That Conference 2018 – An Extended Explanation of Caching

That Conference 2018, Kalahari Resort, Lake Delton, WI
An Extended Explanation of Caching – Tom Cudd

Day 3, 8 Aug 2018  2:30 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • A number of places where you can do caching
  • Various tools for various places
  • Really all about 1) populating, 2) invalidating

Caching examples

  • Network tab in browser, pages from memory or disk cache
  • Content from CDN
  • Special applications – e..g. Varnish
  • WordPress plugin – specify cache settings for blog

Caching is Like Regex

  • If you’re not careful, you’re going to have new problems

Application Architecture

  • “Christmas tree” showing server, cache servers, CDN, load balancers, etc.


  • Caching solves one problem–performance
  • 3-sec rule: user leaves if something takes longer than 3 secs
    • 40% of users leave

Another reason

  • Buy some time
    • e.g. before application crashes
  • Cost-benefit analysis–caching costs vs downtime

Measure First

  • User metrics
  • Load times
  • Site no crashing every 5 minutes
  • S.M.A.R.T. Goals – specific measurable achievable relevant time-bound

How to Not Suck at Caching

  • Caching is additive
    • Can’t just throw caching onto server that’s already overloaded
  • Don’t over-engineer
    • Use the simplest solution that satisfies the requirements
  • Measure, change, test, measure

Caching Doesn’t Help

  • Oversaturation
    • Network hardware
    • Thread death–“virus”, creating multiple threads for each request
  • Thundering herd
    • If you get large number of initial requests, a large number of them go all the way back to server, since it takes a little time to cache the data
  • Lack of information
  • Bad decisions

End Users

Browser Caching

  • Setting request headers–page tells browser to cache a page
  • Requires a hit to operating system
  • Unique naming
    • Rename an assets to force download of long cached object

Set with Web Server

  • E.g. est cache-control for certain pages

External/Edge Services

  • CDN – Content Delivery Network
    • Point your URI to 3rd party server
    • They then pull files, as needed, from your server
  • Most big sites on the web run on CDN
  • Improve page load time
    • Serve request from server that has shortest travel time to client
  • High availability
    • Cached data could still be present even when your origin server hiccups
  • Can maybe buy CDN servies at lower cost than scaling out actual servers

CDN Features

  • Setting TTLs, other configs based on extension
  • Region, language routing
  • Mobile detection
  • WAF/Security
    • Applications can do double duty–firewall + CDN
    • DDOS protection

CDN Providers

  • Cloudflare
  • Incapsula
  • Cloud providers
  • Akamai
  • Fastly


  • Match file extensions
  • Honoe cache control of origin
  • Can have configs for some stuff on your server

Measure and Test

Your Systems

  • Don’t over-engineer–get strange results
  • Spin up different instance if you need different purpose


  • Separate servers
  • Both memory and disk paging

Web/App Layer

  • Baked vs fried
    • Building on demand vs preloading cache
    • Cache gen’d on demand when request hits (fries)
    • Preload cache ahead of time (baked)
  • Disk vs memory


  • Adobe Experience Manager
  • Sitecore
    • Prefetch, data, item, html caches
  • Drupal
    • Performance caching (SQL queries stored)

Output Caching

  • IIS- – generate on request

App/Data Layer

  • Reducing database calls
  • Reducing API calls


  • Java based applications
  • Memory or disk


  • In memory, key/value store
  • Reduce database load
  • Not synchronized
  • Scalable separately

Let’s Not Fight

  • Not worth arguing about which is better
  • Memcached, Redis, Mongo
  • All are good


  • Redis
  • Firebase
  • Stored procedures – reduce network bandwith by calling short sproc rather than sending long query


  • Invalidating stale data

Caching Procedures

  • Only two things you’ll really need to do with caching
    • Populating
    • Invalidating

Debugging, need to remind people to clear their cache

  • [Sean] But should users have to worry about this? If you need to have them clear cache, then something’s not working properly

Populating Caches

  • Pull based – cache tool pulls from your server
  • Push based – your code has to push out data to the cache

Cache clearing

  • Staggered approaches
  • Clearing individual items
  • Using APIs and automation


That Conference 2018 – Securing Your ASP.NET Core Applications

That Conference 2018, Kalahari Resort, Lake Delton, WI
Securing Your ASP.NET Core Applications – Cecil Phillip

Day 3, 8 Aug 2018  1:00 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • Quick review of authentication pipeline
  • Various options for authentication

ASP.NET Core 2

  • Cross platform web framework
  • Targets .NET Standard 2.0
  • Introduces Razor Pages
  • SignalR Core available
  • ASP.NET Core 2.1 out now

Middleware Pipeline

  • diagram

Application Startup

  • Startup.cs
  • Configure takes IApplicationBuilder, IHostingEnvironment
  • app.UserXyz, app.UsePdq
  • The order of middleware matters


  • In VStudio, two servers
    • IIS Express
      • Enable SSL in properties
    • Kestrel – cross-platform
      • Have to use .NET CLI tool
      • dotnet dev-certs https –trust
      • Generates self-signed cert that’s automatically trusted
      • This cert doesn’t appear in cert manager
      • MMC – add snap-in, Certificates snap-in, My user account
      • Now looking at certs for the current user only
      • Now you see the dev cert that we just created
  • When you run, you fire up 2 endpoints–HTTP, HTTPS–that it’s listening too
  • Remove cert
    • dotnet dev-certs https –clean
  • Do not use this dev cert in production
    • Only for local development


  • Many options, i.e. middleware
    • Cookies
    • Twitter
    • Google
    • JWT Tokens
    • Facebook
    • OpenID Connect
    • Microsoft Accounts
    • Custom
    • Windows

Cookie Authentication Demo

  • In ConfigureServices, services.AddAuthentication
  • .AddCookie
  • In Configure, do app.UseAuthentication
    • Need to do this before UseMvcWithDefaultRoute
  • Mvc is a “terminating middleware”–stuff after it won’t run
  • Controller code
    • Login action, with LoginViewModel
    • Create ClaimsIdentity with a Claim
    • Pass in to HttpContext.SignInAsync
  • Back in ConfigureServices
    • .AddCookie takes opts with authentication events
    • We can handle various events as part of pipeline
      • Kick out existing logged in user

Twitter Authentication Demo

  • .AddAuthentication, AddCookie, AddTwitter (pass in client ID and secret)
  • Still just do app.UseAuthentication in Configure


  • Manage user secrets
  • Lives in app profile
  • JSON data with different secrets, e.g. Twitter-ClientSecret
  • (or) dotnet user-secrets
  • Roaming, so it will synch across profiles
  • BuildWebHost doesn’t do anything special to get secrets info
  • Configuration passed in to Startup (DI)
    • You can just ask it for secret, with [“xxx”]
  • In production
    • In Azure, have Azure key Vault
    • Can also create certificates
    • In application, you can specify Azure Key Value as a source of configuration
    • builder.AddAzureKeyValue (off .ConfigureAppConfiguration, in BuildWebHost
    • Register your app with Azure Key Vault–and perms, what can you do
    • Also supports versioning of secrets
  • What to put in Azure Key Vault
    • URL of SQL Server, web server URI
    • Connection strings
    • Secrets
  • You need secret to talk to key vault??
    • Yes, ID/Secret, hard-coded
    • OR create cert, associate with app in Azure App Services
  • You “compose” configuration
    • Settings come from various places

ASP.NET Identity

  • User management framework
  • Get bunch of stuff out of the box
  • Register
    • E-mail, password, Register button
  • Identity using EF, which uses migrations to ensure database is what you expect
  • You get Manage User feature
  • Authenticator app support
    • Little app on your phone to do 2-factor
  • Associate Google Authenticator app on phone to your application
  • Scan QR code with your phone, get #, enter that number
  • Also gives you recovery codes, for account recovery
    • You use one at a time and that code becomes invalid

Azure AD B2C

  • Create tenant, then go to that tenant
  • Register applications for that tenant
  • Identify providers
  • Can see users
  • Add to application (AD B2C)
    • New Project, Change Authentication
    • Individual user accounts – ASP.NET Identify
    • Individual user accounts, Connet to existing user store in the cloud
    • Add info for AD B2C, get domain name
    • Enter application ID
    • Reply URL–can default to localhost
    • Sign-up or Sign-in Policy–create one in Azure, give it name
      • Can have one or more policies for your application
      • E.g. E-mail sign-up
      • Application claims (in policy)
  • Run application that uses AD B2C
  • Login / signup, you go out to AD B2C page on Azure
    • E-mail verification code
    • Additional metadata fields, e.g. Job Title
  • User profiles in Azure, after they sign up

In code

  • User.Identities.First().Claims — a bunch of key/val pairs


That Conference 2018 – Tips & Tricks for a Successful Android Application

That Conference 2018, Kalahari Resort, Lake Delton, WI
Tips & Tricks for a Successful Android Application – Jorge Coca

Day 3, 8 Aug 2018  10:30 AM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • History of Android
  • Some cross-platform options (code sharing)
  • Some specific notes on Kotlin



  • App being used


Android was originally an OS for cameras

  • Not for smartphones
  • Google acquired Android to do a smartphone



  • Cupcake, Donut – Apr 2009
    • Linux kernel
    • Java, Eclipse ADT
    • Main widgets & SDK components
    • Gesture framework
  • Eclair, Oct 2009
    • Multi account
    • Bluetooth
    • Multitouch
  • Froyo, May 2010
    • Chrome (engine for web views)
    • Push notifications
    • Flash, GIFs
    • Improved market
  • Gingerbread, Dec 2010
    • NFC
    • Improved UI
    • Support for front camera
    • Nexus One
  • Honeycomb, Feb 2011
    • Big milestone
    • Optimized for tablet support
    • Holo interface
    • Welcome Fragments  (nobody likes them)
  • Ice Cream Sandwich, Oct 2011
    • Holo for phones
    • Major update of the OS
    • Editor’s choice
  • Jelly Bean, Jun 2012
    • Performance
    • Support library
    • Dev focus on quality (tools)
  • KitKat, Oct 2013
    • Refreshed interface
    • Android Wear
    • Nexus 5
    • Android Studio
    • Gradle – build tool
  • Lollipop, Nov 2014
    • Material Design – layers of paper
    • Dalvik
    • WebView distributed over PlayStore
    • Dev focus on performance
    • Android One
  • Marshmallow, Oct 2015
    • Android for Work
    • Doze
    • Fingerprint
    • Runtime permissions
    • Batter optimizations
  • Nougat, Aug 2016
    • Android beta
    • Daydream – VR
    • Multiwindow support
    • Picture in picture
  • Oreo, Aug 2017
    • Kotlin
    • Architecture components
    • Focus on modular architectures
    • Adaptive icons
    • Android Go (evolution of Android One)


Market Share

  • 2015, Android nearly 80% of smartphone market


Challenges (in order to be successful)

  • Clear goals and expectation
  • Invest your time and energy where it matters
  • Build for everyone – i.e. international
  • Crowded market. Be original
  • Be the first.. or be the best


Goals and expectations

  • Research your market
  • Measurable goals
  • Realistic exxpectations
  • Indie vs. small shop vs. corporation
  • Functionality vs design.. (or both)


Invest your time and energy where it matters

  • There’s cloud
  • And devices–iOS, Android
  • Don’t do the same work multiple times, i.e. across multiple devices
  • Cloud is the common layer–use it
  • Dedicate efforts to the main use case of your app
  • What can you share between iOS and Android?


Cross platform

  • Easiest: WebView
    • Security hole
  • WebView with native bridge: custom, Ionic, ..
  • Xamarin
    • Business logic in shared library, shared across devices
    • Xamarin works
  • Kotlin Multiplatform
    • Similar to Xamarin–business logic written just once
  • ReactNative
    • Widgets
  • Flutter


Android native

  • Stop using Eclipse
    • Android Studio has better tools, better effort
  • Stop using Java



  • Better develop experience
  • Interop with existing Java
  • Null safety
  • Google working on “Kotlifying” APIs
  • Easer to do more complex things
  • Don’t force unwrap (ignore null check)
  • Default parameter values–no need for factory constructors
  • Sealed classes to express more complex enums


Kotlin Tips

  • Data classes are your friends
  • Easy singletons with object
  • Synthetic extensions to avoid boilerplate



  • The smaller your Activities are, the better
  • The smaller your Fragments are, the better
  • The smaller your Services, the better
  • Remove business logic from SDK components
  • Only use libraries that make you feel comfortable
  • Do not overuse libraries
  • The smaller your APK is, the better (code for everyone)


That Conference 2018 – What’s New in C#7

That Conference 2018, Kalahari Resort, Lake Delton, WI
What’s New in C#7 – Jason Bock

Day 2, 7 Aug 2018  4:00 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • Brief review of history of C# versions
  • Lots of good new stuff in C# 7
  • Importance of C# and .NET now being open source

Language Evolution

  • C# – 2002, .NET 1.0
  • v1 – classes, evenst, properties
  • v2 – generics, partial types, anonymous methods, nullable types
  • v3 – LINQ, implicit types, extension methods, lambda expressions
  • v4 – dynamic binding, embedded interop types, named arguments
  • v5 – async/await, caller info attributes
  • v6 – Roslyn, exception filters, await in catch, auto prop initializer, default values for getters, expression-bodied members, string interpolation, null propagator, nameof
  • v7 – out variables, tuples, local functions, binary literals, ref returns/locals, throw expressions
  • v7.1
  • v7.2
  • v7.3

.NET Foundation

  • Foster open source development
  • Everything in .NET is now open source, on github
  • Contributors from both inside/outside MIcrosoft

.csproj file

  • Can target LangVersion, or latest

Binary digits, digit separators

  • Underscore in integer constant is separator–doesn’t do anything
  • Can do one or more underscores anywhere you like
  • 0b – binary literals

Local functions

  • Declare functions within functions
  • Compiled as private methods, so performance is the same as private methods

Out var

  • Replaces big try/catch block
  • Or TryParse
  • 3rd way in C# 7 – declare out var directly in method call

Ref Returns and Locals

  • Copy semantics for structs
  • Traditional list, indexer returns element, copied if element is value typed
  • Indexer can use ref keyword to pass element back by reference
    • For value typed objects, you get a reference to the value-typed object
  • Far faster (if elements are large)
  • Where you assign the element, you also use ref keyword

Pattern Matching

  • Using switch statement
  • Pass in parameter of parent type, then case on child type
  • Can also add when clause to trigger on stuff specific to that subtype
  • default case can be anywhere
  • case null


  • Not Item1, Item2 syntax from v5
  • Lets say that you want to pass two values back out of a function
  • public (int, int) ReturnTwoInts() { … }
  • Maps to ValueTuple, which has Item1, Item2, etc.
  • Can do named values
  • public (int x, int y) ReturnTwoInts
    • Can now ref result.x, result.y
  • Calling it
    • (var x, var y) = ReturnTwoInts()
  • Can use _ to indicate you don’t care
  • Deconstruct method – pull data out as tuple (?)
  • Can use tuples as concrete types in generics
  • Assign multiple properties in a single line of code with a tuple


  • Task is a reference type, but you might want a value-typed task for performance
  • ValueTask<T> is just a struct that does everything that a Task does
  • You’d use this only if you really need the added performance

Expression bodied members

  • Define wherever you like, not just read-only properties

[C# 7.1]

async main method

Default literals

  • Instead of default(int), you can infer the type of the default
  • So just use default keyword, type is inferred

[C# 7.2]

readonly struct


  • Look at chunk of memory
  • “Safe” way to read/write direct memory
  • e.g. “11,22” .AsSpan()
  • .Slice instead of Substring
  • No allocations
  • More performant

Constraint Generic

  • To enum type, to delegate type
  • where T : Enum

Compare Tuples

  • Equality semantics is correct

Backing field not serialized

  • On auto property, do [field: NonSerialized]

Future Directions

  • Ranges – foreach, in 5..10
  • Default Interface Methods – default implementation for a method on an interface
    • Looks odd
  • Nullable reference types
    • Have to opt-in, to avoid breaks
    • Once opt-in, MyClass mc would be non-nullable
    • Have to do MyClass? to get nullable
    • n!.Length – don’t worry about null-check
  • async streams – async enumerator
  • Generic attributes – e.g. [MyAttribute<int>]
  • Records and with expressions
  • Shapes and extensions
    • Mads T
    • Extensions everywhere – e.g. properties


Q: Isn’t this scary / dangerous? What is the main use case?

A: Multiple return values, e.g. int.Parse that is more elegant because it returns multiple things. Helps to avoid defining little objects designed just to pass data around between methods

That Conference 2018 – WebAssembly: The New EndGame?

That Conference 2018, Kalahari Resort, Lake Delton, WI
WebAssembly: The New Endgame? – David Pine

Day 2, 7 Aug 2018  2:30 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • WebAssembly allows writing high-level source code and compiling to a binary format that runs in execution engine on the client
  • Allows doing C#, for example, in browser
  • Blazor works with Mono to allow .NET on client, including Razor syntax


  • Engines for WebAssembly


  • Binary instruction for a stack-based virtual machine
  • Binary
    • AST (Abstract Syntax Tree)
    • Stored as binary
  • Stack-based
    • Pushing and Popping onto stack


  • Binary execution format for web


  • Mobile and IoT


  • Portable target compilation of high-level languages
  • For C, C++, C#, Rust, Go


  • Compile C#, target WASM, you get binary file
  • File can run in your browser


  • Game
  • In browser debug, you see demo.wasm and not much else

Chrome has it

  • What about other platforms?
  • Big movement, WebAssembly now supported everywhere
  • W3C – World Wide Web Consortium

Text Format (.wat)

  • There’s a text-format human readable version of the final assembly
  • Hard to read, since it’s really the compiled output

What it is not

  • Not assembly-level CPU-specific machine code
    • Doesn’t run on the CPU but runs in browser’s execution engine
    • But you get near-native performance, since it’s close to the metal
  • Not a 3rd-party plugin
    • WebAssembly runs in same sandbox as JavaScript
  • Not versioned
    • Backwards-compatible
  • Not JavaScript replacement
    • WA plays nicely with JS
  • Not a programming language
    • If you hand-coded .WAT files, it would be
    • But it’s really just a format or compilation target
  • Not the ideal tool for every web project
    • Different tools, e.g. JavaScript, C, to do HTTP request


  • Tool for compiling to WASM

Demo: Emscripten

  • emcc
  • Takes C source file as input (e.g. hello.c)
  • Target WASM
  • Run output in browser–we get console output in the browser

WASM Explorer / Fiddle

  • Call WASM assembly from JavaScript

Use Cases

  • Games, rich client, etc.

Hanselman interview of Steve Sanderson

  • Web development has been constrained because everything has had to be in JavaScript
  • Web development will be able to grow up and mature a bit

My interview with Sanderson

  • Give developers a wider choices of languages and platforms
  • Industry healthier if multiple paradigms catered to


  • Mono Runtime
    • Cross-platform .NET runtime
    • Using it now for Blazor


  • Browser + Razor
  • Experimental project at the moment
  • Not yet a committed product

How Blazor works

  • Dev time
    • C# / Razor source files
  • Runtime in browser
    • mono.wasm – WebAssembly binary executed natively
    • Browser APIs – visible DOM, HTTP requests, etc
    • YourApp.wasm – WebAssembly version of your library

Demo – Blazor

  • Project template in VStudio
  • ASP.NET Core Hosted
  • You get Client stuff and Server stuff, as well as Shared stuff
  • Shared library has web objects shared across server and client
  • Template gives you a simple multi-page web site with a few things
  • Fetch some data, click a button, etc.
  • Server has controller that returns some basic data
  • Razor syntax that turns into HTML
  • Inject HttpClient into component on client

Look at code for Blazor

  • Debug C# code in browser
    • Hit breakpoint after interacting with something in the browser
  • Program.cs with main entrypoint
  • CreateHostBuilder
  • Wire up various services
  • Add component (app)
  • Standard markup with Razor binding to C# object (model)

Other debugging

  • Currently not pre-compilation, but running in interpreted mode
  • Full-on .NET DLLs on client, e.g. mscorlib
  • For small app, we’re at 3.5 MB
  • But this will get optimized

Mono.wasm – is the .NET runtime running in a WebAssembly


With Unity, can target WASM

  • Unity in browser

That Conference 2018 – Design Patterns: Not Just for Architects

That Conference 2018, Kalahari Resort, Lake Delton, WI
Design Patterns: Not Just for Architects – Jeremy Clark

Day 2, 7 Aug 2018  1:00 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • There exist lots of design patterns that have been defined
  • We already use many of these without realizing it
  • Worth learning them–helps in communication
  • Examples of several patterns in C#


Goal: We’re already using design patterns, so worth putting a name on them


What are Design Patterns?

  • (Christopher Alexander quote)
  • Describes solution in a way that you can use it over and over again


Gang of Four book (GoF)

  • Gamma, Helm, Johnson, Vlissides
  • “Serious developer” needs to have this
  • Still relevant?  Yes
  • Examples in C++ and Smalltalk


Anatomy of a Design Pattern

  • Pattern Name
    • Unique way of referring to pattern
  • Problem
    • Problem that occurs over and over again
  • Solution
    • “Core” of the solution
    • Example implementations are not solutions
  • Consequences
    • Pros and cons
    • Things to watch out for


GoF Patterns

  • 23 different patterns
  • Categories
    • Creational
    • Structural
    • Behavioral
  • Book is a bit academic
    • Go through it at some point in your career
    • “You’re not ready for it yet”


Good starting point

  • Head First Design Patterns – Freeman, Freeman
  • Covers 12 of the GoF patterns
    • Same descriptions
    • Just explains it in a more approachable way
  • Examples in Java
    • But pretty general, so ok
    • Online, translations into various programming languages


Why Should We Care?

