Codemash New Friends, Old Friends, Great Times!

This year's Codemash didn't disappoint with their sessions. In this post, I cover the sessions I attended and the general feeling of the conference.

Written by Jonathan "JD" Danylko • Last Updated: • General •
Codemash 2017 Stag Sign

As I sit here writing this post, it's Friday night at the Kalahari Resort in Sandusky, OH and Codemash is over.

I'm exhausted from the sessions and the amount of electricity firing in my brain over the past week while trying to comprehend the new technologies and new perspectives to implement old technologies.

My brain is officially full!

Tomorrow, I'll grab my ritual coffee and pastry from the Kalahari before I leave and sit down to decompress before the trip home.

Coffee and Pastry from the Kalahari in Sandusky, OH

This year was no different. ;-)

As mentioned in previous posts (2016, 2015), I wanted to provide a summary of the sessions I attended over the week, not just for my readers, but for me to remember what I did over the week.

This year's Codemash went from January 10th-13th.

So as I mentioned in my tweet, "Let's do this!"


The first two days are always the "Pre-Compiler" days where you participate in either a 4 or 8-hour workshop with a laptop trying new techniques or technologies.

AM - Xamarin is Free! (Now What?) / 8:00a-12:00p / Jason Awbrey (@jkawbrey)

Jason gave a great session on how to use Xamarin by building a very simple weather app.

First, he provided a little bit of Xamarin history, how to structure your Xamarin App with different UIs and platforms, and finally, dove into building a simple mobile weather app with step-by-step instructions.

VERY helpful and thorough. One of the misconceptions of a Xamarin project was using a portable library that contained all of the code for each platform.

I thought all of the code we wrote was the "host" project.

I was wrong.

It was the portable library we were maintaining while we didn't even touch each UI (Android, iOS, Windows Phone, etc).

Overall, I learned a lot about how to build a Xamarin app, but my XAML is a bit rusty.

PM - Science of Great UI / 1:00p-5:00p / Mark Miller (@greatui or @millermark)

I've never heard Mark Miller speak before.

He was definitely a great presenter at Codemash. His perspective on UI was definitely enlightening and provided an even edgier look into the psychology of how people perceive UI...

...and how screwed up it is.

His 13 years of UI experience gave the audience a look into how UI SHOULD be done and gave pros and cons of light and dark displays.

There were a couple of programmers trying to justify it.


AM - Building Domain-Driven Applications with .NET Core / Steve Smith (@ardalis)

This session provided a great introduction to building an ASP.NET Core application complete with unit and integration testing along with SOLID principles.

First, Steve gave everyone an architectural overview of what a Domain-Driven application looks like.

Next, he mentioned we were going to build a completed application by the end of the session which was a guestbook.

Personally, I think Steve has a great approach to presenting in his sessions.

He presents in a way where he discusses the approach then explains why we'd move in that direction. From there, he gives the audience enough time to write code related to said approach while walking around answering questions. Then he moves on to the next topic and repeats the process.

Overall, this was a great introduction to ASP.NET Core and after the workshop was over, it gave the audience a "souvenir" (REAL code) to take with them to understand how to build an ASP.NET Core web application.

PM - Git Hands-on Workshop / Cori Drew (@coridrew) and Keith Dahlbyk (@Dahlbyk)

I didn't realize how much there was to Git. This source control tool provides way too much to comprehend in 4 hours.

At the very beginning, we learned how to work with Git at a command-line, get the status, work locally and remotely with branches, merging, and learning katas.

Cori and Keith gave a great presentation and provided Git Cheat Sheets for everyone as well.

I did find out that they wanted to do an 8-hour workshop on Git since there was so much to Git, but they were given a 4-hour window instead.

I can just imagine how much information-overflow would come out of the 8-hour workshop. ;-)

Fantastic session!


8:00a - Fat Controller CQRS Diet / Derek Comartin (@codeopinion) /

Derek presented his experience with using ASP.NET MVC with CQRS. The code he presented gave the audience a look into how to segment web apps into read (the Q in CQRS) and write (the C in CQRS)

He explained why using MediatR was a great tool for a CQRS app. The command/query would come in, it would be sent to MediatR, and MediatR would direct the message and execute the explicit code.

Overall, a great session on introducing a specific CQRS technique into an ASP.NET MVC web application.

He seemed a little nervous based on his post. ;-)

9:15a - Hypermedia APIs: The rest of REST / Chris Marinos (@chrismarinos)

Chris gave an interesting presentation about an unknown part of REST.

He mentioned the 4 levels of the Richardson Maturity Model:

  • Level 3: Hypermedia Controls
  • Level 2: HTTP Verbs
  • Level 1: Resources
  • Level 0: POX

For now, we are currently at Level 2. He explains we are in the infant stages of moving to level 3 and how he's been using level 3 for a while.

His examples used Postman and Siren to send and receive data.

For a more detailed description, I found a similar video of him explaining the same thing from Codemash: Hypermedia APIs: The rest of REST.

10:30a - A Technical Tour of Real-World Web Application Vulnerabilities / Justin Collins (@presidentbeef)

Justin gave us a whirlwind technical tour of what "researchers" are doing to test real-world web applications along with communications.

The companies mentioned in the talk were:

  • CapitalOne
  • Uber
  • United
  • Domino's
  • Ashley-Madison
  • Facebook
  • Instagram
  • Imgur
  • PornHub

He definitely had a humorous approach to explaining each hack. Once a vulnerability was found by a researcher, he jokingly would say, "what would happen if I changed this value?"

Once the value was applied, he explained the thought-process of the individual, how they exposed the vulnerability, and mentioned the bounty paid to the researcher.

To summarize his session:

  • Verify current user can access data/perform action
  • NEVER trust the client - think about trust relationships
  • Always use appropriate strong hashing algorithms
  • Rate Limit important actions
  • Avoid storing secrets in source code
  • Always use strong passwords
  • Avoid deserialization/Reflection with user input
  • Clean up old subdomains.

A great session with real-world examples to teach developers not to become lazy in their efforts when it comes to the web.

1:00p - An Introduction to Building Websites with Aurelia and ASP.NET Core / Eric Potter (@pottereric)

Of course, I had to go to this session.

Since I've mentioned Aurelia a couple times, I wanted to see if I was missing any tips or tricks with Aurelia.

Eric gave a great overview of building an ASP.NET Core application using Aurelia and Visual Studio Code with his 8 Queens demonstration.

2:15p - Building and Designing Bots and Bot Architecture / Mark Watson - IBM (Vendor session)

Mark described three bot architectures throughout his talk. He also mentioned what each bot's architecture was comprised of.

For bot technology, JavaScript, WebHooks, and cloud hosting were factors in learning how to build your own bots.

His presentation is located on GitHub (Building and Designing Bots and Bot Architecture).

3:30p - Are you Ready For Chaos? Horizontal Scaling in a Briefcase / Matt Groves (@mgroves)

Matt always gives a unique and interesting presentations every year.

This year, he created a "cluster-in-a-box" with a couchbase database and explained the CAP theory behind clustering.

CAP Theorem includes:

  • Consistency - Every read receives the most recent write or an error.
  • Availability - Every request receives a non-error response -- without guarantee that it contains the newest information.
  • Partition Tolerance - The system continues to operate despite an arbitrary number of messages being dropped (or delayed) by the network between nodes.

The theorem explains that you can have only two out of the three guarantees.

He visually proves this with his "cluster-in-a-briefcase" and would take down one node and watch the others pick up the slack.

Matt Groves' Cluster-In-A-Briefcase

I thought this was a great session that mixed hardware and software to prove multiple points why you can't have all three guarantees and demonstrated the clustering ability of Couchbase.

4:45p - Can I Build A 12-Step .NET App? / Eric Kepes (@ekepes)

For those who haven't heard of the 12 Factor App, it's a step-by-step checklist for Heroku developers. Eric wanted to apply it more to a .NET application.

While I won't go into the presentation, his session was spot-on with a .NET translation from Heroku.


8:30a - Automating Security into Building Software / Warner Moore (@warnermoore)

It may have been too early in the morning, but it didn't seem like the audience was awake yet.

However, Warner pushed forward with his talk on how to automate security into building software.

His recommendations were:

  • Enabling a DevOps mentality - Once code was checked in, it shouldn't be checked in anywhere else and should go through the pipeline (Dev/Staging/Production) without any changes except environment variables.
  • Proper Code Reviews
  • Adding logs to your application
  • Monitoring - in case something doesn't run, you can be alerted to the problem.
  • Security Frameworks - adding a hook into your software can automate the security of your application with minimal effort.

His presentation provided a solid number of items to include in your software when developing for the real-world.

9:45a - Abusing C# More / Jon Skeet (@jonskeet)

Jon Skeet never ceases to amaze.

His session was in the main hall and, of course, easily packed the crowd in to see his code antics and how far we can push C#.

He touched on a number of techniques and loaded some projects he worked on to convey his message with each topic.

While I could go on, I think his code on GitHub would explain more of what he was trying to achieve and how far C# can go.

Jon, you are definitely a great presenter.

11:00a - Microservices: Lessons Learned From The Trenches / Gregory Beamer (@gbworld)

In my opinion, one of the best presenters at Codemash was Mr. Beamer. His lessons from the trenches were excellent.

I looked into my notes on his session.

I only had a couple lines. I remember him saying he would upload his deck and make everyone aware when it was out there.

Overall, a very entertaining gentleman who was very informative.

UPDATE: His slide deck is located on GitHub (

12:15p - Identity Management in ASP.NET Core / Ondrej Balas (@ondrejbalas)

Since I was integrating Identity into my ASP.NET Core application, I thought this would be a great session to attend.

After listening to Ondrej talk about the history and the updated Identity structure, I'm glad I attended.

His code is located at GitHub and his deck is located on SlideShare.

Thanks, Ondrej, for a great session.

1:30p - Getting Started with Microsoft Bot Framework / Sarah Sexton (@saelia) (Vendor Session)

One of the technologies I wanted to learn more about was Bot frameworks. No, not like hardware bots, but chat bots.

After Sarah went into the introduction, she mentioned that if she went too fast, the documentation was located at She was going off of a Quick Start on the site.

So within 30 minutes, she had a simple build and deploy of a chat bot.

She also mentioned that a good starting point for developers was the

She cut it pretty close to deploy the bot out to Azure...right down to the wire, but she did it.

2:45p - .NET Standard for Mere Mortals / Jeffrey Fritz (@csharpfritz)

One of my favorite speakers, Mr. Fritz, presented on .NET Standard Demystified while giving developers a glimpse into the next version called 1.2 2.0.

There wasn't much to take away from the presentation except the following:

  • One of the developers (Jeff said we had the interns build it) made a site called which is an absolutely awesome site for determining what API's you can use in which version of .NET.
  • He provided a great chart of which .NET platform you should use based on your needs (.NET Standard Platform Support)

I found Jeff very entertaining throughout his talk and very informative (and he grew up on Commodore just like me) :-D.

The .NET Standard code is located on GitHub.

4:00p - Adding ES6 to your Toolbox / Jeffrey Strauss (@jeffreystrauss)

With newer browsers, we can expect to see a more robust JavaScript arrive with the new ES6 specification.

Jeffrey Strauss went into all of the features in ES6 with examples.

The topics he touched on included:

  • Strings
  • Multiline Strings
  • Default Parameters
  • Collections
    • Arrays - Array.of(2)
    • Arguments - Array.from(arguments)
    • Iterables - for(var part of body)
    • Destructuring - DEFINITELY blew my mind.
  • Named Parameters
  • Scope
    • Using let instead of var inside blocks of code.
  • Arrow Functions

In my opinion, these are all welcome features in JavaScript.

His deck is located on


As always, this Codemash was a blowout.

I met some old friends and new friends while having a great time this week.

They even brought back the dessert table.

The Dessert Table

If you ever get the chance, by all means, make sure you head to the Kalahari next year for Codemash 2018.

Did I miss you at Codemash? Were you looking for the shoes? Post your comments below.

Did you like this content? Show your support by buying me a coffee.

Buy me a coffee  Buy me a coffee
Picture of Jonathan "JD" Danylko

Jonathan Danylko is a web architect and entrepreneur who's been programming for over 25 years. He's developed websites for small, medium, and Fortune 500 companies since 1996.

He currently works at Insight Enterprises as an Principal Software Engineer Architect.

When asked what he likes to do in his spare time, he replies, "I like to write and I like to code. I also like to write about code."

comments powered by Disqus