Sessions at Salt Lake Software Symposium on Saturday 30th June

Your current filters are…

  • Continuous Delivery Pt 1: Deployment Pipelines

    by Neal Ford

    Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. This workshop focuses on the Deployment Pipeline concept from Continuous Delivery.

    In this workshop I move from release back through testing to development practices, analyzing at each stage how to improve collaboration and increase feedback so as to make the delivery process as fast and efficient as possible. At the heart of the workshop is a pattern called the deployment pipeline, which involves the creation of a living system that models your organization's value stream for delivering software. I spend the first half of the workshop introducing this pattern, and discussing how to incrementally automate the build, test and deployment process, culminating in continuous deployment.

    At 8:15am to 9:45am, Saturday 30th June

  • Groovy 101: Collections, closures, and the Groovy JDK

    by Ken Kousen

    Want to use Groovy but don't have time to read all of Groovy in Action? This talk gives you a whirlwind introduction to its capabilities, from basic data types, Groovy strings, POGOs, collections, Groovy SQL, and the Groovy JDK.

    Learn the basics of Groovy through code examples, including both scripts and classes. A complete set of test cases is included, as well as a gradle build script to download everything you need and run all the tests.

    At 8:15am to 9:45am, Saturday 30th June

  • HTML5

    by Nate Schutta

    Interested in HTML5? Want a change to play around with the latest and greatest in web app development? This workshop is for you! We'll cover feature detection, web forms, the new HTML elements, take a spin around the canvas, and we'll finish up with offline/local storage and web sockets.

    Detecting 101 Before you can take advantage of a new HTML5 feature, you have to make sure a given browser can support it. This section will cover the basics of detection as well as getting the most out of rocking cool libraries like Modernizer. We'll also look at just what to do when a browser doesn't support a feature you're trying to leverage.

    New elements Along with a new human type-able doctype, HTML5 introduces several new semantic elements. Recognizing that nearly every website in existence has a header, a footer and some navigation divs, HTML5 gives us a header, a footer and a nav element along with a few others. HTML5 seeks to pave cowpaths, not force the web to bend to its ways...

    Canvas One of the most exciting features of HTML5 is the canvas, a space you can use to draw anything from shapes to text to, well, anything! From basic drawing to graphs to full fledged games, canvas opens up a whole new world of possibility, a world sans browser plugins.

    Local Storage Web apps are, in many cases, indistinguishable from their thick client brethren, at least if you're not on an airplane. OK, so many planes have wifi, but there are parts of the world that don't have reliable Internet connections! Thanks to local storage and the offline API, all is not lost - you can create a web app that works offline.

    Web sockets and web workers Ajax is like so many things in the web world - a simple (but very powerful) hack that isn't defined by a spec. With the advent of the web socket API, we'll finally have a native way to have bi-directional communication with the server. As we create richer and richer clients, we're writing more and more JavaScript. While the JS engines are getting faster and faster, there are cases where it'd be very handy to run scripts in the background. Web workers give us just such an opportunity.

    At 8:15am to 9:45am, Saturday 30th June

  • OOP Principles

    by Ken Sipe

    For decades object-oriented programming has been sold (perhaps over sold) as the logical programming paradigm which provides “the way" to software reuse and reductions in the cost of software maintenance as if it comes for free with the simple selection of the an OO language. Even with the renewed interests in functional languages, the majority of development shops are predominately using object-oriented languages such as Java, C#, and Ruby. So most likely you are using an OO language… How is that reuse thing going? Is your organization realizing all the promises? Even as a former Rational Instructor of OOAD and a long time practitioner, I find great value in returning to the basics. This session is a return to object-oriented basics.

    This session is intended to balance the often-touted theoretical object-oriented practices with lessons from the real world. The session will start with a review of some of the basics regarding abstractions and encapsulation. Although simple concepts, we will push the boundary of how these techniques are applied. We will discuss the difference between analysis and design and how that is reflected in our code. We will also look at the limitations of Java the language as outlined in Josh Block’s book “Effective Java”. The session will go past the basics of object-oriented principles and into what our true goals of development really are.

    At 8:15am to 9:45am, Saturday 30th June

  • Resource-Oriented Architectures : REST II

    by bsletten

    The second in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.

    People already familiar with REST (or who have attended the first session) will be walked through the deeper topics of building Level 3 Hypermedia-based RESTful systems, security, content negotiation, etc.

