OSCon 2018
Morning Keynotes
Suz Hinton, Microsoft
- Live coding!
- https://twitch.tv/noopkat
- light sensor + servo
??
Researcher who’s bot wouldn’t recognize her w/o wearing a white mask
Ying Xiong, Huawei
- Books
- Algorithms of Oppression
Tim O’Reilly
- Law of conservation of profits… if one part of the chain of production becomes commoditized, the value will move to another part of the process.
- S Curve of value extraction… early adopters get value, late adopters provide value
-
Extractive markets
- Books
- Who Gets What (and Why)
- Why Nations Fail
Cloud Scale Continuous Delivery
-
What is Concourse “a thing doer”
- You deliver things.
- Everyone is taking something and delivering it to production or to users.
-
Ship a weird wordpress site, deliver pizza… etc.
- Simplicity, Scale, State
Simplicity
- Simple primitives for defining pipelines
- Jobs, a list of steps to execute. Plan. Get stuff, retrieve some value, put stuff, task
Resources
- Interact with the external world
- check (periodically triggered)
- in (triggered by a get step) (e.g. git pull)
- out (triggered by a put step) (e.g. git push)
- a versioned way to interact with some external thing
- Jobs and resources come together in a pipeline, a continuous Makefile
Pinelines
- trigger (new resource version should trigger a new build)
- passed (list of jobs on a get step that versions should pass through
-
Not necessarily ordered. Can build a complex graph.
- Images of s3 bucket to build a pizza, and deliver the pizza to another aws bucket
- Using concourse to do image processing
- Can do things concurrently if they don’t have dependencies.
Architecture
- ATC responsible for scheduling, web UI and API
- TSA SSH server used to securely register workers
-
Worker
-
Easy to scale your pipeline
-
All tasks and resources, operations run in containers
- Tasks, user defined script that does something (usually run tests)
- Users are able to define the image, where to fetch that from, and what to run
- inputs, ind-mount resources into the task container (as Copy-on-write)
Concourse Users
- Engineers working on large complicated distributed systems
- Integration teams with giant build matrices and lots of deployment automation
- Tinkerers with side projects
- Banks and government bodies
DevOps with Kubernetes and Helm
Jessica Deen, Microsoft, Cloud Developer Advocate
Linux, OSS, DevOps and Containers
Agenda
- Show what’s possible
- Sample code
Intro
- By 2020, 1 million new devices / hour
- Average age of S&P 500 corporation, 12 years
- 60% of computing in the public cloud by 2025 (already seeing this)
- “Everyone is going all-in on the cloud” Why?
- From developers
- “I need to create applications at a competitive rate without worrying about IT”
- “New applications run smoothly on my machine but malfunction on traditional IT servers”
- “My productivity and application innovation become suspended when I have to wait on IT”
- From IT
- “I need to manage servers and maintain compliance with little disruption”
- “I’m unsure of how to integrate unfamiliar applicationas and I require help from devs”
- “I’m unable to focus on both server protection application compliance”
- Pain points
- Security threads
- Datacenter efficiency
- Application velocity
- Cloud is the new way to think about a datacenter
DevOps: Three stage
- People
- Process
- Product
- “Union of people, process, products, to enable continuous delivery of value to end users”
- You can develop as many features as you want, but if you dont’ know what’s important, you can’t deliver value.
Key DevOps Practices
- IaaC
- CI/CD
- Automated testing
- Release management
- Performance monitoring
- Availability monitoring
- Load testing & auto scale
- Automated rollback and recovery
Benefits
- Deployment frequency
- Lead time for changes
- Mean time to recover
- Change rate failure
Why containers
- Write once, run anywhere
- Enables microservice architectures
- Great for dev/test of apps and services
- producction realism
- Growing developer community
What is a container
- Namespaces (what a process can see)
- Cgroups (what a process can use)
What is docker
- Open source container runtime
- Mac, Linux, Windows support
- Docker image with a “layered filesystem”
- read only layers that get cached
Virtualization vs. containerization
Demo
Code Fresh, CI/CD from GitLabs? Xray scanning for vulnerabilities
Container Orchestration
Kubernetes (K8)
- Automatic bin packing
- Self-healing
- Horizontal scaling
- Service discovery
- Load balancing
- Automated rollouts
- Who is using it?
