Calling all Python users! - My Experience at PyCon Korea 2024

Introduction 💁‍♀️

Fall is definitely the season for conferences 🍂 This year, I’ve been attending various conferences thanks to a number of opportunities. In particular, as someone who uses Python, I also attended PyCon—an event that anyone who uses Python should experience at least once.
I’d like to share my experience attending 파이콘, an event created by people who use or love Python, where I felt a real sense of passion and warmth.

The Rise of LLMs and Changes in the Python Ecosystem: Filling PyCon Sessions 🐍

It’s been four years since I started developing backends with Python. Even though Python had been gaining traction since the late 2010s, I hadn’t really felt it until now—but it seems that as the LLM field has taken off, interest in Python has definitely surged.

As AI developers have started building their own serving servers, the popularity of Python backend web frameworks has gradually increased, and these days, I’m seeing quite a few Python backend engineers around me. Perhaps because of this, there were several Django and FastAPI sessions at this year’s PyCon.

In addition, since anyone using Python could give a presentation, there were many interesting sessions. (Personally, I was really curious about the sessions by teachers, but they overlapped with the ones I wanted to attend, so I couldn’t make it ㅠㅠ Next time...!)

Session Review 📝

I visited the venue on both Day 1 and Day 2 and attended a total of 9 sessions. As a backend developer, I tried to attend as many backend sessions as possible, but honestly, every single session was so interesting that I had a hard time deciding which ones to choose. Among them, I’d like to highlight the three sessions that left the deepest impression on me from the perspectives of 백엔드 개발자, LLM 초심자, and 서비스 개발 도전자, and share my personal thoughts. (Since detailed session content will be uploaded to PyCon’s official YouTube channel, I’ll keep my explanations brief.)

🖥️ “The Django Framework from a Hacker’s Perspective”: A Session That Left a Lasting Impression on Me as a Backend Developer

Speaker: Seokchan Yoon
One-line summary: “Django is a solid, useful framework!”—by a hacker
Session introduction page Link

📍 Session Content

In this session, the speaker analyzed Django’s security management status and explained vulnerabilities at the framework level identified from a security expert’s perspective.

1. There are key security considerations at the framework level that must be taken into account during backend development.
   • XSS protection, SQL injection protection, CSRF protection, clickjacking protection

• Django already addresses these security concerns from the very start of a project.

2. However, the speaker explained that they had recently discovered a few security vulnerabilities.

   • Cases where SQL injection occurs when using raw queries
   • Cases where DoS attacks are carried out using the regular expressions in EmailValidator, etc.

3. Nevertheless, the conclusion was that **“Django is a

secure and reliable framework in many respects!”**
- This is because the Django community responds quickly, leading to rapid stabilization...!
- The community is working together to resolve the vulnerabilities that have been discovered so far.

4. The session concluded with a final message urging developers to remain vigilant about security, as it is an area that requires constant attention.

💡Thoughts

💭 I was impressed by how well the Django community handles security issues.

Django has one of the largest communities among Python web frameworks, and this session reaffirmed that they respond quickly to any issues. I had previously thought of Django simply as a heavy framework due to its many features, but I gained a small but tangible understanding of why it’s so widely used: it provides all the essential features for running a web service out of the box.

In contrast, since Flask is more lightweight than other frameworks, you have to configure these security settings one by one. While there are packages available for security configuration, they’re difficult to manage unless you make a conscious effort to use them. In this regard, I found myself wishing that Flask could automatically handle basic security measures as well.

💭 Through this session, I took another look at the security issues I need to consider as a web developer.

While I’ve been mindful of database-related issues, such as SQL injection, I hadn’t paid much attention to CSRF security. For example, early on in developing a service using open-source software, I once removed CSRF-related code. This was due to a team-wide decision that, rather than implementing proper security authentication, we should simply remove the relevant packages. The reasoning was that, since the service was used by a limited number of users in a closed network environment, there wouldn’t be any major issues.
However, through this session, I was once again reminded that if a service is operated on a public network, security policies to block access by unauthenticated users or hackers must be taken into account. I resolved to approach my work with a heightened awareness of these security issues moving forward.

🤖 “Using Large Language Models for Almost Every Python User”—A Session That Left a Lasting Impression on Me as an LLM Beginner

Speaker: Sanghyun Park
One-line summary: A perfect introductory explanation for those new to LLMs
Session introduction page Link

📍 Session Content

This session clearly explained everything from the basics of LLMs to prompt engineering. It was organized into three parts: “Definition of LLMs,” “Conversing with LLMs,” and “Working with LLMs.”

1. Definition of LLM

   • As the name “Large Language Model” (hereinafter LLM) suggests, it refers to a model related to “language data.” Language data is defined by rules and grammar, and a model is created by expressing these rules as functions.
   • The primary goal of an LLM is to naturally predict sequences of words. The most important concept for this prediction is the “word token.” It operates using a self-regressive method, where it predicts the next word token based on the current one, concatenates them, and then predicts the next one.

2. Conversing with an LLM

   • When conversing with an LLM, the purpose is to create the context of the conversation by providing prompts.
   • By using RAG to search pre-stored information and memory to store conversation details, you can build context.

3. Working with LLMs

   • Although LLMs equipped with context have been developed, they do not know whether that context is true or false. They may output incorrect information as if it were true; this is called hallucination.
   • To address hallucinations, we add a tool that links actions to outcomes to correct the model.

