NERDSummit 2019: Driving in the snow and losing an hour to DST

Nerd summit logo over a icon of a mountain peak

I arrived into Ol’ Beantown just in time to enjoy their world renown rush hour traffic for my I drive over to the little town of Amherst, Massachusetts. Given that I very rarely drive a car or listen to 3 hours of NPR in a sitting, this was not actually all that bad of a situation. There is a mindfulness that attentive driving takes while also freeing up other parts of the brain to engage with sounds and ideas not critical to the success of operating a vehicle. It actually occurred to me that I possibly picked up crochet because I subconsciously missed this mental state that lets me focus on one thing while learn and ponder completely different things. This long travel day was very much rewarded by amazing weekend full of old and new friends as we gathered on the UMass Amherst campus for NERDSummit 2019

Food and Fun

Friday Night

While there was no speaker dinner, a few of us still managed to find some fine local cuisine and enjoy what the area had to offer. We even found a local ‘vintage arcade’ bar named The Quarters. I want to say a very special thank you to two individuals who, for lack of Lyft functioning in the area made sure I didn’t have to do even more driving that night. First, thank you Kevin Thull for picking me up to go get BBQ and thank you Sean Dietrich for driving me and Kevin around so dang much over the next 24 hours as well. This would have been a pretty different experience for me without you two.

Saturday

Coffee, tea, juices, pastries and bananas awaited us as we entered the Integrated Sciences Building. It was actually pretty OK conference coffee.
Lunch was sandwiches, but some folks opted to go to the Student Union to supplement their meals. It is a very nice student union that is heavily promoting the Impossible Burger product line. I can get behind that. At the afternoon break we were provided with yogurt and a granola based toppings mix. The mix was pretty good.

After Party

The official after party started immediately after the last session ended and there was a very fine spread of appetizers with dips from hummus to warmed cheese spreads and dips made from things like crabs or black beans. They even has some adult beverages available for purchase, a practice I will once again go on the record as supporting. Free alcohol invites overindulgence in a way the cash bar system simply does not. Being right after the last session also has the very nice quality of making casual networking more inviting since there is no demand to travel to another another venue or stay out too late. An extra hour or 2 in the venue makes for a long day, but is much easier to balance home and professional lives.

One of my favorite things that I got to do at the after party was play a new game that my new fried Nicolas Scarrci created called “Project Manager”. It is literally a game that teaches the ins and outs of the Agile development process Scrum, with a fun flair and charm. It is still in the prototype phase but based on how much fun I had with it, I can see this taking off.

Some of us wanted to go get a ‘real meal’ and we gathered over at Hangar Pub and Grill of Amherst. Besides filling our bellies and raising a few glasses together, we also got to play even more classic arcade games and shoot some pool.

And later we ascended on a place known for their selection of locally crafted spirits where we enjoyed watching some videos of candlepin bowling and played some actual shuffleboard. All in all, it was a fabulous night of fellowship and comradery with a community I absolutely love.

Sunday

I awoke to a fresh and still falling blanket of snow that would later turn to rain. That part was different, but once at the venue, it was a repeat of the previous day’s catering. I stuck with tea for the day. We had pizza for lunch and unfortunately no vegan or even dairy free pizzas made an appearance, so in the Student Union again some of us found our nourishment. As I was leaving after the keynote, i did see they once again supplied us with yogurt and that granola topping. Sadly, I didn’t get to stick around for more fun out on the town with those fine folks.

Sessions

Opening Remarks

What is Kubernetes, and Why Should I Care?
Geri Jennings

I work for Pantheon and it is not a secret that Pantheon used Kubernetes. While I had a general idea of what that meant, I don’t delve that far down the stack in my job. This talk quickly gave us all in that packed room a primer on why and how container orchestration can be accomplished at scale for production. This is a must see talk for anyone who has ever wondered how to deploy their containers to the cloud but didn’t really understand enough to begin trying.