- Big companies
- It’s ready for production
- Azure K8 Cluster (AKS)
- Managed by Azure
- (Here comes the “promise of the cloud”)
- Helm
- The package manager for K8
- Manage complex workloads
- Easy updates
- Simple sharing
- Rollbacks
- Helps you define your workflows
- Draft
- Create your Helm config and dockerfile for you
- Example of two lanaguage applications in like 90 seconds!
- “How many people in the room love setting Jenkings up from scratch?”
Best practices
- Build small containers
- Application arch
- Use namespaces for isolation
- Use helm charts
- RBAC
- Implement health checks
- Set requests and limits
- Be mindful of your services
- Map external services
- Don’t rely on load balancers (very costly)
@jldeen
PyTorch 1.0
Accelerating AI Innovation with ONNX and Open Source Tools
Sarah Bird, Facebook AI Researcher
Agenda
- AI Research at FB
- Open source tools
- Research -> Prod
- Dev for the future
AI Research
- Want to advance the state of the art of AI through open research
- Publish in the top conferences
- Many products in GH
- Machine Learning in FB Products
- Translation
- 45 languages
- 2k+ …
- 6B translations / day
- Facer
- Translation
OS Tools
- Data
- Models
- Libraries
- Frameworks
- Compilers and optimizers
- Hardware
- “Unframework”
- Components that you can customize and configure as you need
- ONNX: Open ecosystem for interoperable AI models
- Tools should work together
- Wide variety of tools and hardware on which you would want to run them
- Terrible spaghetti architecture of converters
- Everything’s changing
- x ** n things to maintain
- ONNX (an adapter)
- Seamless interoperability
- Intermediate serialization format
- Model Format
- High-level IR
- Operator specs
- Weights serialization
- Serialized models are interoperable between frameworks
Research -> Prod
- Oculus tracking
- Facial animation model
- OCR
- Translation
Code is on GitHub and the project is here
- Start with research
- Scale to billions
- Move it to mobile/the client for interactive
- Early 2017
- PyTorch -> Caffe2 (high perf, maximize optimization)
- Reimpliment in Caffe2. Weeks to months.
- Team that owns the model knows nothing about the model
- ONXX started in order to automatically export from PyTorch to Caffe2
Dev for the future
Declarative toolkits
Building Serverless CI/CD Pipelines
Anubhav Mishra Developer Advocate, HashiCorp @anubhavm
Agenda
- What is CI/CD
- “Serverless” - the Term
- “Serverless” for CI/CD
- Live Demos!
Software Delivery Pipelines
- Source code
- Build
- Test
- Deploy (dev/staging/production)
First 3 things are always done in CI. With CD you do it all!
(Some organzations are just too good and deploy to production on every commit)
What is the build? Docker container? Server image?
VCS, Automation (Jenkins, CircleCI, TravisCI), Unit and integration tests, Deploy
- Practical CI/CD: dev does a git push, triggers webhood
- Everything needs servers. Use jenkins on a server. What does Jenikins do? Master assigns tasks to clients.
- Polyglot… 2 servers for php, 1 server for node, memory hogs use Java
- Need isolation… build system becomes the bottleneck, bash calls a python calls a ruby script
- Lots of drawbacks
- Cost! (infrastructure, idle time which is really underappreciated in the industry)
- Long term maintenance
- Reduced agility
- Have to coordinate with ops everytime you want a new language or microservice
- Longer delivery times
“Serverless” the term
- Knew about these ideas, but had never focused on them until AWS released lambda
- I watched ever talk out there on serverless
- Hey wait, it turns out that the servers do exist. The idea is that it doesn’t matter.
