After landing at Gardermoen Airport and taking the Flytoget train to Oslo Sentralstasjon (they could teach the UK rail network a few things), we took a short walk along Karl Johans gate – the bustling main shopping street in Oslo, to our hotel, situated conveniently between the conference venue and the waterfront at the head of the Oslofjord. A quick reconnoitre of the area identified a number of establishments retailing some great local beers, sadly none of them offering any for less than £10 for a half litre. Even so, we felt it prudent to sample some of the local brews.
Clutching our complementary hoodies, we embarked on 3 days filled with seven 1 hour long sessions on a wide variety of topics, in an ingeniously adapted concert arena. An interesting keynote from Mads Torgersen the lead designer of C# kicked off the proceedings; tracing the history of OO languages from Simula 67, and making some interesting comments about the future of how OO and Functional programming languages may come together in the future. Each session was followed by a 20 minute break allowing us to refuel with the mountains of food and drink laid on for us in the conference main hall whilst we browsed the exhibitors' stands, played Mario Kart, experienced some VR, and even had an opportunity to chat with the Octopus Deploy developers and ask them about the lack of template versioning in their product.
Following on from the keynote, we were straight into the talks – one early theme was around Authorisation and Authentication. There was a good session on Microservice Security. This was pleasing as it gave reassurance that what has been implemented in our systems aligns well with what is considered to be industry best practice; followed up with Dominick Baier (one of the creators of IdentityServer) giving a very illuminating talk on Authorisation, answering one architectural conundrum that has been exercising our architectural brains for some time – where should Authorisation be done? The argument has been whether it should be done in the same app as IdentityServe, or should that be solely responsible for Authentication? The upshot of the talk was that he suggested that Authentication should be dealt with by an Authentication system such as IdentityServer, with Authorisation being handled separately, as it is an application specific concern. It could be dealt with either in the application using something such as the now much improved built in .Net Authorisation features, or by making use of a separate centralised PolicyServer instance. PolicyServer is a separate Authorisation system, developed by the makers of IdentityServer, so that is something that will be worth exploring.
We attended a session by Felienne about how to say code. I think we’ve probably all had conversations that go something like this: “Declare a variable called flag colour, where it equals red. Okay, new line. Brackets, er.. open bracket. Sorry, curly bracket. Flag colour equals red. Sorry, equals equals equals, not just one. Erm, red in quotes. Sorry, single quotes”. This is almost verbatim of something said while pair-programming (with some artistic licence), which I think really highlighted Felienne’s point that we don’t really have a consistent way of communicating code to other people. Beginners and experts will all have different was to ‘say code’ (and individuals will say something different for the exact same code depending on the context). The solution Felienne suggested is that the spoken language for the code is part of the design of the language itself, which can then be taught and used as standard. This complimented another talk by Peter Hilton about code readability. It started with a quite mundane but novel idea: in today’s high Pixel Per Inch (PPI) world, why persist with monospace fonts when developing? It developed into a more profound existential question: in a world where kids are learning programming through visual coding techniques as found on the massively popular https://scratch.mit.edu; is high level text based programming going to go the way of the punch card?
Towards the end of the first day there was a very interesting talk about Graph Databases, which allow for the modelling of much more complex relationships between entities – this overview provided a lot of food for thought and warrants more exploration back in the office to see if they could be harnessed to help with some of the more complex data modelling conundrums that we are working through.
Day two and there was more on NoSQL databases as a warm up to an excellent talk about Web Components, which fits in nicely with some work we had previously done on MicroApps and how best we might break down and re-use UI components – looks like the technology may finally be maturing, so that will be something to revisit in the near future. Next up was a session on Event Sourcing and CQRS (Command Query Responsibility Segregation); it provided an interesting insight into creating full audit trails and replayable transactions. Basically, instead of storing current entity state, every event (action) applied to the entity is stored so it can be replayed to get to the current entity state. Some interesting concepts to consider here.
We also saw talks on security trends, .Net tweaks and perceived best practices, MicroServices, VueJS, an expletive riddled presentation around hacking your work life balance (apparently eating a frog every morning means you’ll take over the world), and a session on serverless technologies; after all that we really needed a few £10 beers to process and absorb all the information we had received over the 3 days.
With the conference over, Saturday was at leisure in Oslo; those of us who didn’t overdo the previous evening’s nightlife took a boat trip to Bygdøy to enjoy the splendid Viking Ship Museum and slightly surreal marching band competition that was going on outside. Sunday afternoon came around far too quickly, and we returned to a drizzly Leeds with a wealth of new ideas and information gleaned from the conference, and much emptier wallets.
So, what did we learn? Well – we know that we’re on the right lines with Authentication and some good ideas for taking Authorisation forward. There is a need to look more into graph databases and see what they can do to help us solve some of our more complex data modelling challenges. Web Components could well be worth revisiting as the technology matures. We need to look into whether we would benefit from creating transactional applications differently using Event Sourcing techniques. One idea that came up was using Consumer Driven Testing – basically getting customers to write tests for the APIs that they consume; using frameworks such as Pact – this is something that we will be actively exploring. On the downside, even after attending several functional programming sessions, we’re still not very much clearer on what a monad is. Oh well, maybe next year...