This year’s FullStackFest took place in the beautiful city of Barcelona from September 4th to 8th, 2017. On behalf of anynines, for whom I work as a software engineer, I had the chance of attending and listening in on several of the talks.
In short, the 2017 FullStackFest was awesome: perfect organization, absolutely fantastic catering and reliable WiFi throughout. There were about 30 talks and presentations in five days: two days entirely related to backend topics, two days for those interested in frontend and one day of mixed activities in the middle.
Before I comment on some of the talks, I have to mention the one technological feature that impressed me most at the conference. The organizers managed to show a real time captioning of the speaker on top of the main screen. I had never seen anything like that before – absolutely awesome.
The main and most thought provoking topic of the FullStackFest 2017 was »decentralization«, a topic that seems to become more important by the day.
Keynote by Karissa McKelvey
In her keynote Karissa McKelvey addressed decentralization head on. Karissa (@okdistribute) works for »Code for Science« (codeforscience.org), a company promoting public data.
She thinks science should be separated from government, should be accessible and free for everyone. No one should be able to delete scientific research results or public data from the internet, and that is why everyone and every institution should decentralize all their respective data.
IoT prone to DDoS Attacks
John Graham-Cumming (@jgrahamc) is the CTO of CloudFlare (cloudflare.com), an IT security company specializing on DDoS prevention. John gave an interesting and informative talk on the vulnerabilities that arise with the introduction of the so-called Internet of Things (IoT).
This has brought the issue of DDoS attacks to an entirely different level. There are so many devices out there that can be used for DDoS attacks. We have speaking toasters and light bulbs and the like; hardly any of these are secured well enough.
Webcams – for instance – often have the telnet port open by default. Attackers seem to use »Reflection and Amplification Attacks« prompting thousands of IoT-devices for some kind of response, using a spoofed address of the victim. The IoT-device will answer the victim and thus DDoS him. And all this can be done quite easily as John convinced us all. According to him, an attack occurs every 40 minutes. However, basic prevention is almost as easy: limit the http rate and block all non essential ports.
A question that I asked myself, as anynines has a public Cloud Foundry offering, is: what happens if an application which is pushed to our Cloud Foundry installation gets DDosed? I have already talked with our Lead Platform Operator and in such a case, the whole Platform would be affected. Fortunately, we use AWS as an IaaS provider, which has a DDos Prevention.
»If you don’t break them, someone else will do it, or they break each other. So you should be the one who breaks them or at least try to break them in order to make them more resistant for the future.« – James Burns
Chaos Engineering & Distributed Tracing
In his talk James Burns – who works for twilio (twilio.com) – showed those interesting strategies that make the operation of distributed system easier.
Distributed systems, as well as Microservices, should have to be resilient and observable. Unfortunately, they have a complex shared code base, which cannot be easily restarted and which is hard to monitor. According to James, what is needed is a distributed tracing functionality in order to understand what happens or happened in which node/service at which time – for example – in order to recreate a bug.
Another important aspect is failure. Complex, distributed systems will fail at some point, probably at the worst possible point in time: in the middle of the night. James stressed the importance of testing distributed systems. In his words: »If you don’t break them, someone else will do it, or they break each other. So you should be the one who breaks them or at least try to break them in order to make them more resistant for the future.«
The buzzword in this context is »Chaos Engineering Management«.
Netflix – for example – used Chaos Engineering, i.e. shutting down random virtual machines of the production environment in order to see if everything was still working fine. Personally, I love this idea and I share the opinion of James that, if you operate distributed systems, you should have so called »Chaos Game Days«, where the team tries to break literally everything.
Everything should be attempted: from shutting down random machines to shutting down complete Availability Zones (this one is my favorite) while – obviously – observing and watching the metrics. According to James »Distributed Tracing and Chaos Engineering« is key for hardening distributed systems and for making them production ready.«
What? SVG can really do that?
Sarah Drassner (@ sarah_edo) writes at css-tricks.com and is co-founder of Web Animation Workshops. She authored »SVG Animation« from O’Reilly and showed us in the audience what can be done with SVG. I did not expect much beforehand.
I actually thought, you could not do many impressive things with SVG. Sarah completely changed my mind. SVG seems to be crisp on every display, there are less http requests required, SVGs are scalable for responsive websites, they have a small file size and are easy to animate and they are supported by any browser. Yes, any browser, even the IE.
Online/Offline-Equivalence: what our interplanetary tomorrow can teach us about building apps today
In this talk Chad Ostrowski (@chadoh) took us on a journey to Mars and showed details about how we would get the internet to cover the planet. You may ask why we should care, but according to Chad, tomorrow’s problems equal today’s problems, just bigger. Sounds reasonable, doesn’t it? By thinking about how to get the internet to cover Mars, we have to think about the three main problems – according to Chad – we are facing today on earth:
- Data Growth overtaking network speed
So how would it look like to get access to the internet on Mars? Mars is pretty far away (https://distancetomars.com) and it would take about 48 minutes to show a website on Mars (one message needs about 12 minutes from mars to earth and vice versa):
Latency could be improved by using HTTP/2 Server push technology, so that we don’t need an extra request for getting the assets. By doing that, we could reduce the time for delivering the website from 48 to 24 minutes. Awesome!
But for showing additional pages of that website, we would have to do additional calls anyway. The same would hold true if we were to visit that homepage on another day.
Another option would be so-called »Service Workers«, that create a »Rich Offline Experience« by carrying out a periodic background sync combined with push notifications. It seems that, with these technologies, you could install web(app)sites instead of retrieving them from one single instance. This would also solve the problem of censorship by decentralizing the internet or websites.
Regarding latency, it would still mean that you have to do some requests in order to »install« the web(app)site but you wouldn’t have to do it again for visiting the site on another day. Still, the push notifications would need their time. Here, a »Local Storage« could come in. »Service Workers« + »Local Storage« can also be referred to as »Progressive Web Apps«, which seem to be the upcoming hot topic in the front end/web world.
The classic client/server architecture will not work very well for people who are going to live on Mars even though we can improve things as mentioned above. The cure could be decentralization. Chad stated that we need a better or even new architecture for such cases. There are a lot of technologies that work in a decentralized way: e.g. Git, Bittorrent, Bitcoin or Ethereum. Another interesting project in this context is IPFS (https://ipfs.io) the so-called »Distributed Web«.
FullStackFest 2017 in Barcelona was an awesome five days full of information and inspiration. I was able to meet some great people from Thoughtworks, DeliveryHero, Babbel, Workshare, CodeClimate to name only a few. I had some really in depth talks about topics such as technology stacks, processes and leadership. Thanks guys for the time and the passion you shared.
I had the impression that many of the speakers really want to make the world a better place with their (engineering) skills. Thumbs up for these guys! I will definitely visit FullStackFest again.