Managing securely dependencies is becoming an increasing concern of the industry. Here, we showcase how Nix, a functional-oriented package manager, can get us very far and close class of vulnerabilities that PyPI / pip had in the past, e.g. rogue PyPI packages that steals personal data.

Securely delivering Python packages is hard, Nix can help to automate this process without removing your existing build system!

Ryan Lahfa

Packaging security with Nix

Tutorials, blog posts, and product docs help developers learn. From our favorite tutorials to bad product docs we all consume technical writing. But what makes for good technical writing? In this talk I’ll share 10 tips and tricks to improve your technical writing skills to help your readers succeed

Think of that feeling you get when you follow an online tutorial or documentation and the code works on the first run. But what makes one tutorial better than another? In this talk I'll discuss how you can write the documentation that developers love.

Think of that feeling you get when you follow an online tutorial or documentation and the code works on the first run. Now think of all the hours spent wasted following broken, outdated, or incomplete documentation. From our favorite tutorials to bad product docs we all consume technical writing. Tutorials, blog posts, and product docs help developers learn new things, build projects, and debug issues. But what makes one tutorial better than another? In this talk I'll discuss how you can write the documentation that developers love and I’ll share 10 tips and tricks to improve your technical writing.

#### Outline
* Introduction (1 min)
* Why is Technical Writing Important? (4 min)
* My Top 10 Tips to improve your Technical Writing (20 min)
  * \# 10 - Make Your End Goal Clear
  * \# 9 - Don’t Be Overly Verbose
  * \# 8 - Inclusive Language
    * Avoid words like Simple, Easy
  * \# 7 - Avoid Technical Jargon
  * \# 6 - Define ALL Acronyms
  * \# 5 - Avoid Memes/Colloquialisms
  * \# 4 - Use Meaningful Code Samples and Variable Names
  * \# 3 - Don’t Make Your Reader Leave Your Article
  * \# 2 - Make it Easy for the Reader to Find a Single Piece of Information
  * \# 1 - Verify Your Instructions! Test, Test, Test!
  * \# 0 Bonus! - Practice, Practice, Practice
* How You Can Get Started in Technical Writing (3 min)
* Conclusion & Questions (2 min)

Mason Egger

Write Docs Devs Love: Ten Tricks To Level Up Your Tech Writing

Every phase across the end-to-end machine learning lifecycle exposes a plethora of security risks that often go unnoticed by machine learning practitioners. In this talk we uncover the most critical (and common) security risks in the machine learning lifecycle, covering in-depth concepts as well as practical examples of ways in which these can be exploited as well as resolved and mitigated (analogous to the OWASP Top 10 industry standard). 

Throughout the talk we will be using a hands on example, where we will be training, packaging and deploying a model from scratch, outlining key risk areas for each step together with tools and practices that can be used to mitigate these risks. By the end of this talk, machine learning practitioners will have a robust intuition of the importance of security best practices throughout the machine learning lifecycle, together with tools and frameworks that can help mitigate undesirable outcomes due to security flaws.

Secure Python ML: Automated Security Best Practices for ML at EuroPython 2022

#### Abstract

Every phase across the end-to-end machine learning lifecycle exposes a plethora of security risks that often go unnoticed by machine learning practitioners. In this talk we uncover the most critical (and common) security risks in the machine learning lifecycle, covering in-depth concepts as well as practical examples of ways in which these can be exploited as well as resolved and mitigated (analogous to the OWASP Top 10 industry standard). 

Throughout the talk we will be using a hands on example, where we will be training, packaging and deploying a model from scratch, outlining key risk areas for each step together with tools and practices that can be used to mitigate these risks. By the end of this talk, machine learning practitioners will have a robust intuition of the importance of security best practices throughout the machine learning lifecycle, together with tools and frameworks that can help mitigate undesirable outcomes due to security flaws.


#### Overview

The operation and maintenance of large scale production machine learning systems has uncovered new challenges which have required fundamentally different approaches to that of traditional software. The area of security in MLOps has seen a rise in attention as machine learning infrastructure expands to further critical usecases across industry. 

In this talk we introduce the conceptual and practical topics around MLSecOps that data science practitioners will be able to adopt or advocate for. We will also provide an intuition on key security challenges that arise in production machine learning systems as well as best practices and frameworks that can be adopted to help mitigate security risks in ML models, ML pipelines and ML services. 

We will cover a practical example showing how we can secure a machine learning model, and showcasing the security risks and best practices that can be adopted during the feature engineering, model training, model deployment and model monitoring stages of the machine learning lifecycle.