💡Thoughts

💭 The presentation effectively highlighted the key points of the LLM field.

With the emergence of ChatGPT, the LLM field has become incredibly popular, and a flood of related services and advanced technologies has followed—but I hadn’t really been keeping up with that trend. Nevertheless, listening to this session gave me a general understanding of LLMs.
When the topic of hallucinations came up, I recalled how ChatGPT used to provide answers based on incorrect information in its early days. While this was entertaining in one sense, it was also somewhat disappointing; I wondered how much research had gone into solving this issue, which piqued my curiosity about the related research papers.

💭 I want to try building an LLM-related service.

Also, in the future, I’d like to try building a service—even a simple one—using prompt engineering. I’ve had a strong interest in language since I was young, and I’ve always found the field of natural language processing in IT fascinating… But seeing how rapidly this technology has advanced, I realized I didn’t want to just watch from the sidelines—I wanted to experience it firsthand. I need to start brainstorming ideas right away.

🔎 “We All Have the Right to Be Free from Spam”: A Talk That Left a Lasting Impression on Me as a Service Development Challenger

Speaker: Lee Jun-beom
One-line summary: Automating even spam filters using LLMs! Insights into the service development process
Session Introduction Page Link

📍 Session Content

Lee Jun-beom shared the story behind the 스마트 스팸 필터 app he developed himself, offering insights into his experience as a solo developer.

1. The motivation behind developing this app stemmed from the field of “automation.”

• In the past, the criteria for filtering spam were simple (e.g., phone numbers starting with 070 were generally considered spam), but now there are so many types of filters that it has become difficult for humans to manage.
  • This led to the thought, “Shouldn’t a machine handle this in the end?”, which became the starting point for developing a spam filter using an LLM.

2. After deciding to use an LLM, the developer summarized the issues they constantly grappled with during development.

   • The two main concerns were cost and data. Using a high-quality model was expensive, but using a smaller, cheaper model led to performance issues.
   • This meant they needed data to improve performance, and that data required annotation. The conclusion they reached was 👉 Let’s use an LLM to handle the annotation too!
   • Once a suitable model and data were ready, they continuously trained and evaluated the system to create an optimal model for the smart spam filter.

3. The presentation also covered considerations regarding building the model and deploying it as an app.

   • After some trial and error in deciding which server to run the app on while considering unit costs, the team ultimately settled on using an on-device LM due to the need for scalability.

• This is because running the app on mobile devices reduces server costs.

4. Tips for operating a service as a solo developer and discussions on practical challenges
   • Security issues and low latency must be continuously addressed, which brought cost concerns back to the forefront.
   • When developing alone, automation is essential to boost productivity, as it’s difficult to handle everything by yourself. The speaker has currently automated the model training process.
   • There were also problems caused by external factors (e.g., bugs in iOS itself).

💡Thoughts

💭 Services also emerge from solving inconveniences.

A service is a means to fulfill a specific need. As illustrated by the example mentioned by the speaker, it can be highly effective when needs are met by resolving inconveniences.
What impressed me most about this session was how the service used machines or AI to automate (and resolve) areas where humans face limitations (inconveniences). It was particularly noteworthy that this was implemented using LLMs, a hot topic in today’s tech landscape.
Creating a service ultimately means filling gaps that humans cannot address or creating value through a better experience. I’ve always been the type to put up with inconveniences even when I feel them, but it suddenly occurred to me that resolving these very inconveniences could itself become a service.

💭 Solo Development: You Must Be Prepared Not Only for Technology but Also for Service Management

How they utilized LLMs and which models they considered were very interesting topics. However, the most inspiring part of this session was the managerial insights shared by the solo developer regarding the service operation process.

To operate a service, above all else, you must consider ways to reduce costs. The purpose of running a business is to generate profit, and to maximize profit, you inevitably need to cut costs. In particular, technical choices that optimize costs from the dual perspectives of money and time are crucial.

In this session, the speaker mentioned adopting a technical solution that uses a small model to reduce monetary costs and considering on-device language models (LMs) to cut server expenses. It was also noteworthy that repetitive tasks were automated to reduce the cost of time.

(Even if not limited to solo developers), from the perspective of a service provider, cost reduction and efficiency improvement are essential considerations. Although I currently lack direct authority over cost decisions within my role (R&R), I can certainly reduce the cost of time on my own. Consequently, I felt I should start by thinking about how I can contribute through improving work efficiency.

In Closing – PyCon Korea 2024: It Was a Blast 🤗

1. It was fun to attend sessions across various fields, and experiencing the events at the sponsor booths let me feel the conference vibe again after a long time. I’d gotten used to just rushing through my work, but this was a chance to reflect on why I need to understand technology and what I want to achieve with it 🤓

2. As is typical of conferences these days, there were definitely a lot of AI-related sessions. (Which makes sense, since it’s a Python conference.) I’ve only dabbled in AI briefly, so it was hard to follow everything, but it reignited my passion to dive back into studying it 🔥

3. I met colleagues from my company as well as many members of the Geul-tto community, and the time we spent talking together was truly precious. It was also fun to see how people working in different roles—data analysts, data engineers, backend engineers, entrepreneurs, and more—were all united by a single thing: Python! I thought it was one of Python’s charms that a single programming language could serve as a catalyst for building rapport 😁