I know it’s incredibly short notice, but I just found about these myself. If:
the design and implementation of programming languages, virtual machines and compilers, multi-language libraries and IDEs is your cup of tea, and…
you’re going to be in or near Redmond this week
…then you might want to check out these conferences:
First, there’s the 2009 Lang.NET Symposium,which takes place in building 99, Room 1919 of the Microsoft Corporate Headquarters from Tuesday, April 14th through Thursday, April 16th. There is no charge to register – that’s right, this is a “free as in beer” event. Who says The Empire isn’t generous?
Here’s a quick description of the event:
Overview
Lang .NET 2009 Symposium is a forum for discussion on programming languages, managed execution environments, compilers, multi-language libraries, and integrated development environments.
This conference provides an excellent opportunity for Programming Language Implementers and Researchers from both industry and academia to meet and share their knowledge, experience, and suggestions for future research and development in the area of programming languages.
Why Attend
If you are a language designer, compiler writer, or tool builder in industry or academia, Lang.NET 2009 is a unique opportunity to directly interact with the architects of Microsoft language platforms.
Microsoft language technologists will be very active participants in the conference while at least 50% of the program is reserved for presentations by non-Microsoft employees.
The Lang.NET Symposium will be followed immediately by…
…the Domain-Specific Languages Developers Conference, which runs from Thursday, April 16th through Friday April 17th in the same room, Building 99, Room 1919 of the Microsoft Corporate Headquarters. Here’s a quick description of the conference:
The goal of the DSL Developer’s Conference is to cut away all the unessential conference baggage and concentrate on why we’re spending time at a conference in the first place — the talks by industry experts and experienced practitioners. By doing so, we can keep your wasted time to a minimum. In fact, if you don’t go away with your head hurting from all the new ideas you’ve heard, we’ve haven’t done our job!
As with the Lang.NET Symposium, DSL DevCon doesn’t cost anything. If you want to attend, just register!
Click the photo to see it at full size. (And yes, he’s using the word “pants” in the British English sense, as in “underpants”.)
On Thursday evening, I caught Colin Bowern’s presentation, Authentication Alternatives for ASP.NET at the monthly gathering of the Metro Toronto .NET User Group. Here’s the abstract:
Asking someone to create another username and password is presents risk. Most people use the same password across sites, or worse yet they write it down! The good news is there are smart people thinking about how to solve this problem and for web developers there are easy ways to take advantage of their hard work. In this session we will take a look at the credential management from a user perspective. We will dig into the efforts made in Active Directory, Windows Live ID, OpenID, OAuth, and Facebook Connect and how you can take advantage of them in your application.
He covered Windows Live ID, OpenID and OAuth. Not only did he show the theory, but he also presented some reasonably easy-to-follow code and showed it in action. Colin’s got a good presentation style; perhaps he picked up a thing or two at the speaker’s workshop we had a week ago as part of EnergizeIT!
Here’s the “Call to Action” slide from his presentation:
…which says:
Stop requiring users to create more identities
Leverage OpenID for authentication – see the DotNetOpenID project at Google Code
Afterwards, I joined Colin, Metro Toronto .NET User Group President Graham Marko and a few others for some post-presentation Guinness at the nearby pub The Spotted Dick and told them I’d catch them at the Toronto Code Camp in a couple of weeks.
Next Presentation: Yours Truly on ASP.NET MVC
I was invited to present at the Metro Toronto .NET User Group meeting. Graham said I could present on any topic I wanted, so I asked if anyone had done one on ASP.NET MVC yet. No one had, so I figured I’d cover it. I’ve been looking into it casually for the past little bit and I’ll be diving into it over the next month, with my experience using another MVC web framework, Ruby on Rails, as my guide. I promise I’ll be informative and entertaining! You might want to come even if you’re not a .NET developer.
The next meeting will take place on Thursday, May 28th from 6:00 p.m. to 9:00 p.m. at the North Tower of the Manulife Financial Offices (200 Bloor Street East, on the north side, between Church and Jarvis). Yes, the meetings take place around dinner, but they provide some pizza and pop, and there’s always an opportunity for post-session nachos at the nearby pub.
I caught the afternoon sessions of MeshU, the day of workshops that precedes the Mesh Conference. MeshU had three tracks – Design, Development and Management – and I chose to attend the sessions in the Development track.
