Welcome Guest, you are in: Login

Fulton Wiki



Search the wiki


Notes on various conference sessions

Modified on 2012/07/01 01:27 by Ben Fulton Categorized as Uncategorized
Raw notes, to be written up as separate pages at some point

CodeStock Hack the planet @danemorgridge Tail CEO thru McDonald's, good chance his phone will connect to wifi and then to Outlook Web Access without SSL. If so, his Active Directory credentials just went over the open network. TODO: change google and yahoo paswords, make sure gmail is SSL Personal Security Options: - Always use HttpS - VPN Common Security Holes OWASP top 10 CSRF - trick is to find a URL that might require someone who is authenticated. Then you can set an where the url does something damaging, if they load the page with your image on it Security misconfiguration - searching for myPHPAdmin? Look at logs to see how often this is searched for. Check OWASP #10, invalid url redirecting. Hmm. Python is language of choice for hacking - rich network library Download BackTrack (backtrack-linux.org) Mantra scanner tool

Functional programming @rickasaurus I'm not sure what the point of this talk is. We've discussed functional programming and the composing of functions in F#. I think the idea is that once you write the little functions, you can combine them together as long as the signatures are the same. Could have been better elucidated I think. Maybe the fundamental thing to remember from college is the idea that you can transform the types that you pass to a chain of generic functions. If you can pass a(b(c(d(5)))) appropriately then you should be able to do a(b(c(d(Maybe<5>)))) appropriately, and pass the maybe<> down the line.

building a website with azure (@dburton) class User extends Userbase - userbase is from backbone backbone is based on underscore which has a templating library use backbone's "rails post" mechanism but with a lib that overrides it to use html5 local storage did some stuff to set up an azure account, then wrote a node module to create some tables. there is a Node library to talk to Azure. The Azure site has directions on how to set up a node/azure site in a couple of minutes Then socket.io for communication.

CoffeeScript (@dmohl) significant whitespace works fine with JQuery wraps all code inside self-executing anonymous functions (can use "window." to explicitly add to the global namespace) can use js keywords as variable names the == symbol actually compiles to === there are compilers for most languages that compile to JS. CoffeeScript style might be the closest to the actual JS though. "An opionated subset of JS" Syntactic sugar @ = this inline string formating. first = "foo" title="the #{first}" slimArrow: define Add function: add = (val1,val2) -> val1 + val2 fatArrow: allows defining member functions for classes multiline strings: 3 single quotes, or 3 double quotes for inline formatting existential operator Mindscape Web Workbench WebStorm - a JavaSWcript IDE Use node.js and NPM to automate watching folders and compiling the CofeeScript into JS (Can it directly do minifying? - BF)

T4 templates (RichardGo@magenic.com) .tt file compiles to a code class complies to a text file usage scenarios: Config files, DB enumeration classes, enums in code aspx navigation ( existing plugin ), data entity classes, WiX file creation, CRUD stored proceures T4 is built in to visual studio but no editor, Tangible has an editor "Tangible T4 Editor" In VS go to Tools -> Extension Manager -> Online Templates -> Search Structure: <# begins code block. <#= is inline evaluation, <#+ class <#@ directives (including @import so you can add your own class libs) Built in functions: Write/WriteLIne PushIndent/PopIndent Warning, Error Inputs can come from XML or EDMX (Entity Framework libraries) or SQL database <#@ include is a directive so you can build up templates. *.ttinclude (How do command line build? - bf ) Debugging: Have to launch a new devenv to debug the one that's creating the template. Set debug="true" on the template and call Debugger.Launch somewhere in a directive (In VS2012 can debug in a single instance) Interesting use case: Put a template under another file use T4ScriptFileGenerator (which is part of T4Toolbox, not included), when the above file is saved, the templated script is run. Demo: validating an xml file against a schema