    At 8:15am to 9:45am, Saturday 30th June

  • Continuous Delivery Pt 2: Infrastructure

    by Neal Ford

    Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. This workshop focuses on the agile infrastructure required to implement a deployment pipeline and continuous delivery.

    In this workshop, I introduce agile infrastructure, including the use of Puppet to automate the management of testing and production environments. We discuss automating data management, including migrations. Development practices that enable incremental development and delivery will be covered at length, including a discussion of why branching is inimical to continuous delivery, and how practices such as branch by abstraction and componentization provide superior alternatives that enable large and distributed teams to deliver incrementally.

    At 10:00am to 11:30am, Saturday 30th June

  • Enterprise Security API library from OWASP

    by Ken Sipe

    When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API library from OWASP.

    This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.

    At 10:00am to 11:30am, Saturday 30th June

  • Groovy 201: Builders, metaprogramming, and AST Transformations

    by Ken Kousen

    Want to use Groovy but don't have time to read all of Groovy in Action? Building on the Groovy 101 talk, this presentation reviews features of Groovy that aren't based on simplifying Java. Topics include building and parsing XML and JSON, using the metaclass to enhance existing classes, and Abstract Syntax Tree Transformations like @Delegate, @Immutable, @Canonical, and more.

    Learn the basics of Groovy through code examples, including both scripts and classes. A complete set of test cases is included, as well as a gradle build script to download everything you need and run all the tests.

    At 10:00am to 11:30am, Saturday 30th June

  • JavaScript Libraries You Aren't Using...Yet

    by Nate Schutta

    You're all over jQuery - you write plugins in your sleep - and before that, you were a Prototype ninja. Your team treats JavaScript like a first class citizen, you've even written more tests than Kent Beck. Is that all there is in the land of the JavaScript developer? Believe it or not, the JavaScript party hasn't stopped. What other libraries are out there? What do they offer? This talk will survey the field of modern JavaScript libraries getting you up to speed on what's new. We'll dive in just deep enough to whet your appetite on a wide variety of libraries such as Backbone, Underscore, Zepto and more.

    At 10:00am to 11:30am, Saturday 30th June

  • Resource-Oriented Architectures : REST III

    by bsletten

    The third in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.

    The move to a good REST API yields an explosive combination of options due to content-negotiation and arbitrary workflows. At the same time, the uniform interface you project (representations, how you respond to verbs, response codes, etc.) becomes your contract with your clients. The API itself becomes a completely transportable, reusable bit of organizational knowledge when done well. Testing it sufficiently will give you a safety net but may drive you crazy unless you do it right. We will walk through the use of Behavior-Driven Development (BDD) to test these kinds of APIs.

    We will highlight the problems of sufficiently testing REST APIs while providing a rich and relatively straight-forward solution to the problem. We will use a Behavior-Driven Development (BDD) tool like Cucumber to establish reusable steps and comprehensive, but lightweight testing strategies for testing REST APIs.

    This talk will not be an introduction to REST. If you have come to the REST I or REST II talk, or have a good understanding, it should be very accessible.

    Prerequisite: Resource-Oriented Architectures : REST I (or a good understanding of REST)

    At 10:00am to 11:30am, Saturday 30th June

  • 4 Practical Uses for Domain Specific Languages

    by Neal Ford

    Domain Specific Langauges seems like a cool idea, but where's the payoff? This talk provides an overview of how to build both internal and external DSLs (including the state of the art tools), stopping along the way to show how this is practical to your day job.

    This talk defines of DSLs (Domain Specific Languages), distinguishes the types of DSLS (internal and external), and shows examples of building DSLs of several kinds. It shows how to utilize DSLs for externalizing configuration (which you're already doing, whether you realize it or not), how to make your code readable to humans, how DSLs make developer tools better (and how to use DSL techniques to build your own tools), and how DSLs can provide your users unprecedented flexibility and power, by building DSLs customized to their job. This talk provides a good foundation for the subject if you've never seen anything about it, but keeps the focus on practical goals.

    At 1:00pm to 2:30pm, Saturday 30th June

  • Decision Making in Software Teams

    by Tim Berglund

    Alistair Cockburn has described software development as a game in which we choose among three moves: invent, decide, and communicate. Most of our time at No Fluff is spent learning how to be better at inventing. Beyond that, we understand the importance of good communication, and take steps to improve in that capacity. Rarely, however, do we acknowledge the role of decision making in the life of software teams, what can cause it to go wrong, and how to improve it.

