CodeMash is a tech conference for developers. Held at the Kalahari (African themed resort), during the first week of January, in Sandusky, Ohio. This year, the conference was January 5-8th. Our company went for the third and fourth day.
I’ve only been learning to develop in Java since January of last year, so this was my first time at CodeMash. There are many, many sessions to choose from, and here are the ones that I went to. I carry a small notebook with me, but don’t try to take too many notes (usually I’ll just write down specific URLs, application names, or book titles).
Decided to go with all caps for the session titles, since that’s what CodeMash does, and I don’t have to worry about capitalizing or formatting.
IS YOUR API LEAKING? BREAKING APIS TO INCREASE SECURITY
Joe Kuemerle @joekuemerle
I enjoyed this session. It was a broad overview of a lot of the security (or non-security) surrounding APIs. The speaker wears a kilt too. I feel like I have to mention that.
He talked a bit about timing attacks, and the importance of rate limiting.
He also manages the repository for all of the presentation content for CodeMash (that speakers want to share) at https://github.com/TechConf/CodeMash2016 .
THE CODE BEHIND THE VULNERABILITY
Barry Dorrans @blowdart
This speaker from Microsoft went over some security bulletins from Microsoft, and looked at specific problems, and how they were resolved. I found it very interesting. He was funny, and seemed to really enjoy the topic.
I was not familiar with the “Turkish i” problem. This article has a good explanation of how/why it can be a problem. I could see this being a really obnoxious bug.
OWASP TOP TEN PROACTIVE DEFENSE 2.0
Jim Manico @manicode
This was definitely the most excited speaker that I heard at CodeMash, and very passionate about computer security. I was a little familiar with OWASP, because I’ve used some of their pages for reference, but I’ll be checking out their sitemore. They’re just a volunteer group that cares deeply about computer security. This session was an excellent overview of many of the most common and important security issues.
His entire session is a PDF from OWASP that anybody can download and use.
CONCURRENCY IS CHILD’S PLAY! (POWERFUL, NAÏVE, AND FULL OF “OOPS!”)
Nuri Halperin @nurih
He used some volunteers to work through and visualize some scenarios with concurrency, as well as the problems that can come along. Couldn’t a copy of his session online.
He also briefly mentioned quantum entanglement, something that I was not familiar with, and don’t really understand, but found interesting.
HOW TO GAMIFY YOUR SECURITY AWARENESS FOR BETTER SECURITY AND A MORE ENGAGING EMPLOYEE EXPERIENCE
Mike Woolard @wooly6bear
This had some interesting ideas for getting employees excited about security. Definitely would have been fun if I weren’t working remotely, having the opportunity to compete and/or catch employees slacking off (not locking their machine, etc).
I wasn’t familiar with bWAPP, a buggy web app with plenty of vulnerabilities, and a good way to learn about some bugs you might not have known.
I also wasn’t familiar with FoxyProxy before CodeMash, and this is an excellent way for your browser to easily work with a proxy tool, such as Burp Suite, and you don’t have to do IP changing manually.
WHY AGILE? THE ECONOMICS, PSYCHOLOGY, AND SCIENCE OF AGILE’S SUCCESS
Matthew Renze @MatthewRenze
I wasn’t familiar with what Agile was, and so this was a good introduction for me. Can’t say I was really familiar with any specific development processes. This was my first time hearing about the waterfall method and this would probably be the closest thing to what my company has always done, although that’s changing now.
He mentioned The Wisdom of Crowds – James Surowiecki.
PROGRAMS THAT WRITE PROGRAMS: HOW COMPILERS WORK
Craig Stuntz @craigstuntz
This is one of the first sessions that I was really interested in when I first looked at the CodeMash session list. I thought I might learn something useful– but I didn’t expect it to be my favorite session at CodeMash. It was very interesting, and also entertaining.
I didn’t know anything about compilers, and this was a great intro. The speaker walked through every step of the compilation process and explained what was supposed to happen.
The slides with his notes added
YES, AND!
Michael Hagesfeld @mhagesfeld
This session was on communicating well. The speaker is experienced in improv comedy, and tied that into communicating better with people in your office. One of the ideas is that you try to avoid negative responses, so you respond with something positive (“yes, and…”), even if you’re rejecting what the other person is saying.
I didn’t find his slides from CodeMash, but here is the same session from somewhere else that he spoke, and the slides appear to be mostly the same thing.
A PEEK BEHIND THE CURTAIN – HOW PENTESTERS “SEE” YOUR WEB APPLICATION (AND HOW YOU CAN TOO)
Monika Morrow @FortyTwoWho
I enjoyed this session a lot. Next to the Compilers session, this was probably my favorite session. I think it was mostly because I enjoyed seeing someone focus on and work with Burp Suite (which I have a little experience with).
I wasn’t familiar with SwitchyOmega, a Chrome extension for changing proxies, and it looks good, even better than FoxyProxy for Chrome.
