That Conference 2018 – An Extended Explanation of Caching

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
An Extended Explanation of Caching – Tom Cudd

Day 3, 8 Aug 2018 2:30 PM

Disclaimer: This post contains my own thoughts and notes based on attending That Conference 2018 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of the speakers.

Executive Summary

A number of places where you can do caching
Various tools for various places
Really all about 1) populating, 2) invalidating

Caching examples

Network tab in browser, pages from memory or disk cache
Content from CDN
Special applications – e..g. Varnish
WordPress plugin – specify cache settings for blog

Caching is Like Regex

If you’re not careful, you’re going to have new problems

Application Architecture

“Christmas tree” showing server, cache servers, CDN, load balancers, etc.

Problem

Caching solves one problem–performance
3-sec rule: user leaves if something takes longer than 3 secs
- 40% of users leave

Another reason

Buy some time
- e.g. before application crashes
Cost-benefit analysis–caching costs vs downtime

Measure First

User metrics
Load times
Site no crashing every 5 minutes
S.M.A.R.T. Goals – specific measurable achievable relevant time-bound

How to Not Suck at Caching

Caching is additive
- Can’t just throw caching onto server that’s already overloaded
Don’t over-engineer
- Use the simplest solution that satisfies the requirements
Measure, change, test, measure

Caching Doesn’t Help

Oversaturation
- Network hardware
- Thread death–“virus”, creating multiple threads for each request
Thundering herd
- If you get large number of initial requests, a large number of them go all the way back to server, since it takes a little time to cache the data
Lack of information
Bad decisions

End Users

Browser Caching

Setting request headers–page tells browser to cache a page
Requires a hit to operating system
Unique naming
- Rename an assets to force download of long cached object

Set with Web Server

E.g. est cache-control for certain pages

External/Edge Services

CDN – Content Delivery Network
- Point your URI to 3rd party server
- They then pull files, as needed, from your server
Most big sites on the web run on CDN
Improve page load time
- Serve request from server that has shortest travel time to client
High availability
- Cached data could still be present even when your origin server hiccups
Can maybe buy CDN servies at lower cost than scaling out actual servers

CDN Features

Setting TTLs, other configs based on extension
Region, language routing
Mobile detection
WAF/Security
- Applications can do double duty–firewall + CDN
- DDOS protection

CDN Providers

Cloudflare
Incapsula
Cloud providers
Akamai
Fastly

Akamai

Match file extensions
Honoe cache control of origin
Can have configs for some stuff on your server

Measure and Test

Your Systems

Don’t over-engineer–get strange results
Spin up different instance if you need different purpose

Varnish

Separate servers
Both memory and disk paging

Web/App Layer

Baked vs fried
- Building on demand vs preloading cache
- Cache gen’d on demand when request hits (fries)
- Preload cache ahead of time (baked)
Disk vs memory

Products

Adobe Experience Manager
Sitecore
- Prefetch, data, item, html caches
Drupal
- Performance caching (SQL queries stored)

Output Caching

IIS- – generate on request

App/Data Layer

Reducing database calls
Reducing API calls

Ehcache

Java based applications
Memory or disk

Memcached

In memory, key/value store
Reduce database load
Not synchronized
Scalable separately

Let’s Not Fight

Not worth arguing about which is better
Memcached, Redis, Mongo
All are good

Database

Redis
Firebase
Stored procedures – reduce network bandwith by calling short sproc rather than sending long query

Challenges

Invalidating stale data

Caching Procedures

Only two things you’ll really need to do with caching
- Populating
- Invalidating

Debugging, need to remind people to clear their cache

[Sean] But should users have to worry about this? If you need to have them clear cache, then something’s not working properly

Populating Caches

Pull based – cache tool pulls from your server
Push based – your code has to push out data to the cache

Cache clearing

Staggered approaches
Clearing individual items
Using APIs and automation

That Conference 2018 – Securing Your ASP.NET Core Applications

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
Securing Your ASP.NET Core Applications – Cecil Phillip

Day 3, 8 Aug 2018 1:00 PM

Executive Summary

Quick review of authentication pipeline
Various options for authentication

ASP.NET Core 2

Cross platform web framework
Targets .NET Standard 2.0
Introduces Razor Pages
SignalR Core available
ASP.NET Core 2.1 out now

Middleware Pipeline

diagram

Application Startup

Startup.cs
Configure takes IApplicationBuilder, IHostingEnvironment
app.UserXyz, app.UsePdq
The order of middleware matters

HTTPS

In VStudio, two servers
- IIS Express
  - Enable SSL in properties
- Kestrel – cross-platform
  - Have to use .NET CLI tool
  - dotnet dev-certs https –trust
  - Generates self-signed cert that’s automatically trusted
  - This cert doesn’t appear in cert manager
  - MMC – add snap-in, Certificates snap-in, My user account
  - Now looking at certs for the current user only
  - Now you see the dev cert that we just created
When you run, you fire up 2 endpoints–HTTP, HTTPS–that it’s listening too
Remove cert
- dotnet dev-certs https –clean
Do not use this dev cert in production
- Only for local development

Authentication

Many options, i.e. middleware
- Cookies
- Twitter
- Google
- JWT Tokens
- Facebook
- OpenID Connect
- Microsoft Accounts
- Custom
- Windows

