#MBLTDev 2014 through the eyes of a simple iOS developer from Tinkoff Bank
Moscow • October 28, 2014 • Digital October
Though late, I decided to share with you my impressions of visiting #MBLTDev 2014. An excellent conference, I hope my notes will be useful to someone.
1. My colleague and I were a bit late because of traffic jams. About 10 minutes Tim Messergmidt (PayPal) languished in anticipation of us, but as soon as we appeared in the hall, Tim immediately pretended that the speech had begun long ago, and the audience played along with him.
Tim talked about authentication. He cited statistics, apparently taken on the basis of passwords from PayPal accounts. It turns out that 91% of users specify a word from the top 1000 popular passwords as a password. Funny, of course, a fact, but so far has nothing to do with our authorization system.
He advised all those services that require some kind of authorization not to overload the user with a difficult password, to give the ability to display password symbols, in general, to balance in every way between the need and security, without scaring away the audience with excessive complexity. Agitated the public to say “password sucks” and advised everyone to OAuth, and registration - “unless u really really need it”.
This performance once again reminded me that the user is more like a lazy sloth who should not be strained once again, but to find out his name is better to tell fortunes on the stars.
Total: it seems to me that it would be really cool to give the user the opportunity to log in via social networks (we have more information, he has less headache). And also show password symbols during authorization in the mobile bank, because most often the user logs in alone with himself.
Presentation: www.slideshare.net/elegion/ss-40957408
2. The next speaker was Ash Artsy, the developer who wrote the iOS client for 500px startup. So cheerful and funny, complaining about Xcode 6 bugs.
He talked not just about Swift development, but about using ReactiveCocoa on Swift. In general, the idea of using ReactiveCocoa was not just in the air at the conference, every speaker who had the slightest relation to development for iOS spoke about it. Ash had good examples, which he collected right on stage, showing pieces of code that complement his performance well.
At the end of the report, a question was asked from the host of the conference: “Ash, if you were hired to develop a project, what language would you use?”, Furrow replied that ObjC is unambiguous for a commercial project.
Total: ReactiveCocoa on Swift is an interesting topic, but not yet for production. But ReactiveCocoa on ObjC will definitely have to try. After the upcoming releases. Swift time has not come yet.
Presentation:www.slideshare.net/elegion/2-functional-programming-in-swift-ashfurrow
3. Then the representative of VKontakte Andrey Novoselsky stepped on the stage with a presentation of advertising promotion of applications on the VK platform.
I was not very interested in his performance. I listened carefully, but now I can’t remember something outstanding. Andrei talked about the conflict with Apple, about the upcoming release of the marketing platform and its cool features.
I remembered the question from the audience: “Why don’t you give us a token for the back?” Then I perked up. But the answer disappointed both me and the author of the question: “We have different ways of communication between servers, let's discuss this after the speech.” Someone grunted displeasedly from the audience: "Games on the sidelines."
Total: I found out that 60% of VK users use the service through mobile applications.
Presentation: www.slideshare.net/elegion/mbltdev
4. Ilya Slavutin, a representative of Intel, began to talk about their new mobile cross-platform framework INDE. At the very beginning of the speech, the phrase sounded: “INDE seamlessly integrates into our favorite IDEs: Android studio, Eclipse and Microsoft Visual Studio.” All. Conclusions are made.
I did not show an example (as stated in the title of the report). The speaker was more like a marketer than a technical specialist. Yes, he talked about how the framework is structured, about C ++ binding over the native frameworks of each of the mobile platforms (iOS, Windows Phone, Android), even talked about some features (for example, working with video, hardware sensors, etc. .), but the code samples for iOS were on ObjC.
I tweeted:
What I got the answer to:
Anyway, the code is different. I would not use this framework yet. The presentation did not talk about those APIs that would not be in the native iOS.
Bottom line: I learned about Intel's attempt to create a cross-platform C ++ development tool for all platforms. But in the ObjC examples.
Presentation: www.slideshare.net/elegion/mbltdev-intel-inde
5. Next on the Digital October stage, in our suit and spotlights, appeared our Dmitry Tarasov (Tinkoff Bank).
The audience met him standing up, and the entire female audience looked at our mobile architect with loving eyes. Dima was well done. I am confident, energetic, spoke about the experience of TCS.
Total: All the buzz. By the way, before asking a question to Dmitry, a comrade from the audience praised our mobile bank. Nicely. We exchanged glances with the manager and blurred out in a smile.