    In this talk, we will explore decision making pathologies and their remedies in individual, team, and organizational dimensions. We'll consider how our own cognitive limitations can lead us to to make bad decisions as individuals, and what we might do to compensate for those personal weaknesses. We'll learn how a team can fall into decision-making dysfunction, and what techniques a leader might employ to healthy functioning to an afflicted group. We'll also look at how organizational structure and culture can discourage quality decision making, and what leaders to swim against the tide.

    Software teams spend a great deal of time making decisions that place enormous amounts of capital on the line. Team members and leaders owe it to themselves to learn how to make them well.

    At 1:00pm to 2:30pm, Saturday 30th June

  • Designing for Mobile

    by Nate Schutta

    The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app...it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This talk will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.

    At 1:00pm to 2:30pm, Saturday 30th June

  • Improving Spring with Groovy

    by Ken Kousen

    Groovy and the Spring framework are old friends. Spring includes dynamic beans that can be modified while a system is still running, and of course the Grails framework is built on top of Spring MVC. Here we'll illustrate all the ways that Groovy works with Spring, and show how a developer can take advantage of those capabilities right away.

    Examples will include using Groovy beans in Spring systems, refreshable beans, inline scripted beans, aspects in Groovy, and even the Grails Spring bean builder.

    At 1:00pm to 2:30pm, Saturday 30th June

  • Spock - Unit Test and Prosper

    by Ken Sipe

    Spock is a groovy based testing framework that leverages all the "best practices" of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans... and you get Spock!

    This is a significant advancement in the world of testing.

    This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.

    Prerequisite: junit

    At 1:00pm to 2:30pm, Saturday 30th June

  • Emergent Design

    by Neal Ford

    Emergent design is a big topic in the agile architecture and design community. This session covers the theory behind emergent design and shows examples of how you can implement this important concept.

    This session describes the current thinking about emergent design, discovering design in code. The hazard of Big Design Up Front in software is that you don't yet know what you don't know, and design decisions made too early are just speculations without facts. Emergent design techniques allow you to wait until the last responsible moment to make design decisions. This talk covers four areas: emergent design enablers, battling things that make emergent design hard, finding idiomatic patterns, and how to leverage the patterns you find. It includes both proactive (test-driven development) and reactive (refactoring, metrics, visualizations, tests) approaches to discovering design, and discusses the use of custom attributes, DSLs, and other techniques for utilizing them. The goal of this talk is to provide nomenclature, strategies, and techniques for allowing design to emerge from projects as they proceed, keeping you code in sync with the problem domain. This talk shows lots of examples of how to make this concept work in your environment.

    Prerequisite: understanding of architectural and design concepts

    At 2:45pm to 4:15pm, Saturday 30th June

  • Get Going with Grails Workshop

    by Ken Kousen

    Build a small but nontrivial Grails application from start to finish in this half-day workshop. We'll start with domain classes, apply constraints, add controllers and services, apply both unit and integration tests, and then add additional functionality through plugins. If time is available, we'll map to an existing database, incorporate existing Java and Groovy classes, and even discuss plugin development.

    This rapid introduction to Grails will take advantage of the newest features of Grails 2.0 using the interactive scripts and db console. In addition to building an application, existing samples will be reviewed as a source of good practices and plugins.

    Some knowledge of Groovy is assumed but not required.

    At 2:45pm to 4:15pm, Saturday 30th June

  • Semantic Web Workshop

    by bsletten

    The Web is changing faster than you can imagine and it is going to continue to do so. Webs of Documents are giving way to machine-processable Webs of Information. We no longer care about data containers, we only care about data and how it connects to what we already know.

    Perhaps the concepts of the Semantic Web initiative are new to you. Or perhaps you have been hearing for years how great technologies like RDF, SPARQL, SKOS and OWL are and have yet to see anything real come out of it.

    Whether you are jazzed or jaded, this workshop will provide you with the understanding of a technological tidal wave that is heading in your direction.

    In this workshop, we will:

    Explain the Web and Web architecture at a deeper level Apply Web and Semantic Web technologies in the Enterprise and make them work together Integrate structured and unstructured information Create good, long-lived logical names (URIs) for information and services Use the Resource Description Framework (RDF) to integrate documents, services and databases Use popular RDF vocabularies such as Dublin Core, FOAF, DOAP Query RDF and non-RDF datastores with the SPARQL query language Model and Do Inference with the Web Ontology Language (OWL)

    Bring your laptops. This is a hands-on workshop.

    At 2:45pm to 4:15pm, Saturday 30th June

  • The Mobile App Smackdown: Native Apps vs. The Mobile Web

    by Nate Schutta

    Mobile is the next big thing and your company needs to there. But what does there actually entail? Should you build a native app? On which platforms? Do you have the skills for that? What about the web? Can you deliver an awesome experience using nothing but a mobile web browser? This talk will help you navigate these treacherous waters. We'll discuss the pros and cons of the various approaches and give you a framework for choosing.

    At 2:45pm to 4:15pm, Saturday 30th June

  • Web Security (bring a laptop)

    by Ken Sipe

    As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

    This 1/2 day training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

    The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

    Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues

    Don't be the weakest link on the web!

    At 2:45pm to 4:15pm, Saturday 30th June

  • Get Going with Grails Workshop

    by Ken Kousen

    Build a small but nontrivial Grails application from start to finish in this half-day workshop. We'll start with domain classes, apply constraints, add controllers and services, apply both unit and integration tests, and then add additional functionality through plugins. If time is available, we'll map to an existing database, incorporate existing Java and Groovy classes, and even discuss plugin development.

    This rapid introduction to Grails will take advantage of the newest features of Grails 2.0 using the interactive scripts and db console. In addition to building an application, existing samples will be reviewed as a source of good practices and plugins.

    Some knowledge of Groovy is assumed but not required.

    At 4:30pm to 6:00pm, Saturday 30th June

  • Leading Technical Change

    by Nate Schutta

    Technology changes, it's a fact of life. And while many developers are attracted to the challenge of change, many organizations do a particularly poor job of adapting. We've all worked on projects with, ahem, less than new technologies even though newer approaches would better serve the business. But how do we convince those holding the purse strings to pony up the cash when things are "working" today? At a personal, how do we keep up with the change in our industry?

    This talk will explore ways to stay sharp as a software professional. We'll talk about how a technology radar can help you stay marketable (and enjoying your career) and how we can use the same technique to help our companies keep abreast of important changes in the technology landscape. Of course it isn't enough to just be aware, we have to drive change - but how? This talk will consider ways we can influence others and lead change in our organizations.

    At 4:30pm to 6:00pm, Saturday 30th June

  • Semantic Web Workshop

    by bsletten

    The Web is changing faster than you can imagine and it is going to continue to do so. Webs of Documents are giving way to machine-processable Webs of Information. We no longer care about data containers, we only care about data and how it connects to what we already know.

    Perhaps the concepts of the Semantic Web initiative are new to you. Or perhaps you have been hearing for years how great technologies like RDF, SPARQL, SKOS and OWL are and have yet to see anything real come out of it.

    Whether you are jazzed or jaded, this workshop will provide you with the understanding of a technological tidal wave that is heading in your direction.

    In this workshop, we will:

    Explain the Web and Web architecture at a deeper level Apply Web and Semantic Web technologies in the Enterprise and make them work together Integrate structured and unstructured information Create good, long-lived logical names (URIs) for information and services Use the Resource Description Framework (RDF) to integrate documents, services and databases Use popular RDF vocabularies such as Dublin Core, FOAF, DOAP Query RDF and non-RDF datastores with the SPARQL query language Model and Do Inference with the Web Ontology Language (OWL)

    Bring your laptops. This is a hands-on workshop.

    At 4:30pm to 6:00pm, Saturday 30th June

  • The Curious Clojureist

    by Neal Ford

    Why is Clojure the best new language on the JVM? Come to this session and see why this functional, dynamic Lisp is the best thing on the JVM since Java.

    • Why should you learn Clojure now? It's the coolest new language on the JVM
    • What makes it so cool? It's a dynamically typed, functional Lisp that offers sophisticated capabilities like software transactional memory
    • Why should I learn it? Lisp is the most powerful style of programming language possible (don't believe me? Come see - I'll show you), so you get the best language (Lisp) on the best runtime (JVM)
    • Isn't Lisp the one with all the parenthesis? Yes.
    • What's so compelling about Clojure? It's fast, expressive, powerful, and allows you to do all sorts of things that other languages won't let you do. It's an elegant language.
    • Why is the entire talk done as question and answer? It's an homage to a series of books, *The Little Lisper* and *The Little Schemer*. Because Lisp's are simple and homoiconic, this style works nicely for them. Besides, it's better than 1000 bullets, isn't it?

    At 4:30pm to 6:00pm, Saturday 30th June

  • Web Security (bring a laptop)

    by Ken Sipe

    As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

    This 1/2 day training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

    The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

    Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues

    Don't be the weakest link on the web!

    At 4:30pm to 6:00pm, Saturday 30th June