Thursday, 9am
Keynote: Anatomy of a Backdoor: XZ Utils. by Quentin Dunand and Wassim Ahmed-Belkacem, from Viseo
Pure thriller entertainment. The story of the XY backdoor, its discovery and consequences (I knew the story well) and, above all, a technical presentation of the backdoor, how it works, how the code is obfuscated, which layers have been affected, and so on. Wassim went into great detail (pre-compilation, corruption of the makefile, injection of malicious code via the test files, etc.) in a very educational and comprehensive way. Very interesting.
Take-away
Sense of wonder.
Thursday 10am
Stories of vulnerabilities (Paul Molin, from Theodo)
Paul is CISO at Theodo. This talk presented a number of security flaws in different systems (including an amusing story about how to send a letter free of charge in France by hacking the postal system), but above all stressed the importance of recounting flaws and challenges in order to create a culture (in this case, of security). Paul has also written a book called ‘Il était une faille’, with Marine du Mesnil.
Take-away
The importance of communicating, internally, the life of the company and the challenges it faces, in order to create a shared culture and a better understanding of the business and the issues involved.
Thursday 11am
High-performance testing thanks to a realistic dataset 🧪Martin Choraine, Hyperweb.
A detailed and interesting talk on the datasets used to test applications. The importance of realistic data for testing your system.
- for limit case testing (creation of valid and invalid data)
- for non-regression
- for load testing. (creation of a mass of consistent and realistic data)
Reminder of the importance of anonymising data from production. (personal data, bank details)
Martin spoke about his (fairly satisfactory) use of tools for generating test data (information about people, or bank details). He recommends Faker https://fakerjs.dev/
Of course, he mentioned his rather satisfactory experience with data generated via LLMs, but is reluctant to use this technique on a massive scale. The future would some LLMs dedicated to a particular field.
Take-away
To generate a massive set of test data for one of our products based on production in order to validate performance.
Thursday, noon
Short talk: Let’s integrate young devs, help them grow and progress: Best practices and feedback for (old) devs. by Alexandre Touret, at Worldline
A very important subject for me. Transforming an experienced dev into a mentor for younger people is neither easy nor straightforward. Not everyone knows how to mentor a junior dev.
I’ve come away with a few ideas: the first few weeks are very important, and you need to optimise them. The mentor has to be very careful about his attitude and his interpersonal skills. They need to set aside time in their diary (30′, daily) for coaching. Practise peer programming with the junior (essential, for me: see how he/she clicks in the IDE…), base the construction of knowledge on real and immediate problems (empirical acquisition of knowledge). Start with simple, even very simple tasks. Use PR, JIRA, etc. for what they are: communication tools.
Encourage young people to keep up to date, read articles and go to conferences. Remind them that this is part of their job.
And get them to read Clean Code by Robert Martin (I agree).
Take-away
Get the team to read Clean Code.
Leave a Reply