Presentation: www.slideshare.net/elegion/mbltdev-40959775
6. Next came Yuri Buyanov, the developer of Odnoklassniki. The host of the event could not resist and pinned the hero: “Now we will find out how the application is made, which our grandparents use.”
I was pleasantly surprised by the performance. Yura cheerfully and confidently, with pauses, as it should, spoke not only about what MVVM is, but also pointed out errors, gave examples with code. Clearly and clearly. Started with a reminder of what standard MVC is. Turned on the first slide, and there is a photo of a squirrel. Yuri argued the squirrel that he was just too lazy to do a slide for MVC.
Then he told MVVM that ModelView should not know anything about View, and he told how this covenant is usually broken. This can be avoided using the “router” pattern. The router object contains all the information about transitions between screens, navigation.
The correct behavior of the MVVM pattern, according to Yuri, is best achieved with the help of the same ReactiveCocoa. That is, when using the signal mechanism (when objects subscribe to changes in the properties of other objects). Everywhere this ReactiveCocoa ...
At the end of the speech the host commented: “It's nice to know that Odnoklassniki knows how to program.”
Total: Jura shared the MVVM implementation errors that I observe in my projects. There was a desire to fix it. There was also a desire to try RAC.
Presentation: www.slideshare.net/elegion/mbltdev-mvvm
7. A man in a suit (the second in a day) stepped on stage. He talked about security. It was Andrey Belenko (viaForensics). Immediately, I mentally took a piece of paper and began to draw up a checklist as he spoke.
Andrey gave examples of using NSUserDefaults as a storage for passwords (this is what the Moscow Parking application does). And he shared a bunch of cool bugs. For example, storing private data in bare CoreData. Showed how easy it is to get user data in this case. Everything is fine on the checklist. Private data is encrypted, by an algorithm not invented by us (standard), the encryption key changes dynamically, if the passwords are stored in the keychain, and the server addresses for testing are not included in the release build, they are cut out at the compilation stage.
Andrew suggested obfuscating the code, speaking about the features of the ObjC language. Indeed, all selectors are visible. But this is dangerous in a case when, having connected with the debugger to the application, it is possible to call a method that will return something secret to us. In Tinkoff Wallet, I do not have such methods. (The example had a method that returned a static database encryption key).
Total: everything is fine with us. The recommendation is to use, if possible, TLS instead of SSL (back-end certificate).
Presentation: www.slideshare.net/elegion/7-mbltru
8. Ruslan Gumenny (e-Legion) spoke about the features of codesign.
The topic seemed relevant for complex CI, but for us it seemed to me to be of little importance. Ruslan talked about how to sign the code and verify the signature manually. It was useful to know that there is a plugin for QuickLook that displays information about ipa-schnicks. It will be necessary to download.
Total: you will need to download a convenient plugin to view ipa signature information.
Presentation: www.slideshare.net/elegion/8-codesign-for-i-os-final
9. Then came Alexei Korovyansky (Mb-Lock) with a report on automatic testing for Android. I listened a little to the report. In it, Alex talked about testing tools for Android.
Total: tests are very difficult to write, but you can and probably need to.
10. I returned to the audience at the beginning of a speech by Ruslan Shevchuk from Aviasales.ru. Ruslan talked about Core Data. About what it is and how to use it.
In principle, the speech was similar to the Russian voice acting of the WWDC presentation. The interesting part about iCloud was that Core Data allows you to implicitly authorize a user and, in fact, store data in the cloud. Not sure if this is suitable for our projects.
Total: Ruslan reminded everyone how to use Core Data and mentioned that you can also store this data in the cloud.
Presentation: www.slideshare.net/elegion/10-aviasales-final
11. Suddenly, a man in slippers, who was sitting on the floor next to me, got up and went on stage. It was Alexander Cherny (Indie-developer).
And he talked about trilateration using iBeacon. He defiantly scattered 3 beacons around the hall and walked around, determined his location using an iOS application. Of course, simultaneously listing all the characteristics of the devices, difficulties, details of the calculations. His performance was very interesting thanks to his own charisma, and I listened to the end.
Total: Alexander told everything about iBeacon, about use, with examples where it might come in handy.
Presentation: chernyy.ru/yapse/upload/trilateration-with-ibeacons.pdf
12. After a couple of Google representatives appeared - Dmitry Nefedkin and Natalya Efimtseva. They talked about their Google Cloud platform.