Cookie Authentication Demo

In ConfigureServices, services.AddAuthentication
.AddCookie
In Configure, do app.UseAuthentication
- Need to do this before UseMvcWithDefaultRoute
Mvc is a “terminating middleware”–stuff after it won’t run
Controller code
- Login action, with LoginViewModel
- Create ClaimsIdentity with a Claim
- Pass in to HttpContext.SignInAsync
Back in ConfigureServices
- .AddCookie takes opts with authentication events
- We can handle various events as part of pipeline
  - Kick out existing logged in user

Twitter Authentication Demo

.AddAuthentication, AddCookie, AddTwitter (pass in client ID and secret)
Still just do app.UseAuthentication in Configure

SecretManager

Manage user secrets
Lives in app profile
JSON data with different secrets, e.g. Twitter-ClientSecret
(or) dotnet user-secrets
Roaming, so it will synch across profiles
BuildWebHost doesn’t do anything special to get secrets info
Configuration passed in to Startup (DI)
- You can just ask it for secret, with [“xxx”]
In production
- In Azure, have Azure key Vault
- Can also create certificates
- In application, you can specify Azure Key Value as a source of configuration
- builder.AddAzureKeyValue (off .ConfigureAppConfiguration, in BuildWebHost
- Register your app with Azure Key Vault–and perms, what can you do
- Also supports versioning of secrets
What to put in Azure Key Vault
- URL of SQL Server, web server URI
- Connection strings
- Secrets
You need secret to talk to key vault??
- Yes, ID/Secret, hard-coded
- OR create cert, associate with app in Azure App Services
You “compose” configuration
- Settings come from various places

ASP.NET Identity

User management framework
Get bunch of stuff out of the box
Register
- E-mail, password, Register button
Identity using EF, which uses migrations to ensure database is what you expect
You get Manage User feature
Authenticator app support
- Little app on your phone to do 2-factor
Associate Google Authenticator app on phone to your application
Scan QR code with your phone, get #, enter that number
Also gives you recovery codes, for account recovery
- You use one at a time and that code becomes invalid

Azure AD B2C

Create tenant, then go to that tenant
Register applications for that tenant
Identify providers
Can see users
Add to application (AD B2C)
- New Project, Change Authentication
- Individual user accounts – ASP.NET Identify
- Individual user accounts, Connet to existing user store in the cloud
- Add info for AD B2C, get domain name
- Enter application ID
- Reply URL–can default to localhost
- Sign-up or Sign-in Policy–create one in Azure, give it name
  - Can have one or more policies for your application
  - E.g. E-mail sign-up
  - Application claims (in policy)
Run application that uses AD B2C
Login / signup, you go out to AD B2C page on Azure
- E-mail verification code
- Additional metadata fields, e.g. Job Title
User profiles in Azure, after they sign up

In code

User.Identities.First().Claims — a bunch of key/val pairs

Resources – https://cda.ms/BG

That Conference 2018 – Tips & Tricks for a Successful Android Application

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
Tips & Tricks for a Successful Android Application – Jorge Coca

Day 3, 8 Aug 2018 10:30 AM

Executive Summary

History of Android
Some cross-platform options (code sharing)
Some specific notes on Kotlin

Success?

App being used

Android was originally an OS for cameras

Not for smartphones
Google acquired Android to do a smartphone

History

Cupcake, Donut – Apr 2009
- Linux kernel
- Java, Eclipse ADT
- Main widgets & SDK components
- Gesture framework
Eclair, Oct 2009
- Multi account
- Bluetooth
- Multitouch
Froyo, May 2010
- Chrome (engine for web views)
- Push notifications
- Flash, GIFs
- Improved market
Gingerbread, Dec 2010
- NFC
- Improved UI
- Support for front camera
- Nexus One
Honeycomb, Feb 2011
- Big milestone
- Optimized for tablet support
- Holo interface
- Welcome Fragments (nobody likes them)
Ice Cream Sandwich, Oct 2011
- Holo for phones
- Major update of the OS
- Editor’s choice
Jelly Bean, Jun 2012
- Performance
- Support library
- Dev focus on quality (tools)
KitKat, Oct 2013
- Refreshed interface
- Android Wear
- Nexus 5
- Android Studio
- Gradle – build tool
Lollipop, Nov 2014
- Material Design – layers of paper
- Dalvik
- WebView distributed over PlayStore
- Dev focus on performance
- Android One
Marshmallow, Oct 2015
- Android for Work
- Doze
- Fingerprint
- Runtime permissions
- Batter optimizations
Nougat, Aug 2016
- Android beta
- Daydream – VR
- Multiwindow support
- Picture in picture
Oreo, Aug 2017
- Kotlin
- Architecture components
- Focus on modular architectures
- Adaptive icons
- Android Go (evolution of Android One)

Market Share

2015, Android nearly 80% of smartphone market

Challenges (in order to be successful)

Clear goals and expectation
Invest your time and energy where it matters
Build for everyone – i.e. international
Crowded market. Be original
Be the first.. or be the best

Goals and expectations

Research your market
Measurable goals
Realistic exxpectations
Indie vs. small shop vs. corporation
Functionality vs design.. (or both)

Invest your time and energy where it matters

There’s cloud
And devices–iOS, Android
Don’t do the same work multiple times, i.e. across multiple devices
Cloud is the common layer–use it
Dedicate efforts to the main use case of your app
What can you share between iOS and Android?

