It's another year and Codemash has come and gone...again! It seems to go faster and faster. In today's post, I review how much fun I had at Codemash.
Ever since I started attending Codemash (2012), every year is always something better.
Better sessions, more faces (old and new) and more things to do.
It is truly amazing what you gain from this conference.
Just to give you an idea of why I go every year:
- It's an affordable conference (~$600) Most conferences hover ~$2,000.
- It's nearby (Columbus is 2 hours away from Sandusky)
- I consider it tuition with the amount of knowledge you come away with every year.
- A number of meals are provided to you throughout the week.
- For me, it's a "reunion conference." I've seen a ton of developers from my past spanning all the way back to even 2000 at Codemash.
- I would consider it an international conference. I've seen developers from England, Australia, California, and Florida...JUST to head to Sandusky, OH for the week. (Shhh...I even hear Jon Skeet goes to it) ;-)
- Oh yeah...it's a huge waterpark as well.
As you can see, there is a lot.
When I got to the Kalahari, I arrived a tad early and my room wasn't ready yet.
After grabbing something to eat, my room was ready.
The lady mentioned to me:
I HAD to laugh...and tweet it, of course. It was almost the last room at the end of the South Sand wing.
I needed a canteen to get to the conference area. ;-)
In the evening, I had some dinner and headed back to my room to get ready for the onslaught called Codemash.
Tuesday morning is when it all started, but breakfast was served at 7:00a, then the pre-compiler sessions started at 8:00a.
People who know me know...
I. Am. NOT. A. Morning. Person.
Once up, I had to make a decision.
After breakfast, I had a full stomach and was ready to go.
Onward to the pre-compilers and sessions. The week had officially begun!
Going All In With Functional C#
Tuesday a.m. - Ed Charbeneau (@EdCharbeneau)
Ed gave a great workshop on writing code in C# with a functional twist to it. He gave a great delivery and provided handouts to his audience.
Everyone received a handout called Functional Programming with C# 7.1 and deck of cards. Audience members were wondering why he was handing out decks of cards.
"We will be ranking poker hands using functional C# code."
Ahhhhh. Got it.
After learning about mutable, immutable, ternary operators, one-line methods, LINQ techniques, and thread-safe collections, I was definitely into the code by the end of the session.
As my friends and everyone else were heading to lunch, I was still pounding away at my laptop yelling, "Hold on, hold on...I think I got it, I think I got it...one more line."
Great presentation along with souvenirs. ;-)
References: Going All In With Functional C#
Capture The Flag Tournament
Tuesday p.m. - Mike Woolard (@wooly6bear / https://wooly6bear.wordpress.com)
The Capture The Flag Tournament was a little different than I expected, but it got you thinking outside the box. Or was it just thinking outside? ;-)
The way the tournament works is you are signed into CTF website and have a number of beginner, intermediate, and advanced challenges/puzzles to complete identified with green, yellow, or red indicators.
Click on a puzzle to receive it's clue and you are off to the races. Once you follow the path of the puzzle, it may take a while or it could take you five seconds. When you find the code in the end, you receive a code that looks like a GUID, but starts with (CM18 for Codemash 2018).
Enter the code into your puzzle's clue page and you get points for it.
In this session, we went over the first five puzzles to understand how they work.
Mike mentioned you could stay for 30 minutes or the entire four hours and work the puzzles during the session if you wanted.
Everyone gave their feedback about last year's CTF and said this year's format was a better fit for everyone.
Webapp Pentesting for Developers and QA Persons
Wednesday am - Brian King (@bbhacking)
One of my primary objectives for Codemash this year was learn more about security and how to code for it.
Hence, my interest in Webapp Pentesting with Brian King.
He gave an excellent hands-on lab with tools such as BurpSuite, ZAP, Fiddler, and a number of other additional tools to test your web application from hackers.
We covered Cross-Site Scripting (XSS), SQL Injection, Unvalidated Redirects, Broken Access Control, and Insecure Deserialization.
The primary takeaway from this workshop was to always sanitize everything coming from a user on a webpage. ANY place where a user enters something from a webpage could be malicious so defend yourself against it.
It was a very solid presentation and kept the audience engaged with questions.
Demystifying ethereum to build your own decentralized (D-app) app using blockchain
Wednesday pm - Abhiram Ravikumar (@abhi12ravi)
This was another one of my primary objectives: to get a better understanding of what blockchain is and how to leverage it in business.
Of course, we all know about how blockchain runs the cyptocurrencies around the world like Bitcoin, Ethereum, and Litecoin.
Abhiram gave us a great overview of how blockchain works along with a hands-on tutorial on how to simulate a blockchain server using a virtual machine.
He packed the house with his topic. Of course, ANY mention of blockchain will bring the crowd in droves, which, by the way, was standing room only.
Real-Time Traffic Visualization in a Microservices World
Thursday, 8:00a - Roberto Perez Alcolea (@rpalcolea)
Roberto's session gave us a glimpse into what a full-blown Microservices architecture looks like in a company.
His demonstrated a microservice on his local machine and explained it's design. While it was running, he even mentioned, "Now, my machine is definitely slowing down."
Roberto did really well with his session for such an advanced topic. Quite impressive.
Thursday, 9:15a - Brian Genisio
That's why Brian Genisio's session was completely packed. He was a great presenter and let some humor slip into his presentation which was awesome.
His title may seem a little click-baity, but these tips were not what I expected making the session well worth it.
In case you missed his session, he also has a video on YouTube.com.
Intro to Blockchain: What Is This For and Why It Matters
Thursday, 10:30a - Shannon Wells
After the Ethereum workshop, I wanted to focus on learning more about Blockchain and why companies were beginning to use it, what was it's benefit, and how to get started.
When I saw this session, this complimented what I just learned in the Ethereum pre-compiler.
After listening how to use blockchain and dedicated machines to mine puzzles, this became clear to me that I needed a cluster of computers with high-end graphics cards to mine properly.
Shannon's session was definitely eye-opening. In regards to the blockchain technology, it was a technology that wasn't going anywhere anytime soon.
However, with Bitcoin, Ethereum, and every other cryptocurrency out there, it made a couple people skeptical whether to invest because of the risk in the financial industry, but gave everyone a solid understanding of blockchain's potential.
The Science of Great UI, Part 1
Thursday, 11:45a - Mark Miller (sgui.com)
I attended Mr. Miller's pre-compiler (4 hours) last year and I thought it was a great session for UI folks.
This year, I feel he broke the four hours into three separate sessions packed with examples for his audience.
His approach as to how people create interfaces is both humorous and scary.
For example, one image he presented to the audience is below. See if you can find the issue.
Yes, the sign does have sharp edges, but don't you think there's a more important issue here.
Did you read the fine print?
THE BRIDGE IS OUT! Shouldn't THAT be the larger font instead of a tiny 12pt text?
That's what I meant by humorous and scary. As Mark said, "I can't even make this stuff up!"
I would definitely recommend checking out his site called SGUI.com. If you want more humorous real-life situations, check out his Research section.
He also has an DevIQ training program if you are truly serious about proper design techniques.
Secure Applications, By Design
Thursday, 1:00p - Craig Stuntz (@craigstuntz)
Mr. Stuntz from Improving gave a great presentation. His delivery was solid and added some humor into the mix.
"QA and Security is not something you can sprinkle on top of a crappy application and expect everything to be better." Definitely an excellent quote.
Another comment he made was that in some companies, every developer is required to go through OWASP training to understand the top 10 vulnerabilities before touching any code.
Craig also mentioned how to execute a Threat Model for your application by asking these key questions:
- Who is affected by the software you create?
- What are you building?
- Who might attack it? How could it go awry?
He mentioned one book from O'Reilly called Security From First Principles (O'Reilly) where focuses on seven principles regarding security which include:
- Comprehensibility - Are you covering all of your bases and exposed points in the system?
- Opportunity - Are you taking advantage of your environment?
- Rigor - What is the correct behavior for this function and how am I ensuring it?
- Minimization - Can this be a smaller target?
