Sorry for the big delay in getting this post out (one word : deadlines), but for both of you who’ve been waiting eagerly for this, here’s my review of day 3 of the QConLondon 2011 conference, unfortunately too late for the QConLondon Key Takeaway Points and Lessons Learned. For me, it was a bit of Mono and a lot of web. I’ll also include a quick round-up of the whole conference.
Keynote : Things I Wish I’d Known / Rod Johnson
A great dose of Dr Seuss philosophy to start the final day as Rod Johnson of Spring Software spoke about his experiences building a start-up, and included some advice that everyone should think about their career from that perspective, to find opportunities. He admitted from the start that this was not a technical talk, and I must admit that although I’ve used Spring.Net in the past, I never paid much attention to the Java world that inspired it.
As the rest of the conference showed, Spring has won the battle of ideas. Dependency Injection is part of the toolbox of every decent .Net and Java developer (and probably many others, but I’ve less experience there), but at the start of Spring, it was a hard struggle : there was a reason there was a gap in the market.
A lot of the talk covered similar ideas to the Pretotyping talk from the previous day, talking about throwing away ideas is easier than throwing away code, and adding that the best way to prove a concept is to try and prove yourself wrong. Mistakes are good, and can be recovered from, so long as the legal side is solid.
There was a lot of advice that seemed to be pitched more to the QCon SF audience, about how and when to pitch for funding (hints : hype is worth more than numbers, and always budget high because it will cost more than you think). It wasn’t a talk I think I would have attended had it not been the keynote, but there were some interesting takeaways, and it’s given me a bigger appreciation of the entrepreneur culture.
Advanced Reflection / Jean Baptiste Evain
This talk from JB Evain was primarily a demo of two very cool tools that come under Mono : Mono.Reflection and Mono.Cecil. There was one very interesting selling point : Mono.Cecil is used by ILSpy – an open source alternative to RedGate’s Reflector Pro. The overall theme was how to treat programs as data, so that behaviour can be changed at run time, and how System.Reflection falls a little short, such as missing support for multi-dimensional arrays.
The Mono.Reflection library consists of a set of extension methods over System.Reflection to add features such as Property.GetBackingField, and also to provide IL dissassembly at runtime.
Mono.Cecil works at the assembly level, providing a full object model for assemblies that works in Mono, .Net, Silverlight, Compact Framework and Windows Phone 7, and can interrogate cross-platform, allowing a desktop app to reflect over a WP7 assembly. There are some restrictions on support for code generated by System.Reflection.Emit() and for signed assemblies, but there was a great demo of the capabilities Mono.Cecil can add to a project, by enforcing an enum restriction on a generic type in a library class, that caused a compile error if a non-enum type was used in client code using code injection to insert IL bytecode into the compiled library. He then went one better with a preview of Milo, which used expression trees rather than IL to inject code for a much cleaner looking extension mechanism.
Node.js: Asynchronous I/O for Fun and Profit / Stefan Tilkov
Ever fancied writing your server side code in JavaScript? If you listen to Stefan Tilkov, maybe you will soon. He talked about a few of the headaches I’ve experienced in the ASP.Net/IIS world (and I’m sure they exist elsewhere) : how do you efficiently handle concurrency when you have a long-lived thread in a thread pool that spends most of its time eating memory and waiting for I/O from local storage or a back-end server? A thread that blocks is eating up resources and getting in your way when you want high throughput, especially for streaming.
Node.js, built on Google’s V8 javascript engine (part of the Chromium project), uses a single-thread event-loop style, similar to the UNIX select() that never blocks on I/O, because it passes that handling onto the kernel. This is the same concept as Nginx.
Unlike traditional servers, Nginx doesn’t rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load.
Node.js uses the Javascript callback architecture, familiar to any web developer who’s used XMLHttpRequest, exposing a number of I/O events, and exposing the entire API as asynchronous by default to encourage a high-performance architecture. The downside is that the code can be hard to follow, especially when multiple functions are chained together, although InfoQ has a few articles discussing libraries for making Asynchronous Javascript easier. It’s definitely worth having a look at the node.js samples from the talk if this interests you.
