Introduction

We're up in Reston at the No Fluff, Just Stuff conference from April 19-21 learning about a myriad of open source technologies, design patterns, architecture techniques, and just about everything else that a bunch of IT geeks would want in a tech-heavy weekend. We'll be following up on the cool seminars, speakers, and topics in the coming weeks, but we want to single out a few really interesting ideas and concepts covered each day while they're fresh on our minds.

We'll be covering a list of highlights that seemed most impactful, valuable, or interesting each day. Don't expect anything too comprehensive; if you're intrigued, feel free to research more on your own, or look out for detailed blog posts on some of these topics as our group has a chance to further digest and follow-up on everything learned.

Here are the highlights from Day 2:

1. CujoJS = Awesome.

"Rabid Javascript Application Development with CujoJS" by Craig Walls

Craig Walls gave us a great overview of CujoJS (http://cujojs.com/) today, a set of javascript libraries that facilitate AMD Module Loading, Dependency Injection, Aspect-Oriented Programming, Model-Binding, Promises, and more. Yes, it does a lot of the same things as some of the frameworks generating a lot of interest right now - namely, Backbone, Angular, Ember, and Spine. But don't stop reading! Cujo doesn't force you to use a specific pattern for your entire app or a specific scaffolding to operate correctly. It can pull in modules separately to, for example, just enable Dependency Injection. Or just use AOP. There are some dependencies, but the impact on existing code is negligible. A couple takeaways we had:

The style of DI is very similar to Java's Spring, and should therefore be familiar to a lot of Java developers. But we don't wire in objects only... we can wire in events, DOM elements, values, etc. Really cool stuff.

Model-View Binding does not require us to ‘dirty up' the DOM, a la Angular.

There are tons of extensions and plugins out there already for the DI engine, wire.js. These allow us to abstract and decouple from popular libraries out there for things like DOM manipulation (jquery, DOJO), event handling, etc.

We'll provide a deeper look once we've had a chance to digest some of the presentation materials and mess around with the libraries ourselves. But we expect this to gain a lot of traction soon, so be at the forefront!

2. Cool tools to better understanding your adversary

"Web Security Workshop" by Ken Sipe

This session was setup as a working session with labs to help the attendees learn how hackers attack web sites.

To work through the labs, the attendees were introduced to two tools. These tools help you to better understand how people attack insecurely developed websites, and how to avoid these pitfalls.

WebGoat is a deliberately insecure web application developed by the OWASP project as a learning tool. The application ships with progressive exercises to guide you through the learning and tutorials on how to attack the application and what was done incorrectly in the app which caused the vulnerability.

WebScarab is fundamentally an intercepting http proxy. It allows the user to inspect, analyze, intercept and change requests. It includes tools to collect session ids and analyze them for randomness to facilitate session hijacking. It can also analyze http traffic to look for potential XSS and CRLF vulnerabilities. WebScarab offers many more features for http analysis and manipulation and can be a valuable tool to test and learn about the traffic your site generates.

3. Continuous Delivery

"Deployment Pipelines" by Neal Ford

One topic of interest discussed during this full-day workshop is the pitfalls of feature branching (creating a branch from trunk to support a new feature.) As a version control strategy, feature branching can create an environment in which refactoring is extremely painful if not impossible. If a development team working on the feature branch waits until the completion of the branch to merge their work back into the trunk, then a massive amount of merging may be required if another feature branch touching the same code is "first-in."

While a Continuous Integration approach of merging feature-branched code back into the trunk on a more frequent basis will reduce some of the risks of merging, another issue is introduced by checking in code not production-ready into the trunk. One strategy addressing this situation is to create feature toggles (this includes dependency injection) to enable or disable the features at runtime. Conditional logic can be introduced to the code to enable features based off of an external configuration.

4. Android Test Strategy with Robolectric, Spoon, and Robotium

"Testing and Building Android Applications" by Kenneth Kousen

Kenneth presented an overview of how the landscape for quality Android testing tools is evolving. In particular, he described 2 very interesting projects that should help tremendously with unit and functional testing in your Android apps:

Roboelectric provides the ability to write legitimate unit tests in your app by mocking out the Android infrastructure and allowing you to run your unit tests on JVM. This means your unit tests can be executed from within the IDE instead of running them on an emulator or connected device, vastly speeding up execution time.

