules as hi said”.
A bit on Web APIs
Does your Web Api pass the 50 points technical control?
This was the last presentation of Devops D-Day right before the closing keynote. François-Guillaume Ribreau started with some very thoughtful quote:
“I am quite convinced that in fact, computing will become a very important science.
But at the moment we are in a very primitive state of development, we don’t know the basic principles yet and we must learn them first.
If universities spend their time teaching the state of the art, they will not discover these principles and that, surely, is what academics should be doing”
This was said by Christopher Strachey in 1969 a pioneer in programming language design.
After a quick recap on the history of APIs from Library APIs, through REST APIs till today’s all public platform APIs, he suggested that when we look at the API we build with the thoroughness of a scientist. We should use the principles developed during the last decades and with the help of them, we examine our API.
Like at an MOT in the UK or “controle technique in” France. He showed a checklist of 70 points which is not so long if you consider an MOT.
Luckily we didn’t go over them one by one. On the other hand, we were looking at the principles without forgetting that practice makes the master.
Before applying any development principles Ribreau suggested that we should be clear on our goals, not just in functional terms, but we have to take care about our Service Level Objectives, Indicators and Agreements. It’s something we, developers, tend to forget about whereas most probably the ultimate goal of a software is to make money.
I don’t want to detail everything he said rather I would mention a couple of important areas we should think about. For more details, you can even watch the youtube video just below in French, or the slides here in English.
- The naming in your API which should be boring!
- Identity & Access Management
- Security in general
- API versioning
- Support pagination, search, sorting et al.
- Support going multi-tenant
- Monitoring & Alerting
I just realized that they are even writing an e-book on this topic. .
Overall, I can be nothing but grateful for this wonderful opportunity. Both to the organizers, who accepted my proposal and gave me a chance to share my ideas and also to my employer who supported me to go Marseille to participate at the DevOps D-Day.
I have never been so far at a conference where there were so many people (~1300). I was amazed both by the effective timekeeping, the venue and the level of professionalism, in particular, considering the recording and how fast they were edited and uploaded.
On a personal level, I met some amazing people and now I got a professional video, I’m more than happy!