It is the first conference I ever attended, my first foreign trip, and the first opportunity to give a talk. In short, it was an incredible and unforgettable experience for me.
- Friendly, energetic and very helpful people.
- Perfect venue: easy to reach technology park with dedicated rooms for conferences and similar programs.
- A crowd of about 300 people.
- Insightful keynote talks worth taking note of.
- Most parts of the execution was flawless and strictly on schedule.
- Party and food were great.
- I won two gifts for answering a question in the quiz session.
- Being a beginner friendly event, it encouraged me to do a lightning talk and introduce one of my libraries without any preparation.
- Projector display connectivity issues were there to trouble some speakers.
- Wi-Fi visitor credentials were not working on my laptop and the staffs were only able to temporarily fix it by using credentials that they can't share (i.e. if it disconnects, I have to ask for it again).
- Most of the non-keynote talks were related to Machine Learning.
- Most of the talks not related to Machine Learning were for beginners.
- One of the talks I attended was fully in Thai, we had to read the English subtitles on the slides.
- Weather was too humid.
It was a talk to encourage people from both technical and non-technical background to start contributing to opensource. The key point that I think concludes the whole talk is:
Contributing != features != coding
An Indian security researcher discussed many ways to hack into a web service. Most of them are obvious, yet often ignored.
- JWT manipulation: Make the algorithm section of a JWT token None/some hackable algorithm.
- JWT is easily decodable with something like jwt.io. So, secure the JWT payload.
- Do not use only one private key for all the users (authenticated/unauthenticated).
- Make the JWT lifetime short enough.
- Make the secret complex enough.
- Check for server-side template injection (scripts in the templating engine) vulnerabilities.
- Avoid using root to deploy the service.
- ODOR: Insecure Direct Object Reference: Avoid using predictable UID/GID.
- Use robot script+ZAP (+jenkins integration).
- Use dependency check libraries.
- Demo: https://github.com/we45/pyconth2019.
Just some introduction to conversation AI and Duolingo.
Demonstration of how easy it is to build a working slackbot.
- https://github.com/lins05/slackbot: A slackbot framework.
- Using incoming webhook (one way), block-kit and complex messages.
- Introduction to errbot: A bot to connect to favorite chat services.
The full talk was in Thai. But there were English subtitles in the slides.
- Introduced different kinds of malls in eCommerce.
- Different features of a cart.
- Introduces https://github.com/faif/python-patterns
The talk was about the current scenario of demand/availability of tech skills in different countries of Asia from an HR's perspective.
A bunch of stats from StackOverflow.
All the points were very basic and I'm sure we all already have a pretty good idea about what's hot and what's not (given we are not riding the hype train).
This talk was about how to bring more women into coding and how different initiatives are working on it. Specially #techladies.
This talk was about how Facebook release changes to production and the high demand for production Engineers.
- A production engineer must have the skills of a developer, a tester, a reviewer, a release manager, and OPS.
- Production engineers are in high demand at Facebook.
- Introduced opencompute.org project.
- Promoted python unit testing library: https://github.com/facebookincubator/TestSlide
- coderdojo: coding for kids
- Pycon Tokyo
- Borg backup
- TPA: Type Programming Association
- AutoBuddy: IOT app
Talks about PyTorch vs numpy
- Reminder of dropping Python 2 support
- Promoted FossAsia.org
A hackathon winner from India explains how his project won him a trip to Google headquarters and job offers from "dream" companies.
A good point he made was, if we want to get more attention, we should invest our time and efforts in one big, long term project instead of many small weekend projects.
• SAST (Opensource Static Application Security Testing): fix security issues before UAT.
• Introduction to bandit
This talk was a lot more informative as compared to other talks. The subject was to discuss different ways to bring Python to more devices (especially IoT). A good way to do it is to ship a compiled version of Python code instead of shipping the whole interpreter - probably using Web Assembly and how Beeware is working to make it possible.
- CPython provides a way to parse AST (no need to use separate Python implementation) (Not required).
- Introduction to https://github.com/beeware/voc: compiler written in Python reads python code, compiles into Java bytecode (Not required too)
- Introduction to https://github.com/beeware/batavia: CPython implementation written in JS.
- Introduction to https://github.com/nedbat/pyterun (Python implementation of Python VM)
- Introduction to Web Assembly.
- Introduction to Pyodide: embedded python in your browser.
- Introduction to https://github.com/beeware/ouroboros: A standalone Python Standard Library.
- Introduction to https://github.com/beeware/briefcase: To generate standalone native apps from Python project.
- Promoted https://beeware.org
The talk was about how to use the goodies of functional programming in Python avoiding the common mistakes. The conclusion was, of course, Python is not internally built for functional programming, i.e. we have to compromise on things like speed and resource usage to use it as an FP language.
- Don't make non-local mutation.
- Introduce side effect using the type system (like IO-bind in Haskel) (impure FP).
- Build functional abstractions (wrappers) for mutating library.
- Introduction to https://github.com/gvjacob/contracts: Enforce return types via contracts.
This was an introduction to Hypothesis: A library that can be used with our favorite testing libraries. It feeds random values to the tests and tries to break it. It knows which inputs are most effective to break a test case.
- Introduction to hypothesis.works
- Randomly generates test inputs.
- Has extras for Django, sci-py, dpcontracts, lark, pytz, dateutil.
- It can generate the test cases itself in addition to generating input values.
Haystack product introduction. An opensource software to trace logs in microservices in a highly complex platform.
A talk by one of the authors/maintainers of Black.
- Introduction to black.
- autopep8 only follows defined rules in pep8.
- one big commit to the whole repository is better than a lot of incremental commits because it helps us avoid mixing code changes with code formatting commits.
- To tell black to ignore a file: #use fmt off.
- git-hyper-blame (skip black induced changes (py2 only)).
- black --check (works after push).
- Using editor integration is better than using pre-commits because it shows us how the code looks like in real time.
- lookout for special comments like
Here I introduced one of my libraries: https://github.com/sayanarijit/expandvars
Talk on how to bring more enthusiasm into the Python ecosystem, i.e. organizing local conferences, initiatives like tech ladies, or getting involved with the existing ones.
A quick quiz session was held. I won a cup and a foldable travel bag.
This article was originally posted on https://blog.niteo.co/pycon-thailand-2019/