RebelCon – Monitoring, Communication & Security

This post was written by Chris O’Dell co-author of Team Guide to Software Releasability.

RebelCon is a new one day, not for profit, conference in Cork, Ireland and I was lucky enough to have been selected to speak through their CFP process.  I was particularly looking forward to it as it was my first time in Ireland.  I arrived a day early and took the opportunity to wander about the city and take advantage of the longstanding craft breweries in the area.

The day started with a motivational keynote from Ryan O’Reilly.  Ryan professed to having no knowledge of the tech industry but then motivation affects everyone no matter where they work.  During his keynote we were asked to step out of our comfort zones by swapping seats, introducing ourselves to strangers and adopting stances like Bruce Lee.  It appeared to invigorate the rest of the audience, but I personally wanted to run and hide.

The schedule then split into two tracks.  I chose to attend Pierre Vincent‘s talk “Monitoring: How to increase visibility of distributed systems in production”.   Pierre gave a talk heavily laden with advice and guidelines for monitoring a distributed system.  He covered healthchecks, aggregated logging and correlation Ids.  The aim, Pierre states, is to gain a greater understanding of what’s going on in your system and which areas need to be focussed on for improvement.

//platform.twitter.com/widgets.js

Next up I attended Sabine Wojcieszak‘s talk “Communication: earning or burning money!”.  Sabine talks about how we as engineers undervalue the importance of good communication and neglect to put the required effort into improving our own communications skills.  This is based on a false assumption that communication is easy as we’ve been doing it since childhood.  Poor communication and preparation leads to unproductive meetings which in turn burn money for the company.  With some forward planning (agenda setting, defining and meeting goal, reviewing previous actions) we can turn meetings into highly productive events where decisions can be reached.

//platform.twitter.com/widgets.js

Fiona Collins and Darren Fitzpatrick provided a quick overview of the OWASP Top Ten before taking us on a tour of free tooling provided by OWASP that can be used to test your systems for weaknesses.  I was hoping for an overview of tools that could be integrated into a Continuous Delivery pipeline but it seemed to me that the tools covered need to be manually triggered against a running service.  I’m pleased to see that the 2017 release candidate of the OWASP Top Ten includes unprotected APIs.  There has been a growth of REST APIs where  security has not been considered as developers believe that unless the endpoints are announced they will not be discovered.  Sadly, security through obscurity does not work and all access points will eventually be discovered.

//platform.twitter.com/widgets.js

Lunch included a very nice spread of sandwiches – yum!

//platform.twitter.com/widgets.js

After lunch everyone gathered back into the main room for lightning talks.  There were 5 lightning talks of 10 minutes and the organisers presented it as a competition, complete with a wrestling belt for the winner.  I’m a believer that lightning talks are a great way for new speakers to “dip their toes” with reduced risk and stress due the shorter time requirement and sharing the stage with others.  As such, setting this up as a competition greatly increases the stress and changes the focus entirely from being welcoming to newcomers by embracing failure, to discouraging anything but the best.  The organisers agreed with my stance so hopefully next year it won’t feel so gladiatorial.

The topics for the lightning talks included progressive web apps,  overcoming the fear of adopting Continuous Delivery, geospatial queries in mongodb, moving from backbonejs to reactjs, and seven git tips and tricks.  A nice breadth of topics that were well presented.

 

//platform.twitter.com/widgets.js

Next up was my talk.  I gave my presentation “You build it, you run it” which discusses why developers should also be on-call and responsible for their own applications.  I also cover some tips for making on-call less painful and suggestions on running a rota.  The talk is an introduction as the topic of on-call support is huge.  I’ve included many links to other talks and resources that delve deeper into specific topics.  I missed out on the next slot as I took the time to relax after my talk and post my slides online.

The final wrap up included thanks and well deserved gifts to the organisers.  The day ran smoothly and without any hiccups – you wouldn’t have known it was their first conference – well done to the organisers and I look forward to next year!

2 thoughts on “RebelCon – Monitoring, Communication & Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: