Last active
December 14, 2015 15:39
-
-
Save davidcelis/5109827 to your computer and use it in GitHub Desktop.
Ruby on Ales 2013 — Conference Notes
bundle install Y U SO SLOW (@hone02)
###Server edition
- People thought "oh it must be because the full list of gem specifications is so large"
- Only 1.2M (as of a month ago)
- Gems have to be unpacked to get at their specifications and resolve dependencies
- Used a ton of RAM to load all of these gems into memory.
- People couldn't run
bundle installon a 256MB VPS
- Rubygems introduced a gem dependency API endpoint
- Changed bundler to fetch only relevant specifications instead of every specification on Rubygems
- Recursive method that fetches a gem's dependencies, then each of those gem's dependencies, etc. until done
- Bundler API was using 70-80% of Rubygems.org traffic
- Marshal dumps took lots of CPU
- Ruby took 380/400% of CPU at any point in time
App Architecture:
- API Endpoint
- Sync Code (polling)
- Web Hooks (push)
Tables:
- rubygems
- name
- versions
- rubygem_id
- number
- platform
- name
- dependencies
- rubygem_id
- version_id
- requirements
Poll frequently (every five minutes or so), and do this stuff:
- Add new gems into local cache
- Find gems that are yanked, mark them
Rubygems.org pushes to the Bundler API when a gem is released (or yanked)
- 6 dynos running Unicorn
- 1 Ronin database (master)
- 1 Ika database (follower)
- Transparency (code is open source, graphs and metrics are public)
- Introspection
Getting Your Ass to 1.9 (@nicbenders)
- Ruby 1.9 has been out since 2009
- Ruby 2.0 is already out now
- Ruby 1.8 will reach end-of-life in June
- REE has already reached EOL
- 5 year old codebase
- 70k lines of code, 59k lines of test code
- Rails 2.3.14 (started as Rails 1.2.3)
- REE-1.8.7-2010.02
- Putting it off
- Rearchitecting the app first
- Do it all in a big spike!
- Have a ruby_19 branch
- Do everything on master
- Set up a CI job for it
- Start with your smaller apps
- Be on latest Rails 2.3 or newer
- Use rbenv/rvm everywhere
- You already use Bundler, right?
- Decent test coverage (50% is ok)
- Getting the test suite to run
- Upgrade obsolete 3rd party gems and libraries
- Every commit is run both ways
- Slowly burn down the failures
- Took several months
- Local dev environment first
- Then each "Staging" env
- Practice the rollback plan
- Roll out your servers one-by-one
- Have extra capacity available
- Be patient!
- Rotate the knowledge
- Make it easy to test both locally
- Background jobs were untested
Hacking Cognition (@1337807)
- You need 8 hours of sleep
- Sleep deprived people tend to act faster than people who have slept enough, but incorrectly
- Six minutes of exercise increases your primacy effect (ability to retain new information)
- Eat to stabilize your blood sugar
- Use glycemic load rather than index to evaluate food
- The Thalamus routes your senses (except for smell, which travels directly to the hippocampus and then to the amygdala)
- If you want to remember something, associate it with smells
- How do we learn?
- We used to erroneously think that, come adulthood, brains were static and unchanging
- Neurons physically change and generate new synapses
- In the limbic system, we generate new neurons
- Epinephrine and cortisol increase memory consolidation from a short while ago
- Synesthesia: when sensory wiring becomes "crossed" and senses that aren't usually associated become so
- When numbers have 'colors'
- When you smell in shapes
- When sounds (like music) evoke vivid images or patterns or colors
- Image associations can also help you remember. e.g. associations with numbers
- 02: Ozzie Osbourne biting Kermit
- 05: Someone flipping the bird
- 06: A picture of Ice-T
- 060502 becomes: Ice-T flipping off Kermit
- Learned synesthesia
- Zapping the dorsolateral prefrontal cortex increases executive functioning
- Transcranial direct-current stimulation is the direction of current through the brain.
- Dude actually zapped his dorsolateral prefrontal cortex live. 2mA of electricity.
The History of Women in Computing (@eliseworthy and @jlsuttles)
Ada Lovelace
- one of the programmers on the Analytical Engine
- Wrote the first program. Ever.
- Daughter of Lord Byron
- One of the first entrepeneurs — the Analytical Engine was basically a startup
- They ran out of funds for the Analytical Engine
- Tried to raise money by gambling at horse races
- Lost all their money
Women's Suffrage Movement
Computing pushed forward by World War II Men called into active service, so women were called to "do men's work"
Admiral Grace Hopper
- One of the women involved in the Women Voluntary Service Movement
- Professor from Harvard
- Decided the tenured professor tract was boring, so she joined the military
- Became Director of Automated Computing at UNIVAC
- Wrote the first compiler!