Raw Notes:
Secrets, but not today
Kubernetes
2016, SaaS company, GCP
Knew some Docker and liked idea
didn’t know how production of that would work
cube-control
KAS
containers: a star is born
docker, 2014 – defined the space
container runtime images
not the only one now
Kube allows you to docker vs VM
architecture is different
VM on a Hypervisor
vs
Docker Engine, containers on top of engine
(Linux)
otherwise it is Docker on a VM
you define an image, a snapshot of the container
run image to get container
you write a Docker file
Thats nice, but how do we get it to production?
Start with a dev that used containers
why wouldn’t prod use containers?
keep everything consistent is the theory
Deploying containers
understand how to run containers
networking so they cant alk to each other
interact with other systems
persistent storage and monitoring
Enter Kubernetes
it is an orchestration system to manage these things for you
what does this look like though?
Docker local to minikube – local Kube
Runs in Docker
Requires 3 secrets
access PostgresQL
installs composer and copies code
installs dependencies
Key Kube concepts
-Pod smallest unit you can deploy
containers in pod = to a microservice
sidecar containers, provide a service like log aggregator tooling
deployed to a namespace
-Volume –
containers can communicate via localhost
you can scale by spinning up more Pods
-Controllers can create and manage the pods
Architecture for a sample app
What about the secrets?
Build into app image – BAD to do
Kube secrets, unencrypted – no encryption by default
install encryption and it is OK
Store in a vault built for Kube (best)
script – check her repo
minikube start
set image
once process is done, docker image in minikube ready to be deployed
kubectl create nameplace
create secret generic
summon – app to inject keys from keyring
writing a manifest – defining the deployment
replicas: 1
pod template defined containers in pod, the config, volumes or mounted secrets,
containers get fed env variables
exposing the app
associate it with a service
NodePort
ip
Node is an instance of a Kube cluster
in practice, most likely expose the service using a cloud provider’s LoadBalancer
minikube dashboard – very handy way to see it
and we are deployed!
examples are fun but what about real world production?
Kube at scale
manage networking between microservices
ingress/egress traffic
service meshes are new thing
system for centralized logging and monitoring of distributed apps
persistent data and security
LOT of options in the ecosystem
maybe too many options?
lot of competing products
we are in the late early adopter phase
chasm of docs and disagreement is wide
not a lot of end user friendly docs or guides
all operations focused
CNCF has a focus to fix this
not enough end user stories
going to see a lot more people using this
YAML, there is so much YAML
sometimes have to use a straight edge
Google August 2018
AEC June 5 2018
Azure June 2018
DigitalOcean December 2018
Very strong community around k8s
Cloud Foundry
OpenShift
kubeless – k8s native serverless framework
Fission – framework for serverless functions
Even VMs on Kube
KubeVirt
Rancher
benefits to containers to remember
easy to build in a repeatable way
run isolated or network
Portable
lightweight
immutable images make quick rollback
consistent
Containers vs Serverless
both are arguably artifact packaging
lot of resources she likes – see her slides
github.com/izgeri/twitterSearchDemo
slides at bit.ly/2SR27Ws

What I learned doing WordPress to Drupal blog migrations
Matt Goodwin

This was the only Drupal specific talk I attended. This talk also introduced me to the world of home aquaponics, the marriage of aquariums and hydroponic systems. I knew that these were an increasingly popular way to do industrial scale sustainable agriculture, but doing it small scale, at home, to grow fresh veggies year round had never occurred to me. I will admit here and now that I distracted myself with an internet search for “home aquaponics” to the detriment of the completeness of my notes below. For sure watch this talk if you need to migrate anything to Drupal but also if you want to see pictures of Matt and his home system.

Raw Notes:
his goldfish
Aquaponics system
latest thing for him is aquaponics
blogging on your own about it is fun
then you get popular
then you get acquired
then they need to integrate your content into their system
this is a real thing
he worked on it
ID source
ID destination
Field mapping
Data manipulation
Test
Identifying the source
Don’t just grab posts, grab it all
ID destination
What is the taxonomy
how is it expecting to store things?
Drupal migration module really helps
Field mapping
made a plan
growing veggies in winter in New Hampshire
export fields
The export from WP is XML
published by default?
understand that the way one does a thing is not the way the other will
got to factor in redirects
the README is actually a good source of data on the WP side
Docs on D8 are not there yet, (maybe we all sprint on that?)
Tips
Selecting posts

KEYNOTE: It’s a Great Time To Be a UX Designer
Jared Spool

I knew of Jared Spool, but had never had the chance to hear him speak. I was literally blown away by this talk. Entertaining and chocked full of amazing information, this talk laid out the skills gap that the world is facing so clearly and with a path forward so clear, I would not be surprised if some people in that audience make career shifts in the coming days. While I am not considering a move myself he articulated some ideas for me that it has changed the way I will talk about those concepts from here on out. If you only watch one recorded keynote this year, this one should be it.

Raw Notes:
Flattery from Kunming, china
little place
Famous for their apple stores
all fake imitation Apple stores
there are 41 apple stores just in that city
all of them are identical
in USA we have them, but it is Microsoft
Nook did same
JCPennies even wanted in on the style look/feel
Beer commercial example
2102 retail performance
average $341 per sq ft
Tiffany and Co per $3017
Apple $6050 per
the thought
didn’t mimic what had been done befoe
new thoughts about service
this is design
rendering of intent
lawsuit
apple Samsung suit
apple for $1B
2 bits of evidence that Samsung had illegally copied apple
lead up of designs on the years before iPhone
then iPhone
then trend was Samsung being more like iPhone
weird bit of evidence
132 page report made by the Samsung QA department
went through all features to the iPhone
the Samsung phone is broken, make it work like an iPhone
intent was clear
on one hand, cost company a billion
other hand is someone read a QA report
Intention
innovation vs innovation
a scale
imitation route is common
Yahoo redesigned the homepage in a new design
AOL clones it
Yahoo was better design, why not?
imitation is cheaper and less risk
innovation is expensive and risky
Imitation does not value design commodity
Innovation design heavily valued, very competitive
Business wins when it is intentionally innovative
basic idea, appropriately innovative
that innovation is where most investment needed
designers are coming up in the world
delving in further
Newspapers did fine until Craigslist
suddenly no more ad revenue or classified $ for newspapers
CL is actually very well designed
even CL is not immune and things chipped away
vacation rentals especially
AirBnB came out
financial services CC reader
Square changed everything
disruptive
Enterprise rent a car disrupted by Zipcar
(Zipcar is actually a great company, love them)
Hertz and Avis have tried this, both failed
then Avis bought Zipcar
that underlies the problem
on scale of imitation or innovation
bigger is not in a place to innovate
payoff is better but risks are real
circus entertainment
Cirque Du Soleil flipped it on its head
wider audience for street performers
dying business when they started a circus
design decision: cut animal acts from the circus
cute animals bring cute kids with cute parents with cute wallets
this reduces a lot of costs, transportation, animal care
increase performance budget
better performers, etc
and since no kids, can raise ticket price by a lot
$120-$200 a seat
on one day Cirque Du Soleil makes more money than all Broadway combined
designer for hair, i <3 NY, this guy
I move things around until they look right – Milton Glasier
About the visual
no longer
now it is about the business that makes sense
Retail rev breakdown
Samsung vs Best Buy
40% price 50% of the price
other 10% distributor
Apple does all of it, they own all parts
for $100 they make $100
invest more in parts and quality
apple does not discount
great business models are intentionally designed
designers to design business models are deeply needed
it is not visual, it is all aspects
Filling in gaps with Intention
would be easy to see him as an apple fan boy
owns many old versions and many new ones
not perfect
return though is actually innovative
customer journey for a defective product
buying
trying
return to store
wait for service
getting resolution
chart this and can see where improvements can be made
innovation does not mean what you think it means
it is not adding new inventions
apple had not been invented by Apple
added value to the experience
Innovation is adding new value
by adding a make appointment set, made a much better story since eliminate wiat for service
that is design innovation
experiences can be mapped, measured, and designed
What do we intend?
No one can make taxes delightful.
intuit
Turbotax tax app that take a pic of your W2
fills in 1040a or ez
40ish% of people file these
submit
all in under 15 minutes
Cancer can not be delightful
but we have made improvements on the treatment of cancer
the MRI re-imagined
small child, this is scary
can’t move at all
they do not want to do this
sedation for 80% of kids is needed
Doug Deitz, designer of machine and watched this happen
he went to fix this
GE Adventure series
it’s designed to be an adventure
Your experience is totally different
you get a pirate suits
also ones for your parents
and the technician has been wearing a pirate suit
plank area
water adventure
whole room designed for the senses, artwork, aromatherapy
smells like pina colada, gets the parents happy and lightens the mood
ride the pirate ship.
flying mermaids only come out if you don’t move
LEDs spin up and the mermaids appear
sedation rate dropped from 80 to 0.01%
that is the power of design
design for the gaps
how to we get experienced designers to do this?
aren’t enough designers
when FB bought INsta $1B
36 other photo apps in the store
even FB had one in there
they didn’t want a phone app
they wanted the 13 designers
companies bought design firms
that process continues
all kind of companies are doing it
need to to survive
21K open job listings for designers in the US
be careful what you ask for though
it is really hard to hire designers
what do they need to look for?
asked teams with great work
there are a bunch of skills
info architecture
copywriting
design process management – iterate
user research practices
interaction design
Info design
visual design
editing and curating
all of those skills hiring managers thought were needed
one more set
ethnography
domain knowledge
business knowledge
Analytics
marketing
technology
ROI
Social
Use Cases – for devs
Agile Methodology
thought they could just synthesize this
re-asked some questions
what separates out the best designers?
then they gave completely new skills
storytelling
critiquing
sketching – rending an idea so people get it quickly
presenting
The rise of the UX generalist
Steven W Margles
hand and wrist doctor
best in world
local to Burlington
he fixed symphony orchestra pianist that had crushed hands
fixed pro tennis elbo
but you can get an appointment
might take 6-8 months
up to his elbows in hands in wrists
all world renown experts specialists
but at the hospital 9 orthopedic surgeons
not specialists
but over at Rumsford hospital
orthopedic surgeon 2 days a week
other days a general doc
deliver a baby and basic ER care
all doctors have to learn the general stuff
then he got to specialize
he still has to take course in all the general things
specialist vs generalist
Compartmentalist
having expertise in only one area
they are hurting their own careers
anyone can become a UX generalist
you can learn all the skills
the UX designer is a unicorn
how to become a unicorn
in 5 steps
1 train yourself
2 practice your new skills
3 deconstructed as many designs as you can
4 seek out feedback (and listen to it)
5 teach others
The Unicorn is design’ most important innovation
it’s a great time to be a EX designer
rendering intent
filling in the pags
generalists over specialists, compartmentalists are least valuable
Unicorns exists and you can become one
uie.com

User-Story Driven Threat Modeling
Robert Hurlbut

I went to this talk thinking I could pick up a few tips around effective user driven stories. While I certainly did get those tips, I also picked up a whole new appreciation for how to think about security and practical process analysis steps I hope to implement consistently moving forward. I had not heard of the 4 fundamental questions of threat modeling before, but I will never not hear them in the back of my mind when thinking about projects.

Raw Notes:
Thinking about processes
he is part o
application security podcast
threat modeling is something you are already doing
but is is a thinking tool
no tool can find everything
it finds what is missed
AWS bucket checking?
Commonly we do this
thinking about security when you lock the door
thinking ahead
A conceptual exercise that aims to intensify flaws in design am modify to fix
threatmodelingbook.com
4 fundamental questions
what are we working on?
What can go wrong?
what are you going to do about it?
Did we do a good job?
his version:
a process for capturing organizing and analyzing security threats, security countermeasures, and priorities by risk
You can start any time, but early on is much better
Threat models can vary and that’s OK
1. diagram/understand your system
DFDm MS SDL
external to internal how is it used
2. identify threats
ask yourself “What can go wrong?”
STRIDE
Spoofing – identity assurance
Tampering – integrity
Repudiation – receipt, proof of payment,
Information Disclosure – confidentiality
Denial of service – availability
Elevation of privilege – least privilege
hard to fix if you get STRIDE wrong from the start
document threats reading:
attack trees – slide deck Bruce Schneier
threat libraries
checklists
mitigation options
leave as is
remove from product
remedy with tech
warn user, moving the issue to the user’s problem
Document and follow up!
MS threat modeling tool
Agile/Devops?
“we don’t have time for that security stuff..”
that is a decision for bad security
attackers use threat modeling
you can really do this in smaller scale and faster
STRIDE still applies
kill chain
how to pull it all together
make it a part of your sprint
“as a I want for ”
abuser/attacker story
as a bad actor, I want to do bad things for bad reasons
as a hacker, I want to read the application logs
as a disgruntled employee, I want to change pricing for some products
Be honest, leave ego at the door, no blaming!
work through your user stories
Modern approaches
incremental threat modeling
@irenemichlin on twitter
privacy getting added to STRIDE
card games, SWASP cornucopia
Elevation of Privilege
any time with any story
Make it fun apply in an agile way
if integrated into tests, got better view of the threats themselves
RRA from Mozilla
just ask a few questions on an API
30 minute process
some really good sources out there on this

Agile Games
Kelly Albrecht

Kelly changed the way I talk about DevOps last year. To paraphrase him, “DevOps is not about tools, it is about communication”. His passion for this subject lead him to create a very interactive workshop-like session where we discussed the issues facing teams attempting an Agile approach and then playing a corresponding game with pennies or post-it notes. There is no recording of this and due to the nature of it, my notes are not worth printing. I will say this was the thing at NERDSummit that gave me the clearest direction to help with my day to day responsibilities and working with my team.

Introduction to AWS Serverless Model
Alfred Nutile

I walked in with a handful of questions about this whole serverless thing. Sure, I love the idea of it, but what could I really do with it? I walked out of the room understanding of what is even possible in a way I didn’t before. Aside from static sites like my beloved Github Pages, I don’t see an immediate need to further down that road at the moment, but I tall you what, next time I need to write an API or S3 connector, I am cloning Alfred’s repo and building it to scale from day one.

Raw Notes:
Cloud formation
AWS
stacks
it is AWS exclusive
Serverless.com
JSON/YML to built stacks
Why serverless/SAM
no servers
simple and minimal to build services
you get the all the backing of AWS
zero downtime deployment
caching
great for batch processing
scaling built in
why not?
While set of variables and issues to deal with
SAM is not secur as Serverless.com
Locked into AWS
Memory limits 3008 M
Runtime limited 15 minutes
Language limitations (Java, Python, Go, NodeJS)
not 100% locally testable
AWS Pricing can be scary
he once accidentally ran up a $3K bill due to deployment error
they were nice about it
you can monitor resources and keep on top of it
pricing for a lambda function is really scalable
Let’s make something
Lambda
Scheduler
API
Simple Table/Dynamo/RDS
Kinesis Firehose
SQS
SNS (or S3 to SNS)
Alexa
50K people and the server is down, you don’t want to deal with that
jumping into Cloud Formations
Example
Adobe analytics
not a good API
Dumped an CSV on S3
lambda ran and processes the file
100K record, every line kicks off another lambda function
not running out of resources
S3 just works
scales on it’s own
step functions
giving this away OSS
simpler example
gateway app help function
3 lines of code loading from a file online and not a DB needed
.yaml
global settings
Runtime: python3.6
AWS has a lot of policies, learning what does what is a mounain of knowledge
makes it hard
Lambda foundation to a lot of this
simple function to process request
break it up into smaller pieces
Lambda: CLass
he likes to write in classes, does not need to be
got to treat code like Lego
template file becomes the routing
template, index or main
becomes the controller
Lambda: Controller
Deployments
yml or json
SAM does processing

My talk

Bash is magic # no it’s not

Last year, I made myself a content deployment and testing tool called PostItNow and did a talk about all the fancy things it could do. I had expected to have a conversation about content and copy being different things as a result. Instead those conversations were mostly about Bash. I realized that a lot of people were stuck in a position of not using the command line and were holding back from diving in for a number of reasons. Underlying all of those reasons was a fear of the unknown. One person actually said “That made it so much clearer, I can’t wait to dive into Bash now.” If there is a better feeling than that, I don’t want to even know about it. I am so grateful I have had the opportunities to share what I have been so fortunate to learn.

Docksal: More Dev, Less Ops
Sean Dietrich

Docksal is a Docker management solution with an eye on getting people developing faster and sharing things quicker. Full disclosure, I am a Lando user myself, but the Docksal team sees the problem set a little differently. Sean himself sees the problem set of helping new users a little differently too. He announced that this would be the retirement of this intro talk at camps and he would soon be kicking off Docksal Office Hours to help onboard new users and drive the conversation forward. Keep an eye on his twitter for details announcement.

Raw Notes:
DevOps
a lot needs to happen on a local machine
how did we get here?
Bare metal was first
local servers
hard to manage multiple versions of software
can’t share
“Works on my machine” issue
VMs
shared config
but monolithic
HUGE disk space and high memory needs
maintenance is hard
now, Containers
smaller image/faster provisioning
modular
maintainable
shareable
portable
scalable
tools and
see pic
install
fine tuning
start to require just Docksal
custom commands
add necessary services
automating as much as possible
one and done (fin init)
< 5 to get started
CLI!!!
fin
fin drush
fin drupal
fin composer
etc
only a piece of a puzzle
but what about port collision?
all internally handled
duping efforts
one time use software installed
1+ hours to onboard other devs
local env can be a nightmare
Docksal Sandboxes
enhanced code reviews
continuous QA
automated VRT/BDD testing
Demos
Resources
Github
docs
blog
drupal slack
gitter – bit.ly/docksal-gitter
Drupal TV
demo time

KEYNOTE: How can we prevent the Orwellian 1984 digital world?
Micky Metts

I am still processing this talk to be honest and I might update this part later. I do want to publish though, so I will write something. This talk was about the underlying societal needs for why FOSS is important than it was about anything specific to FOSS. This unnerved me a bit, but I think for the better. I tend to talk about these amazing tools we use and the collaborations we embark on from a seat of a lot of privilege. I tend to see code as the great equalizer in so many ways, since the machines that execute it couldn’t care less who wrote it, as long it runs. But I rarely stop and think about what that means for people who are different from me. I think I will be listening to this one again.

Raw Notes:
How do we
intrusion into our lives
The corporations have profiles we can not edit
AOL? Those people didn’t get the full internet
Net neutrality, walled garden
worked well for giant companies
fitting into a social group is material possessions
or symbolic power
either rise or fail
herded into one point of entry
single sign on, makes it easy
just log into Google
how does power work?
class of 71 high school
I am son of so and so, I am part of this group
without a sense of self worth easy to be seduced by symbolic power
Merchants of Cool (2001)
https://www.pbs.org/wgbh/pages/frontline/shows/cool/
https://topdocumentaryfilms.com/frontline-merchants-of-cool/
Groups – “Boots” and “Midriffs”
not many people can cope with real life
low socio information
must appear happy when go through tolls
poor people can be tied to bad choices
building blocks or freedom
Personal Power
Solidarity economy
cooperative platforms
free software
personal power can go awry
disenfranchised schools

Wrapping up

On a scale of 1 to 10, I would rank this event as an 11. Now, to be honest, getting to and from the venue is not factored into that score. Especially since it rained on me while I was driving on not well plowed windy roads to get back to Logan International Airport. I have not slid and skidded like that since I lived in Ohio and it reminded me how fortunate I am that I now don’t drive nor deal with snow on a regular basis.

NERDSummit is short for New England Regional Developers Summit. It did used to be a Drupal camp, but in an effort to “get off the island” they have expanded the scope. Based on the conversations I had there, this was an incredibly wise move. I know that without that change to how they thought about the event, I would not have met a couple newbies who were just downright delightful. One was a local who is trying to make it easier to find cool things to do last minute when you are visiting an area and didn’t plan ahead. The other person was someone embarking on a career change, reinventing herself and was there with wide open eager eyes to learn all she could. Getting to share in her journey for the short time I did made me feel even more grateful to all those who helped me go from some sales guy to a guy giving talks about Bash. I hope to keep writing and refining my talks so I can have a good reason to return for the next NERDSummit in 2020!

One thought on “NERDSummit 2019: Driving in the snow and losing an hour to DST”

  1. What a wonderful post! I met you briefly at NERD Summit; loved reading your notes and thoughts about the event. Also agree that hand crafts (I am a knitter) or driving or long walks help me to puzzle out solutions to issues and discover new ideas.

Leave a Reply

Your email address will not be published. Required fields are marked *