Cross platform

Easiest: WebView
- Security hole
WebView with native bridge: custom, Ionic, ..
Xamarin
- Business logic in shared library, shared across devices
- Xamarin works
Kotlin Multiplatform
- Similar to Xamarin–business logic written just once
ReactNative
- Widgets
Flutter

Android native

Stop using Eclipse
- Android Studio has better tools, better effort
Stop using Java

Kotlin

Better develop experience
Interop with existing Java
Null safety
Google working on “Kotlifying” APIs
Easer to do more complex things
Don’t force unwrap (ignore null check)
Default parameter values–no need for factory constructors
Sealed classes to express more complex enums

Kotlin Tips

Data classes are your friends
Easy singletons with object
Synthetic extensions to avoid boilerplate

Android

The smaller your Activities are, the better
The smaller your Fragments are, the better
The smaller your Services, the better
Remove business logic from SDK components
MVP, MVVM, VIPER, RIBs
Only use libraries that make you feel comfortable
Do not overuse libraries
The smaller your APK is, the better (code for everyone)

That Conference 2018 – What’s New in C#7

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
What’s New in C#7 – Jason Bock

Day 2, 7 Aug 2018 4:00 PM

Executive Summary

Brief review of history of C# versions
Lots of good new stuff in C# 7
Importance of C# and .NET now being open source

Language Evolution

C# – 2002, .NET 1.0
v1 – classes, evenst, properties
v2 – generics, partial types, anonymous methods, nullable types
v3 – LINQ, implicit types, extension methods, lambda expressions
v4 – dynamic binding, embedded interop types, named arguments
v5 – async/await, caller info attributes
v6 – Roslyn, exception filters, await in catch, auto prop initializer, default values for getters, expression-bodied members, string interpolation, null propagator, nameof
v7 – out variables, tuples, local functions, binary literals, ref returns/locals, throw expressions
v7.1
v7.2
v7.3

.NET Foundation

Foster open source development
Everything in .NET is now open source, on github
Contributors from both inside/outside MIcrosoft

.csproj file

Can target LangVersion, or latest

Binary digits, digit separators

Underscore in integer constant is separator–doesn’t do anything
Can do one or more underscores anywhere you like
0b – binary literals

Local functions

Declare functions within functions
Compiled as private methods, so performance is the same as private methods

Out var

Replaces big try/catch block
Or TryParse
3rd way in C# 7 – declare out var directly in method call

Ref Returns and Locals

Copy semantics for structs
Traditional list, indexer returns element, copied if element is value typed
Indexer can use ref keyword to pass element back by reference
- For value typed objects, you get a reference to the value-typed object
Far faster (if elements are large)
Where you assign the element, you also use ref keyword

Pattern Matching

Using switch statement
Pass in parameter of parent type, then case on child type
Can also add when clause to trigger on stuff specific to that subtype
default case can be anywhere
case null

Tuples

Not Item1, Item2 syntax from v5
Lets say that you want to pass two values back out of a function
public (int, int) ReturnTwoInts() { … }
Maps to ValueTuple, which has Item1, Item2, etc.
Can do named values
public (int x, int y) ReturnTwoInts
- Can now ref result.x, result.y
Calling it
- (var x, var y) = ReturnTwoInts()
Can use _ to indicate you don’t care
Deconstruct method – pull data out as tuple (?)
Can use tuples as concrete types in generics
Assign multiple properties in a single line of code with a tuple

ValueTask<T>

Task is a reference type, but you might want a value-typed task for performance
ValueTask<T> is just a struct that does everything that a Task does
You’d use this only if you really need the added performance

Expression bodied members

Define wherever you like, not just read-only properties

[C# 7.1]

async main method

Default literals

Instead of default(int), you can infer the type of the default
So just use default keyword, type is inferred

[C# 7.2]

readonly struct

Spans

Look at chunk of memory
“Safe” way to read/write direct memory
e.g. “11,22” .AsSpan()
.Slice instead of Substring
No allocations
More performant

Constraint Generic

To enum type, to delegate type
where T : Enum

Compare Tuples

Equality semantics is correct

Backing field not serialized

On auto property, do [field: NonSerialized]

Future Directions

Ranges – foreach, in 5..10
Default Interface Methods – default implementation for a method on an interface
- Looks odd
Nullable reference types
- Have to opt-in, to avoid breaks
- Once opt-in, MyClass mc would be non-nullable
- Have to do MyClass? to get nullable
- n!.Length – don’t worry about null-check
async streams – async enumerator
Generic attributes – e.g. [MyAttribute<int>]
Records and with expressions
Shapes and extensions
- Mads T
- Extensions everywhere – e.g. properties

Questions

Q: Isn’t this scary / dangerous? What is the main use case?

A: Multiple return values, e.g. int.Parse that is more elegant because it returns multiple things. Helps to avoid defining little objects designed just to pass data around between methods

That Conference 2018 – WebAssembly: The New EndGame?

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
WebAssembly: The New Endgame? – David Pine

Day 2, 7 Aug 2018 2:30 PM

Executive Summary

WebAssembly allows writing high-level source code and compiling to a binary format that runs in execution engine on the client
Allows doing C#, for example, in browser
Blazor works with Mono to allow .NET on client, including Razor syntax

Wat?!