  • These are well-described solutions
  • Shared vocabulary
    • Easier to talk with other devs
  • Concise language
    • Quicker/shorter to just mention the pattern, rather than describing it in detail
  • Think in design rather than implementation
  • Encourage other developers to learn patterns


Observer pattern

  • When object changes state, dependent objects notified automatically
  • Publish-subscribe relationship


Real World Observer

  • Twitter – someone tweets, subscribers are notified


Implementation of Observer (C#)

  • Event handlers on button
  • This is ubiquitous in C# and in frameworks
  • Problem => Pattern => implementation of the pattern
    • E.g. pubsub => Observer pattern => event handlers
  • Prism, event aggregator
    • Publisher, subscribers don’t know about each other
  • .NET 4.0 – IObserver<T>
  • Consequences
    • I don’t know how many times I’ll be notified
    • Don’t know how frequently I’ll be notified
    • Don’t know if we’ll ever be notified


Iterator Pattern

  • Access elements of object sequentially without knowing about implementation of the thing
  • Get next item, stops at end
  • Real-world: Channel up button on TV Remote
  • In C#, foreach loop uses the iterator


Implementation of Iterator (C#)

  • Get List<T>, case to IEnumerable<T>
  • IEnumerable<T> says that object supports get next element (foreach)
  • All collections in .NET implement IEnumerable<T>
  • Nice that this is built into .NET (C#)


Facade Pattern

  • Unified interface for a set of interfaces in a sub-system
  • Higher-level interface makes things easier to use
  • Wrap complex stuff in simpler API


Real World Facade

  • Universal remote control wrapping access to multiple devices


Facade Implementation

  • foreach loop is also an example of facade
  • GetEnumerator
  • while (enumerator.MoveNext()) … do something with enumerator.Current()
  • foreach is a nice wrapper around this
  • Consequences
    • We might lose functionality that lower level stuff has
    • E.g. foreach doesn’t give access to Reset() method


Chain of Responsibility

  • Avoid coupling sender to receiver
  • Giving more than one object a chance to handle the request
  • Pass request along thru children until somebody handles it


Real-world example

  • Tech Support – first line, person asks questions
    • If not, passes to next person, more detailed look at your question


Chain of Responsibility Implementation

  • Throw exception
  • Catch certain types of exceptions at certain levels in call stack
  • If not caught at one level, it propagates up to the next level
  • Consequences
    • What is nobody handles the message?


Proxy Pattern

  • Provide surrogate for another object to control access to it
  • Example: Power of Attorney
    • One person makes another their proxy
  • Surrogate vs. placeholder
    • Placeholder–thumbnail or icon that only loads something when you click it
    • Good idea in mobile apps–delay download of some stuff, in case you have slow connection


Proxy Pattern Implementation

  • Web API service, controller with Get method
  • Get collection, return via service
  • Can create proxy service class that can call the service
    • HTTP clients
  • Use the proxy in the same way that you’d treat the original class
  • Consequences
    • Hides what’s really going on with the underlying object


A Million Implementations

  • Use over and over


That Conference 2018 – Launching with Now, Next, and React

That Conference 2018, Kalahari Resort, Lake Delton, WI
Launching with Now, Next, and React

Day 2, 7 Aug 2018  10:30 AM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

  • Summary of tech stack used at Northwest Mutual and on Nicholas’ personal project
  • Recommend combination of micro services and micro apps
  • Koa vs. Express
  • Use Next?


Micro-Service vs. Micro-App



  • Encapsulate business logic
  • Encapsulate persistent data
  • Reusable, stand-alone solution
  • Not always a 1:1 relationship between micro-apps and micro-services
  • Independent
  • Tidy, clean



  • Client facing code
  • May call mlutiple micro-services for data or computations
  • Handle interactions and specific complex problems
  • Aggregates inof from multiple services


The Tech Stack

  • Node
    • Released support for async/await
  • Koa – “fix” Node; minimal lib as extraction of HTTP module of Node
    • Solves same problem as Express
    • Promises, async/await
    • Now at Koa 2–far less confusing than Koa 1
    • Choice for micro-service
    • Avoids “callback hell”
    • Choice: Express vs Koa
  • Express – augmentation for node that allows setting up simple server
    • Can end up “callback hell”–messy callback architecture
  • PostgreSQL
  • React
  • Next – like React, but SSR a bit differently than React does SSR
    • Also bundled with some “auto magical” elements
    • Good for supporting SEO
  • Redux – state management tool
    • Source of truth that feeds application



  • React 16 solved a lot of problems
  • React portal
    • Render a component and drop it somewhere else in your application
    • Specify what to render, where to render it
  • Fragment
    • Can return multiple components (e.g. HTML elements)
    • <React.Fragment>
    • Could return several table columns, not wrapped in <div>
  • Context API
    • Have state that’s inherited down with component hierarchy
    • Avoid passing things down the tree



  • Recent update that took advantage of all of React 16
  • Does things “auto-magically”, secretively, just works out-of-the-box
  • You call next command; it fires up server, automatically does various things
  • No longer have to explicitly import React into any of your components


Decisions – Handling Server Requests

  • For API used Kora – conceived for and caters to async/await funcs
  • For apps, used Express
  • Subtle differences between the two
    • Express is lower barrier to entry
    • Tons of tutorials out there
  • Most differences deal with middleware
  • For middleware-heavy apps, Koa better


Decisions – Rendering

  • Client-side vs. server-side
  • If SEO is concern, server-side might be simpler to roll out
  • Server-side rendering opens the door to some PWA setups (Progressive Web App)
  • Client-side rendering makes SEO harder
  • For server-side: React vs Next?
  • Anxiously awaiting React’s async rendering
  • Went with Next


Decisions – State Management

  • There are many options, and tons of patterns
  • Redux vs MobX vs others
    • MobX worth a look if you’re starting from scratch
  • Meiosis Pattern
  • Context API  (in React)


ThinkMinded Architecture

  • Micro Service (just 1)
    • Node, Express
  • Micro App
    • React, Next, Node, Express
  • Has mindset of allowing others to consume our data
    • So micro service is a standalone API


