The conference started with a guest performance, Reeps One, a beatboxer that apparently worked with AI to try to visualise voice and music. He did a documentary called “We speak music“, nice introduction. But the first tech keynote was “Developer Joy: How great teams get s%*t done” in which Sven Peters made an introduction on how to measure productivity (in the past in a factory, Bethelehm Steel 1987, they noticed that the physical work was lower in the afternoon and that adding breaks during the day increased the productivity of 400%) with the idea of going back to make productivity higher again in IT companies. He focused on the Developer Joy: increasing it would increase the productivity. The developer flow is: coding, testing, deploying, but in between testing and deploying there is reviewing, that a company estimated that it takes on average 4 days. In that company they forced the review to happen in the morning and that fell to 1.2 days. Basically the less the devs wait the better they feel, so they may be involved in all the aspects of development (product definition, quality assurance, etc…) in order to speed up all phases. QA becomes quality assistance, meaning that those people help devs to make the right tests, but let the devs do the work.
The same for Product: they work with devs: demo sessions with stakeholders, work is outcome oriented, there is group thinking about progress and we can all celebrate results, and this would lead to less rework and more Developer Joy.
On the other side DORA metrics can be used to measure devs productivity, but there should be a checkops (a retro on the DORA metrics result) to elaborate strategies. Last but not least, we should measure Joy with health checks.
Second keynote was “Shaky Foundations: the ethics of building on ChatGPT” of Mhairi Aitken who spoke of ChatGPT, released and launched on November 2022 and seen as an extraordinary AI, while it is basically a predictive text program, trained to predict and mimic human language (any language and style, included code) and basically all style with no substance, who brought also some concerns like if humanity will be killed by machines and so on. For devs is just another set of tools, but it may be also the foundation for new systems to be built, but for that we need to know our foundation model, ie to understand what are its limitations. First question is “what data it has been trained on?” and we know that Internet data has been its big data model, but internet mirrors society, in which certain views are more represented, nd we have bias and limitations. Then “is it suitable for our purposes?“, because there are potential risks of using it in some specific contexts. “Did the development followed ethical labour practices?” as we known that harmful content has been reviewed by some reviewers in order to train the AI to protect the end user from that content (rapes descriptions, or abuses…), but what about the reviewer protection itself? Last is “Environment impact” as training it was consuming enough carbon to let a car drive from the Earth to the Moon and back, so we should ask ourself if this cost is justifying us using it for creating the perfect pickup line for tinder, for example.
Anyway, as final analysis, ChatGPT has different lacks: no creativity, no joy, no understanding of context… Coming back to the question if this is a risk for humanity, probably no, it is still a software mimicking natural language, but it is still a risk because it is a distraction on a more important topic: we have responsibilities about what we create.
The third and last keynote has been the funniest, and it has been “Embracing Impostor Syndrome” in which Dom Hodgson made an overview of all his achievements in fields in which he has no knowledge. Not too much to say about it, just read about the Impostor Syndrome if you don’t know what it is.
After that, the first talk I attended was “Keep your dependencies in check“, Marit van Dijk, about pros and cons of having dependencies in our projects: more dependencies means more functionalities for free, known vulnerabilities, free fixes, less control. She spoke about Log4Shell (December 2021) and Spring4Shell (March 2022) and she suggested some points to consider before adding a dependency (Is it suitable? Does any other imported lib do something similar? What is the dimension of the dependency and would it be easy to remove once added? How well is it maintained (considering bus/lottery factor of experts in the community)? How good the community behind it is, for example for support? And anyway use by liking and always import the latest version with all security fixes). She then spoke about single repository dependency analysis (MVN central gives also vulnerability data, Jetbrain has an online tool, Gitlab has also community and contributors) with some tools like maven dependency (tree, updates and analyze) or gradle alternatives (like dependencies plugin and nebula).
On top of that there are Multirepository Software Composition Analysis (SCA) tools like Dependabot (native in Github, but usable on other platforms like Gitlab) that is a tool for security and automatic updates of dependencies, Renovate, security and version update tool, support all the major platforms and can be configured for multiple repos, and Snyk Open Source, a SCA more focused on security and with support for pull requests. Those tools have some issue with “noise”.
Last topic was migration tools: intellig has a migration tool embeeded in the IDE, but other two tools are ErrorProne, a tool for helping the developer to catch error during refactoring/migration/coding (a sort of jacoco but for errors, not for style) and OpenRewrite that makes large scale automatic code refactoring based on recipees (like if you want to consistenly use static imports, or remove unused imports).
Leave a Reply