- I define it as a “technology pattern”
- FaaS = Function as a Service
- BaaS = Backend as a Service
- AWS
- Code Pipeline
- Benefits
- Reduced operational/infrastrcuture cost
- Pay for what you use
- Faster development cycles
- Increased elasticiity/scaling
- Google/AWS teams are working day and night to keep these systems running and we’re not necessarily paying for that
- Workflow is still dev git push, trigger webhook and …MAGIC
Live Demo
Replace Jenkins with AWS ECS and Fargate
Drawbacks of using Caas for Jenkings
- Slow boot time
- Large image (~1GB?)
- No root access
- Ephenmeral storage
LambCI
- AWS Lambda
- Written in Node.js
- 3000+ GH starts
- Released in 2015-2016
Advantages of FaaS
- 1000+ concurrent builds
- No server maintenance
- No cost of idle time
- Flexibile billing
- Cost summary (1GB RAM)
- Free Tier (1000 builds * 5 minutes = $0 / month
Drawbacks
- Limited runtime support
- Limited support for plugins
- No root accesss
-
5 minute max build time
- Serverless is going to kill all computing architectures; after containers kill virtual machines, after virtual machines kill real machines.
- What would a developer experience look like under this kind of future? This really realizes the “promise of the cloud”.
- Organizations can abstract away the build pipeline for their developers. Organizations can simply switch to a different provider if they want.
Day 2: Morning Keynotes
Mahdi Yusuf, Gyroscop Innovations
- Why do we only measure things when we’re sick and not when we’re well?
- In the future, let’s generate that data ourselves.
- Gyroscope: A new operating system for the human body
- Heart rate, workout, blood sugar, weight, etc.
- Measure and store overlaps with React and modify
- Continuous glucose monitoring; understand what’s going on when you eat pizza.
- Weight: e.g the guy who ran 80k miles over a few years and still gained weight.
- Heartrate variability (HRV). Elite athletes use this, but we all should.
- Sleep. How much sleep do you get per night? I got sick 4x in 4 months and that was correlated with not getting enough sleep.
- Book
- Why we sleep
- Resting HR is best to measure when I’m fully asleep.
- V02 Max, Anaerobic, stamina, endurance, warmup, recovery.
- Privacy
- The speaker seemed to have run out of time at this point and basically just said “We need privacy”, but didn’t elaborate.
Angie Brown
Home Depot, Vice President, Store Technology
- Technology Centers
- What does it take to operate a 100 billion $ retailer? Open
- Source. Pace of retail is fast and it has changed more in the last 4 years than the previous 40.
- We transitioned from Waterfall to Agile
- We’re a big company, but try to operate like a startup
- $11.1 billion in strategic initiatives and 9 billion is in tech. We try to build our own software in house 90% of the time.
Jerome Hardaway
CBS Interactive, VetsWhoCode
Roger Magoulas
O’Reilly VP of Radar
- Free subscription to Safari, the O’Reilly Learning Platform. It measuers:
- Search
- Content usage
- 50k titles (text, video, audio, interacitve, jupyter notebooks)
- Demographics
- Consultants
- Finance
- Software
Search
- Top searches
- Python
- Java
- aws
- kubernetes (big growth)
- ml
- docker
- angular
- react
- spark
- go
- javascript
- blockchain (big growth)
- microservices
- spring
- To programming languages
- python
- java
- got
- js
- scala
- c++
- c#
Usage
How much people are engaged in the topics. What are they reading?
- Data management
- Java
- Python
- ML & AI (some growth)
- SW Arch
- Javascript
- Cisco
- AWS (high growth… acting like an emerging technology)
- Security
Emerging
- Kubernetes (up 200%)
- Blockchain (Up over 450%… more than BitCoin!)
Trends
- Open source
- Languages
- ML/AI a major topic
- Cloud
- Kubernetes well up
- microservices / next architecture hypothesis
- Blockchain
Sarah Novotny
- Customers need the ability to freely choose which combination of services and providers
- Open Source is more important than ever
- Open Source is not free like sunshine
- Open Source is free like a puppy
- OSS is software developed in a collaborative manor
- 1% of PRs on GitHub are from Googlers
- OS project vs. OS software
- A project is more led by the community whereas OS software is more led by a single entity
- Google wants to be the fastest growing and most open cloud
- Feedback is a gift.