Engines for WebAssembly

What

Binary instruction for a stack-based virtual machine
Binary
- AST (Abstract Syntax Tree)
- Stored as binary
Stack-based
- Pushing and Popping onto stack

Today

Binary execution format for web

Future

Mobile and IoT

Wasm

Portable target compilation of high-level languages
For C, C++, C#, Rust, Go

Example

Compile C#, target WASM, you get binary file
File can run in your browser

Demo

Game
In browser debug, you see demo.wasm and not much else

Chrome has it

What about other platforms?
Big movement, WebAssembly now supported everywhere
W3C – World Wide Web Consortium

Text Format (.wat)

There’s a text-format human readable version of the final assembly
Hard to read, since it’s really the compiled output

What it is not

Not assembly-level CPU-specific machine code
- Doesn’t run on the CPU but runs in browser’s execution engine
- But you get near-native performance, since it’s close to the metal
Not a 3rd-party plugin
- WebAssembly runs in same sandbox as JavaScript
Not versioned
- Backwards-compatible
Not JavaScript replacement
- WA plays nicely with JS
Not a programming language
- If you hand-coded .WAT files, it would be
- But it’s really just a format or compilation target
Not the ideal tool for every web project
- Different tools, e.g. JavaScript, C, to do HTTP request

Emscripten

Tool for compiling to WASM

Demo: Emscripten

emcc
Takes C source file as input (e.g. hello.c)
Target WASM
Run output in browser–we get console output in the browser

WASM Explorer / Fiddle

Call WASM assembly from JavaScript

Use Cases

Games, rich client, etc.

Hanselman interview of Steve Sanderson

Web development has been constrained because everything has had to be in JavaScript
Web development will be able to grow up and mature a bit

My interview with Sanderson

Give developers a wider choices of languages and platforms
Industry healthier if multiple paradigms catered to

How

Mono Runtime
- Cross-platform .NET runtime
- Using it now for Blazor

Blazor

Browser + Razor
Experimental project at the moment
Not yet a committed product

How Blazor works

Dev time
- C# / Razor source files
Runtime in browser
- mono.wasm – WebAssembly binary executed natively
- Browser APIs – visible DOM, HTTP requests, etc
- YourApp.wasm – WebAssembly version of your library

Demo – Blazor

bit.ly/BlazingChuck
Project template in VStudio
ASP.NET Core Hosted
You get Client stuff and Server stuff, as well as Shared stuff
Shared library has web objects shared across server and client
Template gives you a simple multi-page web site with a few things
Fetch some data, click a button, etc.
Server has controller that returns some basic data
Razor syntax that turns into HTML
Inject HttpClient into component on client

Look at code for Blazor

Debug C# code in browser
- Hit breakpoint after interacting with something in the browser
Program.cs with main entrypoint
CreateHostBuilder
Wire up various services
Add component (app)
Standard markup with Razor binding to C# object (model)

Other debugging

Currently not pre-compilation, but running in interpreted mode
Full-on .NET DLLs on client, e.g. mscorlib
For small app, we’re at 3.5 MB
But this will get optimized

Mono.wasm – is the .NET runtime running in a WebAssembly

Resources

https://blazor.net

With Unity, can target WASM

Unity in browser

That Conference 2018 – Design Patterns: Not Just for Architects

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
Design Patterns: Not Just for Architects – Jeremy Clark

Day 2, 7 Aug 2018 1:00 PM

Executive Summary

There exist lots of design patterns that have been defined
We already use many of these without realizing it
Worth learning them–helps in communication
Examples of several patterns in C#

Goal: We’re already using design patterns, so worth putting a name on them

What are Design Patterns?

(Christopher Alexander quote)
Describes solution in a way that you can use it over and over again

Gang of Four book (GoF)

Gamma, Helm, Johnson, Vlissides
“Serious developer” needs to have this
Still relevant? Yes
Examples in C++ and Smalltalk

Anatomy of a Design Pattern

Pattern Name
- Unique way of referring to pattern
Problem
- Problem that occurs over and over again
Solution
- “Core” of the solution
- Example implementations are not solutions
Consequences
- Pros and cons
- Things to watch out for

GoF Patterns

23 different patterns
Categories
- Creational
- Structural
- Behavioral
Book is a bit academic
- Go through it at some point in your career
- “You’re not ready for it yet”

Good starting point

Head First Design Patterns – Freeman, Freeman
Covers 12 of the GoF patterns
- Same descriptions
- Just explains it in a more approachable way
Examples in Java
- But pretty general, so ok
- Online, translations into various programming languages

Why Should We Care?

These are well-described solutions
Shared vocabulary
- Easier to talk with other devs
Concise language
- Quicker/shorter to just mention the pattern, rather than describing it in detail
Think in design rather than implementation
Encourage other developers to learn patterns

Observer pattern

When object changes state, dependent objects notified automatically
Publish-subscribe relationship

Real World Observer

Twitter – someone tweets, subscribers are notified

Implementation of Observer (C#)

Event handlers on button
This is ubiquitous in C# and in frameworks
Problem => Pattern => implementation of the pattern
- E.g. pubsub => Observer pattern => event handlers
Prism, event aggregator
- Publisher, subscribers don’t know about each other
.NET 4.0 – IObserver<T>
Consequences
- I don’t know how many times I’ll be notified
- Don’t know how frequently I’ll be notified
- Don’t know if we’ll ever be notified

