Sunday, September 25, 2016

NCDevCon 2016

http://ncdevcon.com/
Saturday and Sunday, Sept 17-18, 2016

I got home from NCDevCon last Sunday night. It's been a week, and they've already released the videos online (https://textiles.online.ncsu.edu/online/Catalog/catalogs/ncdevcon-2016). I've procrastinated long enough, so here's my write up.

First off, I want to say a big THANK YOU to the organizers and the sponsors. This was the first year I've attended. I've heard before that it was a great conference, and I definitely wasn't disappointed. It was good to see some of the people that I met before, and it was also good to meet new people. There are some very bright individuals in this community.

As always seems to be the case at conferences, I run into a conflict of having multiple talks scheduled at the same time. I'm glad these sessions were recorded. When they're released, I'll definitely be going back to watch some of the ones I missed.

Anyway, off I go...

I arrived in Raleigh, NC on Friday night. It's only supposed to be about a little less than 3 hour drive from Charlotte, but traffic was HORRIBLE. It took over 4, and I got there later than I expected. But I was still able to meet up with a few others at the hotel, with enough time for a cold beer. Thank you, Dan! After an hour or so of catching up and general yapping, it was time to hit the sack for the conference the next day.

The conference was at NC State University Centennial Campus, College of Textiles (THANKS TO YOU, TOO!). The conference hotel was the Sheraton, right downtown, where quite a bit was going on. I was cheap, and stayed down the road at the Red Roof Inn. All I can say is Thank Goodness for Uber and Lyft. Next year, I think I'll stay closer to everyone else.

DAY 1

Registration began at 8am. I got there around 815, still somewhat sleepy-eyed. Time for a quick, simple breakfast and more yapping, before Adobe's opening remarks.

Elishia Dvorak from Adobe spoke a bit about the recent rise of APIs. Though it wasn't really the focus of her opening, it should be noted that ColdFusion 2016 includes a new API Manager feature, which makes it very convenient for API development. I don't do a lot of API development, but I probably should focus a bit more attention on it.

For my first session, I attended Dependency Injection 101 by Anant Pradhan. He went over the basics of what it is. How the concept is framework and language agnostic. The difference between the "normal" way of an object finding its dependencies and calling them vs inversion of control, with an object being provided with the objects it needs. He talked about a couple of the main frameworks used in ColdFusion, DI/1 and Wirebox. I don't currently do a lot of direct, DI. It's definitely something I need to learn more about.

Session 2 - Taking Your Searches to the Next Level with Solr and Elastic Search by Mary Jo Sminkey

Solr and ES are both full text search engines. ES is better at analytics (like log analysis) and Solr is very good at text search. Solr has been a part of CF since CF9, and is based on Apache Lucene. With CF11, Adobe upgraded Solr to V3, and then again in CF2016 to v5. For a good breakdown, look at solr-vs-elasticsearch.com. Things to watch out for with Solr: searching multiple documents, standard issue with CF serializing a number string like "0123" as a numeric value like 123, and "sea biscuit" problem (multi-term synonyms). Results can be returned in multiple formats with JSON and CSV being most common. Filters are the most basic way of restricting the documents to search. fq = filter query. A simple search => /select?q=front+bumper.

After Session 2, we broke for Lunch (thanks Adobe for sponsoring). The lunch breaks were a bit too long, but the food was very good. Now that we're all fed, time to start the afternoon sessions.

Session 3: MVC With and Without a Framework by Nolan Erck

I first saw this Nolan's presentation at CFSummit 2015, and this is by far one of my favorite presentations I've seen at any conference. If you get the opportunity to see this live, DO IT. Otherwise, check a recording of it. It's definitely worth it.

Nolan demonstrates a good use case for the MVC Pattern by taking common spaghetti code and demonstrating how MVC can benefit it. He starts with some basic definitions:
Design Pattern = "$6 word for 'a common problem solved by organizing objects in a certain way".
View = The App that users see; minimal CF logic; NO business logic or SQL. "Like the Menu at a Restaurant".
Model = Sorta short for "data model"; where ALL of your SQL lives; business logic. "Like the Kitchen / Chef at a Restaurant".
Controller = Sits between Model and View; No HTML output or SQL; Small bits of logic controlling the app flow. "Like the Waiter in a Restaurant".