- Wrote one of the first high-level languages, COBOL
- Fortran and LISP were written in the same 3-year period
The Space Race!
Manpower shortage meant women had the opportunity to do different things... Sort of. Women could get 'involved' with computers.
Keypunch girls did secretarial and "data entry" work by key punching in hand-written programs for computers
'Computer programming is just like planning a dinner.' — Grace Hopper :(
- 50th anniversary of the Women's Suffrage Movement
- pass of the 19th amendment (equal rights amendment)
- Roe v. Wade
- Bachelor's Degrees in STEM fields began to rise
- Adele Goldberg helps design Smalltalk, one of the first 'interpreted languages'
- Women started keeping their maiden names and using 'Ms.' instead of 'Mrs.'
- One of the first women was elected to the Supreme Court
- Release of the Commodore 64, personal computing takes off
- Elizabeth Feinler helped define the TLDs of the internet
- Adele Goldberg served as president of the ACM
- STEM degrees continue to be earned by more women
- Though we experience a drop in Computer Science degrees earned by women
- The rise of gendered gaming
- e.g. Ms. Pacman
- damsel in distress paradigm
- notion of the "male nerd" in popular culture
- Women in politics really take off
- Rise of Feminist movement
- STEM degrees continue to rise, computer science degrees continue to fall
- Jane Margolis and Allan Fisher research the presence of women in the computing industry, write a book
- Research leads to a change in admission policies to the Carnegie Mellon School of Computer Science, huge rise in admission rates for women
- Women presence in Computer Science programs continue to fall
- Fran Allen one of the first women to receive the Turing Award
- Barbara Liskov wins the Turing Award for programming language design
- Etsy, Yammer, etc. start Hacker School, reach out to women using grants, see astounding application rates (6 times as many women apply)
- Rails Girls, RailsBridge, Girl Develop It
How Ruby Makes Better Beer (@cadwallion)
Craft Brewing is a blend of Art and Science
- Create a recipe
- Brew a batch, log everything
- Drink that batch, record results
- Pick a style or key characteristics
- Pick ingredients to match
- Plan fermentation
- Plan carbonation
- Use BeerSmith!
- Mashing process (60-90 minutes)
- Combination of grain and water (wort)
- Blends the wort
- Boiling process (60-120 minutes)
- Reduce wort
- Periodically add hops
- Periodically add flavorings, if desired
- Treat your recipes like applications
- Treat your equipment like servers
- Log everything about a batch
- Feed batch notes back to recipe
- Picks up where BeerSmith leaves off
- Imports BeerSmith recipes
- Associates Batches with Recipes
- Stores Times, Temperatures, and Notes
- API to integrate with Brewing Equipment
- brewscribe
- Parses Beersmith2 (.bsmx) files into plain, old, Ruby objects
- Runs on MRI 1.9.x, porting to mruby
- Handles HERMS/RIMS
- Small expansion board for relay/sensor connectors
- Touchscreen GUI
- Raspberry Pi GPIO
- 5500W Water Heater Element
- DSI8B20 Temperature Sensor
- 40A Solid State Relay
- Raspberry Pi
- 240V/30A Mains Power
- Handles up to 20 gallons
- temper: PID-based Temperature Management
- Extremely cost-effective
- Arduino ethernet shields are expensive
- I like Ruby
- Uses PWM to handle Boil Process
- Loads Recipe from BrewLab (or .bsmx on Pi)
- Sends sensor data to BrewLab
- Start Strike Water
- Start Mash
- Start Lauter
- Start Boil via Manual Power Level
- Pump to Chiller
- Keep beer at specific temperature
- Log and monitor temperature
- Automate
- Linux kernel isn't "real-time"
- Limited number of GPIO
- Single PWM Timer GPIO
- Single I-Wire GPIO
- Raspberry Pi + Arduino Uno
- Up to 6 Temperature Sensors
- Passive Monitoring Mode or Active Control
- Interfaces with BrewLab to send fermentation data
- Add support for solenoid valves
- Switch brewby to 12C
- Large-scale Brewby Panels (100A+)
- Open BrewLab to Public
- Release BrewLab API gem
Ruby Systems Programming (@adelcambre)
... operate and control the computer hardware and to provide a platform for running application software
User Mode
- Math
- Access memory (that you are given access to by the kernel)
Kernel Mode
- Anything
- Everything
All of the code you write runs in User Mode. Your program makes system calls that execute in Kernel Mode.