Spoon is another project that is targeted toward instrumentation testing, allowing you to run functional tests on multiple emulators simultaneously and consolidating the results into an HTML summary with detailed information about each device and test. One particularly cool feature is the screenshot capability, which allows you to visually inspect the test execution across different devices.

5. The Future of Android Builds with Gradle

"Testing and Building Android Applications" by Kenneth Kousen

Who likes the Ant and Eclipse-based builds bundled with the ADT? What, no takers? The current paradigm works, but it's not flexible, forward-thinking, or friendly. And before you jump on me: yes, there are ways to use Maven for Android builds, and yes, some people are using it. But Maven is not the standard, it can really mess with your IDE, and it's also not very friendly.

Android needs a consistent, cutting-edge way to perform builds both inside and outside of the IDE. I think that most of us probably assumed Google was working on enhancements to the ADT in this area, but I, for one, definitely didn't anticipate the planned solution. If you haven't heard of Gradle, go take a look. The folks at No Fluff, Just Stuff have been pushing Gradle as the next build framework for a few years now, but I personally have not had the chance to work with it in the enterprise world, and therefore didn't pay it too much attention. That could soon change. As we mentioned yesterday, most analysts see Ant, and even Maven, in a period of inevitable decline. Tools like Gradle and Rake are now being adopted by technologists everywhere, and are expected to be adopted at much greater scale over the next few years. Imagine your next Android build script looking like this:

buildscript {
 
 repositories {
 
 mavenCentral()
 
 }
 
 dependencies {
 
 classpath 'com.android.tools.build:gradle:0.3'
 
 }
 
}
 
apply plugin: 'android'
 
android {
 
 compileSdkVersion 17
 
}

Guess what? You can set this up in your Android projects now. The Android tools project site has a section devoted to the ongoing work towards a stable and mature Gradle-based build for Android projects. There are still some gaps in functionality (for example, Lint is not yet integrated), but the work here is active and the team has a detailed road map detailing the work ahead. Learn more here: http://tools.android.com/tech-docs/new-build-system

6. "Bayes' Rule Says You'll Attend This Talk" by Kenneth Kousen

Kenneth presented a concise overview of what Bayes' Theorem is and walked through a number of examples of how to use it to perform calculations of probabilities for making estimations, and how some "statistical" based predictions fall prey to a few problems like overfitting and small sample sizes. An interesting and thorough walk through the theory, some guidance on practical applications would have brought this talk full-circle.

7. Java Reloaded by Matt Stine

Matt gave a good overview on the Java best practices and utilities which are available in the market to makes java code more presentable. One of them being Google Guava which I found most useful.

Google guava APIs provide some very useful utilities that help in writing efficient and cleaner code by avoiding boilerplate code across the application code base. Here are some of the most useful utilities provided by guava project.

  1. Most of the Guava utilities can reject and fail fast on nulls.
  2. Guava provides simple implementations of Object class‘s hashcode() and toString() method.
  3. Guava provides useful String utilities like splitting, joining and padding of string which are not provided in java util package.
  4. Guava provides immutable collection that can be very useful in many situations. For example, immutable collections can be used in thread safe manner, used as constants and they are supposed to be more memory efficient than their mutable collection counterpart.
  5. Guava provides many utilities on java primitive types. It also provides the capability of aggregating primitive in arrays. Most of these utilities have been added to Java 7.

8. Vagrant: Virtualized Development Environments Made Simple by Matt Stine

Vagrant is a tool for creating complete development environments in a very timely manner. It seeks to address 2 common problems faced by development organizations.

  1. It takes a long time to setup a new person's development environment.
  2. The "it works on my machine" problem.

Vagrant accomplishes this by providing disposable "base box" environments that let you configure and work in isolation of your local environment which are quick to setup and quick to tear down. These base boxes can be provisioned on a variety of different virtualized environments including VirtualBox, VMWare, and on the cloud with services like AWS.

To explore Vagrant, visit their website at: http://www.vagrantup.com/