OSCon 2018 - James Hiebert's Blog

Morning Keynotes

Suz Hinton, Microsoft

Live coding!
- https://twitch.tv/noopkat
- light sensor + servo

??

Researcher who’s bot wouldn’t recognize her w/o wearing a white mask

Ying Xiong, Huawei

Books
- Algorithms of Oppression

Tim O’Reilly

Law of conservation of profits… if one part of the chain of production becomes commoditized, the value will move to another part of the process.
S Curve of value extraction… early adopters get value, late adopters provide value
Extractive markets
Books
- Who Gets What (and Why)
- Why Nations Fail

Cloud Scale Continuous Delivery

What is Concourse “a thing doer”
You deliver things.
Everyone is taking something and delivering it to production or to users.
Ship a weird wordpress site, deliver pizza… etc.
Simplicity, Scale, State

Simplicity

Simple primitives for defining pipelines
Jobs, a list of steps to execute. Plan. Get stuff, retrieve some value, put stuff, task

Resources

Interact with the external world
- check (periodically triggered)
- in (triggered by a get step) (e.g. git pull)
- out (triggered by a put step) (e.g. git push)
- a versioned way to interact with some external thing
Jobs and resources come together in a pipeline, a continuous Makefile

Pinelines

trigger (new resource version should trigger a new build)
passed (list of jobs on a get step that versions should pass through
Not necessarily ordered. Can build a complex graph.
Images of s3 bucket to build a pizza, and deliver the pizza to another aws bucket
Using concourse to do image processing
Can do things concurrently if they don’t have dependencies.

Architecture

ATC responsible for scheduling, web UI and API
TSA SSH server used to securely register workers
Worker
Easy to scale your pipeline
All tasks and resources, operations run in containers
Tasks, user defined script that does something (usually run tests)
Users are able to define the image, where to fetch that from, and what to run
inputs, ind-mount resources into the task container (as Copy-on-write)

Concourse Users

Engineers working on large complicated distributed systems
Integration teams with giant build matrices and lots of deployment automation
Tinkerers with side projects
Banks and government bodies

DevOps with Kubernetes and Helm

Jessica Deen, Microsoft, Cloud Developer Advocate

Linux, OSS, DevOps and Containers

Agenda

Show what’s possible
Sample code

Intro

By 2020, 1 million new devices / hour
Average age of S&P 500 corporation, 12 years
60% of computing in the public cloud by 2025 (already seeing this)
- “Everyone is going all-in on the cloud” Why?
From developers
- “I need to create applications at a competitive rate without worrying about IT”
- “New applications run smoothly on my machine but malfunction on traditional IT servers”
- “My productivity and application innovation become suspended when I have to wait on IT”
From IT
- “I need to manage servers and maintain compliance with little disruption”
- “I’m unsure of how to integrate unfamiliar applicationas and I require help from devs”
- “I’m unable to focus on both server protection application compliance”
Pain points
- Security threads
- Datacenter efficiency
- Application velocity
Cloud is the new way to think about a datacenter

DevOps: Three stage

People
Process
Product
“Union of people, process, products, to enable continuous delivery of value to end users”
You can develop as many features as you want, but if you dont’ know what’s important, you can’t deliver value.

Key DevOps Practices

IaaC
CI/CD
Automated testing
Release management
Performance monitoring
Availability monitoring
Load testing & auto scale
Automated rollback and recovery

Benefits

Deployment frequency
Lead time for changes
Mean time to recover
Change rate failure

Why containers

Write once, run anywhere
Enables microservice architectures
Great for dev/test of apps and services
producction realism
Growing developer community

What is a container

Namespaces (what a process can see)
Cgroups (what a process can use)

What is docker

Open source container runtime
Mac, Linux, Windows support
Docker image with a “layered filesystem”
- read only layers that get cached

Virtualization vs. containerization

Demo

Code Fresh, CI/CD from GitLabs? Xray scanning for vulnerabilities

Container Orchestration

Kubernetes (K8)

