GOTO Amsterdam 2018

Last month, Onfido arranged for me to go to GOTO Amsterdam. The GOTO conference is a software engineering conference, with multiple editions across Europe and the US. It is organized by the nice folks at Trifork. When I was deciding which conference I wanted to attend, I focused on broader software engineering rather than language or framework-specific conferences. I don’t have anything against those types of conferences, though — I still have good memories of RubyConf Portugal.

Before attending the conference I did my homework. Of course I only chose GOTO Amsterdam because I already knew there were some must-sees lined up (e.g., Sam Newman and Michael Nygard). But before it was time to catch the plane from Lisbon to beautiful Amsterdam, I had already run through all the scheduled talks across all tracks and I had made my personal schedule (which I learned I could do via the conference app).

While planning I found out there would be a meetup also organized by Trifork with drinks and some presentations, the day before the conference actually started. I was flying to Amsterdam the day before and if I was quick enough I might just be able to attend the meetup. And so that’s what I did — I got straight off the plane, dropped my bags and headed out to the meetup. It was great to meet some people before the first day of talks kicked off, and I really enjoyed a presentation by the Trifork CTO for Amsterdam, Joris Kuipers. He talked about the problems he and his team faced when they started to run containerized versions of their projects in Amazon EC2 instances. The maturity of the solutions provided by Amazon (or the lack of it, e.g. AWS VPC) and how they were able to overcome each step only for Amazon to keep moving forward and easing out their task out-of-the-box some time later. It was really a tale on trend-adoption and the trade-offs of diving into technical decisions that are vendor-dependent with some unknowns. The only way forward really, if you ask me. Slides

The Evolution of Threat Models for Secure Communication Products

The first day of talks started with Phil Zimmermann’s keynote on how PGP came to be, his issues with the US government and authorities, and a dive into ZRTP and how it can leverage humans to guarantee more secure VoIP conversations. It was an honor and privilege to be able to hear such a CompSci personality in the flesh. I also got the impression we have a lot of the same core values when it comes to data privacy, security and regulation.

Confusion in the Land of the Serverless

Next up was Sam Newman with his talk about Serverless computing. I really enjoyed his talk. In it, Sam explains the concept of serverless, what makes it what it is, how you can take the most out of this new approach to web development. He also talked about how you can use it for your benefit, while avoiding some common pitfalls. It was a really insightful presentation backed by his hands-on experience using various serverless platforms. Slides

Sam Newman’s Confusion in the Land of the Serverless


Another talk I really liked was #Toyfail by Martin Gravråk and Kristian Wille from Bouvet. They analysed two smart toys in the Norwegian market to understand if it complied with reasonable security and privacy concerns. For example, if a child asks: “Mommy I want to go to Disneyland. Where’s Disneyland?”

  • Should the device send every piece of this query?
  • What’s the limit to what the toy records?
  • How biased are the devices answers?

In summary, lots of information was being sent including PII like unique toy IDs. Bluetooth communication between the toy and the parents’ cellphone (used as proxy for requests to a remote server) was also susceptible to eavesdropping and, wait for it… the toys were hard-coded to talk about Disney characters, since the company that manufactured them had celebrated a contract with Disney, effectively turning these toys into marketing machines. Video

Site Reliability Engineering at Google

Christof Leng from the Service Reliability Engineering team at Google gave a talk on how SRE works there. It’s incredible to see how a company as big as Google manages to keep a culture of small-ish teams with cross-functional responsibilities, and how SRE is just another piece in that geared engine. Christof talked about on-call rotation, outages, teams’ error rate debt and postmortems. It was a really good talk, re-enforcing the importance of testing and observability as part of the development and release processes. “Postmortems are blameless”. Slides

Democratizing Distributed Systems: Kubernetes, Brigade, Metaparticle and Beyond

In the era of containers, who else would you want giving a keynote other than Brendan Burns, creator of Kubernetes? That was the beginning of the second day of talks. Brendan explained how scaling your infrastructure should be easy and approachable by any programmer, not only DevOps. Following that idea, he introduced Metaparticle, his pet project that aims at providing a simple way of adding Kubernetes configuration to your application without having to move between YAML files. Instead you write it in your preferred language. Talk


For the most meta talk, sir Michael Nygard. Whoever has seen talks from Michael and knows a bit about him (e.g., he’s part of the Cognitect team alongside Rich Hickey), should be expecting a different kind of talk. This one was on coupling. As software engineers we use this term a lot to mean something bad. But maybe it’s not like that everywhere. What does it mean exactly in our job? Michael presented different vectors of coupling and ways to avoid them or reduce tension. He was by far the best communicator in this whole conference. His presentation was smooth, no unnecessary pauses, well scripted, insightful information with a meta vibe to it that leaves you pondering about it for a few days. Perfect!

Michael Nygard’s Uncoupling

Containers From Scratch

Liz Rice’s presentation was the bravest one. She. Live. Coded. On. Stage. I’d be scared of doing it in front of such a big and intelligent audience. But yeah… nothing Liz couldn’t handle. In her talk “Containers From Scratch”, she explained the anatomy of containers and exemplified creating them using golang. Lots of process forking, playing with changing the root directory for a given user and things to look into when doing process isolation, all with a focus on security. Check out microscanner. It also came with a funny bonus. Talk

Scaling Slack

The last presentation I really liked was by Slack’s Chief Architect, Keith Adams. In it, he explained the scalability challenges his Engineering team went through when Slack started to grow several orders of magnitude. He unveiled the background for some of their issues to justify technical decisions. From the use of asynchronous communication to the creation of new components in their architecture (e.g. component for loading information about channels, unread messages, etc.), the audience was able to get an accurate idea about why working at Slack isn’t simply about “building another chat app.”

I really enjoyed GOTO Amsterdam. Preparations for the 2019 edition are already underway and other GOTO conferences in Europe and the US will be happening in 2018 and 2019. Be sure to check out their website. I definitely recommend it!

See you another time, GOTO. 👋