#### Benefits to the ecosystem

This talk will provide practitioners with the intuition and tools to secure production machine learning systems, as well as further the discussion around best practices reinforcing SecOps into MLOps.

It will provide best practices on a critical area of machine learning operations which is of paramount importance in production.

Alejandro Saucedo

Secure Python ML: The Major Security Flaws in the ML Lifecycle (and how to avoid them)

MicroPython - a reimplementation of Python for microcontrollers - is nine years old. How can you find your way in a jungle of tiny chips, circuits, and jumper wires? In this session, we will run through a brief introduction to the world of MicroPython. Beyond the basics, we will explore the projects, tools, and the  community that helped your intrepid speaker to get started as a newcomer.

Run Python everywhere! Exploring the world of MicroPython: microcontrollers, LEGO bricks, and blinky LEDs!

MicroPython is a reimplementation of Python for microcontrollers, originally developed as a result of a Kickstarter campaign. Today, it is an approachable way into programming for many young people, via boards like the Raspberry Pi Pico, the BBC micro:bit and the CodeBug - you can even run it on LEGO bricks! It is increasingly being used in commercial fields as well. MicroPython is helping Python to get into even more places, and making programmers more efficient as it does so.

Andy Piper wanted to learn more, so he spent some time travelling and adventuring on the internet, to discover the community and projects around MicroPython.

The goal of this session is to briefly explain the What, Why and How of MicroPython. There *will* be circuit boards, and discussion of microcontrollers! We will take a look at examples, from established development boards to brand new ones. We will also acknowledge how MicroPython has been built upon, to enable different ways of working (with CircuitPython), and LEGO robots (via PyBricks). 

Finally, and most importantly, you'll get a good sense of the places you can find and learn from the MicroPython community, and how you can get involved and contribute!

Andy Piper

Try Something Different: Explore MicroPython! (a rough guide for newcomers)

Distributing Python GUI applications to end users is a challenge: will they need to install Python? If so, which version? If not, how do they install the application? From a random ZIP file? How native does the process feel? Will their system trust your code? For a fluid experience, it needs to be signed and (on macOS) notarized beforehand.

Welcome to [`pup`](https://pypi.org/project/pup/), the tool that the [Mu Editor](https://codewith.mu/) development team has created to package and distribute it in platform-native formats to Windows and macOS users around the world.

In this session I will show how `pup` can be used to package GUI Applications for distribution: natively on Windows and macOS, and in early stages of development for distribution-agnostic Linux artifacts. In short, if it's `pip`-installable it is `pup`-packageable!

I will then describe the way `pup` works (and how it differs from comparable tools) leading on to a call-for-action moment, where I'll share its current state of development, what's good, what's bad, and where I'd like it to be headed to.

I'll wrap up the talk with a set of future-looking thoughts that `pup` has helped identify not only on the specifics of CPython's distribution, but also on the Python ecosystem as whole.

Packaging Python GUI Apps into native Windows and macOS installers in a single command.

Tiago Montes

Native Packaging of GUI Apps on Windows and macOS

Like many companies with multi-million-line Python codebases, Carta has struggled to adopt best practices like Black formatting and type annotation. The extra work needed to do the right thing competes with the almost overwhelming need for new development, and unclear code ownership and lack of insight into the size and scope of type problems add to the burden. We’ve greatly mitigated these problems by building an automated refactoring pipeline that applies Black formatting and backfills missing types via incremental Github pull requests. Our refactor applications use LibCST and MonkeyType to modify the Python syntax tree and use GitPython/PyGithub to create and manage pull requests. It divides changes into small, easily reviewed pull requests and assigns appropriate code owners to review them. After creating and merging more than 3,000 pull requests, we have fully converted our large codebase to Black format and have added type annotations to more than 50,000 functions. In this talk, you’ll learn to use LibCST to build automated refactoring tools that fix general Python code quality issues at scale and how to use GitPython/PyGithub to automate the code review process.
Slides: https://www.slideshare.net/jimmy_lai/europython-2022-automated-refactoring-large-python-codebases

Automated refactoring on large Python codebases for adopting Black formatting and type annotation with incremental changes by using open source LibCST, GitPython and PyGithub.

Jimmy Lai

Automated Refactoring Large Python Codebases

Leveraging geospatial Python libraries to understand and predict High-risk houses during cyclone-induced floods in urban areas considering historical openly available satellite images and urban morphological data.