Iterator Pattern

Access elements of object sequentially without knowing about implementation of the thing
Get next item, stops at end
Real-world: Channel up button on TV Remote
In C#, foreach loop uses the iterator

Implementation of Iterator (C#)

Get List<T>, case to IEnumerable<T>
IEnumerable<T> says that object supports get next element (foreach)
All collections in .NET implement IEnumerable<T>
Nice that this is built into .NET (C#)

Facade Pattern

Unified interface for a set of interfaces in a sub-system
Higher-level interface makes things easier to use
Wrap complex stuff in simpler API

Real World Facade

Universal remote control wrapping access to multiple devices

Facade Implementation

foreach loop is also an example of facade
GetEnumerator
while (enumerator.MoveNext()) … do something with enumerator.Current()
foreach is a nice wrapper around this
Consequences
- We might lose functionality that lower level stuff has
- E.g. foreach doesn’t give access to Reset() method

Chain of Responsibility

Avoid coupling sender to receiver
Giving more than one object a chance to handle the request
Pass request along thru children until somebody handles it

Real-world example

Tech Support – first line, person asks questions
- If not, passes to next person, more detailed look at your question

Chain of Responsibility Implementation

Throw exception
Catch certain types of exceptions at certain levels in call stack
If not caught at one level, it propagates up to the next level
Consequences
- What is nobody handles the message?

Proxy Pattern

Provide surrogate for another object to control access to it
Example: Power of Attorney
- One person makes another their proxy
Surrogate vs. placeholder
- Placeholder–thumbnail or icon that only loads something when you click it
- Good idea in mobile apps–delay download of some stuff, in case you have slow connection

Proxy Pattern Implementation

Web API service, controller with Get method
Get collection, return via service
Can create proxy service class that can call the service
- HTTP clients
Use the proxy in the same way that you’d treat the original class
Consequences
- Hides what’s really going on with the underlying object

A Million Implementations

Use over and over

That Conference 2018 – Launching with Now, Next, and React

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
Launching with Now, Next, and React

Day 2, 7 Aug 2018 10:30 AM

Executive Summary

Summary of tech stack used at Northwest Mutual and on Nicholas’ personal project
Recommend combination of micro services and micro apps
Koa vs. Express
Use Next?

Micro-Service vs. Micro-App

Micro-Service

Encapsulate business logic
Encapsulate persistent data
Reusable, stand-alone solution
Not always a 1:1 relationship between micro-apps and micro-services
Independent
Tidy, clean

Micro-App

Client facing code
May call mlutiple micro-services for data or computations
Handle interactions and specific complex problems
Aggregates inof from multiple services

The Tech Stack

Node
- Released support for async/await
Koa – “fix” Node; minimal lib as extraction of HTTP module of Node
- Solves same problem as Express
- Promises, async/await
- Now at Koa 2–far less confusing than Koa 1
- Choice for micro-service
- Avoids “callback hell”
- Choice: Express vs Koa
Express – augmentation for node that allows setting up simple server
- Can end up “callback hell”–messy callback architecture
PostgreSQL
React
Next – like React, but SSR a bit differently than React does SSR
- Also bundled with some “auto magical” elements
- Good for supporting SEO
Redux – state management tool
- Source of truth that feeds application

React

React 16 solved a lot of problems
React portal
- Render a component and drop it somewhere else in your application
- Specify what to render, where to render it
Fragment
- Can return multiple components (e.g. HTML elements)
- <React.Fragment>
- Could return several table columns, not wrapped in <div>
Context API
- Have state that’s inherited down with component hierarchy
- Avoid passing things down the tree

Next

Recent update that took advantage of all of React 16
Does things “auto-magically”, secretively, just works out-of-the-box
You call next command; it fires up server, automatically does various things
No longer have to explicitly import React into any of your components

Decisions – Handling Server Requests

For API used Kora – conceived for and caters to async/await funcs
For apps, used Express
Subtle differences between the two
- Express is lower barrier to entry
- Tons of tutorials out there
Most differences deal with middleware
For middleware-heavy apps, Koa better

Decisions – Rendering

Client-side vs. server-side
If SEO is concern, server-side might be simpler to roll out
Server-side rendering opens the door to some PWA setups (Progressive Web App)
Client-side rendering makes SEO harder
For server-side: React vs Next?
Anxiously awaiting React’s async rendering
Went with Next

Decisions – State Management

There are many options, and tons of patterns
Redux vs MobX vs others
- MobX worth a look if you’re starting from scratch
Meiosis Pattern
Context API (in React)

ThinkMinded Architecture

Micro Service (just 1)
- Node, Express
Micro App
- React, Next, Node, Express
Has mindset of allowing others to consume our data
- So micro service is a standalone API

Micro App Architecture (ThinkMinded)

Redux
Redux store has sequence
- Action => Dispatcher
- Reducer
- State
- => Back to GUI

Engineering – React

Engineering – React / Redux

Engineering – Next / Redux

Similar to above, but don’t import React
Biggest difference, package.json changes, use next commands to do everything
Next uses Webpack
Next automatically creates API, based on file system
Hot module re-loading
Automatically indexes

Deploying with Now

Now is a platform for global deployment
Generates a URL upon deployment (staging)
(vs Gitlab)
- Gitlab for bigger teams
- Now has nice CLI
Staging can then be aliased to production
Works to deploy Node.js apps and docker powered apps
Preferred for short/small personal projects

