The Boeing 737 MAX: When Humans and Technology Don't Mix

In 2011, realizing it desperately needed to offer a competitive product to Airbus’ A320neo, Boeing embarked on a project to upgrade its legendary 737 aircraft to match the A320neo’s efficiency. Limited by the constraints of the 737’s original design and their desire to minimize training needed by pilots to fly the new aircraft, Boeing made multiple critical compromises in the aircraft’s design. 346 deaths and $87 billion later, we have all been reminded of the importance of rigorous design processes and the need to engineer systems for the realities of the end users and their environment. This talk dives into the motivations for the design compromises, the human factors considerations that were disregarded, and how a Fortune 100 company’s prioritization of profit over good design practice led to its stunning fall from grace. The lessons learned are directly applicable to all kinds of developers, from web designers to mission-critical infrastructure engineers.

This talk was rated as the best talk at NDC Oslo 2021 and NDC TechTown 2022.

Since the relevance of this talk to a software conference may not be immediately apparent, I’d like to note that the concepts of human factors design, interface design, and user training are all of critical importance to any software development project. This talk offers a way to demonstrate just how critical those aspects can be by presenting this enthralling case study of how a series of bad decisions led to 346 deaths and $87 billion in costs and loss of revenue. It ties science, engineering, process, UX/UI design, software development, and personnel management together in a unifying way that inspires a sense of importance to the work that developers do. While the topic is not simple, it does not require a rigorous technical background to engage with and is accessible by all audiences. I have found that this talk is very well-suited to be a keynote, as it does not focus on any specific technology, language, or framework, but instead focuses on the importance of the choices that all developers and engineers make.

As I hold a Ph.D. in Human Systems Integration from MIT’s Department of Aeronautics and Astronautics, I’m a world expert in this specific field who is uniquely qualified to speak on this topic. I have given an early version of this talk as a keynote before, a recording of which you can find here: https://www.youtube.com/watch?v=R7PNS0QEw0w

NOPASSWD: Building a Passwordless Cloud Infrastructure

Passwordless systems are fast becoming a reality as many of the big players (Microsoft, Google, Okta, AWS Cognito) implement support for FIDO2 and related technologies.

Although developers are making great progress in using these technologies to implement new passwordless architectures for the users of their products, we are years behind in doing the same for our own internal infrastructure. Tokens, passwords, and other secrets that are shared internally among developers are a major security risk, yet are extremely common among companies of all sizes.

This talk gives an overview of the current situation and associated security risks, a review of FIDO and FIDO2 standards, the options we have to improve our designs, and a case study of a sample passwordless infrastructure stack. We'll also discuss things to look for and avoid when selecting vendors and development tools to greatly improve security posture.

Learn how your team, regardless of size, can put all of the pieces together to implement a more secure, passwordless infrastructure.

This talk can be presented in either a 30-minute (cover the important concepts) or 60-minute (technically detailed) format.

Previous presentation of this talk:
https://www.youtube.com/watch?v=pEUO9Sj68hg

Architecting Apollo: Systems Design Lessons from the Golden Age of Spaceflight

The earliest crewed spaceflights, including the Mercury, Gemini, and Apollo programs, were some of the first instances of software being responsible for life-or-death decisions. While various aspects of the software and systems design could be considered outdated by modern standards, many of the core principles and design choices are directly relevant to the systems we build today.

This talk dives into several of the near-fatal accidents of early crewed spaceflight, including Gemini 8, Apollo 11, and Apollo 13, and focuses on the system design choices that averted catastrophe. Topics include failure modes, process prioritization, recoverable software, levels of autonomy, and designing for human intervention.

This talk is best-suited for a 60-minute presentation. It requires audio.

Saving the Internet with Vector Graphics

The growth in screen resolutions is fast outpacing the growth in network bandwidth available for most users. No longer can we rely on JPG and PNG images for our websites, which could have file sizes in the megabytes for background images at 4K/8K resolution, leading to uncomfortably long load times.

In this talk, Vebjørn (a graphics designer) and Kyle (a cloud infrastructure engineer) discuss how switching to vector graphics can save bandwidth, time, and cost. Learn how small SVG files can fully scale to any screen resolution with perfect clarity while giving major savings in cloud data transfer fees, as well as when they are or are not appropriate over other formats.

Without a Trace: Supply Chain Attacks in the Terraform Registry

LIVE DEMO of a supply chain attack.

Terraform currently has the largest market share of the IaC tools, used to manage billions of dollars of enterprise infrastructure. The Terraform Registry allows engineers to use community modules in their configurations.

What few users know is that the Registry has a major security hole, allowing module authors to insert malicious code without the end user being aware. Come to this talk to learn about supply chain attacks and watch Kyle steal his own enterprise credentials through a module on the Terraform Registry. Guaranteed, you will never use it again.

Requires reliable internet during the talk.

Target audience: cloud infrastructure engineers / DevOps.