- oscon.com has all of the slides and videos
Jay Gambetta
IBM fellow, quantum information scientists
Patrcica Posey
COO of Tech Superwomen
Immutable Infrastructure: continuous delivery for systems
Justin Cormack
Engineer at Docker from Cambridge UK.
Working on security, OS, LinuxKit.
Continuous Delivery
There’s a book named “Continuous Delivery”, old but highly relevant.
“The ability to get changes of all types—including new features, configuration changes, bug fixes and experiments–into production, or into the hands of users, safely and quickly in a sustainable way.”
System software
- A field that hasn’t had that kind of attitude.
- The late 80s and 90s, our modern unix station was mostly invented and haven’t changed much later (aside from having more packages). Look and feel of the systems hasn’t changed much.
- Except for configuration management.
- CFEngine
- Pets vs. Cattle CERN, 2013
Pet management
- config management has largely been used for managing pets
- lets them evolve over time
- not designed for CD
- Cattle / Immutability
Compute on demand
- AWS EC2, 2006 onwards
- servers can be provisioned by an API not installed by hand
Netflix
- “If we don’t want the server to be like that, we kill it and launch a new one with a different AMI”
Application specific system
- Reduce attack surface
Getting updates right is hard
- Ensure update is tested first from exact current state
- update kernel
- config, restart process, unless supports reload
- DNS entry
- shared library, restart all processes using it
- update container engine config: restart all containers
Reprovision to update
- Immutable server
- load balancer
- bring up new version
- take down old version
- Disposibliity
- Testing
- Build once
- Test in the CI pipeline
- Immutability
- naming is kind of misleading
- doesn’t mean there are no state changes
- means we have a clean split between code (immutable) and application data (mutable)
- Again, not stateless
- analogous to functional programming
- there’s still state
- just not globally mutable in an uncontrolled way
- state is managed and controlled and in chosen locations
- e.g. immutable root fs, add writable volumes
- analogous to functional programming
- Config management of systems, not machines
- distributed systems have hard problems
- better to focus on those problems, not what state my machine is in
LinuxKit
Immutibility by design
- 2015
- Docker for Mac
- Needed a simple embedded, maintainable, invisible Linux
- first commit: “not required: self update: treated as immutable”
- The project became LinuxKit, released last year
- Config Management
- designed to be small and compact and minimal
- fast build
- fast boot
- little surface area for updates or security vulnerabilities
- Startup
- sequential startup
- same design as K8 pods
- Config from YAML
- Note
- root fs is immutable
- can run from ISO, initramfs, squashfs
- Simple tooling
- disk images
- AWS AMI
- Raspberry Pi3 image
- ISO for EFO or BIOS
- PXE boot
Demo
Build and install a whole system w/ nginx in less than a minute and two commands
Roadmap
- reworrking build to not require Docker
- more detailed application blueprints
- remove remaining shell scripting from configuration
- more users and use cases
Summary
- manage the configuration of a distributed system
- use a simpler immutable OS, just focus on the overall system
- try our tools, they are simple but fun
- fast tooling is way better!
