Blog
Career

3 Things I Learned Attending DevFest Paris 2024

views
44
Note

This article was written based on personal reflections on my expierence attending DevFest Paris as an organiser. It only goes into technical details, not the experiece as an organizer that might be the subject of another blog post.

I recently had the incredible opportunity to attend and organize DevFest Paris 2024. It was an enlightening experience filled with cutting-edge discussions and innovative presentations. Here are three key takeaways that stood out to me:

1. Passwords are the Problem: Why Passkeys are Good

One of the most eye-opening sessions was about the inherent issues with passwords. Despite their widespread use, passwords are often the weakest link in security systems. Here’s a deeper look into why passwords are problematic and how passkeys can provide a solution:

  • Security Vulnerabilities: Passwords are susceptible to various attacks such as phishing, brute force attacks, and credential stuffing. Many users tend to reuse passwords across multiple sites, which means if one site is compromised, others are at risk too.

  • User Convenience: Remembering multiple complex passwords is a hassle, leading users to adopt poor practices like using simple or repetitive passwords, writing them down, or saving them in unsecure places.

The Solution: Passkeys

Passkeys are cryptographic keys that can be used in place of passwords. Here’s why they are a game-changer:

  • Enhanced Security: Passkeys leverage public key cryptography. The private key remains on the user’s device (like a smartphone or hardware security key), while the public key is stored on the server. Even if the server is compromised, the private key remains secure.

  • Phishing Resistance: Since passkeys are linked to a specific origin, phishing attacks are rendered ineffective. A fake website cannot trick the user into revealing their private key.

  • Ease of Use: Users authenticate with biometrics (like fingerprint or facial recognition) or a PIN, making the process seamless and more secure than traditional passwords.

2. Building a Simple Server Encryption App

Another highlight was a hands-on workshop on building a simple server encryption app designed to generate shareable links for photos. This session provided practical insights into implementing encryption in a real-world application. Key learnings included:

Basic Encryption Techniques

Understanding and implementing encryption is crucial for data security. Here’s a breakdown of the steps involved:

  • Symmetric Encryption: Uses the same key for both encryption and decryption. It’s fast and efficient for encrypting large amounts of data but requires secure key management.

  • Asymmetric Encryption: Uses a pair of keys – a public key for encryption and a private key for decryption. It’s more secure for transmitting encryption keys but computationally intensive.

Building the App

  • Server-Side Encryption: We implemented symmetric encryption using a library like AES (Advanced Encryption Standard) to encrypt the photo data on the server.

  • Generating Shareable Links: Once the photo is encrypted, a unique link is generated. This link includes an encryption key that allows the recipient to decrypt and view the photo.

  • Security Considerations: Ensuring that the keys are stored securely and the links expire after a certain period to prevent unauthorized access.

User Experience

Balancing security and usability is key:

  • Seamless Process: The encryption and decryption processes are handled transparently, so users don’t need to worry about complex steps.

  • Clear Communication: Informing users about the security measures in place builds trust and encourages them to use the app confidently.

3. Web Vitals

Performance is crucial for any web application, and the session on Web Vitals provided essential insights into optimizing user experience. Web Vitals are a set of metrics defined by Google to quantify user experience aspects such as loading speed, interactivity, and visual stability. Here’s a deeper dive into the core Web Vitals:

Largest Contentful Paint (LCP)

  • Definition: Measures loading performance. Specifically, it marks the time at which the largest content element in the viewport is fully rendered.

  • Goal: Achieve an LCP of 2.5 seconds or faster. A fast LCP ensures that the main content of the page is quickly visible to the user.

First Input Delay (FID)

  • Definition: Measures interactivity. It quantifies the time from when a user first interacts with your site (e.g., clicking a link, tapping a button) to the time when the browser is actually able to respond to that interaction.

  • Goal: Keep FID under 100 milliseconds. A low FID provides a responsive and interactive experience.

Cumulative Layout Shift (CLS)

  • Definition: Measures visual stability. It quantifies how much the page layout shifts during the entire lifespan of the page.

  • Goal: Maintain a CLS score of less than 0.1. A low CLS ensures that content doesn’t unexpectedly move, preventing user frustration and accidental clicks.

Optimizing Web Vitals

  • LCP Optimization: Improve server response times, use efficient images and video formats, and pre-load important resources.

  • FID Optimization: Minimize JavaScript execution time, break up long tasks, and optimize the main thread work.

  • CLS Optimization: Use size attributes for images and videos, avoid inserting content above existing content, and ensure web fonts load smoothly.

Conclusion

DevFest Paris 2024 was an inspiring event that offered valuable insights into the future of technology. From enhancing security with passkeys to building secure applications and optimizing web performance with Web Vitals, the lessons learned will undoubtedly shape my approach to development moving forward. I’m already looking forward to the next DevFest!