2021-10-21 - DevFest Nantes 2021 - Day 1

This post is in two parts:

Today was the first day of the 2021 edition of the DevFest in Nantes, France. There were a lot of conferences and attendees. And I was there, in the public, taking notes about what I was learning.

So this post is just that: my notes. Hope you'll like it.


Nice croissants :)

Opening Keynote - Antonin Fourneau

Antonin Fourneau is a "bricodeur" as he calls himself. In English, I would translate it to "makoder". He likes to mix technology and art in his work. He showcased several pieces of art he worked on:

He showed his love for video games by quoting his spiritual father Gunpei Yokoi.

Component Driven Development - Debbie O'Brien

The premise of this talk is: building web apps in 2021 is still a mess.

We have evolved from a monolith for the whole application, to a 2-tier model: one part is the frontend and the other one is the backend. In the backend, it then evolved to micro-services: small and reusable components. However, in the front-end, we still have monoliths.

The front-end repository is a monolith which uses components. Components are great as they are reusable. The thing is they are nested is the front-end repository. This causes the following issues:

How would we solve these issues? For example in the context of reusing code in several apps:

The solution to that is first a team solution: let's split the team into feature teams. Each team would have its own repository. That implies:

To help with that, Debbie then talked a lot about the company she's working for: Bit. And to me the Bit part was a bit (pun intended :p) too long.

Level Unlocked: GitOps to the Edge and Infrastructure Provisioning - Katie Gamanji

During this talk, Katie talked about CNCF tools and how they could help the deployment of infrastructures using GitOps.

The mantra of the conference was: the git repo is the source of truth of the state of the application / infrastructure.

Here's what I could note about some of the tools she talked about:

I had a question in the end: what is the difference between these tools and something like Terraform or Ansible. Her answer was that the tools she talked about was part of the Cloud Native environment and so they were specifically designed for Kubernetes and cloud providers.


Good crumble, great macarons, yum yum :3

Don't miss the Deno Train - M4DZ

This conference was a bit complex as there were a lot of things to say. So maybe I did not get everything right, tell me on Twitter if I'm badly mistaken :p

So first slide begins with: "Javascript sucks". Yep. So M4DZ talks about the problems of Javascript and node:

So what would be a better take on this? The things we'd like to have would be:

Enters Deno:

Then he talked about the ecosystem and the libraries we could use instead of the well-known node libraries. After that, he told us a lot about Aleph (kind of Next.js on Deno) and SSR. Then about web components. And I will be honest to say it was hard to follow first because I don't know well the node ecosystem, and second because digestion kicked in.

🦀 Rust, un choix possible ? (Rust, a possible choice?) - Charles-Henri Guérin & Pierre-Yves Aillet

Yes, crabs! I will go fast on this one as it was mostly a small language feature tour:

They did some live-coding to demonstrate all the above mentionned properties (no concurrency though, not enough time for that). After that they focused on the compiler messages, the tooling, and how to promote Rust in the company we work for.

Dans le cloud tout est managé mais pas la sécurité (In the cloud, everything is managed but the security is not) - Éric Briand

That was a very interesting talk. Éric first introduced the three pillars of InfoSec:

That reminds me of school... Kay, let's move on. Before the cloud, the infrastructure was on premise, and the security model was the one of the Fortress. Big walls (firewall) and no security inside. In the cloud, this model is not coherent anymore: there is no more physical separation between our clients or between you and your competitors.

Following are the responsibilities your cloud provider has:

And the ones the client has:

To develop with security best practices in mind: check OWASP.

Éric then talked about two stories.

Linkedin in 2012

A hacker got the credentials of one employee. All employees had access to everything. The hacker dumped the whole credential database. 164 millions user accounts were leaked. These credentials were then used to try to connect to other services accounts.

What were the problems here:

What are the solutions:

Mexican voting bureau in 2016

A mongodb instance was totally open because misconfigured. 93 millions of citizen's data were leaked. Every data could be read, updated and deleted.

When deploying something, we need to know it to be sure the default config is not too permissive.

Other stories about Disney+, the Dow Jones, and Tesla.

In conclusion, the cloud offers more possibilities and with more powers come great reponsibility.

I had a question at the end of the talk: For a small structure, would you advise to use PaaS infrastructures to mitigate security issues? The answer was a big yes, with the emphasis on the fact that you'll still have issues when becoming bigger. Exemple of Pix getting DDOS issues.

Go Generics - Benoît Masson

We talk about it for 10 years, and generics will at last be here in the next version!

Generics already exist with interface{} but it not great to say the least.

My question: Do you think we'll soon have union types? His answer: I don't know but I hope so. Generics are a first step though.

OpenAPI & AsyncAPI : spécifications et contrats (OpenAPI & AsyncAPI: specifications and contracts) - Sébastien Charrier

Read and write API docs sucks. Today, writing tests has become a part of a developer job, but writing API docs is still not there.

Often, docs are outdated, split between places, and more than often, they don't exist. This issue is not a documentation problem, it is actually a problem of human and technical synchronisation.

Nowadays, the more used spec for REST is called OpenAPI (ex Swagger). To write it, you have two choices:

With the spec, you can:

AsyncAPI is kind of OpenAPI but for event based APIs.


This first day of DevFest Nantes was pretty long but really interesting. Tomorrow will be the second and last day :)