That Conference 2018 – Correcting Common Mistakes When Using async/await in .NET

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
Correcting Common Mistakes When Using async/await in .NET – Brandon Minnick

Day 1, 6 Aug 2018 4:00 PM

Brandon Minnick

Developer Advocate, Microsoft

@TheCodeTraveler

https://www.codetraveler.io/THAT-2018-AsyncAwait/

Executive Summary

Helps to know underlying IL that’s generated
Helps to know core task-based objects that async/await use
ConfigureAwait(false) if you don’t need to come back to UI thread
.GetAwaiter().GetResult() instead of await to get synchronous execution

Multi Threading

e.g. ReadDataFromUrl
- Our method is async
- does await on DownloadDataTaskAsync
- 1st chunk of code is run by the thread that calls this method
- 2nd thread–calls the Download method
- After await, execution picks up with 1st thread
Typically, first thread, i.e. main thread, is the UI thread
UI thread
- Draws UI on screen
- Rule-of-thumb for executing on UI thread. Because refresh rate is 60Hz, don’t take more then 1/60 sec (17 ms)

Intermediate Language

Compiler generates class for your original method
Implements IAsyncStateMachine
Every local variable from method becomes private field in class
MoveNext method
- Giant switch statement
- $PC keeping track of state
- Also a big try/catch block surrounding everything

Quick Review

async keyword adds 100 bytes
Every async method becomes a class

Await Every Async Method

Non-awaited async methods hide exceptions
Ditto for Task.Run — GetAwaiter().GetResult() will ensure we catch exception

Let’s Fix Some Code

Can’t await in a constructor
- ICommand–made for fire and foreget
- In Execute method, do async lambda with await
- So from constructor, we can call MyCommand.Execute(null)
Never use async void ?
- Not entirely true
- Don’t use async void when not on UI thread
- But on UI thread, if you throw exception from within async void–you’ll catch the exception
So from constructor, call Initialize(), which is an async void and can do the await
NEVER use .Wait
- Blocks calling thread entirely
- Doesn’t unwrap an exception
NEVER use .Result
Way better method
- GetAwaiter().GetResult()
- Does unwrap any exceptions
- Can get the result from the async method
Note: .GetAwaiter().GetResult() is to be used in non-async method
- In async method, just use await keyword
ConfigureAwait(false)
- By default, you context switch back to UI thread
- But this is expensive–background thread has to wait for UI thread
- Context switch takes time
- When background thread is done, execution stays on that background thread. Does not come back to UI thread
- But note that you do need to come basck to UI thread if that method does some stuff with the UI, e.g. modify a control
ConfigureAwait(true)
- This is the default, equivalent to not having ConfigureAwait() there at all
Don’t call .Result
- Replace with await that method call to get the result directly
Special case, returning await something that returns Task<>
- You can return the task directly, rather than awaiting it, then doing async on the method
- Look for “return await”
Exception to this rule
- You should await if you want to catch exception in method that you’re calling
- So you could argue not to every do that trick

Async/Await Best Practices

Never use .Wait or .Result
- Use await keyword
- Or .GetAwaiter().GetResult()
Fire and forget tasks
- Use ICommand
- (or) async void (if you know you’re going to be on main thread)
Avoid return await
- Remove async keyword
- Except in try/catch blocks or using blocks
Utilize ConfigureAwait(false) as much as possible
- In methods that don’t touch the UI

Xamarin University

Various course, e.g. CSC350: Using async await

That Conference 2018 – API Design Isn’t Just Nouns and Verbs

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
API Design Isn’t Just Nouns and Verbs – Keith Casey

Day 1, 6 Aug 2018 2:30 PM

Keith Casey

Okta – SSI identity management on the web
OAuth as a service, for Fortune 10 companies
“A Practical Approach to API Design” – Casey

Assumptions

Nothing/nobody is perfect
- Will be attacks against API, some intentional, some not

What Is an API

contract about how two pieces of software interact
- Can have lots of ceremony (e.g. SOAP) or less (e.g. REST)
- REST is not a protocol, but a pattern for interacting with things
How one piece of software talks to another

Application Programming Interface

It’s an interface
We have users of our API
“Don’t Make Me Think” – Krug
- Can apply same principles to API, just like GUI
Stop and think about how API appears to its users

What are we doing now?

Frameworks for creating RESTful services–there are tons
We generally default to some framework for building an API
Typically it just maps tables in database to verbs–CRUD over HTTP
- But we normally don’t want to expose row-based pattern as the API

What is Bootstrap?

Clean, simple UI
Standard, consistent, reusable components
The bane of every UX designer

Why ?

Bootstrap treats every application the same
- Ignores the application, what they use it for, how they use it

GraphQL

Expose additional data from database via API
“GraphQL is the CSV of API Design”
- Ignores requirements, just give them every field and user can choose
Same thing, treats every application the same

What Should We Do Better?