Spun up gist.github.com locally and ran a system call tracer:
- 120,602 system calls in one request
- 326 possible system calls — 65 are sys_ni_syscal (not implemented)
HTTP Request:
- HTTP verb (GET, POST, PUT, PATCH, DELETE)
- HTTP version
- User agent (curl, web browser type, etc)
- Host of what is being requested
- Type of response that will be accepted
HTTP Response:
- HTTP version
- Status code (e.g. 200 OK)
- Datetime stamp
- Response headers
- Content type (text/html, application/json, tetc.)
- Response body
Security is Hard, but We Can't Go Shopping (@indirect)
This year has been tough for security:
- Ruby usually only updates once or twice per year
- Lots of Ruby patchlevels were released for 1.9.3 in 2012 and in 2013
- Rails has announced six CVEs for 2013 already
- CVE: Common Vulnerability and Exposure
- A number that people have agreed to use so they can all talk about a security problem
- In 2012, there were fewer security updates than there already have been for this year
Ruby and Rails have become attractive low-hanging fruits for security researchers.
Rails 3 came and extracted everything into gems. Gems everywhere! We have so many choices, and vulnerabilities have been found in found in:
- arel
- activerecord
- actionpack
- activeresource
- rdoc!?
With vulnerabilities come updates... But updating is a pain. Your code can break, it can block feature development. But updating is insurance. It is a small cost to mitigate risk.
Rubygems.org suffered from a big security breach. They could have updated to fix the vulnerability and mitigate the risk, but they didn't update. They were vulnerable for over a week, and people took advantage of this. They did not update for the reasons listed above, and nobody gets paid to keep Rubygems.org up to date. They are all volunteers.
- Disclosure: company reports that they had a vulnerability. The part companies hate.
- Responsibility: security researcher privately informs the company that they have a vulnerability and do not take advantage of the vulnerability. The part the hackers hate.
- Both the company and security researcher announce the vulnerability and the fix at the same time.
- Report vulnerabilities as they are discovered to the entire community
- The worst process, but better than all of the others
Ask yourself questions about a security vulnerability:
- Can I access something I shouldn't?
- Can I disable something for other people?
- Denial of Service (DoS) attack
If the answer to either of these questions is "yes", you should disclose responsibly.
Look for:
- A security policy
- An email in the .gemspec
- An email on GitHub
Once you have contacted the author, be nice. Work together and have empathy.
Someone pushes a fix for a security vulnerability to the gem on GitHub (as a pull request) and discovers the author is on vacation and can't be contacted for two weeks. Oops.
Make your fix available for others to use. Let others know about the fix.
... are security vulnerabilities waiting to happen. Unless your code is perfect.
So your gem has a security vulnerability. Now what?
- Sympathetic discoverer who just wants to help
- Ask them not to let others know about the vulnerability until you've fixed it
- Release a fix and make an announcement
- Problem in the wild, people are taking advantage of it
- Announce if safe
- Fix ASAP, test your fix
- Release and announce
- Security researcher out for glory
- Respond ASAP
- Set expectations so your timeline is clear
- Update every 24-48 hours
- Fix, release, say thank you (assuming they want to be credited)
Personally:
- Email address in your .gemspec
- Email address on your GitHub profile
- Respond promptly
On a team:
- Security address
- PGP Key
- Disclosure policy
Ecosystem:
- Mailing list for announcing
- Security issues and releases
- Ruby Security Announcements
Services and Rails (@brianxq3)
Building services doesn't make much sense until you have clean code.
You have a huge fucking Rails app
- 300+ models, 200 controllers
- 20+ JVM servers
- LOTS OF CODE
Service Oriented Architecture (SOA) to the rescue!
- Adding services to an SOA is easy
- Services are reusable in different applications
- Easier to scale out a service (they scale individually)
- Known and predictable usage and performance patterns
- Don't need to throw updates at the whole stack
- Smaller and more focused
- Encapsulated concerns
- Push updates independently
- Change out everything without telling anyone*
Distributed execution
- Enabled by loose coupling
- Assign one team to the service
- Two teams coordinate/agree on APIs
- Use dummy components that send/receive data (but don't really do anything with it yet)
This doesn't happen overnight
Organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations.
Rails App => Service
- Decides on interface and implements
- Siloed knowledge of the system
- Not most important thing to be working on
- Do we keep creating feature teams?