Micro App Architecture (ThinkMinded)

  • Redux
  • Redux store has sequence
    • Action => Dispatcher
    • Reducer
    • State
    • => Back to GUI


Engineering – React

Engineering – React / Redux

Engineering – Next / Redux

  • Similar to above, but don’t import React
  • Biggest difference, package.json changes, use next commands to do everything
  • Next uses Webpack
  • Next automatically creates API, based on file system
  • Hot module re-loading
  • Automatically indexes


Deploying with Now

  • Now is a platform for global deployment
  • Generates a URL upon deployment (staging)
  • (vs Gitlab)
    • Gitlab for bigger teams
    • Now has nice CLI
  • Staging can then be aliased to production
  • Works to deploy Node.js apps and docker powered apps
  • Preferred for short/small personal projects


That Conference 2018 – Correcting Common Mistakes When Using async/await in .NET

That Conference 2018, Kalahari Resort, Lake Delton, WI
Correcting Common Mistakes When Using async/await in .NET – Brandon Minnick

Day 1, 6 Aug 2018  4:00 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Brandon Minnick

Developer Advocate, Microsoft


Executive Summary

  • Helps to know underlying IL that’s generated
  • Helps to know core task-based objects that async/await use
  • ConfigureAwait(false) if you don’t need to come back to UI thread
  • .GetAwaiter().GetResult() instead of await to get synchronous execution

Multi Threading

  • e.g. ReadDataFromUrl
    • Our method is async
    • does await on DownloadDataTaskAsync
    • 1st chunk of code is run by the thread that calls this method
    • 2nd thread–calls the Download method
    • After await, execution picks up with 1st thread
  • Typically, first thread, i.e. main thread, is the UI thread
  • UI thread
    • Draws UI on screen
    • Rule-of-thumb for executing on UI thread. Because refresh rate is 60Hz, don’t take more then 1/60 sec (17 ms)

Intermediate Language

  • Compiler generates class for your original method
  • Implements IAsyncStateMachine
  • Every local variable from method becomes private field in class
  • MoveNext method
    • Giant switch statement
    • $PC keeping track of state
    • Also a big try/catch block surrounding everything

Quick Review

  • async keyword adds 100 bytes
  • Every async method becomes a class

Await Every Async Method

  • Non-awaited async methods hide exceptions
  • Ditto for Task.Run — GetAwaiter().GetResult() will ensure we catch exception

Let’s Fix Some Code

  • Can’t await in a constructor
    • ICommand–made for fire and foreget
    • In Execute method, do async lambda with await
    • So from constructor, we can call MyCommand.Execute(null)
  • Never use async void ?
    • Not entirely true
    • Don’t use async void when not on UI thread
    • But on UI thread, if you throw exception from within async void–you’ll catch the exception
  • So from constructor, call Initialize(), which is an async void and can do the await
  • NEVER use .Wait
    • Blocks calling thread entirely
    • Doesn’t unwrap an exception
  • NEVER use .Result
  • Way better method
    • GetAwaiter().GetResult()
    • Does unwrap any exceptions
    • Can get the result from the async method
  • Note: .GetAwaiter().GetResult() is to be used in non-async method
    • In async method, just use await keyword
  • ConfigureAwait(false)
    • By default, you context switch back to UI thread
    • But this is expensive–background thread has to wait for UI thread
    • Context switch takes time
    • When background thread is done, execution stays on that background thread. Does not come back to UI thread
    • But note that you do need to come basck to UI thread if that method does some stuff with the UI, e.g. modify a control
  • ConfigureAwait(true)
    • This is the default, equivalent to not having ConfigureAwait() there at all
  • Don’t call .Result
    • Replace with await that method call to get the result directly
  • Special case, returning await something that returns Task<>
    • You can return the task directly, rather than awaiting it, then doing async on the method
    • Look for “return await”
  • Exception to this rule
    • You should await if you want to catch exception in method that you’re calling
    • So you could argue not to every do that trick

Async/Await Best Practices

  • Never use .Wait or .Result
    • Use await keyword
    • Or .GetAwaiter().GetResult()
  • Fire and forget tasks
    • Use ICommand
    • (or) async void (if you know you’re going to be on main thread)
  • Avoid return await
    • Remove async keyword
    • Except in try/catch blocks or using blocks
  • Utilize ConfigureAwait(false) as much as possible
    • In methods that don’t touch the UI

Xamarin University

  • Various course, e.g. CSC350: Using async await

That Conference 2018 – API Design Isn’t Just Nouns and Verbs

That Conference 2018, Kalahari Resort, Lake Delton, WI
API Design Isn’t Just Nouns and Verbs – Keith Casey

Day 1, 6 Aug 2018  2:30 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Keith Casey

  • Okta – SSI identity management on the web
  • OAuth as a service, for Fortune 10 companies
  • “A Practical Approach to API Design” – Casey


  • Nothing/nobody is perfect
    • Will be attacks against API, some intentional, some not

What Is an API

  • contract about how two pieces of software interact
    • Can have lots of ceremony (e.g. SOAP) or less (e.g. REST)
    • REST is not a protocol, but a pattern for interacting with things
  • How one piece of software talks to another

Application Programming Interface

  • It’s an interface
  • We have users of our API
  • “Don’t Make Me Think” – Krug
    • Can apply same principles to API, just like GUI
  • Stop and think about how API appears to its users

What are we doing now?

  • Frameworks for creating RESTful services–there are tons
  • We generally default to some framework for building an API
  • Typically it just maps tables in database to verbs–CRUD over HTTP
    • But we normally don’t want to expose row-based pattern as the API

What is Bootstrap?