Leon Gersing Beginning iOS XCode InterfaceBuilder (now part of XCode) hierchical design Objective-C is just smalltalk thrown on top of C ARC (automated reference counting) Sending messages to NIL is a no-op. Nothing happens @ syntax is smalltalk part - @interface, @implementation @synthesize (appears to be autoproperty but with overrides) @dynamic IBOutlet - an interface allowing InterfaceBuilder to work with classes. Also IBAction and IBActionCollection

  • KLIJST: Mark List as "Interesting"

Michael Bradbury, independent Not a myth: working for yourself is hard First game was a flop even after good reviews Backed into dev as a side thing from comic strips - Build something you need. (But what about building for enterprise? - bf) - Build something you can support. (from email, to faq page, to online forums) - Support your customers and they will support you - Some customers suck (the're used to being sold crap and their compaints ignored. Or not unhappy with you so much as unhappy in general. Give 'em a refund and move on) - Marketing is free. A blog. (TODO - resurrect blog - bf) - Trust is everything. A blog with a bogus voice dunt help - Learn how to write - Nobody reads your help file. Might be better to redesign the feature if it needs that much explanation - Don't try to be cool. Don't add features just to gain attention. Don't show off. - Screw the power users. Make it simpler for the regular user. Power users ask for weird features with barely any use cases. Complain when you drop options. This is difficult because we *are* power users. (so what about building for yourself? - bf) - Embrace change. Stay relevant, unless you want to spend your time maintaining legacy code - Is advertising your best business model? Probably not unless you have a large user base.

Andrew Day, Fragemntation of Android market Fragmentation by device, fragmentation by screen size "Fragments" Why should we use fragments? - Single code base, multiple screen resolutions. Access to new APIS on older devices! No monolithic activities. How do fragments work? - Must have a host. Independent. FragmentManager: Add, Replace, Remove. Subclasses: ListFragment, DialogFragment, PreferenceFragment Handling multiple screen sizes: Can do it in the layout: Can also do it in code by turning on or off various fragments. Stop thinking like a developer, start thinking like a designer. If you have space, fill it. Don't leave it blank, don't stretch it. Download and add back compatibility package. Min target SDK should probably be 7. Use the layout to find your ids

Tobin Titus (@tobint) HTML5 tips and tricks Performance: behavior of an app relative to expectations Netwok optimizations: Enable compressed content (server and client) (but disable on images folder since it's compressed already); minify javascript and css; cache content (Expires header);Create image sprites so lots of little images don't cause separate requests (Use CSS styling to specify the location on the sprite sheet); Don't scale images; DOM optimizations: link stylesheets in head (inlined styles cause a reload) and don't use @import. Limit number of rules; Externalize css; JS at the bottom of the page (or use "defer" attribute") NOT inline as it interrupts DOM loading to execute; reduce DNS lookups (more than 2 domains will probably slow down loads); Paint vs. Layout (changing a backround color is cheap; changing a position requires massive redrawing. For data that might change, make sure that the DOM knows that the layout won't change when the data does); Minimze dot operations;Reduce the complexity of the DOM tree ( does that mean the depth?) JS optimization: Minimize symbol resolution (you can cache a function before using it in a loop; keeps from looking for func each time); avoid "with" statement;use requestAnimationFrame to handle redraws (uses browser refresh);

Comiitted to Good Commits David Ruttka (@druttka) @codinghorror - source control is the bedrock of software engineering Link to issue tracker is important - reviewing issues - help testers make test cases - Ad-Hoc changes - do something with them - card for refactoring, or? - Issue tracker in GitHub auto links if you begin your commit message with #5 (eg) Atomicity - commits should be atomic. Helps keep comments concise, frequent commits, can pull in to master based on commits (cherrypick), easier to roll back (but is atomicity at the push level or the commit level ? - bf) Frequency - commit early and often - helps with checkpointing, descriptivity, and CI. But frequent commits may destabilize things. What do you do? Branching. Helps to isolate change and preserve stable state. Branch by release - then hotfixing or service packs. Or, branch by feature - create a dev branch off stable then merge back. Can branch off branch for subfeatures. (Couple of links for good explanations) Validation - Safe place, no garbage, build, test, diff (A prebuild build? - bf) Synchronization - semantic conflicts, CI. "Checkin dance" pull latest before checkin of big change. "Guthub stoplight" (sounds cool, run by arduino? sweet. - bf ) Signals Resources: Programmers Stack Exchange, Version Control By Example (Eric Sink - maybe free eBook?) Vincent Dreissen (@nvie) for Git folks