- Team for the Rails app
- Teams focused on single services
- More focus, more well-designed systems
People are constantly working on new and different things, with different people
Example:
- Two Rails engineers
- Product manager
- Core services engineer
- Mobile client engineer
- QA engineer
Each team member then moves to a new project once done
Tradeoffs:
- Have some cost with not having siloed "experts"
- Be careful not to couple the API implementation to the client
- Once the project is completed, we still have to support the feature with sustaining work
- Have the Browser talk to a Rails app, which talks to a database and the services
- Have the Browser talk directly to certain services
ActiveRecord holds your data hostage; what are your options?
- Don't use ActiveRecord
- Use your services as indexes — just store the IDs
- Move the data so the service owns it
Same...
- Response formats
- Data protocols
- Monitoring services
- Dependency management
Complex systems fail!
- Degrade for unavailable systems
- Chasing issues through multiple services and levels of interactions
- If queues are backing up, it could be because services have gotten slow
- Transactions aren't free
- APIs are now much harder to change
- No atomic deploys
Always reevaluate your costs and their viability! For SOA, you'll need:
- An organization that supports building services.
- Tools that allow you to keep moiving fast
- To be ready to be wrong
Finally, services themselves can have tech debt! Don't let your services turn into monoliths like your monolithic Rails app.
- The problems we thought we had weren't as bad as we thought
- We haven't solved the data prisoner problem yet
- Services can be an excuse to start over
The End of Fun (@sarahmei)
- Ruby is one of the most fun programming communities, but we have a problem: Ruby's success.
- We've gone from a fringe hobbyist language to a mainstream language in a couple of years.
- Lots of conference talks and blog posts about Ruby and Rails
- Small companies that deliver Ruby products and Ruby services have grown (Twitter, GitHub, Groupon, etc.)
- Big companies have added Ruby into their portfolio
- Established vs Startup
- Established: Process, Focus, Determination, Tunnel vision
- Startup: Creativity, Ideas, Disruption, Immaturity
- You can change that to Old vs Young or Stable vs Volatile
- Lots of people give anecdotes that support the above, but a collection of anecdotes != data
- Study took people identified by their peers as creative or not creative.
- Nonfactors: intelligence, gender, age, race
- Factors: behavior/habits
- Creativity is not a quality people have or don't have, it's a mode of operation.
- Two modes of thinking: Closed mode, and open mode
- Closed mode: Executive, task-oriented, focused on specific goals
- Open mode: General goals, open to chance, unfocused on any one specific goal
- Part of creativity is being able to switch between these modes.
- Closed mode is analagous to "Established", open mode to "Startup"
- The refactoring step during writing/editing code and tests is where we can switch from closed mode to open mode.
- If all you do is execute, you'll never come up with anything new
- If all you do is refactor, you'll never finish anything
- Process, when done right, enables us to be creative.
- Things you can do at work to be more creative
- Dig into your code
- Switch projects (vary what you do as much as possible)
- Work with people who think differently than you
- Things you can do at the conference
- Talk with people from other companies
- Try some tech you just heard about
- Introduce yourself to someone you only know from Twitter
- Try a beer you don't usually like
- Have FUN!
The Fourth 'R' (@davystevenson)
- Reading
- Writing
- Arithmetic
By Elementary school:
- Logic
- Problem Solving
- Hands-on Activity
By middle school:
- Write basic programs
- How computers work
- Algorithms, data structures
By high school:
- Choice to specialize
- Advanced courses
- Plus more basics
People will get:
- Core understanding of computers and technology
- An impact on all industries
- Tech as a tool
- Computer labs for research and essay writing
- First introduction to programming: high school (only 10% of schools)
- Two tracks
- Word + Excel
- Building physical computers
- Money == motivation ?
- 20% of households today do not have internet access
- Highly correlated with income levels. Under $15k? 43%
- 9% do not have access to internet from outside sources (school, work, library, etc.)
Collating information into bins for quick and easy access and categorization
- They form very early
- They are moldable
- Fear of engineering == fear of math
- Programmers are nerdy/uncool, always men
Access to tech correlates with:
- STEM interest
- Income & minority status
Who cares?
- Affirmative action?
- Globalization threat?
- Dwindling work force?
We should care because we want to cultivate creativity in our society. People from different backgrounds have different perspectives on life and different ideas.
How to break stereotypes?
- Early engagement
- Role models
- Teacher awareness
- Girls groups
- Minority groups?
- Syntax matters
- Frustration kills enthusiasm
- Gaining popularity
- Diverse language with diverse functionality
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment