Codemash 2015: Insights From The CQL Team (Part 1 of 2)

For the past five years, CQL has sent a group of developers to Codemash to learn the latest current practices, methodologies, and technology trends.

Codemash covers a variety of platforms and development languages like Java, .NET, Ruby, Python and PHP. The event grows in popularity every year typically selling out in minutes.

It’s been very valuable to have our team attend this event and we’ve used many of the new technologies and languages that we first learned about at Codemash.

We’ve collected some insights from our team about what they learned and enjoyed the most about this year’s event.

Future of C#

Plenty of blogs talk about the future of C#, but it was great to get a condensed walkthrough of all these new language features. There is a lot of exciting stuff happening with .NET such as the platform now being Open Source, as well as being hosted on GitHub. In addition, Visual Studio 2015 preview is now available.

Object Oriented Javascript 

This was an interesting talk, but really fast-paced. The presenter emphasized that Javascript has no classes. Even new ECMAScript 6 doesn’t really have classes, just a class keyword that will confuse non-JS developers into thinking that they are working in a classical language, not the prototypical language that is Javascript. He pointed out that there is only one type of scope in Javascript—function scope. Even Global scope is really just function scope from a function higher than our access level.

An Introduction to Android Studio

Android Studio is the new standard for developing Android apps. It's replacing the eclipse plugins, which are no longer being supported. It's got a bunch of nice features built in that make it feel more integrated and developer friendly. The Emulator is slow, but there are some options to make it faster. Gradle is used behind the scenes for building/compiling. You can use the built in one or set it up as a service/server. It helps you choose the API and form factor (Glass/Wear/TV) you need for the OS’s that you want to target (i.e., Lollipop is used by .08% of phones on the market). Since there are so many different screen sizes and resolutions (compared to apple's 4 or 5 models), the layout needs to flow to fit the screen size. There are a bunch of Intellisense like features built in, like auto-completing localized string and automatically extracting strings to a localized resource.

Why Develop Android?

  • 84% of global market share
  • Low development cost and high returns
  • The underlying API is Open Source, available, and everything appears to be well documented.

Issues with Android Development

  • Device/Manufacturer Fragmentation: There are hundreds of different devices that your app has to work on, built by several different companies (Samsung is currently the most prolific).
  • Screen Size Fragmentation: There aren't standard screen sizes
  • OS Fragmentation: There are many devices that are still on older versions of Android. Lollipop is the latest and greatest OS, but nobody has it yet.

To make it work, you'll need to use things like DPI Buckets, Auto-Scaling Assets, and layout managers that flow to get a consistent app across devices. 

Arduino/Raspberry Pi Smoker

This was a neat talk about a guy's homemade automatic smoker, controlled by Arduino (and then adapted for Raspberry Pi). I was mostly looking for inspiration to do something with the Arduino that's sitting on my desk. He built a neat real time temperature graph on a web page that showed the temperature of the smoker. D3 for the graphs and for real-time data, Mongo DB and Node for the backend. My big takeaway from this one was to use the Raspberry Pi as a server or base station and the Arduino as a sensor. Connect them together with xbee chips (low-power wireless communication), and then connect the Pi to your wifi network. The Arduino works as the low powered sensor and you can have the pi stashed away someplace storing and serving the data.

Top 10 OWASP Security

This was a really interesting talk that covered tons of basic and advanced security topics all rapid fire. So much is at risk and it is worth taking time to do security the right way because the penalties for doing it wrong can be severe. 

SQL injection is a big deal. Always parameterize queries. Don’t trust your users ever.  Sanitize all inputs—especially if rendering user-provided HTML to mitigate cross-site-scripting. He claims that role-based authorization is awful and needs to go away and suggested moving towards a permission-based authorization, but admitted that there aren’t really good permission-based libraries out there like there are for role-based. 

Then we got to the obligatory “don’t save your passwords wrong.”  Each password should be run through a KDF (Key-Derivation Function) not a hash because hashes are made to be fast which allows them to being easily cracked. Each saved password should also have a unique salt to eliminate the possibility of duplicates. Https should be used all the time for everything because it verifies that you’re talking with who you think you are, that no one else can see what you’re saying, and that no one else can modify the message. It is now the case that if an SSL private key gets compromised that this does not give an attacker the ability to go back and decrypt previously sent packages—this is good. 

Cryptographic services should not be done on a web server because these are easier to compromise, instead crypto stuff should be offloaded to another server that is better protected and further removed from the front lines of the web. There was an interesting idea of putting a “honeypot” of fake locations in robots.txt (such as “/admin/login.asp”) to bait hackers into trying to access those fake pages and then block them and do forensics on them before a real attack is launched.

Object-Oriented JavaScript (yes, it really exists)

This was a really well delivered session. The presenter started out by defining what it means to be 'Object-Oriented' by defining the mandatory and optional features a language needs to be considered OO. I felt like his categorizations of these features were selected specifically to meet his needs for the talk (features that JavaScript has are required, features that JavaScript doesn’t exactly have are optional). In any case he did a good job of going over the nuances of how the JavaScript language can be used in an object oriented fashion and how it runs under the covers.

Other Decent Session included:

  • Angular for .NET Developers
  • An Introduction to Artificial Intelligence
  • Groupon Architecture At Scale

All in all, we had another solid year at Codemash. Check back for Installment #2 of 2 regarding technologies learned at Codemash 2015.

Did you attend Codemash 2015? What were your favorites sessions or insights? Share them in the comments below!

Continue Exploring




Our Work Services Commerce Cloud Approach Culture Blog Careers Contact

Grand Rapids:
3344 Grand Ridge Drive NE
Grand Rapids, MI 49525
616 365 1000
Ann Arbor:
8186 Jackson Rd
Ann Arbor, MI 48103
616 365 1000