Codemash 2018 – Page 2 – BinzBlog

Codemash 2018 – Application Insights: The Magic School Bus for your Web Applications

Presenter: Kevin Griffin

Explained why this talk is named after Magic School Bus
- A skit gone wrong initially, but kept name
- Similar to show want to dive deep into something as Ms. Frizzle does
Application Insights can help to identify
- What parts of your app are the most hit, so can focus on optimizing those
- Performance of dependencies
  - Email
  - Credit cards
  - Etc….
- CPU and memory usage
- Min/max/avg response rate
- Error tracking
What were the options before Application Insights
- Vendors
  - New Relic
  - App Dynamics
  - DataDog
  - Stackify
- Home grown logging and performance counters
  - Buggy and time intensive
- IIS Log parsing
  - Data tidal wave
Application Insights Does What?
- Cross platform
  - Platforms with libraries that already exist
    - .Net
    - Node.js
    - PHP
    - Objective-C
    - Python
    - Ruby
  - Also an api, so if platform not supported with libraries can make your own naked api calls.
- Monitors
  - Request rates
  - Response times
  - Failures
  - Tracks dependencies
  - Track exceptions
  - Browser statistics as well
    - Unless they have ad block on
    - Page views
    - Ajax requests
  - User and session tracking
  - Performance
    - CPU and memory utilization
- What does this cost?
  - Depends on what you are doing and what you are monitoring
  - Pricing
    - Basic
      - Free
      - 1 G of data storage per month
      - 90 days retention
      - $.50 per GB Continuous Export
    - Enterprise
      - $15 per node
      - 200 MB per node each day
      - 90 days retention
      - Unlimited Continuous Export
- Does my app need to run in Azure?
  - No, runs off an api, just need API key
- Demo of an app using Application Insights. Woohoo
  - Dashboard
    - Alerts
      - Can setup triggers to pop alerts for important thresholds
    - Live Stream
    - Users
    - Smart Detections
    - Availability
    - App Map
    - Charts
      - Mouse over hour gives data for just that hour
- How to add Application Inights
  - ‘Configure Application Insights’ menu in Visual Studio
    - Walks you through two steps
      - Need the SDK, have to install if don’t have
      - Add Application Insights nuget package
  - Need to create Application Insights resource in Azure
    - Visual Studio will walk you through this as well
    - Need api key for application insights from new resource
- TelemetryProcessor lets you interrupt telemetry collection and stop or modify processing in certain cases.

Codemash 2018 – A Brief Introduction Into Concurrent Programming

Presenter: Rob Keefer

Example of processor concurrency
- 1 hertz – 1 ‘turn of the crank’ per second
  - modern cpu’s 300 Gigahertz – 3 billion per second
- Chess player playing multiple games example
  - Player looks to see if player has moved yet, if not moves on to different game
    - Processor does this as well, looks at queue, if nothing happening moves to next thread.
  - Dual core, similar to having two players servicing many one on one matches.
    - Sharing resources means don’t get one for one throughput improvement when adding another core.
- Problems with concurrency
  - starting processes
  - communicating between processes
  - Shared Resources
    - Live version of five philosophers blocking problem
      - Waiting for two chopsticks
      - Deadlock as shown by Dr. Suess Zaks video
    - Livelock
      - Two people meeting in a hallway, keep blocking by making same moves to mitigate. Still active, so live lock
    - Race Condition
- Approaches to managing resource contention
  - Traditional – preventive, avoid failure
    - Monitor
    - Mutex
      - Double lock, one to lock resource and one to make sure we are only one with the inner lock.
    - Prioritization Algorithms
  - Newer approaces – embrace failure
    - embrace process death and ressurection
    - support atomic functions (then no need to interleave operations)

Codemash 2018 – Intro To Blockchain

Presenter: Shannon Wells

Blockchain
- Trust
  - To enable trust between two unrelated parties that want to exchange something of value
- Ledger
  - A record of transactions
- Distributed
- Borderless
  - Beyond any one currency or nation
- Level of transparency depends on use case of block chain
Transaction
Node
- Any computing device is granted access to the network
- Perform actions, mine etc….
Network
- Peer to peer.
- All nodes agree on same rules to validate transactions
How is a block added
- Node broadcasts block to network
- Other nodes verify, when consensus then block is finalized
Merkle Tree is structure used for chain
Smart Contracts are code stored in the blockchain that when run add transactions
- Can’t change once deployed
- Free to read, charge to write
- Walked through ethereum smart contract example

Codemash 2018 – Crimson and clover, over and over (Devops Security)

Presenter: Josh Wallace

What does your security team think of devops?
- They slow you down, right?
  - In my situation we have no security team, so a little different when dealing with super small team
  - How do you inject dynamic analysis into your pipeline if releasing every few minutes as Amazon does
Should you automate your processes if they are not good?
- Is automation good on its face even if perpetuating a bad practice underneath, especially from a security perspective.
Applications tend to be tested equally, but now well
- functional testing of security requirements usually not done, if security requirements exist at all
- Do not have to apply the same level of testing and security scrutiny to all applications, level or risk should dictate how thoroughly an app is beat up.
How do we fix the above situations? Introducing a framework for continuous security! (Crimson and Clover)
- Define our requirements during planning and pre-planning phases
  - application inventory
  - apps ranked by risk
  - secure coding guidelines
  - threat modeling
  - required security controls based on risk
- All security requirement should be tested
  - break the ci build so get feedback immediately
- Testable security requirements are needed
  - requirements need to be written in a manner that is testable
    - written in dev speak, not security speak
    - train developers on security
- Automate security testing, put in pipeline
- Pipeline should be scale-able and flexible, not many
  - One good pipeline with if/then logic better than one per app
- Don’t write your own crypto code, ever.
  - There are plenty of good, easy to use libraries that are essentially unbreakable

Codemash 2018 – Functional Programming With C# 7.1

Presenter Ed Charbaneou

Style Comparison
- Functional Programming
  - Focuses on mathematical progress
  - Stateless
  - Fixed expressions that are stateless and return a result
- Imperative
  - void method
  - black box
  - maintains state
A Functional Focus
- Application doesn’t maintain state
- Why now
  - Multithreading
  - Cloud computing
  - Stateless much better when multithreading
  - Maintaining state is hard, especially in multithreading
Functional Features
- 3
  - LINQ
  - => Expressions
  - Extension Methods
- 6
  - Expression Bodied Memebers
- 7.1
  - Tuples
  - Pattern Matching
  - ++Expressions Bodied Members
- .net does not yet have immutable types
  - immutable type cannot be changed after its insantiation
- Func Delegates
  - Allow us to pass around code as a variable
- Higher Order Function
  - A Function that either takes a function as a parameter or returns a function as a parameter
Method Chaining (Pipelines)
- Don’t see pipes in .net since can method chain
Extension Methods
- Yep they exist. They have existed for a decade, not sure why going over them here.
Reviewed yield/return. Another 10 year old structure. Functional, I suppose. I always thought purpose was to be able to act on iterated values without having to finish iteration.
Reviewed LINQ methods available. OK.
Now onto programming excercise