Assigning a flood risk score to each individual house near the coastal regions is a challenge. Also, as the land characteristics vary based on different geographical locations, prepare for emergencies on demand.    ​

​

Leveraging geospatial Python libraries to understand and predict High-risk houses during cyclone-induced floods in urban areas considering historical openly available satellite images and urban morphological data.

We will demonstrate an end-to-end methodology using geospatial Python libraries to understand the use of Multi-Criteria Decision making methods taking into account driving variables. This talk will also throw light upon:

1. Getting the large imagery datasets into DL friendly format
2. Resampling of Satellite image data in python
3. Conducting overlay analysis with weights
4. Calculation of zonal statistics at house level
5. Future Scope

We'll also showcase the geo-visualization portal we created and the technologies used, how you can use Python to convert large GeoJSON output to light vector tiles, and create a seamless experience for the user through an intuitive front-end.

Sumedh Ghatage

Saving Lives with Predictive Geo - AI

In the career of many developers, there comes the point of deciding "what next?". The typical two choices are- to stay on the technical path and pursue the way of a software architect or take a leap of faith and jump to a people management role. In my talk, I'll show you the pros, cons, and challenges of pursuing the latter.

Dr. Jekyll & Mr. Hyde - transition from developer to manager without going crazy or becoming evil

You've been a developer for a couple of years already. Your journey started as an intern/junior-level position where you were learning to code; then, going through mid and senior positions, you were offered the team lead or even engineering manager role. At this moment, you have plenty of questions and doubts. How to answer them to make sure you make a good decision? How to prepare for the new role if you want to take it? I'll help you answer these questions and prepare for your future role.

Jakub Paczkowski

Teaching Python: a panel discussion with perspectives from teachers, academics, makers and enthusiasts. Why is Python appealing in education? What tools and resources work well? What can the Python community do to help teachers & policy makers? Join us for an engaging and insightful discussion with a fascinating panel of experts, Dr Keith Quille, Kelly Schuster-Paredes, Chris Reina and Sarah-Jayne Carey.

Teaching Python: a panel discussion with perspectives from teachers, academics, makers and enthusiasts.

Chris Reina

Kelly Schuster - Paredes

Aimée Fagan

Keith Quille

Sarah-Jayne Carey

Education Panel

BBC News Labs is an innovation team within BBC R&D, working with journalists and production teams to build prototypes to demonstrate and trial new ideas for ways to help journalists or bring new experiences to audiences.

Working in short project cycles, it's important for us to be able to quickly build processing pipelines connected to BBC services, test and iterate on ideas and demonstrate working prototypes. We make use of modern cloud technologies to accelerate delivery and reduce friction.

In this talk I will share our ways of working, our ideation and research methods, and the tools we use to be able to build, deploy and iterate quickly, the BBC's cloud deployment platform, and our use of serverless AWS services such as Lambda, Step Functions and Serverless Postgres.

How BBC News Labs uses serverless technology in rapid prototyping

BBC News Labs is an innovation team within BBC R&D, working with journalists and production teams to build prototypes to demonstrate and trial new ideas for ways to help journalists or bring new experiences to audiences.

We work in short project cycles to research and build prototypes. We have worked with the BBC's flagship radio news programme production team to enrich programme timelines with metadata to provide enhanced experiences to the audience. We are currently working with local radio teams around the UK to provide the means to capture highlights in live radio for re-use and for social media, reducing the workload for producers, and getting more mileage from linear broadcast programmes.

Working in short cycles, it's important for us to be able to quickly build processing pipelines connected to BBC services, test and iterate on ideas and demonstrate working prototypes. We make use of modern cloud technologies to accelerate delivery and reduce friction.

In this talk I will share our ways of working, our ideation and research methods, and the tools we use to be able to build, deploy and iterate quickly, the BBC's cloud deployment platform, and our use of serverless AWS services such as Lambda, Step Functions and Serverless Postgres.

Ben Nuttall

Rapid prototyping in BBC News with Python and AWS

Packaging in Python is one place where the common adage "There should be one and preferably only one obvious way to do it" doesn't seem to apply. There are a lot of choices to make when publishing python code. What is absolutely essential and what is optional?

Paralyzed by the number of choices needed to publish python package? Find out what you need to know for packaging in 2022

The Python packaging landscape is experiencing a renaissance but along with new standards and new tools comes a lot of new choices when publishing. setup.cfg or pyproject.toml? Do you need a setup.py instead or in addition? There can be a lot of confusion but understanding modern trends can make sharing your code easier than ever before.

Packaging security with Nix

Abstract

The speaker