Leigh Honeywell on Writing Secure Software
First up was HackLabTO cofounder Leigh Honeywell, (pictured on the right) whose presentation was titled Break It to Make It: Writing (More) Secure Software. She works at the MessageLabs subsidiary of Symantec, which makes security products for email systems, and before that, she worked as an independent security consultant. Simply put, security is both her job and her hobby.
Leigh provided an informative and entertaining summary of the most common security vulnerabilities in applications and the recommended best practices for writing secure apps. Here’s a photo of her slide showing OWASP’s ten principles that you should follow in order to write secure applications:
The ten principles are:
Minimize attack surface area
Establish secure defaults
Least privilege
Defense in depth
Fail securely
Don’t trust services
Separation of duties
Avoid security through obscurity
Keep security simple
Fix security issues correctly
She also covered what OWASP considers to be the current top ten vulnerabilities:
Cross-site scripting
Injection flaws
Malicious file execution
Insecure direct object references
Cross-site request forgeries
Information leakage / improper error handling
Broken authentication and improper error handling
Insecure cryptographic storage
Insecure communciations
Failure to restrict URL access
At the end of her presentation, Leigh listed a couple of books that she considered to be valuable security references. One of them was Writing Secure Code, Second Edition, written by Michael Howard and Steve Lipner and published by Microsoft Press.
This was a surprise to many people in the audience, the majority of whom were not building apps on Microsoft technologies and generally (and often mistakenly) think of the term “Microsoft” being synonymous with “insecure”. A number of people chatted with me after the presentation and it seemed like this was one of many things from Microsoft that caught them by surprise, along with other unexpected things including the MS-PL license, CodePlex and the Open Source Lab, the new emphasis on standards and interoperability…and hey, even taking on “unlikely” evangelists such as David Crow and me.
Pete’s presentation covered the options that developers have when building iPhone apps. For the curious, here’s the deck he used:
The one thing that he wanted you to take away from his presentation is, in his own words:
Consider iPhone web applications and side-stepping the iTunes Application Store (and their 30% gross cut) completely.
The one thing that I took away from the presentation (in addition to the one above) was that it’s not all smiles and sunshine in iPhone development land. Yes, the iPhone provides an excellent user experience and the App Store has been a hit with the customers and many developers. However, a good chunk of Pete’s presentation was about how some of the biggest obstacles for iPhone developers come from Apple itself; I’ve heard that there were similar grumblings at an iPhone developer meetup that took place later in the week. I think that there are some things that Windows Mobile developers (and the Windows Mobile team at Microsoft) can learn from these obstacles, and I’m going to write about them in a later article.
Chris explained that GitHub was an answer to a problem that he and his friends had: they were working on a number of open source projects, so many that managing them was “beginning to wear them down”. GitHub was created as a solution to that problem: it took care of the tedious parts of source code management so that they could focus on their code.
Although GitHub hosts a number of open source projects and uses Git, which is open source, it is not open source. Chris explained that managing an open source project takes up more time that he or the others on the team have. “Ironically,” he said, “starting GitHub has given me less time to work on open source.” After hinting at his dissatisfaction with the GNU General Public License, an audience member asked "Does the GPL cause you nightmares?"
“Yes,” he replied, after which he endorsed his preferred open source license. “MIT license all the way,” he said.
To promote GitHub, they took an approach that was closer in spirit to evangelism than standard marketing. “Companies still believe in old-school advertising, and they also think that what works offline works online,” he said. So they rely on the standard offline methods of promoting their wares: advertisements and marketing campaigns. In the online world, people trust their peers, so they opted for an approach that he called “guerilla marketing”: instead of spending money on ads, they spent money to hang out with developers, buy them beer and pizza and provide “a human face” to GitHub. He summed up the approach with a good one-liner: “Who knew that actually spending time with your customers would be good for business?" A great point, especially in today’s word-of-mouth-y, interconnected world.
Whether you’re an old hand at developing for Microsoft’s platforms or completely new to The Ways of The Empire, you’ll find the upcoming Toronto Code Camp to be a great way to get some deep information on .NET development as well as a way to meet some of the most active and engaged members of the local Microsoft developer community. It takes place at the Manulife Building (200 Bloor Street East, on the north side between Church and Jarvis) and runs from 8:00 a.m. to 5:00 p.m., and registration is free.
