Notes From NERD Summit 2018

Benji Fisher // March 2018

I went to the first day of NERD Summit 2018: Saturday, March 17. (I could not attend the second day because of a family commitment.)

It was great to meet old friends, a few of whom I see only at this event, and to make a few new ones. Of course, I spent most of the day attending sessions, and I took notes (somewhat unevenly). This is what I wrote down.

  • How to Do Code Reviews Like a Human
  • It’s Not Your Parents’ HTTP
  • Quantum Computing (keynote)
  • Intro to GraphQL (with Relay Modern and Postgraphile)
  • Getting Going with Gutenberg
  • Docker for Development
     

How to Do Code Reviews Like a Human

Michael Lynch

Recording: https://www.youtube.com/watch?v=NuNqWtOmqnA

  • What isn’t covered?
    • How is the author going to react to a list of defects?
    • How do you help the author learn from their mistakes?

My assumptions

  • More than bugs; social, learning
  • Teammates are human, with emotions
    • They learn in ways that humans do.

Definitions: what is a code review?

  • changelist
  • asynchronous
  • ends when reviewer give approval

1. Settle style arguments with a style guide.

2. Let computers do the boring parts.

  • Use linters and formatters as much as possible.
  • Use CI to compile code and run tests.
  • Reason: developer time is scarce. Focus is even more scarce.

3. Be generous with code examples.

  • Developer might be under pressure to get code checked in.
  • Examples demonstrate that you want to help.

4. Never say “you” (controversial advice)

  • Focus on the code, not the coder. Use the passive voice or say “we”.
  • “You” brings ego into the discussion.

5. Frame feedback as requests, not commands

  • Be more polite in code reviews than you would in normal speech.
  • Requests make it easier for the author to push back politely. (Sometimes the original author is right.)

6. Offer sincere praise

  • Code reviews don’t have to be about mistakes.
  • Keep an eye out for things that delight you.
  • Recognize when they show improvement.

7. Aim to bring the code up a letter grade or two

If you think in terms of A, B, C, D, F, do not always aim for A. If it started at a D, settle for B or C.

  • Developer patience is finite.
  • Stress increases with the length of the process.

8. Handle stalemates proactively

Signs:

  • Tone is growing tense or hostile.
  • Notes per round is not trending downward.
  • You are getting a lot of pushback.

Remediation:

  • Talk it out.
  • Design review (with the larger team)
  • Last options: concede or escalate.

Recovering:

  • Talk to your manager.
  • Take a break from each other.
  • Study conflict resolution.

Final thoughts

  • There is no single Right Way to do code reviews.
  • It depends on the team and person.
  • Think during reviews about
    • Where is tension coming from?
    • Is code quality reaching the right level?
    • Learn good and bad things from those who review you.

Blog post: https://mtlynch.io/human-code-reviews-1/ michael@mtlynch.io Twitter @deliberatecoder

It’s Not Your Parents’ HTTP

Gleb Bahmutov

  • @bahmutov
  • glebbahmutov.com
  • github.com/bahmutov
  • slides.com/bahmutov

Recording: https://www.youtube.com/watch?v=E_uCl2kPLVQ

https://www.cypress.io test runner (free, OS) for web sites

March 12, 1989: http://info.cern.ch/Proposal.html

1991: Edit and view HTML documents

first web site: info.cern.ch

Also 1991: HTTP/0.9 (650 words)

  • only GET: no sessions, cookies, binaries
  • no error codes
  • relies on TCP/IP

HTTP performance is ied to TCP properties.

TCP:

  1. guaranteed data delivery
  2. guaranteed packet order

HTTP/1.0 (1996)

  • 60 pages
  • non-HTML data (images)
  • status codes
  • user preferences

HTTP/1.1

  • Formalize best practices
  • 27 drafts, latest 2014
  • performance
  • security
  • usability

The Tangled Web (recommended reading)

HTTP Request and Response

headers …

  • state (cookies)
  • cache control
  • security
  • 10’s or 100’s of requests for a single page

obesity: avg. page size is 2 MB.

AJAX: from web sites to web apps (avoid full page reload)

1996: IE introduced iframe for this.

XMLHTttpRequest - gets data from server via client-side script

Fetch: new standard

HTTP/1.1 today:

REST GraphQL HTTP TCP IP

Not the only game in town any more

  • HTTP
  • Web socket
  • Service worker

HTTP is dead. Long live HTTPS!

HTTPS is expensive: extra round trips for TCP + TLS handshakes

Service worker blurs the line between client and server.

What if an attacker can load a malicious Service worker?