E.g. Anonymous visitor to web site, want to create user account
- ..so that I can see my account balance
Must ask why on user story in order to understand the requirement
- Can then build the right thing, better, faster
The things that we build need to be valuable to users
Developers want to
- Build something useful
- Go home

Think About the Story

What are the choices available to a user at any given time

Steps in Designing API

Identify who uses API
Identify high-level activities
Break down into steps
Create API Definitions
- Prior to this step, it was a business process
Validate API

Identify Participants

List consumers of the API (directly or indirectly)
- e.g. internal or external
Capture a bit about them–location, description

Identify High-Level Activities

Activity–work that produces a desired income, accomplished by one or more participants
- Must understand user’s goals at this point
Activity might have multiple steps
Make note of description, participants

Break Down into Steps

Each step is accomplished by single participant
Step may have stages executed by different participants, but each step maps to single participant
- Watch out for “and” steps–could be multiple steps

Create API Definition

Identify resources (the nouns)
May start to find dependent/nested resources
- And business rules around the relationships
If API user needs to understand database schema in order to use API
- You’re doing it wrong

Resource Relationship

e.g. Movie, Actor, Character relationship

Validate Your API

Ensure that your API will meet the requirements of the users
Walk through each use case
- Individual steps in use case on notecards
You document how many activities need each API action
- Helpful to know how widely used each endpoint is
- Correction–each activity has steps, each step on a notecard; document which activities each step needs to be a part of

Validation Options

Compare API capabilities against UI wireframes
Build simple mock interfaces in a micro-framework
Write example code showing how to use it
- Mock API, Happy JS?
Write end user documentation

What Should We Avoid?

Don’t assume we know all the use cases
- e.g. multi-tool that has everything

Don’t collect or share extra data

Combridge Analytica
Why should people share this information?
How might a bad actor use this information?

Don’t Leak Your Own Data

E.g. giving user an incremented customer ID
What can someone tell by using your API?

Don’t Roll Your Own Encryption

Use an existing library
No, no, no don’t do your own encryption

That Conference 2018 – Know What Your Code Is Doing to SQL Server

Posted by Sean

hat Conference 2018, Kalahari Resort, Lake Delton, WI
Know What Your Code Is Doing to SQL Server – Kevin Boles

Day 1, 6 Aug 2018

Kevin Boles
TheSQLGuru@gmail.com

Executive Summary

Handful of specific examples of ways that you can end up with poorly performing SQL Server queries
Improper use of Entity Framework sometimes to blame
Always pay attention to exact T-SQL that is being used

Miscellaneous

Recommend 192GB on server, go beyond max memory (128GB)
In memory OLTP now down in standard edition
SQL Server 2016–It Just Runs Faster
- Good blog posts on performance improvements
Get on 2016 or 2017

Entity Framework is tool that simplifies, but lower performance

Can be very productive
Several traps, easy to fall into
Other ORMs have similar problem

Being too greedy with rows

EF exposes objects without knowing values
E.g. pull data out to list, when do Where clause on the list
- Pulls entire table before filtering
Do filtering on SQL Server
- Provided that you ave the proper filter
Or could bring back to IQueryable

N+1 Select Problem–minimize trips to DB

ANTS performance profiler
E.g. One query to parent entities, 2nd query for each child to get related entities
Round-trip for each child query
Lazy Loading
“N+1 select problem”
If you know you want child data ahead of time, do the original query to include it
Use Eager Loading
- .Where, .Include
Make sure that you really need them
Don’t do aggregation in client–do it in SQL Server
E.g. if we’re just counting child objects, do it with aggregate function in SQL Server
Don’t iterate and don’t get data that you don’t need

Being too Greedy with Columns

E.g. pull all Pupils from school, then iterate to dump out certain stuff
Selecting all columns when you just need subset of columns
EF doesn’t know what columns you want
Causes two problems
- More data than we need
- Impossible to index, since we pull everything back
SELECT WITH NO LOCK
- If acceptable, can be faster because you don’t wait for confurrent transactions
If you’re pulling all columns, you’re locking entire table for the length of that query
Select new to just get you want

Mismatched Data Types

If data types don’t match, even simple queries can perform poorly
E.g. search for entities with particular zip code
Dev system should match prodution system in terms of scale
Find query runs fast, EF runs very slowly
Query plan warning
- CONVERT_IMPLICIT
- Function on a column in a WHERE clause
Column in database is VARCHART, but .NET has string, which is UTF16 Unicode
SQL Server does
- INDEX SCAN of every zip code
- Big I/O cost
- Then converts the data–CPU hit
- Optimizer can’t do prediction because data is different than what’s in the index
Solution
- Edit model to tell EF to use VARCHAR, using column annotation
- In code, attribute
Do not let EF create models, code-first

ORM ?

He recommends not using one

ADO.NET

3 things to remember about stuff on internet about SQL Server
- Who wrote it
- When was it written
- Does it apply to my system
ADO.NET Parameterized Queries
AddWithValue–get rid of this

Overly Generic Queries

Allowing searching on multiple fields
So we construct one query, where clauses for each search field
== null or matches
IS NULL OR stuff gets into query
Bad because it builds query plan just once for all the possible search combinations
Always runs same query plan, no matter what you search on
Can’t do a seek on index
Options
- Stored procedure — Gail – “catch all queries”
- Conditionals in EF side, exclude clauses
- Make SQL Server recompile plans each time–from within EF. Sometimes good
- Could write interceptor, option(recomiple)

Bloating the plan cache

Reuse of execution plans often a good thing, avoid regenerating plan
In order for a plan to be reused, the statement text must be textually identical, wihch as we just saw, is case for parameterized queries
- Ad-hoc workloads