- build for automation, not for interactive use
- continuous integration and delivery
- time to retire the Unix workstation model for servers
- “time to do some crazy bullshit with operating systems” Adam Jacob
Linux IOT Botnet Wars and the Lack of Security Hardening
Drew Moseley, Solutions Architect, mender.io
Deploy software updates for Linux devices
Overview
- Case studies of 3 botnets
- Mirai (August 16)
- Hajime (Oct 16)
- BrickerBot (Mar 17)
- Common security problems
- Solutions design
“The ‘S’ in IoT stands for security”
Motivation
- Review past vulnerabilities to reduce future compromises
- Avoid the same mistakes
- Think about security design of your products or code
- Peace of mind
About me
- Over-the-air updater for Embedded Linux
An Attack
- Reconnaissance (discover vulnerabilities)
- Intrusion (initial access)
- Insert backdoor (ongoing access)
- Clean up (avoid detection)
Mirai - Purpose and impact
- Discovered in August 2016
- Means “future” in Japanese
- 200k-300k infections
- recent publication = 2.5 million
- Used for DDoS in late 2016
- DynDNS
- Can be extended for other uses
- Source code on GitHub
- Leaked in hacker forums, published by researchers
- https://github.com/igamblin/Mirai-Source-Code
Mirai - Design
- TCP SYN probes for port 23 and 2323
- later iteration: ssh, cwmp/tr-069 exploi
- 10 brute force telnet login attempts
- from list of 62 username/passwords
- Send IP and credentials to report server
- Loader program
- detects env and install Mirai
- Obfuscation
- randomize process name
- delete executable
- mirai does not survive reboots
- remove competitive services
- remote login (Telnet, SSH)
- other malware
- List for commands, scan for more victims
- somewhere on the Internet, there’s a list of all infected
Motivation?
- Profits
- Two known authors
- Co-founders of Protraf SolutionsLLC
- Specialized in mitigating DDoS attachs
- tried to sell services to victim or extor them
- also involved in $180k click fraud
Summary
- targeted embedded linux devices
- DVRs, IP cameras, routers, printers
- 30 venders
Hajime - Purpose and impact
- Discovered: October 2016
- similar timeframe and network access as Mirai
- named “beginning” (Japanese) by researchers
- Majime author fixed bugs reported by researchers
- Modest estimate
Design
- TCP SYN probes for port 23
- Burte force
- Victim connects to decentralized overlay peer network
- BitTorrent DHT (discovery)
- uTorrent Transport Protocol (data)
- Obsfuctation
- renames itself to telnetd
BrickerBot - Purpose and Impact
- Discovered: March 2017
- Author claims 10M total infections
- Erases all storage and bricks the device
- destructive “white work” by a vigilante
- “PDoS” attack against devices
Design
- brute force telnet login attempts
- brick device
- erase disk partitions and files
- disable networking
- reboot
- Connect to next device
Summary
- Attack devises were Linux devs with Dropbear with Telnet
- Exploited default loging/password
The Reaper Botnet
- More sophisticated takeover techniques
- spreads via nine different IoT vulnerabilities
- Partially based on Mirai code
- Reports up to 3.5M infected devices
- Currently dormant; intention unknown
- Reaper includes an update mechanism
VPNFilter
- More than 400k commercial fourters in more than 50 countries
- Seems to be created by a state actor (Russia)
- Seems intended as a network for attacking Ukraine
- Uses known vulnerabilities (i.e. no Zero-day)
- 3 stage architecture
- 1) persistent across reboots
- 2) main botnet payload and may contain a self-destruct sequence
- 3) implements a plug-in architecture for expandibility
- Downloads an image from photobucket.com and computes command and control server IP from embedded GPS coordinates
- Backup domain ToKnowAll.com - siezed by the FBI
- FBI issued guidance for users to reboot their routers
- Bottom Line: reset to factory defaults or replace affected routers
Intention
- DDoS
- Whitehat
- Greyhat
- Spam relays
- Digital currency mining
- Ransomware/malware delivery
- Revenue (Botnet for Hire) (see arstechnica)
Mitigation
- Default: closed ports, network segmentation
- Random initial passwords, service security updates
- principle of least privilege (don’t run things as root unless you need to)
- OTA updates can also address currently unknown vulnerabilities
Improving motivation of device manufacturers
- The attack vectors are trivial
- Device manufacturers need to fix
- IoT Cybersecurity Improvementn Act of 2017
- Alternative: more vigilante botnets
Goal: Lower attacker ROI
- It’s always possible to compromise software
- Lower ROI for attacker
- Decrease value of successful attack
- Increase the cost of successful attack
- There are generic solutions to increasing cost of an attack
- Basic security discipline
- Remove target on our backs with basic security hardening
Other botnets
- Other Botnets
- Satori
- https://schneier.com/blog/archives/2018/07/department_of_c.html
- OpenWRT
The State of the Open Source Job Market
Rquel Araujo, Product Scientist, Indeed
Overview
- Open Source Job Market: why should we care?