Automatic bin packing
Self-healing
Horizontal scaling
Service discovery
Load balancing
Automated rollouts
Who is using it?
- Big companies
- It’s ready for production
Azure K8 Cluster (AKS)
- Managed by Azure
- (Here comes the “promise of the cloud”)
Helm
- The package manager for K8
- Manage complex workloads
- Easy updates
- Simple sharing
- Rollbacks
- Helps you define your workflows
Draft
- Create your Helm config and dockerfile for you
Example of two lanaguage applications in like 90 seconds!
“How many people in the room love setting Jenkings up from scratch?”

Best practices

Build small containers
Application arch
- Use namespaces for isolation
- Use helm charts
- RBAC
Implement health checks
Set requests and limits
Be mindful of your services
- Map external services
- Don’t rely on load balancers (very costly)

Slides

@jldeen

PyTorch 1.0

Accelerating AI Innovation with ONNX and Open Source Tools

Sarah Bird, Facebook AI Researcher

Agenda

AI Research at FB
Open source tools
Research -> Prod
Dev for the future

AI Research

Want to advance the state of the art of AI through open research
Publish in the top conferences
Many products in GH
Machine Learning in FB Products
- Translation
  - 45 languages
  - 2k+ …
  - 6B translations / day
- Facer

OS Tools

Data
Models
Libraries
Frameworks
Compilers and optimizers
Hardware
“Unframework”
- Components that you can customize and configure as you need
ONNX: Open ecosystem for interoperable AI models
Tools should work together
Wide variety of tools and hardware on which you would want to run them
Terrible spaghetti architecture of converters
- Everything’s changing
- x ** n things to maintain
- ONNX (an adapter)
- Seamless interoperability
- Intermediate serialization format
Model Format
- High-level IR
- Operator specs
- Weights serialization
- Serialized models are interoperable between frameworks

Research -> Prod

Oculus tracking
- Facial animation model
OCR
Translation

Code is on GitHub and the project is here

Start with research
Scale to billions
Move it to mobile/the client for interactive
Early 2017
- PyTorch -> Caffe2 (high perf, maximize optimization)
- Reimpliment in Caffe2. Weeks to months.
- Team that owns the model knows nothing about the model
ONXX started in order to automatically export from PyTorch to Caffe2

Dev for the future

Declarative toolkits

Building Serverless CI/CD Pipelines

Anubhav Mishra Developer Advocate, HashiCorp @anubhavm

Agenda

What is CI/CD
“Serverless” - the Term
“Serverless” for CI/CD
Live Demos!

Software Delivery Pipelines

Source code
Build
Test
Deploy (dev/staging/production)

First 3 things are always done in CI. With CD you do it all!

(Some organzations are just too good and deploy to production on every commit)

What is the build? Docker container? Server image?

VCS, Automation (Jenkins, CircleCI, TravisCI), Unit and integration tests, Deploy

Practical CI/CD: dev does a git push, triggers webhood
Everything needs servers. Use jenkins on a server. What does Jenikins do? Master assigns tasks to clients.
Polyglot… 2 servers for php, 1 server for node, memory hogs use Java
Need isolation… build system becomes the bottleneck, bash calls a python calls a ruby script
Lots of drawbacks
- Cost! (infrastructure, idle time which is really underappreciated in the industry)
- Long term maintenance
- Reduced agility
  - Have to coordinate with ops everytime you want a new language or microservice
- Longer delivery times

“Serverless” the term

Knew about these ideas, but had never focused on them until AWS released lambda
I watched ever talk out there on serverless
Hey wait, it turns out that the servers do exist. The idea is that it doesn’t matter.
I define it as a “technology pattern”
FaaS = Function as a Service
BaaS = Backend as a Service
AWS
- Code Pipeline
Benefits
- Reduced operational/infrastrcuture cost
- Pay for what you use
- Faster development cycles
- Increased elasticiity/scaling
  - Google/AWS teams are working day and night to keep these systems running and we’re not necessarily paying for that
Workflow is still dev git push, trigger webhook and …MAGIC

Live Demo

Replace Jenkins with AWS ECS and Fargate

Drawbacks of using Caas for Jenkings

Slow boot time
Large image (~1GB?)
No root access
Ephenmeral storage

LambCI

AWS Lambda
Written in Node.js
3000+ GH starts
Released in 2015-2016

Advantages of FaaS

1000+ concurrent builds
No server maintenance
No cost of idle time
Flexibile billing
Cost summary (1GB RAM)
Free Tier (1000 builds * 5 minutes = $0 / month

Drawbacks

Limited runtime support
Limited support for plugins
No root accesss
5 minute max build time
Serverless is going to kill all computing architectures; after containers kill virtual machines, after virtual machines kill real machines.
What would a developer experience look like under this kind of future? This really realizes the “promise of the cloud”.
Organizations can abstract away the build pipeline for their developers. Organizations can simply switch to a different provider if they want.

Day 2: Morning Keynotes

Mahdi Yusuf, Gyroscop Innovations

Why do we only measure things when we’re sick and not when we’re well?
In the future, let’s generate that data ourselves.
Gyroscope: A new operating system for the human body
Heart rate, workout, blood sugar, weight, etc.
Measure and store overlaps with React and modify
Continuous glucose monitoring; understand what’s going on when you eat pizza.
Weight: e.g the guy who ran 80k miles over a few years and still gained weight.
Heartrate variability (HRV). Elite athletes use this, but we all should.
Sleep. How much sleep do you get per night? I got sick 4x in 4 months and that was correlated with not getting enough sleep.
Book
- Why we sleep
Resting HR is best to measure when I’m fully asleep.
V02 Max, Anaerobic, stamina, endurance, warmup, recovery.
Privacy
- The speaker seemed to have run out of time at this point and basically just said “We need privacy”, but didn’t elaborate.

Angie Brown

Home Depot, Vice President, Store Technology

Technology Centers
- What does it take to operate a 100 billion $ retailer? Open
- Source. Pace of retail is fast and it has changed more in the last 4 years than the previous 40.
We transitioned from Waterfall to Agile
We’re a big company, but try to operate like a startup
$11.1 billion in strategic initiatives and 9 billion is in tech. We try to build our own software in house 90% of the time.

Jerome Hardaway

CBS Interactive, VetsWhoCode

Roger Magoulas

O’Reilly VP of Radar

Free subscription to Safari, the O’Reilly Learning Platform. It measuers:
- Search
- Content usage
- 50k titles (text, video, audio, interacitve, jupyter notebooks)
Demographics
- Consultants
- Finance
- Software

Search

Top searches
- Python
- Java
- aws
- kubernetes (big growth)
- ml
- docker
- angular
- react
- spark
- go
- javascript
- blockchain (big growth)
- microservices
- spring
To programming languages
- python
- java
- got
- js
- scala
- c++
- c#

Usage

How much people are engaged in the topics. What are they reading?

Data management
Java
Python
ML & AI (some growth)
SW Arch
Javascript
Cisco
AWS (high growth… acting like an emerging technology)
Security

Emerging

Kubernetes (up 200%)
Blockchain (Up over 450%… more than BitCoin!)

Trends

Open source
Languages
ML/AI a major topic
Cloud
Kubernetes well up
- microservices / next architecture hypothesis
Blockchain

Sarah Novotny

Google

Customers need the ability to freely choose which combination of services and providers
Open Source is more important than ever
Open Source is not free like sunshine
Open Source is free like a puppy
OSS is software developed in a collaborative manor
- 1% of PRs on GitHub are from Googlers
OS project vs. OS software
A project is more led by the community whereas OS software is more led by a single entity
Google wants to be the fastest growing and most open cloud
Feedback is a gift.
oscon.com has all of the slides and videos

Jay Gambetta

IBM fellow, quantum information scientists

Patrcica Posey

COO of Tech Superwomen

Immutable Infrastructure: continuous delivery for systems

Justin Cormack

Engineer at Docker from Cambridge UK.

