2019 Sessions

10:30 AM - Room 221
200 (never stop learning)

Simplify your JS, purify your functions and wow your nerd friends by generously sprinkling these 3 handy monads into your code. We'll focus on practical examples for these woefully misunderstood, but super handy, design patterns

4:15 PM - Room 424
100 (absolute beginner)

Akka is a set of open-source libraries for designing scalable, resilient systems that span processor cores and networks. Akka allows developers to focus on meeting business needs instead of writing low-level code to provide reliable behavior, fault tolerance, and high performance.

Akka’s use of the actor model provides a level of abstraction that makes it easier to write correct concurrent, parallel and distributed systems. The actor model spans the full set of Akka libraries that provides a consistent way of understanding and using them.

This presentation introduces the audience to Akka and the Actor Model. We will be building an IoT example use case that reports data from sensor devices, and will demonstrate Akka as a very powerful choice to build reactive systems that are highly responsive, elastic, and resilient, which also fulfills the principles as outlined in the Reactive Manifesto.

1:15 PM - Room 232
100 (absolute beginner)

In 2011, IBM Watson was competing in TV game show Jeopardy! We now have self-driving cars. What’s next in Artificial Intelligence and machine learning? Is AI the next disrupter? Who will benefit from it? Do we need to worry about Skynet?

3:30 PM - Room 424
200 (never stop learning)

We will explore the features and scenarios where Azure API Management might meet your needs. Azure API Management is a turnkey solution for managing, securing, and analyzing APIs allowing you to monetize your existing data and services. APIs can be hosted anywhere, not just in Azure. During this session we will cover a brief introduction to API Management along with how to import and publish your first API. This will allow you to easily secure and protect your API from abuse and overuse using an API key along with IP filtering, quotas and rate limits.

9:15 AM - Room 233
100 (absolute beginner)

Learn all about web accessibility: who it's for, why it's important, and how to start or grow a web accessibility practice at work. In this session, Eric will demonstrate how he uses the web with assistive technology, and the technical attributes that enable web browsers to render web content that is accessible and usable for everyone. Eric will demonstrate free web accessibility testing tools and offer practical advice for talking with your technical and business teams about accessibility.

10:30 AM - Room 233
100 (absolute beginner)

If you're new to software or don't have experience with testing, you might wonder about its value. What do QA specialists really contribute to software delivery teams? In this interactive session, participants will learn ways to research a software bug. They'll brainstorm about some of the many things that can go wrong with software, and how what teams learn from studying bugs leads to preventing bugs from happening in the first place.

Learning outcomes: * How testing - and testers/QA specialists - contribute to team/product success * How to analyze a software bug and discover important insights to the team's process or product * Think about what can go wrong for a given product capability, and how to prevent those pitfalls

2:00 PM - Room 233
200 (never stop learning)

If you're a Nonprofit or if you're interested in participating in one, you can get basic eCommerce options on the cheap by leveraging a core toolset of Azure, simplified billing with stripe, and modern JS development. Join me as we walk through the business process and tech stack for a Nonprofit that hosts several continuing education conferences for physicians every year and leave with a better understanding of how you can bootstrap your own eCommerce platform.


3:30 PM - Room 442
200 (never stop learning)

Agile and lean methodologies have shaped how we work over the last 20+ years. To build great technology products that customers need and want, we also have to focus on what we build. At the intersection of business, technology, and user experience, product management provides a catalyst for building great products. We’ll cover what a technology product manager does, how to focus on the problem instead of the solution, and why great products come from great product teams.

4:15 PM - Room 233
200 (never stop learning)

I get the Agile manifesto and Scrum…I really do. But I don't get Agile UX at all. It's pretending that a process conceived without any concern about UX design (or UX designers) works just great for design…but it doesn't. Just work two sprints ahead, collaborate enough, iterate enough, and everything will work out fine. There's a reason why every UX conference has a talk on making Agile UX work. It's because it doesn't. In this talk, we are going to explore waterfall, agile, and agile UX--each from the perspective of how it should work, how it actually works, and how we are pretending it works. I will conclude by making the case for a significant course correction.

11:15 AM - Room 232
200 (never stop learning)

Working with data is hard. Even worse, statistics is taught as a series of arcane formulas and a series of rules. In this session we'll demystify statistics with hands on simulations in Python. You'll leave with a common sense understanding of how to work with samples, build confidence intervals, and conduct hypothesis tests. No worries if you're a data novice! We'll explain everything as we go.

10:30 AM - Room 424
200 (never stop learning)

Differential privacy is used by a variety of organizations for storing and/or sharing data about people without compromising the identities of individuals within the sample. This session will describe reidentification attacks; the mathematics of differential privacy and how it defeats reidentification; and algorithms that provide differential privacy.

1:15 PM - Room 442
100 (absolute beginner)

This session will focus on the value of a tool called the “Story Impact Checklist.” SICs can help teams task out stories more thoughtfully, and consider many aspects of quality in a simple, concise format. Learn how to create a Story Impact Checklist and learn approaches for getting your team to adopt using it.

9:15 AM - Room 442
200 (never stop learning)

Do you have a legacy app that you need to run in the cloud but don't have the time or budget to completely re-write? In this session, I'll describe how I isolated a legacy app into a black box and built cloud infrastructure around it to convert it into a cloud service using Amazon Web Services. I'll touch on Lambda, Simple Queue Service, DynamoDB, EC2, CloudWatch, S3 buckets.

2:00 PM - Room 221
200 (never stop learning)

So you’ve finally implemented your own authorization server. And it uses JWT because everyone else does. But is it secure? JWTs are the new great thing that everyone is talking about but you need to use them correctly. During this talk, we will see how we can use various attacks to hack into OAuth systems that use JWTs as a token mechanism. By seeing the attackers’ point of view, the attendees will learn how to better defend themselves and make more secure servers.

9:15 AM - Room 424
100 (absolute beginner)

Taking your first step beyond the default username and password based authentication offered by a full stack web application framework can be overwhelming. Social logins, Identity Providers, OAuth 2.0, LDAP, SAML, OpenId Connect; all can be confusing. What does it all mean? How did we get here? By the end of this session, you will have a good understanding of each of these ideas, how they work and when it is appropriate to use them.

11:15 AM - Room 233
200 (never stop learning)

Serverless is all the buzz these days. We'll dive into what it means and how to leverage these kinds of technologies to build solutions that can handle busts of a thousand concurrent users for fifty cents a month (or less). We'll focus on Amazon Web Services, but will talk about options from other providers. We'll cover AWS Lambda, Dynamo DB, S3 and how to deploy Single Page Apps easily in AWS.

10:30 AM - Room 232
200 (never stop learning)

The stakes are high as companies scramble to make use of cutting edge technology to meet their clients needs. Deep Learning is more than buzz words, it's a powerful way to incorporate artificial intelligence and machine learning into your applications. You don't need to be an advanced mathematician to adopt these technologies, but there are some important things you need to know to do it effectively and responsibly. Learn about what deep learning is, what you need to know to adopt it, and the importance of open source in this space. Slides for my talk: http://bit.ly/vtcc11-deep-learning

1:15 PM - Room 424
100 (absolute beginner)

Basic intro to getting started with Docker and PHP. Hoping for a better local development environment we're experimenting with Docker and we want to share what we've learned about getting applications to run and the benefits of local development with Docker.

4:15 PM - Room 221
100 (absolute beginner)

Static Site Generators offer amazing performance in a simplified development workflow that focuses on the basics: HTML, CSS, & JS. So what exactly are they, what can they do?

This talk will start by figuring out where Static Site Generators (SSG) fit in the current and historical context of web development. And how SSG sites compare to other strategies like traditional server render apps or client-side single page applications and what tradeoffs are inherent to each strategy.

We’ll make the case for a simpler, faster, and more resilient set of tools using static hosting and known (somewhat strangely) as the JAMstack. We'll then walk through every step of creating, building, and deploying a static website with a live demo to show what an excellent developer experience this stack provides.

This talk is for you whether you’re building your first website or your fifteenth. SSG is a strategy, not an opinionated framework, so bring all your old skills and friends to the party if you’d like, but also join us if you’re just getting into a web development for a low cost entry point to building fantastic websites.

Slides: http://bit.ly/vtcc-ssg

2:00 PM - Room 424
200 (never stop learning)

Keeping secrets safe and out of source code has always been challenging. De-coupling sensitive information like connection strings, certificates and passwords keeps these secrets out of source control where it is all to easy to expose them unintentionally. This session focuses mostly on .Net Core Configuration and also provides an overview of how to leverage Azure App Service Settings, KeyVault and Managed Identities for Azure Resources to help alleviate this long-standing problem. Additionally we will see how to consume configuration even when you, the developer, don't have access to production secrets. Demonstrated are three application scenarios - A non-Azure-hosted app, An Azure-hosted app and local debugging. Time permitting, we will also see some techniques for managing secrets in full-framework applications that typically rely on web.config files. This presentation gives you the basic knowledge to keep secrets out of source code while still assuring correct production configuration.

2:00 PM - Room 442
200 (never stop learning)

While we all want to work on shiny new software with shiny new technology, the reality is that many developers and teams are stuck maintaining legacy systems. While typically these systems continue to work, maintaining them can be painful. Yet the cost of replacing the old systems with new ones is unimaginable and financially untenable for many companies. How do we deal with this situation without abandoning our clients who are not yet candidates for rewrites or even for lift and shift? A long-time software veteran will share some of their own experiences and tips for keeping clients businesses running while slowly helping them evolve to modern times, blending modern software practices into ancient systems.

1:15 PM - Room 221
200 (never stop learning)

Machine learning can be used for many tasks including image or audio classification, facial recognition, object recognition, image caption generation, and natural language processing. And with TensorFlow.js developers can embed pre-trained machine learning models or train new models directly in JavaScript.

TensorFlow.js enables real-time machine learning directly in the browser or edge device, improving data security and removing dependency on slow and unreliable network API calls. We’ll learn how to get started with TensorFlow.js and explore the opportunities and the challenges around deploying machine learning models in JavaScript.

Slides available at https://bit.ly/2nDbdMA

4:15 PM - Room 232
200 (never stop learning)

Containerization gives developers unprecedented control over application infrastructure. But jumping directly into enterprise level container orchestration with something like Kubernetes can be overwhelming. Wouldn't it be great if there was an intermediate step? One where we could start to leverage the power of containerization right away?

In this live demo I'll show how my team uses Docker Compose to script, manage, and share local environments for development.

Along the way we will ...learn the basics of working with Docker containers. ...spin up and tear down a new development environment consisting of multiple third party applications with publicly available Docker images. ...write our own Dockerfiles which extend these images to meet our particular needs. ...discuss the options available to us if we decide we want to take a containerization into production.

2:00 PM - Room 232
200 (never stop learning)

Power BI Report server allows you to share Power BI vizualisations on-premises as well as paginated reports. In this session, weèll cover the various possibilities of Power BI Report Server as a portal for your enterprise reports and we'll compare it to its counterpart in the clouds.

11:15 AM - Room 442
200 (never stop learning)

A story in 4 acts. Act 1: Building the Monolith, Act 2: The Monolith Grows Old Act 3: Fear and Choices Act 4: A New Generation This session is a case study of a large re-build project. You'll get: *insights on how and why legacy monoliths develop and persist. *strategies for assessing technical debt and building a case for re-architecting. *history of how the re-build was approached: cultural, process, technical.

9:15 AM - Room 232
200 (never stop learning)

Azure offers thousands of security features. Some of them are easy to use and others are complicated. Some are free to use and some look really, really expensive. Which ones should I be using for my applications?

In this talk we’ll look at some ways to reason about which security controls you might want to apply and why. We’ll consider groups of Azure security features through a pragmatic lens of security best practices and defense-in-depth/breadth, but tempered by the reality that “more security” is not always the answer, but rather “what is the right security” for a situation. By the end of this talk you should have a better idea of the security feature set offered by Azure, why/when they might or might not be needed, and have discussed some ways to reason about how which are relevant you by helping you think about how to assess appropriately for multiple situations.

Do you have specific questions about the applicability of Azure security features already? Feel free to tweet your questions at Bill in advance to @codingoutloud and he'll try to work answers to any questions into the talk in advance.