Monads - great talk, built up Maybe Monad step by step, used Monad in a linq statement

WiFu Need Network adapter that supports "Monitor" mode ($30 from Amazon) Directional antenna is also $40 from Amazon Wireless packet frames: management, control, or data Wireshark packet sniffer - determine the channel of the network you're interested in airodump - a lightweight packet sniffer

Bypassing security: - Hiding SSID is an ineffective means of security. Still sending beacon packets, and you can recover it by sending deauth packets. which will cause machines to attempt to reconnect and send the SSID with them. - Only allowing MAC addresses - ineffective. Deauth requests, watch for the reauth packets and use MacChanger to borrow a MAC address that was being sent (MacChanger only sends the broadcast MAC, not the actual) - Shared key WEP - Use airodump to watch for reconnect attempts, send a deauth, and monitor the handshake. Aircrack cracks the key - WPA or WPA/2 - only attack is dictionary attack. Rainbow tables exist for the most common SSID/PW combinations

Tools Jasegar (Pineapple IV) (mocks networks that are being requested for autoconnects by phones, laptops) Reaver Pro - cracks WPS setup. Reaver is free cracking software, the pro version is pushbutton hardware

Hack5 podcast

"iw reg set bo" - changes card so it can be used in Bolivia, with all regulations (or lack thereof) on power


Jurgen Appello How to Change the World Fails a lot Wrote "Management 3.0", 6th most influential agiliot Barriers to further agili adoption: #1 Ability to change culture #3 Restance to change Mojito method (make something cool out of boring ingredients) Need to get his book list 4 facets of change 1. The system PDCA cycle (Plan, Do, Check, Act) Do: define simple steps to follow, choose right moment/place to start Check: Feedback, Measure Try again, and again, until you have it right (and learn from others failures) We cannot control systems, but we can dance with them 2. The people ADKAR (Ability, Desire, Knowledge, Awareness, Reinforcement) 10 intrinsic desires (CHAMPFROGS) Build habits with small successes to make behaviors sustainable (gamification) 3. Stimulate the network Rogers innovation theory Make sure not on your own Who will be the innovators? How do you reach early majority? Listen to the skeptics and understand what is holding them back 4. Change the environment self-organization can only happen within a boundary 5 I's - Information, Identity, Incentivies, Infrastructure, Institutions Information radiators Identity - appeal to a higher identity that people want to associate with. T-Shirt test - will your employees wear your t-shirts voluntarily? Common tactic: them vs. us Incentives - small rewards (makes sure focus is on behavior) Infrastructure - What barriers to remove? Which guides to place? Institutions - define and enforce rules of good conduct

@LeanDog UX and agile Most organizations don't have enough UX specialists They disagree with: No need for UX if people are forced to use the software Progressive elaboration "Lean Startup" a big influence, recomended for at least the third time Three practices User Story Mapping - mapping out with post-it notes, then find pain points, focus on Customer Value Test First Design - make sure to come up with a design that you can put in front of customers quickly, to see if they like the concept. Don't spend months building before finding out. Flash Builds - Nordstrom innovation, went out to store and built app in a week, getting customer feedback after every change Persona: Connected Communicated Consumer

Michael Mah Agility Study QSM Slim database Waterfall methodology increaases bug rates project size mesaured by SLOC Larger projects all waterfall Agile metrics Velocity, headcount, stories and point sizing, bugs Results: Columbus sw faster schedules fewer bugs than industry average (Take into consideration regulated industry v. non-regulated? - bf) (Bug rates and schedule time should increase logarithmically rather than linearly - bf) Q: Maturity of team? A: Yes, seem to have higher bug rates on less mature teams. Not doing agile properly.

IGS QA team Manual QA. 200 manual test cases. 1st release, couple QAers, 3 weeks, just a few bugs Next release... refactoring is a cuss word. 150 bugs logged in 2 weeks, development keeps moving forward, dev and QA antagonistic, QA doesn't know what to test except from a requirements document, new features change existing code Not really coding bugs, not requirements bugs, but communications bugs QA is the constant bearer of bad news (telling devs about their bugs) A release to QA every 3 weeks, and branch the code Then, a 4 week bug-fixing sprint, what to do to prevent this Offered a dev to the QA team, but QA didnt trust dev. But the dev was able to start automating tests 3 amigos (BA, QA, Developer), write acceptance criteria in Gherkin Create a table of testing notes with specific examples And create gherkins from those Tips: Break things into small chunks; acceptance criteria being complete before dev begins (Doesn't that slow you down a lot? -bf); remember end goal Then automating tests (SpecFlow) developers write, but since all one team it doesn't matter (what if changes? QAs still buy in? -bf) Restructing requirements - took big complicated workflows and replaced them with actual method names. ValidateSingleAccountExists, ValidateUsageDoesNotOverlap, then the function can be tested. (Now requirement seems almost exactly like code - bf) New Definition of Done (has to be tested, it it's not developers help test) entire iteration on one card board, rather than transferring between rooms. (Bug tracking tool ? How transfer to cards? - bf) Colocation - a Pod (2 devs, 1 BA, 1 QA) GOAL over role (Not: I code, you test, but: get quality software out the door) (Confidence in automated tests means no regression testing? - bf)

Christopher Avery how to respond to a problem: COPING: denial, blame, justify, shame, obligation. GROWING: responsibility. 3 qualities of high performing\ teams: Going above and beyond, ?, and ? Intention -> Awareness -> Confront -> Intention Exercise: figure out what phrases your team uses to respond to a problem, and categorize them. (denial, shame, etc.)

@unclebobmartin "Clean architecture" Fermions, bosons How lasers work, ultraviolet lasers ($12 at Amazon) What should an architecture look like? (Eclipse, Java, Spring). Those are just tools! Good architectures _Scream_ their intended usage Look at the system. Can you find the use cases? Or do you see model/view/controllers? (But how else would you structure a rails app? -bf) The use cases are hidden and all you know is that it's a web app. UI and use cases should be separated A good architecture allow you to defer decisions Start from the use cases, write the code for those. Defer (web app? database? IOC?) A good architecture maximizes the number of decisions not made Recommends "Object-oriented software engineering" Done properly, the interface becomes a plugin to the application (web,console,Fitnesse) Bad code? Afraid to change it? Fearing the code is dangerous. You should not fear something you created. (It really comes down to use-case first. Persistence and interface happen at the end - bf)

@objo "Pragmatic thinking & Learning" "How to win friens and inflicene poeple" People Patterns Conversation Rolodex What do they see? Three Realities - your side, their side, and the truth Listen Without Agenda Don't delay bad news Consistent Uncompromising Honesty Listen between the lines - what do people actually want? Assume the positive Positivity moves forward - negativity leads to a quick end of the road. No point in assuming that people are out to get you, that they can't be trusted. But it's an easy thing to think! Two most important words in improv: "Yes, and"

Brandon Keepers Why code smells Recommends "Growing object-oriented software, guided by tests" Smells: Dependy on other objects too many assertions duplicated setup in multiple tests difficult to understand test a glance Shows 8 lines of jQuery that can be expanded into dozens of lines of Backbone (is that really an improvement?) Slow unit tests

ScrewTurn Wiki version Some of the icons created by FamFamFam.