Working on security, OS, LinuxKit.

Continuous Delivery

There’s a book named “Continuous Delivery”, old but highly relevant.

“The ability to get changes of all types—including new features, configuration changes, bug fixes and experiments–into production, or into the hands of users, safely and quickly in a sustainable way.”

System software

A field that hasn’t had that kind of attitude.
The late 80s and 90s, our modern unix station was mostly invented and haven’t changed much later (aside from having more packages). Look and feel of the systems hasn’t changed much.
Except for configuration management.
CFEngine
Pets vs. Cattle CERN, 2013

Pet management

config management has largely been used for managing pets
lets them evolve over time
not designed for CD
Cattle / Immutability

Compute on demand

AWS EC2, 2006 onwards
servers can be provisioned by an API not installed by hand

Netflix

“If we don’t want the server to be like that, we kill it and launch a new one with a different AMI”

Application specific system

Reduce attack surface

Getting updates right is hard

Ensure update is tested first from exact current state
update kernel
config, restart process, unless supports reload
DNS entry
shared library, restart all processes using it
update container engine config: restart all containers

Reprovision to update

Immutable server
- load balancer
- bring up new version
- take down old version
Disposibliity
Testing
- Build once
- Test in the CI pipeline
Immutability
- naming is kind of misleading
- doesn’t mean there are no state changes
- means we have a clean split between code (immutable) and application data (mutable)
Again, not stateless
- analogous to functional programming
  - there’s still state
  - just not globally mutable in an uncontrolled way
- state is managed and controlled and in chosen locations
- e.g. immutable root fs, add writable volumes
Config management of systems, not machines
- distributed systems have hard problems
- better to focus on those problems, not what state my machine is in

LinuxKit

Immutibility by design

2015
Docker for Mac
Needed a simple embedded, maintainable, invisible Linux
first commit: “not required: self update: treated as immutable”
The project became LinuxKit, released last year
Config Management
- designed to be small and compact and minimal
- fast build
- fast boot
- little surface area for updates or security vulnerabilities
Startup
- sequential startup
- same design as K8 pods
Config from YAML
Note
- root fs is immutable
- can run from ISO, initramfs, squashfs
Simple tooling
- disk images
- AWS AMI
- Raspberry Pi3 image
- ISO for EFO or BIOS
- PXE boot

Demo

Build and install a whole system w/ nginx in less than a minute and two commands

Roadmap

reworrking build to not require Docker
more detailed application blueprints
remove remaining shell scripting from configuration
more users and use cases

Summary

manage the configuration of a distributed system
use a simpler immutable OS, just focus on the overall system
try our tools, they are simple but fun
fast tooling is way better!
build for automation, not for interactive use
continuous integration and delivery
time to retire the Unix workstation model for servers
“time to do some crazy bullshit with operating systems” Adam Jacob

Linux IOT Botnet Wars and the Lack of Security Hardening

Drew Moseley, Solutions Architect, mender.io

Deploy software updates for Linux devices

Overview

Case studies of 3 botnets
- Mirai (August 16)
- Hajime (Oct 16)
- BrickerBot (Mar 17)
Common security problems
Solutions design

“The ‘S’ in IoT stands for security”

Commit Strip

Motivation

Review past vulnerabilities to reduce future compromises
Avoid the same mistakes
Think about security design of your products or code
Peace of mind

About me

Drew Moseley Twitter

Over-the-air updater for Embedded Linux

An Attack

Reconnaissance (discover vulnerabilities)
Intrusion (initial access)
Insert backdoor (ongoing access)
Clean up (avoid detection)