Toronto Code Camp will have 5 tracks in its agenda:
ASP.NET: Covering Active Server Pages technology, which includes Virtual Earth and the new ASP.NET MVC framework, which gives you the goodness of frameworks like Rails and Django and the speed and libraries of .NET. The ASP.NET MVC: Beyond the Basics presentation by Richard Obuhowich is definitely on my own “must-see” list.
Data / Architecture: SQL Server, plus ADO.NET, LINQ and the Microsoft Sync Framework.
.NET Framework: This is a really broad topic, and this year, the sessions will be on building installers with WiX, building extensions to Office and Visual Studio, building SharePoint apps, and a fast introduction to Windows Mobile development by Mark Arteaga that I intend to catch.
Silverlight / WPF: The track for people who want to build rich multimedia interfaces for the web (Silverlight) and Windows (WPF, short for Windows Presentation Foundation). I’m thinking of seeing Robert Burke’s Silverlight from 2 to 3 – or, Silverlight Beyond MIX09 presentation, which is supposed to be PowerPoint-free!
Future / Other: A catch-all track for topics about upcoming developer tools and tech, as well as things that don’t quite fit in the other tracks. There are presentations on the F# programming language (an OCaml-like .NET language), the Azure cloud computing platform, upcoming goodies like the .NET 4.0 framework and VB10 plus a session titled 2D XNA Game Programming for Fun and Profit by Josef Rogosky.
For more details about all the sessions and when they’ll take place, see the Toronto Code Camp agenda.
I’m going to be there, attending as both a developer looking to learn as well as a Sith Lord representing the Empire. I’m going to take notes, snap photos and perhaps even shoot a little video; I’m also going to see what I can do about bringing some swag to give away.
The registrations are coming in fast and furious, so if you want to come, make sure you register now!
Just a quick reminder that I’m holding a Coffee and Code today at The Roastery at 401 Richmond. I’ll be there between 11 a.m. and 5 p.m.. If you’ve got questions, comments or suggestions about Microsoft, Windows 7, Visual Studio, the Mesh Conference, the industry or anything else, drop by!
It looks as thought the Twitter user going by the handle of betbot is going to spend the next little while absorbing a very important lesson about managing one’s online persona after making this tweet at the Mesh Conference:
betbot’s profile vaingloriously proclaims that he has three Master’s degrees:
Self-proclaimed marketing guru trying to put my 3 hard-earned Masters to work
If you;ve spent any time on a university campus, you know that having that many Master’s degrees is not a boasting point; it’s a cry for help – it means you’re a shiftless pedant majoring in life-avoidance studies. As for putting “marketing guru” in your Twitter profile; it’s a cliche on par with “I like long walks on the beach” in the personal ads.
This morning at the Mesh 2009 Conference, Microsoft’s Mark Relph (my boss’ boss) and OCAD President Sara Diamond announced a Microsoft/OCAD partnership. Microsoft will provide OCAD with a Surface tabletop computer along with software and support (which includes training and courses by Infusion Development, who know a lot about developing software for the Surface).
We’re providing OCAD with a Surface development unit along with Visual Studio and other developer tools related to building software for it. The Surface will be put in OCAD’s Digital Media Research + Innovation Institute, whose first phase is currently under construction. It’ll be used as a tool within the school’s -disciplinary Digital Futures Initiative (DFI) program, whose goals include establishing a research and innovation laboratory for interactive design, art and digital media.
Microsoft Surface will help OCAD students, faculty and researchers to apply interactive technology to their work in digital media, art and design. In conjunction with our partner Infusion Development, we will be directly engaged with teaching students how to harness the power of these new technologies. This is only the start – in the years ahead we’ll be bringing in our technology and design experts to OCAD to help further strengthen this relationship. Our focus will not just be on the Surface technologies – as we move into a world where the interaction with software will depend on new user experiences like touch, speech and other capabilities it is critical that we prepare the next generation of software designers and experience experts.
As programmers, engineers and techies, we at Microsoft can come up with all sorts of interesting uses and applications for Surface, but we can’t come up with all of them. We feel that the students at OCAD, who have a strong bent towards design, will come up with some interesting ideas and applications that would never occur to us whose bent is towards geekery. Having worked at a job where OCAD graduates were the majority, I can say from experience that there’s a certain “something” that you get from design-oriented minds that you don’t get from engineering-oriented minds. You can see that “something” in Apple’s products, and it’s something I’d like to see more of from The Empire.
The final presentation of the afternoon, 