  • Clean, simple UI
  • Standard, consistent, reusable components
  • The bane of every UX designer

Why ?

  • Bootstrap treats every application the same
    • Ignores the application, what they use it for, how they use it


  • Expose additional data from database via API
  • “GraphQL is the CSV of API Design”
    • Ignores requirements, just give them every field and user can choose
  • Same thing, treats every application the same

What Should We Do Better?

  • E.g. Anonymous visitor to web site, want to create user account
    • that I can see my account balance
  • Must ask why on user story in order to understand the requirement
    • Can then build the right thing, better, faster
  • The things that we build need to be valuable to users
  • Developers want to
    • Build something useful
    • Go home

Think About the Story

  • What are the choices available to a user at any given time

Steps in Designing API

  • Identify who uses API
  • Identify high-level activities
  • Break down into steps
  • Create API Definitions
    • Prior to this step, it was a business process
  • Validate API

Identify Participants

  • List consumers of the API (directly or indirectly)
    • e.g. internal or external
  • Capture a bit about them–location, description

Identify High-Level Activities

  • Activity–work that produces a desired income, accomplished by one or more participants
    • Must understand user’s goals at this point
  • Activity might have multiple steps
  • Make note of description, participants

Break Down into Steps

  • Each step is accomplished by single participant
  • Step may have stages executed by different participants, but each step maps to single participant
    • Watch out for “and” steps–could be multiple steps

Create API Definition

  • Identify resources (the nouns)
  • May start to find dependent/nested resources
    • And business rules around the relationships
  • If API user needs to understand database schema in order to use API
    • You’re doing it wrong

Resource Relationship

  • e.g. Movie, Actor, Character relationship

Validate Your API

  • Ensure that your API will meet the requirements of the users
  • Walk through each use case
    • Individual steps in use case on notecards
  • You document how many activities need each API action
    • Helpful to know how widely used each endpoint is
    • Correction–each activity has steps, each step on a notecard; document which activities each step needs to be a part of

Validation Options

  • Compare API capabilities against UI wireframes
  • Build simple mock interfaces in a micro-framework
  • Write example code showing how to use it
    • Mock API, Happy JS?
  • Write end user documentation

What Should We Avoid?

  • Don’t assume we know all the use cases
    • e.g. multi-tool that has everything

Don’t collect or share extra data

  • Combridge Analytica
  • Why should people share this information?
  • How might a bad actor use this information?

Don’t Leak Your Own Data

  • E.g. giving user an incremented customer ID
  • What can someone tell by using your API?

Don’t Roll Your Own Encryption

  • Use an existing library
  • No, no, no don’t do your own encryption

That Conference 2018 – Know What Your Code Is Doing to SQL Server

hat Conference 2018, Kalahari Resort, Lake Delton, WI
Know What Your Code Is Doing to SQL Server – Kevin Boles

Day 1, 6 Aug 2018

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Kevin Boles

Executive Summary

  • Handful of specific examples of ways that you can end up with poorly performing SQL Server queries
  • Improper use of Entity Framework sometimes to blame
  • Always pay attention to exact T-SQL that is being used



  • Recommend 192GB on server, go beyond max memory (128GB)
  • In memory OLTP now down in standard edition
  • SQL Server 2016–It Just Runs Faster
    • Good blog posts on performance improvements
  • Get on 2016 or 2017


Entity Framework is tool that simplifies, but lower performance

  • Can be very productive
  • Several traps, easy to fall into
  • Other ORMs have similar problem


Being too greedy with rows

  • EF exposes objects without knowing values
  • E.g. pull data out to list, when do Where clause on the list
    • Pulls entire table before filtering
  • Do filtering on SQL Server
    • Provided that you ave the proper filter
  • Or could bring back to IQueryable


N+1 Select Problem–minimize trips to DB

  • ANTS performance profiler
  • E.g. One query to parent entities, 2nd query for each child to get related entities
  • Round-trip for each child query
  • Lazy Loading
  • “N+1 select problem”
  • If you know you want child data ahead of time, do the original query to include it
  • Use Eager Loading
    • .Where, .Include
  • Make sure that you really need them
  • Don’t do aggregation in client–do it in SQL Server
  • E.g. if we’re just counting child objects, do it with aggregate function in SQL Server
  • Don’t iterate and don’t get data that you don’t need


Being too Greedy with Columns

  • E.g. pull all Pupils from school, then iterate to dump out certain stuff
  • Selecting all columns when you just need subset of columns
  • EF doesn’t know what columns you want
  • Causes two problems
    • More data than we need
    • Impossible to index, since we pull everything back
    • If acceptable, can be faster because you don’t wait for confurrent transactions
  • If you’re pulling all columns, you’re locking entire table for the length of that query
  • Select new to just get you want


Mismatched Data Types

  • If data types don’t match, even simple queries can perform poorly
  • E.g. search for entities with particular zip code
  • Dev system should match prodution system in terms of scale
  • Find query runs fast, EF runs very slowly
  • Query plan warning
    • Function on a column in a WHERE clause
  • Column in database is VARCHART, but .NET has string, which is UTF16 Unicode
  • SQL Server does
    • INDEX SCAN of every zip code
    • Big I/O cost
    • Then converts the data–CPU hit
    • Optimizer can’t do prediction because  data is different than what’s in the index
  • Solution
    • Edit model to tell EF to use VARCHAR, using column annotation
    • In code, attribute
  • Do not let EF create models, code-first



  • He recommends not using one



  • 3 things to remember about stuff on internet about SQL Server
    • Who wrote it
    • When was it written
    • Does it apply to my system
  • ADO.NET Parameterized Queries
  • AddWithValue–get rid of this