HTTP/2: making the web faster

https://hpbn.co/

HTTP/2 Server push: I know what you want. Problem: server pushes resources even if they are already in the browser’s cache.

Main features of HTTP/2:

  1. multiplexing
  2. compression
  3. flow control
  4. resource push

Main problem: if a packet is lost, then everything else is delayed. (Because it runs on top of TCP.)

QUIC is an alternative to HTTP/2 (H2) that uses UDP instead of TCP.

Secret: many Google properties use QUIC with Chrome already.

slides.com/bahmutov/http-nerd-summit

Quantum Computing (keynote)

Jerry Dixon

1821 Don Juan, written by Lord Byron, the first “rock star” Ada Lovelace was his daughter.

1828 Charles Babbage builds the difference engine. (It was already designed.) He started to work on the Analytical Engine, size of a locomotive. Ada Lovelace helped home translate reviews from Italian. She wrote a program for the AE that computed Bernoulli numbers. She said that the AE could never do anything original (my poor paraphrase).

Alan Turing: saved 14M lives by cracking the Enigma code. He invented the Turing test.

1958 integrated circuit (7/16“)

1965 Gordon Moore came up with Moore’s Law (Electronics Magazine) The number of transistors per chip will double every two years.

1955 the term “Artificial Intelligence” was coined.

He predicts that 2018 will be the year of press releases in QC.

He claims that QC is way beyond the stage of research projects, and that we will have real QCs in the near future.

E.g. 4 Qbits are in a superposition of 16 states, so somehow they represent the same amount of data as 16 ordinary bits.

Based on that, 1000 Qbits represent an unimaginable amount of classical computing power.

Microsoft has a language (Q#) for dealing with QC: the primitive are things like “tunnel” and “entangle”. Microsoft also has an SDK for simulating a QC. A 16GB laptop can simulate (IIRC) 20 Qbits.

Intro to GraphQL (with Relay Modern and Postgraphile)

Chad Furman

Ship Faster. Avoid Tech Debt. Finish on time.

Recording: https://www.youtube.com/watch?v=4in5QbFyodA

Plug

Chad works for Clevertech, a global, distributed company.

REST vs. GraphQL

  • many endpoints vs. just one

Send a POST request to the endpoint with data that looks sort of like JSON without commas, and is strictly typed.

GraphQL generates the documentation automatically from the field schema.

  • declarative data dependencies
  • manage deprecated fields with a simple flag
  • automatically model a Postgres database as an API Postgraphile

Migrations

(I usually think of “migration” as moving the data from one web site to another, but I think Chad is referring to something like updating a database’s structure.)

http://sqitch.org/

Sqitch is a database change management application.

Relay modern

RPG Boilerplate > Relay (React), Postgres, and Graphile (GraphQL): A Modern Frontend and API Boilerplate

  • This is a FOSS, alpha version of what Chad is using in productions.
  • The production version is handling sensitive data for international clients using row-level security (RLS) and RBAC (role-based access control).

Getting Going with Gutenberg

Amanda Giles

http://amandagiles.com/nerd2018

Recording: https://www.youtube.com/watch?v=x55Wj7otk3M

For now, Gutenberg is the site editing tool for WP, but there is a framework behind it that will be used in other parts of WP going forward.

Goal: make the editor more WYSIWYG and expose embeds (FB, Youtube, etc.)

  • it includes several standard edit blocks
  • accessibility warnings
  • saveable snippets
  • access to embeds

It is currently available as a plugin, but is still under development.

It may be merged into WP in April 2018, then part of WP 5.0 when it is released.

There will be a “classic” editor available as a plugin (maybe not forever).

The back end is still the same: Gutenberg “blocks” are stored in the HTML text field enclosed in comments.

Plugin/theme developers will be able to add additional blocks for use with Gutenberg.

Gutenberg Blocks

  • built (mostly?) in JS using React (and a custom API)
  • Use ES5 (2009) or ESNext - currently ES6 (2015)
    • ES5 is native, and there is a compatibility layer/compiler for more recent versions.
  • Gutenberg supports Javascript XML (JSX)

JS libraries

  • wp.blocks
  • wp.element
  • wp.components (buttons etc.)
  • wp.i18n
  • wp.date

The plugin/theme author is responsible for making sure that the block looks the same in the editor as it does on the front end of the site.

Docker for Development

Geri Jennings

Recording: https://www.youtube.com/watch?v=AuaIN0w-KsU

Vocbulary:

  • Docker image
  • Container
  • Docker registry

Benefits

  • standardized dev environement
    • not just dev: stage, prod as well
  • manage dependencies
  • easier to update prod
  • good documentation

N.B. The slides show commands that use Summon to handle API keys.