OpenSAFELY: a quiet revolution in healthcare data

In the UK, we store a lot of data about our health; the NHS has its own databases, and other medical professionals, such as GPs, store their own too. Naturally, we want to use this data to draw conclusions about public health, and make informed decisions about policy and treatment. Unfortunately, it's not as simple as downloading a CSV or arrow file onto your laptop and running some code: we need to care about privacy (obviously) and reproducibility (this is science, after all!).

Existing approaches, such as Trusted Research Environments, address these concerns _to an extent_. But they still require researchers to abide by an honour system when it comes to privacy, and the precise research methodologies and code used for a particular study aren't captured and made public. Enter OpenSAFELY.

Born during early COVID, OpenSAFELY is both a sensitive data research philosophy, and the set of tools built to enable researchers to act upon that philosophy. At the Bennett Institute in Oxford, we've been building the next generation of healthcare data research software, which allows open, reproducible and secure usage of data provided by GPs in the UK.

We've got our own domain-specific query language, our own output checking and file release system, and our own network of researchers and healthcare professionals who are helping us build the right tools for the job. We've also got a lot of problems to solve. Come along to this talk to learn about them, our story, and where we hope to go next.

User testing in production: how to run a public beta

You’ve built something. It isn’t fully ready for a proper launch, but you want to let people start using it anyway. You’re thinking about running a public beta.

As a developer advocate, I've had a fair bit of experience with user testing and public betas, and I want to share some of the things I’ve picked up along the way. For example, when does it make sense to use a public beta? How do you handle documentation when something isn’t quite official yet, and might be replacing an existing feature? When is it too early to go to beta - or too late?

In this talk, I’ll discuss why and when you might want to run a public beta, and what you can expect out of the experience - good, bad, and ugly. I’ll talk about user feedback: ways to collect it, how to interpret it, and whether you should act on it. Finally, I’ll talk about how to decide when it’s all over, and what to bear in mind as you take the plunge into General Availability.

This talk is aimed at anyone with an interest in feature launches and user engagement. The audience should come away with a good idea of when public betas make sense as a strategy, what the goals of that beta should be, and how best to achieve them.

Language Games

Communication: it's the oldest problem we have. It's already hard enough to talk to people, but as software engineers we have to talk to computers as well - often at the same time. Getting communication wrong leads to problems anywhere between 'my code is buggy' to 'this project is 6 months overdue and doesn't meet any of the requirements'. There are thousands of books, webinars and conference talks out there about how to communicate more effectively, and we still haven't figured it out.

In this talk, I'll take you through some rigorous frameworks for thinking about communication, and explain how they can help you talk both to people and to computers. I'll argue that it's actually much easier to communicate with computers than other human beings, and that the inability to communicate perfectly isn't a failure - it's normal. Finally, I'll talk about what all of this means for us as engineers, designers and producers of software, and what we can do to make all our lives a little easier.

You Shall Not Password: Modern Authentication for Web Apps

In the good old days, your users would log into a web app with a username and password. But now people expect an alphabet soup of SSO, 2FA, OAuth, OIDC, SAML, FIDO2, OTP... What do they all mean - and why do they matter? Why is central authentication useful? What does two-factor authentication really protect us from, and what's still wide open? Learn how to keep your users safe as we discuss the good, the bad and the ugly of modern authentication mechanisms for the Web.

This talk is aimed at anyone passingly familiar with web development, with an interest in security, or who simply wants to know what’s really going on when you ‘sign in with Google’.

Asymmetric Encryption: A Deep Dive

We all rely on asymmetric encryption every day, both as developers and consumers. It's what keeps our web traffic safe, what lets us sign our git commits, and what powers almost every single authentication flow.

Most of us will know the names of the most commonly used asymmetric encryption algorithms, RSA and ECDSA. But how many of us know how they actually work? What are their drawbacks and limitations, and where are they vulnerable?

Join me for a mathematical deep dive into one of the most fundamental underpinnings of our security infrastructure, journeying from the inception of these algorithms and their algebraic foundations to their modern day usage. We'll talk about why ECDSA has superseded RSA, why it's still not good enough in a post-quantum world, and what's next for asymmetric encryption.

This talk assumes knowledge of how asymmetric encryption functions in a development context (what private and public keys are and ho they should be handled) but no more than that. Some mathematical literacy (raising numbers to powers like squaring or cubing, what a remainder is) is required, but no more than that.

A Brief History of Data Storage

For millennia, humans have known things. Pretty quickly, we started writing them down; our brains aren't particularly good at storing all the things we know reliably, and we needed something more durable.

A long time ago, 'writing things down' looked like clay tablets with cuneiform on them, and affairs have only got more complicated from there. Nowadays, we try and write things down so that computers can understand them too, and that's given us a bewildering array of options - disk drives, magnetic tape storage and so much more.

In this talk, we're going to take a look at the history of writing things down, and discuss why some methods have worked better than others. We're going to talk about why writing things down for humans is different than doing it for a computer, and why it's difficult to try and do both at the same time (this is what code is). Finally, we'll take a look at what the state-of-the-art is today for keeping data safe, and what the future might hold.

This talk has no prerequisites, although a fondness for weird facts will certainly enhance the experience.

Target audience: anyone interested in how we write things down and why, or who likes to collect weird facts to share at dinner parties.