View <> Controller <> Model

Factory Design Pattern = solves the problem of a change in database ( ie MS SQL to Oracle ).

MVC Pros:
- Promotes code reuse
- Allows multiple people to work on code at the same time
- Pattern is non-framework and non-language specific
- Very common pattern / nomenclature (things mean the same thing in other languages)
MVC Cons:
- Learning curve
- "more typing" (just use hotkeys then)

Use a Framework
- Same design patterns
- FW/1, ColdBox, ModelGlue, MachII, etc
- FW/1 uses a naming pattern of folders to find files

Open Session Sponsored by StrongLoop - Building APIs
I am not even remotely familiar with StrongLoop, so I skipped this one.

Session 4: Less Hate, More Love With ColdFusion ORM by Masha Edelen
She recommended www.coldfusionORMBook.com
ORM = Hibernate first introduced in CF9.
It reduces time by eliminating CRUD and reducing about 95% of common data tasks.
To setup, in Application.cfc >> this.ormenabled=true; then map tables to objects.
IT'S ALL ABOUT RELATIONSHIPS.
Entity names are CASE SENSITIVE.
Watch out for SQL Injection in HQL.
ORMExecuteQuery(hql,params[,unique][,query options]);

To be honest, I don't currently use a lot of ORM. I'm also a fan of letting the database do its job rather than coding the job for the database. I know it's almost a religious debate, but I'm not overly fond of ORM. But that's likely because I just don't know a whole lot about it.

Session 5: ES6 Web Components by Ben Farrell
By two biggest takeaways from this one:
1) I don't know a whole lot about ES6 or Web Components.
2) Ben Farrell is a WONDERFUL presenter! He was very entertaining and engaging, even though most of his preso flew over my head.

As Day 1 drew to a close, Adobe sponsored a networking event for attendees. They catered it with some good finger foods, and drinks with beer provided by a local brewery, Raleigh Brewing Company. What can I say, the brew was excellent!

Several of us headed out for some dinner. Apparently Chicken and Waffles at Beasley's downtown is a conference tradition. The food was excellent, and the company was great. I'm glad I participated.

DAY 2

Session 1: CFML Features For More Modern Coding by Dan Fredricks

This is another one that I saw previously at CFSummit 2015. It too is an excellent presentation and definitely one with some good, applicable content. Dan updated this with some of the new features in CF2016.

Session Notes:
As of CF11, we have full script support for the language.
"Do what is best for you, but try to be CONSISTENT."
Some of the tags have multiple implementations ( ie thread() and cfthread() ).
QueryExecute() is liked much more than previous implementations of script queries. queryExecute(sql[,queryParams][,queryOptions])
MEMBER FUNCTIONS!!! Added as of CF11 and make things more oriented to OOP.
  Old: ArrayAppend(empArray[],empID) ;
  New: empArray.append(empId) ;
  This allows method chaining.
  Watch out because some member functions may drop into underlying Java if build incorrectly.
Elvis Operator added in CF11 ?:
  Like a ternary operation: isNull(x) ? y : x and x?:y
Closures: Added in CF10 with more added in CF11 and 2016
  == functions that bind variable references at declaration-time instead of use-time. Callbacks are not closures. The inner function has access to outer function variables.
  There are several closure functions built into CF.
  Testbox uses closures (that's why it requires CF10).1
  Mark Mandel = Sesame ; Adam Tuttle (fusiongroker.com) = preso on closures.
Map, Reduce, Each and Filter
  Map() iterates over a collection and returns the whole collection with values changed (not key/index)
  Reduce() more complex than map(). Iterates over a collection and from each element derives one value as the result.
  Filter() similar to map() and reduce(). Iterate over object and return a new object without affecting the original.
  Each()
  In CF2016, map() and reduce() can be used on queries.
First Class Functions == object that could be passed as an argument. (see list of available functions = arrayLen, lcase, etc) First introduced in CF11.
  Callback functions = function passed into another function.
2016 Additions:
  Safe Navigation Operator (?.)
    Used to access members of a struct when one of them is NULL or not defined.
writeOutput(employee?.name?.firstName?.lcase());
  Ordered collections = structNew("ordered") >>
  ArrayPassByRefence -- speed up passing arrays. Used to be passed by value.
    Application.cfc = PassByReference='true'
  SearchImplicitScopes -- Don't scope hunt unscoped variables.