Webmachine: a practical executable model of HTTP / Justin Sheehy
HTTP is a state machine. Look at how Webmachine sees it:
Webmachine is not a web server, or a REST framework, it’s an Erlang toolkit for building HTTP-based systems, by allowing you to override the state machine above as you wish. It’s a strict implementation of the HTTP standard that has turned up a few problems with the structure of the spec. It was described as a “gateway drug into Erlang”. It’s a fascinating project, and it’s been ported to a few other platforms. It feels to me how all HTTP engines should be written, although sometimes I like having a framework. As he said, a framework is “a finished app with some bits ripped out.”
Secure Distributed Programming on EcmaScript 5 + HTML5 platforms / Mark S. Miller
This is a hard one to talk about. I’ve seen the talk, I’ve seen Mark S. Miller’s QCon SF talk, and I’m still not 100% sure I follow it. The basic idea is that we need a better way to transmit secure information between 3rd party sites. We need a way to transfer our trust in an ecommerce site to our bank so that they can pay the site on our behalf without compromising our details in the process. The solution, Dr. SES, seems to be an API-key on steroids, where the key itself is an executable piece of javascript, provided to the user by one server, that the user can then pass to another server, providing the ability for users to create side effects such as 3rd party authentication channels (SMS security?) and token revocation providing the user with greater control over how the associations they have created can be used.
The other brilliant part of the talk was the discussion of Ptolomy and the retrograde movement of the planets. The model of circular orbits was flawed, so additional circles were added to the models each time it was found to be broken. The argument was browser security was built the same way, with each security breach, a new circle was added, rather than rebuilding the model from scratch with security built in. The identity-centric model that has driven browsers until now should give way to the authentication-centric model provided by the strategies discussed in the talk.
HTML5 and the dawn of rich mobile web applications / James Pearce
James Pearce of Sencha gave a convincing argument that HTML5 is ready for cross-platform apps, helped by a few demos available on the Sencha site. The argument is helped by the rather fragmented state of the mobile market, where RIM, Android, Apple and Nokia are all significant players, each with their own language and capabilities.
The mobile web, he argued, is not just the web on a smaller screen. The new generation of web enabled devices have additional capabilities such as cameras, geolocation, accelerometers, and also, as many mobile websites forget, a phone. So don’t forget a phone number is much easier to use than a “Contact Us” form.
On the desktop, progressive enhancement is used to support older browsers without javascript up to newer browsers. On mobile, the baseline includes javascript and many HTML5 and CSS3 features, and progressive enhancement is used for querying for device access, using libraries such as caniuse.com, Modernizr and deviceatlas.com, as well as a number of frameworks to normalise behaviour across devices, such as jQuery mobile versions, and Sencha’s own frameworks, that include an MVC-based touch client that talks to a web services backend. He also mentioned the image resizing site at tinysrc.mobi. If you pass a URL as http://i.tinysrc.mobi/http://your.url.here : 
, the site will render the correct size for your device.
The other great tool mentioned in the talk was PhoneGap that allows developers to design an app using web technologies, then compile it down to a native app so it can be listed on the various app stores, providing device access that is usually not available to web sites.
Overall review
This was a fascinating conference and I hope I get the chance to attend again, although there were a few disappointing themes across the board. There was a lot of talk about the release fast, release often philosophy with only 1 speaker (Mike Lee) suggesting waiting a bit and making a better quality product is a valid strategy. The technical talks were the main reason I went, but I’m very glad I attended some of the less technical and more thoughtful talks, and talks about technologies I’m probably never going to use, because they made me think about the problems I’m trying to solve in a different way. Webmachine was a perfect example of this. I can’t see myself ever using it in a project, but I might use one of the ports, and it definitely made me think more about HTTP and what it means, which has fed back into my understanding of REST and web technologies in general. I think that breadth is the key to this conference. If you’re going next year, be sure to embrace the diversity.
Craig Nicol 