Mirai - Purpose and impact

Discovered in August 2016
Means “future” in Japanese
200k-300k infections
recent publication = 2.5 million
Used for DDoS in late 2016
- DynDNS
- Can be extended for other uses
Source code on GitHub
- Leaked in hacker forums, published by researchers
- https://github.com/igamblin/Mirai-Source-Code

Mirai - Design

TCP SYN probes for port 23 and 2323
- later iteration: ssh, cwmp/tr-069 exploi
10 brute force telnet login attempts
- from list of 62 username/passwords
Send IP and credentials to report server
Loader program
- detects env and install Mirai
Obfuscation
- randomize process name
- delete executable
- mirai does not survive reboots
remove competitive services
- remote login (Telnet, SSH)
- other malware
List for commands, scan for more victims
- somewhere on the Internet, there’s a list of all infected

Motivation?

Profits
Two known authors
Co-founders of Protraf SolutionsLLC
- Specialized in mitigating DDoS attachs
- tried to sell services to victim or extor them
- also involved in $180k click fraud

Summary

targeted embedded linux devices
- DVRs, IP cameras, routers, printers
- 30 venders

Hajime - Purpose and impact

Discovered: October 2016
- similar timeframe and network access as Mirai
- named “beginning” (Japanese) by researchers
- Majime author fixed bugs reported by researchers
Modest estimate

Design

TCP SYN probes for port 23
Burte force
Victim connects to decentralized overlay peer network
- BitTorrent DHT (discovery)
- uTorrent Transport Protocol (data)
Obsfuctation
- renames itself to telnetd

BrickerBot - Purpose and Impact

Discovered: March 2017
Author claims 10M total infections
Erases all storage and bricks the device
- destructive “white work” by a vigilante
- “PDoS” attack against devices

Design

brute force telnet login attempts
brick device
- erase disk partitions and files
- disable networking
- reboot
Connect to next device

Summary

Attack devises were Linux devs with Dropbear with Telnet
Exploited default loging/password

The Reaper Botnet

More sophisticated takeover techniques
- spreads via nine different IoT vulnerabilities
Partially based on Mirai code
Reports up to 3.5M infected devices
Currently dormant; intention unknown
Reaper includes an update mechanism

VPNFilter

More than 400k commercial fourters in more than 50 countries
Seems to be created by a state actor (Russia)
Seems intended as a network for attacking Ukraine
Uses known vulnerabilities (i.e. no Zero-day)
3 stage architecture
- 1) persistent across reboots
- 2) main botnet payload and may contain a self-destruct sequence
- 3) implements a plug-in architecture for expandibility
Downloads an image from photobucket.com and computes command and control server IP from embedded GPS coordinates
Backup domain ToKnowAll.com - siezed by the FBI
FBI issued guidance for users to reboot their routers
Bottom Line: reset to factory defaults or replace affected routers

Intention

DDoS
Whitehat
Greyhat
Spam relays
Digital currency mining
Ransomware/malware delivery
Revenue (Botnet for Hire) (see arstechnica)

Mitigation

Default: closed ports, network segmentation
Random initial passwords, service security updates
principle of least privilege (don’t run things as root unless you need to)
OTA updates can also address currently unknown vulnerabilities

Improving motivation of device manufacturers

The attack vectors are trivial
Device manufacturers need to fix
IoT Cybersecurity Improvementn Act of 2017
Alternative: more vigilante botnets

Goal: Lower attacker ROI

It’s always possible to compromise software
Lower ROI for attacker
- Decrease value of successful attack
- Increase the cost of successful attack
There are generic solutions to increasing cost of an attack
- Basic security discipline
Remove target on our backs with basic security hardening

Other botnets

Other Botnets
- Satori
https://schneier.com/blog/archives/2018/07/department_of_c.html
OpenWRT

The State of the Open Source Job Market

Rquel Araujo, Product Scientist, Indeed

Overview

Open Source Job Market: why should we care?
The State of the Open Source Job Market
- examples of roles
- trends
- quick facts

Why should we care?

Open Source is popular and useful among programmers
44% contribute to open source
40% contribute as part of their ongoing education efforts
55% of OS professionals say it would be easy to find a new job
87% of OS professionals say knowing OS has advanced their career
companies are investing in both OS tools and talent
57% of hiring managers say organization contributes to OS projects
48% of managers say they are financially supporting OS
87% companies experience difficulties recruiting enough Open Source talent
High demand + low supply = great time to work in OS
The state of OS jobs (in the US)

State of the market

How does Indeed get the relevant data?
- Both directly and by aggregation
- Internal tools parse job descriptions and applications and extract relevant information
- Info is made available thorugh datasets in Imhotep https://opensource.indeedeng.io/imhotep
  - Data analytics tool for trends and stuff
What is and OS job?
- Jobs that have “OS” in the job title
  - “Software Engineer - Open Source”
  - Open Source Contributor
  - Open Source Community Manager
  - OS Software Architect
  - Release Engineer
  - 15% of jobs had at least one candidate
  - 4 applicants / position
  - 50% more likelye to be qualified than the average job posting
  - there are not enough candidates to fill them
- Jobs that look for candidates whose skills are among a handpicked set of OS tools
  - So many SO tools!
  - Skill groupings
    - infrastructutre
    - cloud technologies
    - database
    - languages
    - front/back-end frameworks
  - Titles
    - Development Operations Engineer
    - Cloud Engineer
    - Data Engineer
    - Software Engineer
    - Front End / Full Stack Dev
  - Open Infrastructure
    - Kubernetes
    - Mesos
    - Docker
    - OpenStack
    - 2.2x jobs requesting Docker vs. Kubernetes
    - 30% of jobs that receive at least one application in 2018
  - Cloud
    - Google Cloud has 4x growth
    - AWS 2x
    - AWS is the most common skill for candidates and jobs (11x jobs than Google Cloud)
  - Databases
    - Not a lot of growth
    - MySQL still is very common
    - People that apply who have MySQL are about 20% more likely to be qualified
  - Languages
    - Python has grown by 20% while all others have slowed down
    - Java is the most commonly asked for
    - 10% more applications for Javascript than Java
    - Only 21% of jobs requiring C/C++ receive at least 1 application
    - Haskell, Perl, Ruby, Rust, Scala all have few applications. Noisy data.
  - Frameworks
    - React, Angular, Django
    - Django 27% more likely to be qualified at Indeed
    - 38% of job listings for Django get at least one application
https://indeedeng.io/
https://indeed.jobs/

Q & A

Remote requests?
- We didn’t collect that data
What aren’t devs more arrogant/confident? If only < 25% of jobs are receiving applications, but only 55% of devs thought they could get another job.
Spike in May of 2018. WTF?
- Bad data? I’m not sure.
Most commonly listed skill is Microsoft Office
How do you avoid data duplicate?
- If there is one job that lists several of those skills, it will be repeated
Are employers listing superman positions, like 10 years of Kubernetes exp?
- Yeah there are unicorns. So how many of those are the ones that are not getting applications? That would be an interesting analysis project.
You’re reportin on “qualified”, but is there any feedback mechanism?
- We build ML models to determine whether they are qualified. “Qualified” comes from our models. Some feedback mechanism, employer looks at candidates, we recommend some, and then ask the employer whether they were qualified
How to improve the quality of our posts and get better results?
- Some of the jobs that don’t get any applicants are badly written jobs. We have an employer team. We have moderators, who examine flags and such.
What is your revenue model?
- Sponsored jobs. It’s optional. Pay-per-click model. Sponsored jobs are shown at the beginning and the end of the page. Still try to show the job seeker relevant jobs. Other products like Indeed Prime. Job seekers can apply into Indeed Prime and then employers can hire from a pool of vetted applicants.