There was a lot of good info in this presentation.

Session 2: Git Source Control For The Rest Of Us by Nolan Erck

I noticed during this presentation, that this was actually the first one I attended that wasn't part of the ColdFusion track. That was totally unintentional; I just saw more applicable sessions in that track, I guess.

Nolan has some good presentations, and this one is another. He covered some of the basics of using a source control system, particularly Git on a Windows system through the SourceTree gui client. He talked about some of the more common commands (like "add", "commit", "revert", "branch", etc) and why you should use a Master branch to be your source for Production-ready code. He recommended Brad Wood's presentation on What's a Pull Request, which is available at https://experts.adobeconnect.com/_a204547676/p7dwzsxehq1/?launcher=false&fcsContent=true&pbMode=normal or https://vimeo.com/175768635 or https://www.youtube.com/watch?v=dTlEFQxlrrQ He also recommended Tim Cunningham's CFHour (118) preso.

Session 3: ......

It was supposed to be W3C Content Security Policy & HTTP Headers for Security by David Epler. I attended his and Pete Freitag's Security session at CFSummit2015, and it made a bit of an impression. I really wanted to attend Dave's talk about Content Security Policy, but I have to admit, I missed it. I sat outside his door yapping with Nolan and a couple of other people about Git. Sorry I missed it, Dave. That'll top my list of preso videos to watch this evening.

Which brings us to Lunch time, catered by Moes!

Session 4: CFML: Code Security Best Practices by Trip Ward

This presentation was supposed to be given by Denny Springle, but due to some unfortunate issues with Denny getting to Raleigh, Trip stepped in very late in the game to give this preso, and it's good that he did. There was a ton of good information in this talk.

Session Notes:
Who writes these insecure apps? Us.
Real threats are silent.
We must protect PII.
When it comes to data protection, you can have too much of a good thing. Do not hash and encrypt everything. Pick and choose the important data.
Hash() KEYS and Encrypt() VALUES before looping.
However, remember that it's better to have SOME security than NONE. If you have to, fall back to ECB/128bit keys if performance is an issue.
Attack vectors: SQL Injection, XSS, CSRF, Cookies, Tidbits (cflocation, file upload validation, form methods, file injection, application naming...)
Code Curmudgeon site.
Cookies >> httponly="true" secure="true"
HTTP Headers >> Check your headers (cyh.herokuapp.com/cyh). Check Dave Epler's Content Security Policy preso.
Security Objects >> This is the first thing you should implement in a new project.
If you have to create your own, cache it in the Application scope.
Hide all errors on external apps.
HPP = HTTP Parameter Pollution.

Final Group Session: Virtual Reality Wants You: How developers fit into the new VR landscape by Jason McGuigan and Jason Cooper

Once again, I was yapping with other conference attendees and missed this last session. I don't currently work with VR, but it seemed to be well-liked: it was in the same room as the Closing Remarks, and there were still long lines waiting to check out the VR headsets.

And NCDevCon2016 comes to a close. The organizers drew for some prizes and made some closing remarks. Again, it was great to see some of the people I previously met, and I really enjoyed meeting some new people. NCDevCon was a blast. There were very good presentations. The presentations were recorded, so I'll be going back to watch the presos that I missed.

Once again, thank you to the organizers and the sponsors. I'll see everyone again at NCDevCon2017.




Posted by at No comments:
Subscribe to: Posts (Atom)