Skip / Take

OFFSET FETCH
Next time we run query, we get different query plan
Enable SQL Server setting ‘optimize for ad-hoc workloads ‘
- Less aggressive at caching plans, generally a good thing
EF6, pass in lambdas
- In SQL, values are paremetrized, so we don’t recreate cache plan

Inserting data

EF will run separate INSERT statements for every row being added
Not good if you have to insert a lot of data
Can use EF.BulkInsert or use EF 7 (has this out-of-the-box)

Code First, Performance Last

Never allow your code to create your storage constructs
(He means–code-first used to refresh database object)

Other Potential Issues

Improper use of IN clauses
- >16 clauses in IN clause if bad
Correlated subqueries instead of JOINs
Parameterized queries with parameters defined to be length of data they contain
Chatty apps
Security conerns
Increased IO and app bloat due to asking for too mcuh data

That Conference 2018 – Finding Your Way to a Microservices Architecture

Posted by Sean

That Conference 2018, Kalahari Resort, Lake Delton, WI
Finding Your Way to a Microservices Architecture – Dana Hart

Day 1, 6 Aug 2018

Dana Hart
Northwestern Mutual
@dmhart13

Executive Summary

Lots of good reasons for re-factoring monolithic application as microservices
Architecture has multiple micro SPAs talking to multiple microservices

Monolithic application

Browser
- UI / Business Loic / User Logic
- Databases
One application on single platform
Drawbacks
- Maintenance
- Hard to test
- Longer deploys
- Longer downtimes
- Doesn’t scale
How we got there
- Probably started out small
- Features have been added

Scaling the mono

Development–multiple teams in one repo
Continuous Deployment – updates = outages, higher risk
Increased Transactions – ru nmore copies of application? Scale out metal?
Is this good enough? Working?

Frustration is an important part of success

Software microarchitecture

Set of patterns used together to realize parts of a system
Building block for piecing together cohesive portions of an overall architecture

Microservices

Structure application as collection of loosely coupled services
Enables continuos delivery and deployment of large, complex applications

Diagram

UI talks to various microservices
Each microservice talking to one database

Reasons to convert

Decomposes complexity
Developed independently
Deployed independently
Scaled independently
Smaller deploys
More frequent deploys
Lower deployment risk

How to start

Find piece that can exist independently
Don’t just convert, but re-factor

REST review–constraints

Uniform interface
Client-server
Stateless
Cacheable
Layered system
Code on Demand

Define your subdomain

REST review

HTTP verbs–GET, POST, PUT, DELETE
Sensible resource names
XML and JSON
- Recommend JSON over XML
- Easier to consume by browser
Fine-grained resources
- Simple resources that you can apply CRUD to
Idempotence
- Get same response every time if inputs are the same
Safety

Micro SPAs

Take original monolithic UI
Split into separate pages, each being a SPA
- /store
- product
- /order

Deployment Patterns

Multi service instances per host
Service instance per Host / VM / Container
Serverless deployment
Service deployment platform
- Automated infrastructure

Move everything to cloud

Reverse proxy

URL goes thru reverse proxy (external request)
Look up services, find target address
E.g. use NGINX

API Gateway

SPA Containers send requests
To API Gateway
- Could implement security
- Load balancing
Farms out to API Containers

Micro Application platform–diagram

Request
Reverse Proxy
SPAs
- Can talk to one or more services
API Gateway
Services
Databases

At end

Multiple SPAs
Multiple services
No deployment downtime
- Pre-production environment
- Kubernetes handles this

Questions

Q: When do you decide to create an API that might combine logic from two sub-domains?

A: We wouldn’t combine the services, but let the UI do the model translation between the two services. But sure, you could add a service that aggregates data from multiple services.

Q: How do you handle versioning?

A: Many opinions around versioning. We have pattern of “v1”, “v2” in front of API. “No breaking changes” unless it’s a major version chance.

Q: How do you decide what goes in what database?

A: We still have one large database. If the entities have relationships, we’d be hesitant to split them out.

Q: How do you manage to get common look/feel across the SPAs

A: It’s not easy. We had designers to create common UI Sketch components. Then devs create UI framework around these common elements. Partnership between Engineering and Design.

Q: How did you avoid applying legacy change management techniques (monolithic) to new architecture. Had to educate various teams to demonstrate that we’re now running with lower risk. Dev team “owns” the result of a deployment, responsible for it. We use New Relic for monitoring.

Q: We have 3rd party integration with a service that is not stateless.

A: Sometimes you do get stuck with a vendor’s implementation. Could give examples to vendor of what work better for you.

Q: Where do you pull stuff from multiple services together?

A: We do it in UI layer, model translation, pulling stuff together.

Sean’s Stuff

Learning new software development technologies out loud

That Conference 2018

That Conference 2018 – An Extended Explanation of Caching

That Conference 2018 – Securing Your ASP.NET Core Applications

That Conference 2018 – Tips & Tricks for a Successful Android Application

That Conference 2018 – What’s New in C#7

That Conference 2018 – WebAssembly: The New EndGame?

That Conference 2018 – Design Patterns: Not Just for Architects

That Conference 2018 – Launching with Now, Next, and React

That Conference 2018 – Correcting Common Mistakes When Using async/await in .NET

That Conference 2018 – API Design Isn’t Just Nouns and Verbs

That Conference 2018 – Know What Your Code Is Doing to SQL Server

That Conference 2018 – Finding Your Way to a Microservices Architecture