Since last year, conferences and similar events have had to adapt to the circumstances of the pandemic. Many were canceled, but many more have gone on as virtual or even hybrid events. Both introduce their own challenges, especially if the organization behind them doesn’t have the resources of a big company or foundation to help make it happen.
Against that back drop, the 2021 edition of the Granite State Code Camp looks quite remarkable.
After being run as a fully virtual event a year ago, and with good success, the event was run in a hybrid format this year. Not only have the challenges of continuing in the current times vexed many, but this is the one event of its type in New England that has continued, something event director Jim Wilcox is understandably quite proud of. Manchester Community College provided the venue, and a number of sponsors were back on board to make this free event a success.
During the first hour, one presentation of note was Security Headers: What they are and why you need them, by Kevin Wilder. After discussing the OWASP Top 10, which is nearing two decades of existence and is now much more data-driven than when it began, he went over HTTP Strict Transport Security (HSTS) to lead into many headers used in Content Security Policy (CSP), a standard used to prevent cross-site scripting, clickjacking and other code injection attacks. He then went into detail on many headers within CSP.
A very interesting presentation in the second hour was How Much Does the Code Matter? by Andy Champagne of Global Foundries. More of a discussion than a presentation, this was a very interactive session, where he put some thoughts out there and engaged the attendees on things like who the best/worst programmer they have ever worked for is and why, whether or not technical interviews yield good results, or how helpful code reviews are and why that is the case. Over time, one thing became clear: many concerns with programming and those who do that for a living really have very little to do with code. It’s more about what is or is not done before a line of code is ever written and how that work is done.
After a break for lunch, Richard Crane gave a very informative talk on Creating Advanced Microservices to lead us into the afternoon sessions. Microservices is a hot word in software these days, but it’s a subject I admittedly have not been able to fully get my arms around mainly because I usually hear it in passing. This talk gave me a chance to look at the subject head-on, and it was very helpful. Crane, who is the founder and CTO of MILL5, talked about challenges with microservices and lessons learned along the way, many of which revolve around trade-offs involved in choosing a serialization library/type or a protocol (HTTP is widely used, but inefficient since it is text-based; WebSocket, TCP, UDP, HTTP/2, HTTP/3 and MQTT are among the alternatives).
From there, it was on to Tell Web Ads to Shut Their Pi-Hole! by Robert Boedigheimer. This session took attendees through how to install and configure Pi-Hole, a free small DNS server that runs on a Raspberry Pi. With this installed, many Web ads can be blocked to make browsing more enjoyable, and exceptions can be put in place if desired, perhaps for sites that request that you enable ads because that’s how they make money.
It’s worth also noting that at the same time, the most well-attended presentation of the day was one I did not attend, The Fun Side of Automation Frameworks by Michael Mintz. Not only did it have the attendees, but he started the presentation early and ran over time, and clearly no one had an issue with that. I’m told it was a lively, engaging presentation all the way around.
In the next hour, David Morris of Accenture gave a presentation on Model View Controller, a term many have heard of but may not really understand (myself included). Using very simple code examples, he explained and then demonstrated the Strategy, Observer and Composite patterns while also explaining how the model, view and controller all play together. He showed a good example of a web site that updates as a database it uses updates, which also is a nice demonstration of separation of concerns.
In the last session, Shweta Lodha shared Tips on Writing Better Code. She began by going over things to watch for that often lead to bad code, like repeated code, too many conditionals, highly coupled code and use of obsolete libraries or frameworks, and also looked at why these tend to happen. Then she shared some great guidelines, from small classes and loosely coupled code to using good names for variables and functions and how functions should serve just one purpose. As concurrency is a reality all over the software world, she touched on that as well, and later talked about exceptions, with a good note about defining custom exceptions where possible rather than using the default.
In addition to the sessions, leading up to the event and on the day of, Bob Crowley headed up Capture the Flag, a cybersecurity competition that was neck and neck up until the end.
When the event was in the books, there was certainly a feeling of relief on the event team, but also that of a job well-done. Technical difficulties happened but were minimized, and there was more satisfaction with this being a hybrid event given its challenges. The organization behind the event, Granite State Users Groups, doesn’t have the resources the Linux Foundation has to put on events like this (and Linux Foundation pulls off many great events, to their credit, including the combined Embedded Linux Conference and Open Source Summit I was fortunate to attend), but pulled it off all the same. It all gives reason to want even more in another year.