- Compartmentalization - Can you replace a component without breaking the system?
- Fault Tolerance - What happens when a certain piece of the application fails?
- Proportionality - Is it truly worth it to secure this piece?
With these seven principles, he walked the audience through a real-life case study referring to each principle.
Overall, it was great session for Lead Developers and Architects to learn how to develop software with security in mind from the very start of a project.
Easy CQRS with ASP.NET Core and MediatR
Thursday, 3:30p - Ryan Foote
This was one of those sessions where I wanted to dig more into MediatR with a simple example.
Ryan first went over what CQRS was (Command Query Responsibility Segregation) and how it relates to CRUD with pros and cons when using CQRS.
CQRS, in it's simplest form, means partitioning your application into reads and writes. Your reads (the Q in CQRS) would include retrieving (the R in CRUD) and your writes would include the creating, updating and deleting (the C,U, and D in CRUD).
Once the CQRS was behind us, Ryan focused on MediatR which allows communication between objects in a system. It's based on the Mediator design pattern and was developed by Jimmy Bogard.
Ryan explained the concepts of MediatR which was a great introduction for everyone (like me). He even provided code examples and snippets.
The code is available on his GitHub repo.
Overall, Ryan gave a great session with code samples spotlighting two patterns used in software systems today: CQRS and MediatR.
Explaining these two concepts to the audience with a working application made the session more worthwhile to attend.
Jimmy Bogard attending the session was also entertaining. ;-)
Choice Is Overrated - Designing Products That Know What You Want Before You Do
Thursday, 4:45p - Heather Wilde (@heathriel)
When building a product for your customers, you want them to absolutely gush over it. This tells you whether you succeeded in creating a great product or not.
Heather Wilde gave an entertaining and informative session on anticipatory design.
Anticipatory Design is the ability to take the 2.5 Quintilian decisions everyone is making throughout the world every day and use machine learning, IoT (like Alexa and Google Home), and UX design to create experiences for users before they know what they want.
This. Was. Awesome.
Heather mentioned the results of these decisions were coming from primarily seven Internet properties depending on your location. With all of these decisions centralized, you can apply advanced "anticipatory" decisions making the application seem "magical."
All I can say is watch the YouTube video.
Mocking .NET Without Hurting It's Feelings
Friday, 8:30a - John M. Wright (@Wright2Tweet)
Unit testing and mocking is the standard now. I wanted to get a refresher on mocking to see if I was executing everything properly.
John's presented constrained (like RhinoMocks and Moq) and unconstrained mocking frameworks (like Telerik JustMock and Typemock Isolator) with the benefits and drawbacks of each.
His session also included great code examples of how to mock classes.
I loved the session and it reaffirmed everything I've been doing with my own projects is correct.
Public Speaking Without Barfing On Your Shoes
Friday, 9:45a - David Neal (@reverentgeek)
I cannot say enough about Mr. Neal.
His session was humorous, inspiring, and creative. All things that go into his presentations.
David's tips on how to speak in public were very down-to-earth and provided me with an understanding that it's not just me who has problems with speaking...
...It's everybody who has problems speaking in public!
His tips were:
- You don't have to be an expert (Imposter Syndrome)
- Entertain your audience (laughter is a superpower)
- Storytelling is a secret weapon
- Record yourself
- Turn off notifications while presenting
- Your audience is forgiving
- NEVER apologize!
- Focus on the "Why," not the "How."
I thoroughly enjoyed his presentation and will be looking into presenting in the near future.
I also wanted to thank Mr. Neal for my avatar. Great work!
References: GitHub (w/Slides)
Chrome Dev Tools: Raid the Armory
Friday, 11:00a - Greg Malcolm
I love the way Greg planned out this session.
He took an already-built web application and turned it into a presentation while "interacting" with his boss, Wanda (at least...I think it was a Wanda)
His boss kept asking him to fix certain sections of the site. As he was asked, he would focus on certain Dev Tools and explain each task to the audience.
First, we focused on responsive issues using the Device toolbar.
Then, we examined different techniques on how to use the Elements panel to fix CSS styling issues.