Overly Generic Queries

  • Allowing searching on multiple fields
  • So we construct one query, where clauses for each search field
  • == null or matches
  • IS NULL OR stuff gets into query
  • Bad because it builds query plan just once for all the possible search combinations
  • Always runs same query plan, no matter what you search on
  • Can’t do a seek on index
  • Options
    • Stored procedure — Gail – “catch all queries”
    • Conditionals in EF side, exclude clauses
    • Make SQL Server recompile plans each time–from within EF. Sometimes good
    • Could write interceptor, option(recomiple)


Bloating the plan cache

  • Reuse of execution plans often a good thing, avoid regenerating plan
  • In order for a plan to be reused, the statement text must be textually identical, wihch as we just saw, is case for parameterized queries
    • Ad-hoc workloads


Skip / Take

  • Next time we run query, we get different query plan
  • Enable SQL Server setting ‘optimize for ad-hoc workloads ‘
    • Less aggressive at caching plans, generally a good thing
  • EF6, pass in lambdas
    • In SQL, values are paremetrized, so we don’t recreate cache plan


Inserting data

  • EF will run separate INSERT statements for every row being added
  • Not good if you have to insert a lot of data
  • Can use EF.BulkInsert or use EF 7 (has this out-of-the-box)


Code First, Performance Last

  • Never allow your code to create your storage constructs
  • (He means–code-first used to refresh database object)


Other Potential Issues

  • Improper use of IN clauses
    • >16 clauses in IN clause if bad
  • Correlated subqueries instead of JOINs
  • Parameterized queries with parameters defined to be length of data they contain
  • Chatty apps
  • Security conerns
  • Increased IO and app bloat due to asking for too mcuh data


That Conference 2018 – Finding Your Way to a Microservices Architecture

That Conference 2018, Kalahari Resort, Lake Delton, WI
Finding Your Way to a Microservices Architecture – Dana Hart

Day 1, 6 Aug 2018

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Dana Hart
Northwestern Mutual

Executive Summary

  • Lots of good reasons for re-factoring monolithic application as microservices
  • Architecture has multiple micro SPAs talking to multiple microservices


Monolithic application

  • Browser
    • UI / Business Loic / User Logic
    • Databases
  • One application on single platform
  • Drawbacks
    • Maintenance
    • Hard to test
    • Longer deploys
    • Longer downtimes
    • Doesn’t scale
  • How we got there
    • Probably started out small
    • Features have been added


Scaling the mono

  • Development–multiple teams in one repo
  • Continuous Deployment – updates = outages, higher risk
  • Increased Transactions – ru nmore copies of application?  Scale out metal?
  • Is this good enough? Working?


Frustration is an important part of success


Software microarchitecture

  • Set of patterns used together to realize parts of a system
  • Building block for piecing together cohesive portions of an overall architecture



  • Structure application as collection of loosely coupled services
  • Enables continuos delivery and deployment of large, complex applications



  • UI talks to various microservices
  • Each microservice talking to one database


Reasons to convert

  • Decomposes complexity
  • Developed independently
  • Deployed independently
  • Scaled independently
  • Smaller deploys
  • More frequent deploys
  • Lower deployment risk


How to start

  • Find piece that can exist independently
  • Don’t just convert, but re-factor


REST review–constraints

  • Uniform interface
  • Client-server
  • Stateless
  • Cacheable
  • Layered system
  • Code on Demand


Define your subdomain


REST review

  • Sensible resource names
  • XML and JSON
    • Recommend JSON over XML
    • Easier to consume by browser
  • Fine-grained resources
    • Simple resources that you can apply CRUD to
  • Idempotence
    • Get same response every time if inputs are the same
  • Safety


Micro SPAs

  • Take original monolithic UI
  • Split into separate pages, each being a SPA
    • /store
    • product
    • /order


Deployment Patterns

  • Multi service instances per host
  • Service instance per Host / VM / Container
  • Serverless deployment
  • Service deployment platform
    • Automated infrastructure


Move everything to cloud


Reverse proxy

  • URL goes thru reverse proxy (external request)
  • Look up services, find target address
  • E.g. use NGINX


API Gateway

  • SPA Containers send requests
  • To API Gateway
    • Could implement security
    • Load balancing
  • Farms out to API Containers


Micro Application platform–diagram

  • Request
  • Reverse Proxy
  • SPAs
    • Can talk to one or more services
  • API Gateway
  • Services
  • Databases


At end

  • Multiple SPAs
  • Multiple services
  • No deployment downtime
    • Pre-production environment
    • Kubernetes handles this




Q: When do you decide to create an API that might combine logic from two sub-domains?

A: We wouldn’t combine the services, but let the UI do the model translation between the two services. But sure, you could add a service that aggregates data from multiple services.


Q: How do you handle versioning?

A: Many opinions around versioning. We have pattern of “v1”, “v2” in front of API. “No breaking changes” unless it’s a major version chance.


Q: How do you decide what goes in what database?

A: We still have one large database. If the entities have relationships, we’d be hesitant to split them out.


Q: How do you manage to get common look/feel across the SPAs

A: It’s not easy. We had designers to create common UI Sketch components. Then devs create UI framework around these common elements. Partnership between Engineering and Design.


Q: How did you avoid applying legacy change management techniques (monolithic) to new architecture. Had to educate various teams to demonstrate that we’re now running with lower risk. Dev team “owns” the result of a deployment, responsible for it. We use New Relic for monitoring.


Q: We have 3rd party integration with a service that is not stateless.

A: Sometimes you do get stuck with a vendor’s implementation. Could give examples to vendor of what work better for you.


Q: Where do you pull stuff from multiple services together?

A: We do it in UI layer, model translation, pulling stuff together.