I only use the free version of Burp, since the professional version costs $395 a year, and is too rich for me right now (since pentesting is just a hobby). She showed some of the benefits of the professional version (after someone asked), and I can definitely see the use of the extensions that you can get from the BApp Store.
PDF of the slides + notes here
ACTORS, EVOLVED
Rotem Hermon @margolis20
In this session, I was in over my head. He talked about the Actor Model, and what can be done with Virtual Actors, so you can have concurrency, without the problems of concurrency.
SOFTWARE DEVELOPMENT LESSONS LEARNED FROM INDUSTRIAL FAILURES IN THE 1980S
Charlotte Chang @pushorpull
There was no way that I could miss this session based solely on it’s name. This session was a very entertaining history lesson, taught by someone who was very excited about the topic.
She spent a lot of time talking about General Motors’ factory, Freemont Assembly, and the terrible problems (production issues, and awful employees) that it had while it was open from 1962 to 1982. The factory reopened as a joint-venture with Toyota, and was much more successful, thanks to Toyota’s management and ideas.
So GM sucks, Toyota rules.
Books mentioned:
The Toyota Way – Jeffrey K. Liker
Rude Awakening: The Rise, Fall and Struggle for Recovery of General Motors – Maryann Keller
Collision: GM, Toyota, Volkswagen and the Race to Own the 21st Century – Maryann Keller
The Machine that Changed the World – James Womack, Daniel Jones and Daniel Roos
I wasn’t sure about what session to go to during this hour, and ended up going to this one because a coworker suggested it. I am glad I went.
EVENT DRIVEN ARCHITECTURE: A PRIMER
Shawn Wallace @ShawnWallace
While this topic is very far from anything that I was familiar with, the speaker did a great job with the topic, including showing a demo of what it might look like for a retail business. I was able to get a basic understanding of what event-driven architecture is.
The slides are here. And the demo he used is available here.
#DEPLOYSMARTER
CONCENTRATE ON CODING: AUTOMATING EVERYTHING ELSE
Timothy Corey @IAmTimCorey
This session focused on making life easier using Jenkins to deploy. The idea being that you don’t waste your time doing a bunch of things when you want/need to focus on coding. I don’t use Jenkins, but it is something that I’ll learn more about later.
To get the slides, you have to text DEPLOY to 44222. It’ll ask for your email, and then send them to you. There is also bonus material that he’ll send you, a 10 page report of the plugins that he uses with Jenkins.
So, I skipped out on the previous session, since it was focused on Jenkins, and I knew that I’d get the slides later on, and headed over to this..
PROGRAM SOME HEALTH INTO YOUR LIFE
Stan Jonsson @sjonsson
I walked into this session in-progress, with a bag full of gummy bears, courtesy of the candy bars that CodeMash had setup in the hallways. So basically I ate candy while in a session about healthy living.
This session was great, and something that I really needed. He shared a lot of common sense that gets ignored. To lose weight, ultimately you need to burn more calories than you consume.
He talked about staying motivating, and also said that you should track yourself to stay honest. When you see your progress, it is easier to avoid slipping. He had different ideas for staying motivating. There is lots of technology out there that can be used. Things that you can wear, as well as apps that you can have on your phone.
I’m going to start using the MyFitnessPal app to keep track of what I eat, as well as my physical activity (of which, there is not enough).
And those were all of the sessions that I went to. I learned a lot, got excited a lot (there were times when I wanted to walk out of a session, and get on my laptop), and had a great time.
Katelyn’s Krusade / Katelyn’s Kloset
CodeMash made a small donation to a charity called Katelyn’s Krusade, and gave them an opportunity to present themselves, and what they do. They modify toys so that children with special needs can operate them. Neat idea, and it has really helped a lot of children realize what they can do.
And then they had something in the evening where you could help, by “hacking” one of the new toys that they had, and get it functional for a child. This was a fun challenge that I did with some of my coworkers. We got a new toy, the Busy Ball Popper. We had to remove it from its box (without destroying the box, or any of the packaging, so it could be repackaged and presented to a child and their family, as a brand new toy. We had to open up the toy, and figure out where to connect a wire to operate the toy remotely, and then solder on the wire with a special switch that a child can connect their own custom controller to, to operate this, and other tools.
Despite the horrifying use of K as a replacement for the letter C (in Crusade and Closet), “hacking” this toy for charity was my favorite thing out of all of CodeMash, and I really hope they do it again next year.
Water slides
Then there was a party in the Kalahari’s giant indoor water park (good thing it is indoors, because this was the first week of January in northern Ohio.) There were some huge water slides. I went down the first one. Did not enjoy it. I went down a second one. Did not enjoy it, and discovered that I am not a fan of going down water slides in the dark.
CodeMash was a lot of fun and worth flying over 5,000 miles for (Santiago, Chile to Atlanta, GA to Detroit, MI — and then carpool with coworkers to Sandusky, OH). I’m looking forward to next year!
Leave a Reply