The async invasion

Stephen Cleary

Who is this guy?

Microsoft Most Valuable Professional
Christian, father, husband, developer (OS is my addiction)
Author of Concurrency in C# Cookbook (I make $1.85 on every book… not sure if I’m supposed to tell you that)

The Async Revolution!

Revolution of the good guys.
Invasion?
All of a sudden, all of these languages have been adopting the async/await keywords
Tends to be infectoius
- you want to make one think async
- you have to make everything async

Timeline

F# 2010
- Which is weird, becuase functional languages don’t actually need async/await keywords
- You can do the same thing with a future monad
C# and VB 11.0 August 2012
- lots of attention here
Hack/PHP March 2014
Dart 1.9 March 2015
TypeScript 1.6 Sept 2015
Python 3.5 Sept 2015
Javascript ECMASscript 2017 June 2017

These languages are developed very differently. The first ones are very dominated by Microsoft. Python and Javascript are very much not.

Future?
- C++ coroutine in C++20
- Kotlin (experimental coroutines in 1.1)
- Rust (nighty since 2017-2018)
- Java (no plans)
- PHP (discussion, but nothing concrete)

Terminology

What does “async” really mean?
“Concurrent”
- There is no consensus
- Multiple things happening at the same time
- UI example
  - Application that has to talk to a DB
  - Respond to user input while talking to DB
- Server example
  - When you are serving one request, you would like to be able to serve another request at the same time
- Multithreaded?
  - Parallel (a more specific kind of multithreading)
  - Asyncrhronous
    - A way to get concurrency w/o multithreading
    - Specificly “async”
There is no thread blog post
For I/O which is more natural
- Synchronous APIs
  - We’re used to this… so we think that this is the normal way to code
- Asynchronous APIs
  - All I/O is naturally asynchronous

Why?

Benefits of Async
- UI: responsiveness
- Server: scalability
Why is it important today?
- Mobile UIs
- Cloud servers
Why async/await?
- Can you write it without keywords?
  - Yes of course, but..
- Why are these coming out now?
Archaeological tour
- Events
- Callbacks
Almost all of programming is composing
- We are making objects that are composed of other objects

Events

Problems
- Have to read the code backwards
- Manual error handling
  - Everyone gets this wrong eventually
- Deep nesting
  - We’ve only done two operations and are already pretty deeply nested
- Non-trivial logic (loops, joins) require manual state machines

Callbacks/CPS

Continuation Passing Style (like nodejs style)
Problems
- Don’t have to read the code backward
- Still manual error handling
- Still deep nesting
- Non-trivial logic (loops, joins) require manual state machine

Futures

Futures are monads
“Future” represents a future value
JS/promise
Futures complete exactly once, either with a value or with and error
Futures support continuations
object representations of async operation
A future can be anything
- File download
- Database write
- Tiemout
- “Join” or other futures
- Mutex

Future<void> DownloadAndSave() {
  return Download()
         .then(data => { return Save(data); ]);

Problems?
- Shallow nesting
- Non-trivial logic (loops, joins) require manual state machines or multiple methods

Async/Await

Same API as the futures API

Problems

Summary

Asynchrony is important today
Because of cloud and mobile
But async code is hard
So languages are adopting async/await
To make async code easier

Q&A

How would you do promise.all()
- You can await promise.all() just like you would with promise.error()
Cancellation?
- No consensus of how to do that. You usually have a token, so every iteration through the even loop check to see if your promise is in a cancelled state.
How do you unlearn how to write things so that they are async?
- Natural state of I/O
How do you follow the stack traces?
- .NET came out with simpler stack traces. 3rd party libraries that work after the fact.
When .NET when from events to callbacks it was huge. But I’m not convinced there’s value if you have a code base that is written around promises.
- You can do some pretty funky things that rely on a deep understanding of promises. But it might be OK.

← Previous Archive Next →

blog comments powered by Disqus

Published

18 July 2018