After NDC Oslo 2014
It's over. I'm back in Amsterdam after an awesome week in Oslo. Great sessions, lots of smart people, delicious food and very good coffee. Inspirations everywhere.
I didn't know Norwegians were this much into coffee drinking. I can easily say that I didn't drink a single cup of bad coffee in Oslo in 7 days. One of the world's best coffee shop Tim Wendelboe is also located in Oslo. But more on that later.
I've seen a lot of stuff and spent time with very smart people.
Like I did with my previous conference visit in Microsoft / Seattle, I'll write down all the sessions I've attended, together with the links to the video recordings.
I didn't know the sessions in NDC were recorded. That was a bit of a nice surprise in the beginning of the conference. Deciding which sessions to attended became a lot easier afterwards. Now I can basically see anything I missed if I want.
Attending the workshops was the best decision we've made. By far the most educative part of the conference. 2 days of workshop gives enough time to properly dive into a broad topic, allows a good deal of Q/A and lab time.
The workshop I attended was titled as "Identity and Access Control for modern web applications and API's". From Dominick Baier and Brock Allen. 10 out of 10 for those guys. They were well prepared. They were also very responsive to the questions from the attendees.
Unfortunately there is no video recording here. I have pdf's and lab solutions which I'll share in a next blog post.
We've covered everything from the old security techniques to the modern ones. Here are some of the main points:
- Using security tokens and claims based authentication & authorization is the way to go in to the future.
- Separating authentication to another shared service is a good technique once you have multiple services in your deployment. This security service will issue access tokens for other services in the system to consume. This avoids repetition of security related code in every other service in the system. Enables DRY. Single point of configuration and control. Good stuff.
- Microsoft is already moving in this direction with OWIN and Katana. Claims based identity is baked into the framework at the moment. And there are a number of Katana middlewares that implement token based authentication.
I've left the workshop with some ideas and improvements that can be applied to Nfield. Ideas that can enable securer access scenarios and can make security implementation more elegant.
If you're doing anything remotely related to UI or UX design you have to see this keynote. Period.
More and more companies are realizing that the intuitiveness and ease of use of their applications are very critical to their competitive advantage. How many taps or clicks does it take to achieve something in your mobile application? Think again. It's a matter of people using or quiting it.
Luke Wroblewski will blow your mind with the statistics and examples he puts up on the screen.
Sessions - 4 June 2014
Immutability, State and Scale - Functional, Distributed Applications in Azure
Banish Your Inner Critic
I'd read a couple of essays written by Denise Jacobs about creativity and productivity. I wanted to attend one of her sessions. She explains how to stop (or ignore) your inner critic that tries its best to scare you from failure and to kill your creativity.
Builders versus breakers – 10 online attacks we could have easily prevented
Troy Hunt's talks are like exciting science fiction movies. You don't want it to end, but time flies quickly. The title of the talk is self explanatory. It's about a bunch of very interesting online attacks happened in history and most destructive ones have happened in the last 2 years. Maybe this is a sign for what's about to come in the future. Data theft at its best.
One doesn't get to see Douglas Crockford in person everyday. Functional programming and asynchronicity are two hot topics of the new era. Crockford talks about what asynchronicity is, its effects to our programs and how we can best test these async scenarios using a testing tool called JSCheck.
Sessions - 5 June 2014
Surprisingly programs become DSL-like and more readable because instead of "HOW" the program syntax starts to tell "WHAT". Making it more declarative than imperative.
An Actor's Life for Me – An introduction to the TPL Dataflow Library and asynchronous programming blocks
As programmers our "flow" is something sacred to us. When we're concentrated and in flow we must not be interrupted because it annoys us and costs us too much time to get back into flow again.
Mark Seemann thinks interruptions are going to happen no matter what. Instead of trying to avoid them he focuses on ways of working that will allow him to get back into flow easier and much faster.
I've come across a nice summary blog post about this session.
GitHub Power Tools
This is a useful hands-on session on using GitHub. It's not focused on Git but more about what you can do with GitHub itself. GitHub is more than only Git and has many features for letting developers collaborate on open source projects effectively.
Sessions - 6 June 2014
Just like with Douglas Crockford, you don't leave a conference without attending a session given by Bob Martin. This is one of those talks with some "aha" moments about functional programming.
One thing that I found really interesting is a book that Uncle Bob mentions during his talk. The book is called Structure and Interpretation of Computer Programs which he praised a lot. At some point during his talk he said something along the lines of the following:
..almost near the end of the book the authors wrote a couple of pages worth apologies on what's about to come, and then they introduced the assignment statement..
This amazed me. They could write almost the whole book without the assignment statement (read as pure functional) and then they introduced it like as if it was a defect in software programs. Funny.
Transforming your C# code to functional style
One of the most effective and indulging sessions I've attended in this conference. I highly recommend everybody to see it. Don't expect complex code examples. Venkat Subramaniam uses simple examples to make his point. Just listen to what he has to say about functional programming, he'll open up your mind.
Another Troy Hunt show off session. He talks about a couple of highly effective web attacks. Watch it if you're looking for fun, but basically it all comes down to a couple of main points:
Never ever display a login form on an HTTP connection. Even if you're posting that form to an HTTPS endpoint. A man in the middle can change the form to somewhere else and steal your credentials without you knowing it. Turns out that Iranian government used this technique to steal its citizens' Facebook credentials for a while before Facebook woke up and made their login page HTTPS only.
Always be careful with SQL injection. If you're using latest frameworks you're mostly covered.
Make sure your username & password challenge is computationally costly and time-consuming. If an attacker gets a hold of your user database and decides to convert them to clean text, he should be slowed down. It turns out that simple hashing and salting algorithms are easy to break with rainbow table attacks. Even the ASP.NET Membership implementation from 2010.
This is what I want to share right now. Maybe I can dive into a number of these topics in some of my next blog posts. Thanks for reading.