- The State of the Open Source Job Market
- examples of roles
- trends
- quick facts
Why should we care?
- Open Source is popular and useful among programmers
- 44% contribute to open source
- 40% contribute as part of their ongoing education efforts
- 55% of OS professionals say it would be easy to find a new job
- 87% of OS professionals say knowing OS has advanced their career
- companies are investing in both OS tools and talent
- 57% of hiring managers say organization contributes to OS projects
- 48% of managers say they are financially supporting OS
- 87% companies experience difficulties recruiting enough Open Source talent
- High demand + low supply = great time to work in OS
- The state of OS jobs (in the US)
State of the market
- How does Indeed get the relevant data?
- Both directly and by aggregation
- Internal tools parse job descriptions and applications and extract relevant information
- Info is made available thorugh datasets in Imhotep https://opensource.indeedeng.io/imhotep
- Data analytics tool for trends and stuff
- What is and OS job?
- Jobs that have “OS” in the job title
- “Software Engineer - Open Source”
- Open Source Contributor
- Open Source Community Manager
- OS Software Architect
- Release Engineer
- 15% of jobs had at least one candidate
- 4 applicants / position
- 50% more likelye to be qualified than the average job posting
- there are not enough candidates to fill them
- Jobs that look for candidates whose skills are among a handpicked set of OS tools
- So many SO tools!
- Skill groupings
- infrastructutre
- cloud technologies
- database
- languages
- front/back-end frameworks
- Titles
- Development Operations Engineer
- Cloud Engineer
- Data Engineer
- Software Engineer
- Front End / Full Stack Dev
- Open Infrastructure
- Kubernetes
- Mesos
- Docker
- OpenStack
- 2.2x jobs requesting Docker vs. Kubernetes
- 30% of jobs that receive at least one application in 2018
- Cloud
- Google Cloud has 4x growth
- AWS 2x
- AWS is the most common skill for candidates and jobs (11x jobs than Google Cloud)
- Databases
- Not a lot of growth
- MySQL still is very common
- People that apply who have MySQL are about 20% more likely to be qualified
- Languages
- Python has grown by 20% while all others have slowed down
- Java is the most commonly asked for
- 10% more applications for Javascript than Java
- Only 21% of jobs requiring C/C++ receive at least 1 application
- Haskell, Perl, Ruby, Rust, Scala all have few applications. Noisy data.
- Frameworks
- React, Angular, Django
- Django 27% more likely to be qualified at Indeed
- 38% of job listings for Django get at least one application
- Jobs that have “OS” in the job title
- https://indeedeng.io/
- https://indeed.jobs/
Q & A
- Remote requests?
- We didn’t collect that data
- What aren’t devs more arrogant/confident? If only < 25% of jobs are receiving applications, but only 55% of devs thought they could get another job.
- Spike in May of 2018. WTF?
- Bad data? I’m not sure.
- Most commonly listed skill is Microsoft Office
- How do you avoid data duplicate?
- If there is one job that lists several of those skills, it will be repeated
- Are employers listing superman positions, like 10 years of Kubernetes exp?
- Yeah there are unicorns. So how many of those are the ones that are not getting applications? That would be an interesting analysis project.
- You’re reportin on “qualified”, but is there any feedback mechanism?
- We build ML models to determine whether they are qualified. “Qualified” comes from our models. Some feedback mechanism, employer looks at candidates, we recommend some, and then ask the employer whether they were qualified
- How to improve the quality of our posts and get better results?
- Some of the jobs that don’t get any applicants are badly written jobs. We have an employer team. We have moderators, who examine flags and such.
- What is your revenue model?
- Sponsored jobs. It’s optional. Pay-per-click model. Sponsored jobs are shown at the beginning and the end of the page. Still try to show the job seeker relevant jobs. Other products like Indeed Prime. Job seekers can apply into Indeed Prime and then employers can hire from a pool of vetted applicants.