While in the Sources panel, Greg executed some Ajax calls. This warranted a final trip over to the Network panel to analyze the load performance.
This was an awesome session where Greg demonstrated a "real-life" situation (entertaining as well, I might add) where a developer walks the audience through the thought-process of how to fix front-end issues using Chrome Dev Tools (and to understand what exactly goes through Greg's mind) ;-).
References: GitHub (w/Slides)
Giving Clarity To LINQ Queries By Extending Expressions
Friday, 12:15p - Ed Charbeneau (@EdCharbeneau)
Impressed with Ed's pre-compiler, I decided to check out his next session on LINQ queries.
I always love me some LINQ statements when I can use them and Ed didn't disappoint.
The idea behind the session was almost an "extension" (if you will) of his pre-compiler. The idea was to break down each LINQ queries into a more descriptive, easy to manage method.
Thinking along the same lines, he also described how to use Expression Trees to make your own LINQ expressions.
It's almost like writing code to write code.
He also used Predicate Extensions where you could use an AND or an OR with a LINQ statement to create complex queries.
In his final code example, he combined all of the techniques to create a very simple LINQ statement which was easy to read, very granular, and maintainable.
The session was as I expected: awesome! Great work, Ed!
Evolution Of A RESTful Testing Framework
Friday, 2:45p - Kevin Shomper (@kjshomper)
Kevin gave a good presentation on how his team kept pushing forward with a REST-based testing framework.
They evolved using Swagger and started integrating user realms (like associate and member roles) into their testing framework.
They went through three designs and finally landed on using New Relic APM.
ZAPping Security Vulnerabilities In Your Dev Pipelines
Friday, 4:00p - Matthew Smith (@mpsmithofficial)
This was one of my favorite sessions. As mentioned, security and blockchain were my targets this year.
In an earlier pre-compiler (WebApp Pentesting), ZAP was mentioned as a great tool for pentesting web apps. After installing it and playing around with it, I immediately knew this would be in my toolkit for pentesting.
Matt went through the session almost like he was speaking from experience on how to sell pentesting to the business users in your company.
He also demonstrated ZAP on a simple, local website. ZAP is an OWASP tool. The tool works strictly as a client and beats up any website looking for vulnerabilities.
PLEASE NOTE: In no way should you use ZAP to attack a website WITHOUT permission.
This was emphasized by Matt and, right now, is also emphasized by me. Prison just doesn't look good on developers. :-)
I will definitely be using ZAP on my website...LOCALLY to see if there are any vulnerabilities.
Great presentation, Matt...BTW, do you have the slidedeck from your session? :-)
The Week...is over?
That was the last session. Of course, we had a blizzard on Friday afternoon.
Well, I stuck around til the end. I always do.
So after all the bacon was gone...
...and everyone went home and the lights went out,
...it was time to reflect on the week.
As a custom ritual, every year before I leave the Kalahari, I HAVE to grab a Tiramisu Cup with a coffee (yes, check my Codemash posts).
After Codemash, this is when I have "personal quiet time" to myself to take a deep breath and relax.
Funny thing, though.
When I arrived home on Saturday, I took a nap.
A 4-hour nap.
I was exhausted...again...like last year!
Made it home from #codemash.— Jonathan Danylko (@jdanylko) January 14, 2018
Took a nap.
JUST woke up.
For a second, I thought it was a dream.
Thinking back to Newhart finale..."You'll never guess the dream I just had." ????
It was another successful Codemash for the books.
To the staff, interns, organizers, and presenters, thank you so much for putting this on every year. You know we developers are a bunch of introverts. This gives us an opportunity to meet, expand, discuss, explore, and just have fun with everyone...without the awkwardness. ;-)
To Zagg Studios, I get exhausted watching you guys run around capturing every session. You guys rock and thank you!
And finally, to the Kalahari Resort and their staff, thank you so much for hosting Codemash. The Kalahari Resort continues to impress me each and every year during Codemash.
Did you go to Codemash this year? What did you love? and why didn't you say "Hi" to me? ;-) Post your comments below and let's discuss!