THOUGH MUCH OF THE SESSION WAS INTERACTIVE, the slides used can be found here: https://blog.codingoutloud.com/2019/09/28/talk-running-azure-securely-are-all-these-security-features-for-me/

10:30 AM - Room 442
200 (never stop learning)

APIs are easy enough to build, but making sure they can scale without breaking the bank can be difficult. While there are ways to auto-scale your API through containers/VMs with load balancers, it might be better to use a message queue. In this session, you'll learn how to build an API that sends data to a message queue for processing rather just connecting straight to a database.

Slides and code: https://github.com/nwestfall/ScaleYourAPIWithMessagesQueuesInAWSDemo

3:30 PM - Room 221
200 (never stop learning)

A simple technique to disable the script injection attacks on your web pages is to disable the inline JavaScript. This means that most popular ways to inject variables and code fragments into your pages will have to change. I will show the JavaScript to JavaScript rendering engine for Express that allows you to set very strict and safe Content-Security-Policy on your website. Not only my approach is much safer, but it will be very testable as well.

As a bonus I will show another project that can prevent sensitive information leaking to GitHub and NPM.

9:15 AM - Room 221
200 (never stop learning)

The communities and libraries surrounding many of the most successful languages of the past few decades, such as Java and C#, provide first class support for leveraging Dependency Injection and Inversion of Control. These are proven patterns for writing complex software through abstraction and composition. But historically, framework support and awareness of these patterns has often been missing in the Javascript/Typescript community.

This talk will focus on the Dependency Inversion principal, leveraging the Dependency Injection and Inversion of Control patterns. This results in software that is flexible and resilient to the inevitability of evolving requirements. We will look at practical examples of how to use these patterns in both frontend and backend Javascript/Typescript codebases.

11:15 AM - Room 221
200 (never stop learning)

State Machines are a declarative way to control user interfaces. Once you see a UI as a progression of states, you will see a state machine as the ultimate desk organizer. Don't worry if you are not super well versed in state machines, we will go over what you need to know. For me it's also about how we can visualize the structure of the states in 2 and 3d. Oh and 'Programmerless' well, we will not be replaced 100%, but lets talk.


1:15 PM - Room 233
100 (absolute beginner)

I entered the tech industry from a nontraditional path. I felt as if I was alone during my journey. I constantly felt overwhelmed by the idea of entering the industry as a black, female, self-taught, developer. Growing up, I was told I had to be twice as good to get half of what they got. This nontraditional path broke that idea, and I struggled with finding a way to overcome my own self-doubt.

To me, getting community right was simple: create a space where the most marginalized people feel safe, and this space will be safe for everyone. As an individual, this is what I tried to do whenever anyone needed help on their tech journey. At work, during events, and in online communities, I became the person that would drop anything to help someone that was stuck in their tech journey. Little by little, I saw what type of organization people needed. I saw the gaps in the market, and I knew I had the empathy and skill set to build it.

4:15 PM - Room 442
100 (absolute beginner)

The Voyager 1 and Voyager 2 space probes, both launched in 1977, each had a primary objective to explore Jupiter and Saturn. This goal was achieved by 1981. Yet Voyager, NASA's longest running mission, has continued to this day. Both Voyager probes are still operating, and returning scientific data from outside our solar system.

This talk explores the computing systems of Voyager - the systems which enable remote control of the spacecraft, and provide for the recording and return of data to Earth. These systems have proved to be both adaptable, durable, and resilient in support of a scientific undertaking now in it's fifth decade.

What can we learn from the engineering of Voyager's computing systems? Why have they survived for so long in the harsh environment of space? What is involved in patching a system from a billion miles away? And what does the future hold?

3:30 PM - Room 232
200 (never stop learning)

How well do your applications or websites work over IPv6? As the world runs out of IPv4 addresses, new mobile networks are being deployed as “IPv6-only” with IPv6-to-IPv4 gateways at the edge of those networks. The result is that apps and sites that work natively over IPv6 will be faster for users than apps and sites stuck on only IPv4. Many leading services have already made this transition, and Apple now requires IPv6 for all apps in their AppStore. In this session, you’ll learn about tips and tools to successfully migrate your applications and sites to work over both IPv4 and IPv6. Bring your questions and concerns - and sharing of success stories would be welcome, too.

Slides available at: https://www.slideshare.net/danyork/yes-ipv6-is-real-how-to-make-your-apps-work-and-be-as-fast-as-possible