The async invasion
Who is this guy?
- Microsoft Most Valuable Professional
- Christian, father, husband, developer (OS is my addiction)
- Author of Concurrency in C# Cookbook (I make $1.85 on every book… not sure if I’m supposed to tell you that)
The Async Revolution!
- Revolution of the good guys.
- Invasion?
- All of a sudden, all of these languages have been adopting the async/await keywords
- Tends to be infectoius
- you want to make one think async
- you have to make everything async
Timeline
- F# 2010
- Which is weird, becuase functional languages don’t actually need async/await keywords
- You can do the same thing with a future monad
- C# and VB 11.0 August 2012
- lots of attention here
- Hack/PHP March 2014
- Dart 1.9 March 2015
- TypeScript 1.6 Sept 2015
- Python 3.5 Sept 2015
- Javascript ECMASscript 2017 June 2017
These languages are developed very differently. The first ones are very dominated by Microsoft. Python and Javascript are very much not.
- Future?
- C++ coroutine in C++20
- Kotlin (experimental coroutines in 1.1)
- Rust (nighty since 2017-2018)
- Java (no plans)
- PHP (discussion, but nothing concrete)
Terminology
- What does “async” really mean?
- “Concurrent”
- There is no consensus
- Multiple things happening at the same time
- UI example
- Application that has to talk to a DB
- Respond to user input while talking to DB
- Server example
- When you are serving one request, you would like to be able to serve another request at the same time
- Multithreaded?
- Parallel (a more specific kind of multithreading)
- Asyncrhronous
- A way to get concurrency w/o multithreading
- Specificly “async”
- There is no thread blog post
- For I/O which is more natural
- Synchronous APIs
- We’re used to this… so we think that this is the normal way to code
- Asynchronous APIs
- All I/O is naturally asynchronous
- Synchronous APIs
Why?
- Benefits of Async
- UI: responsiveness
- Server: scalability
- Why is it important today?
- Mobile UIs
- Cloud servers
- Why async/await?
- Can you write it without keywords?
- Yes of course, but..
- Why are these coming out now?
- Can you write it without keywords?
- Archaeological tour
- Events
- Callbacks
- Almost all of programming is composing
- We are making objects that are composed of other objects
Events
- Problems
- Have to read the code backwards
- Manual error handling
- Everyone gets this wrong eventually
- Deep nesting
- We’ve only done two operations and are already pretty deeply nested
- Non-trivial logic (loops, joins) require manual state machines
Callbacks/CPS
- Continuation Passing Style (like nodejs style)
- Problems
- Don’t have to read the code backward
- Still manual error handling
- Still deep nesting
- Non-trivial logic (loops, joins) require manual state machine
Futures
- Futures are monads
- “Future” represents a future value
- JS/promise
- Futures complete exactly once, either with a value or with and error
- Futures support continuations
- object representations of async operation
- A future can be anything
- File download
- Database write
- Tiemout
- “Join” or other futures
- Mutex
Future<void> DownloadAndSave() {
return Download()
.then(data => { return Save(data); ]);
- Problems?
- Shallow nesting
- Non-trivial logic (loops, joins) require manual state machines or multiple methods
Async/Await
Same API as the futures API
- Problems
Summary
- Asynchrony is important today
- Because of cloud and mobile
- But async code is hard
- So languages are adopting async/await
- To make async code easier
Q&A
- How would you do promise.all()
- You can await promise.all() just like you would with promise.error()
- Cancellation?
- No consensus of how to do that. You usually have a token, so every iteration through the even loop check to see if your promise is in a cancelled state.
- How do you unlearn how to write things so that they are async?
- Natural state of I/O
- How do you follow the stack traces?
- .NET came out with simpler stack traces. 3rd party libraries that work after the fact.
- When .NET when from events to callbacks it was huge. But I’m not convinced there’s value if you have a code base that is written around promises.
- You can do some pretty funky things that rely on a deep understanding of promises. But it might be OK.
blog comments powered by Disqus