For example, they said that Google servers around the world are directly connected by wires, which significantly speeds up the exchange of data between servers, and server maintenance is completely invisible, that is, there is no downtime for users. By creating a backing for mobile clients, you can generate classes that will be responsible for communicating with the backing. When asked why they are better than Asure, they answered that "the Devil is in the details."
Total: cool service, but there is a danger of being tied to a platform, with which it will then be difficult to leave if something happens.
Presentation: www.slideshare.net/elegion/mbltdev-backend-google-cloud-google
13. Next was the Realm, which Brian Münholm talked about.
As I understand it, this is a cross-platform Core Data, written in C ++, which works very cool and has a very simple API (similar to Core Data, but with the initialization of the stack hidden inside).
Judging by the benchmarks, everything is very cool there. Need to try.
Total: it is necessary to try and evaluate in practice. The presentation is promising.
Presentation: www.slideshare.net/elegion/mbltdev-41144735
14. Ilya Ryzhenkov spoke about the new language from JetBrains.
In short, JetBrains plan to release a new language - Kotlin. It looks like all the "languages of the future." Very similar to Scala and Swift. Now in Android studio you can code to Scala, which is not bad.
Ilya also spoke about Google’s partnering intentions to use this language. So, I think, everything will work out at JetBrains, and in a couple of years you can safely switch to Kotlin.
Total: Swift for Android. Ta dam.
Presentation: www.slideshare.net/elegion/mbltdev-40960224
15. In an attempt to overcome his wild desire to dance, Andy Carvel, representative of Soundcloud, appeared on the stage.
He was constantly twitching from an overabundance of emotions. He talked about how Soundcloud redesigned the iOS client and used, again, ReactiveCocoa for this. At the same time, the application suffered from crashes. But with the help of an array of many Mac mini and a bunch of tests for six months brought the number of crashes to 10 per week. Well, a good result.
Total: damn, well, you definitely need to try ReactiveCocoa.
Presentation: www.slideshare.net/elegion/mbltdev-ios-soundcloud
I did not listen to the next two reports.
Here are the reports I missed:
16. Developing first-class SDKs for Android. Tai Smith, Twitter.
Presentation: www.slideshare.net/elegion/mbltdev-sdk-android-twitter
17. How not to become a hostage of one platform. Alexey Panfilov. Parallels
Presentation: www.slideshare.net/elegion/mbltdev-parallels
Thank you for reading . Many thanks to e-Legion for the photos and links to the presentations, and for the event, of course.
Till.
Though late, I decided to share with you my impressions of visiting #MBLTDev 2014. An excellent conference, I hope my notes will be useful to someone.
1. My colleague and I were a bit late because of traffic jams. About 10 minutes Tim Messergmidt (PayPal) languished in anticipation of us, but as soon as we appeared in the hall, Tim immediately pretended that the speech had begun long ago, and the audience played along with him.
Tim talked about authentication. He cited statistics, apparently taken on the basis of passwords from PayPal accounts. It turns out that 91% of users specify a word from the top 1000 popular passwords as a password. Funny, of course, a fact, but so far has nothing to do with our authorization system.
He advised all those services that require some kind of authorization not to overload the user with a difficult password, to give the ability to display password symbols, in general, to balance in every way between the need and security, without scaring away the audience with excessive complexity. Agitated the public to say “password sucks” and advised everyone to OAuth, and registration - “unless u really really need it”.
This performance once again reminded me that the user is more like a lazy sloth who should not be strained once again, but to find out his name is better to tell fortunes on the stars.
Total: it seems to me that it would be really cool to give the user the opportunity to log in via social networks (we have more information, he has less headache). And also show password symbols during authorization in the mobile bank, because most often the user logs in alone with himself.
Presentation: www.slideshare.net/elegion/ss-40957408
2. The next speaker was Ash Artsy, the developer who wrote the iOS client for 500px startup. So cheerful and funny, complaining about Xcode 6 bugs.
He talked not just about Swift development, but about using ReactiveCocoa on Swift. In general, the idea of using ReactiveCocoa was not just in the air at the conference, every speaker who had the slightest relation to development for iOS spoke about it. Ash had good examples, which he collected right on stage, showing pieces of code that complement his performance well.
At the end of the report, a question was asked from the host of the conference: “Ash, if you were hired to develop a project, what language would you use?”, Furrow replied that ObjC is unambiguous for a commercial project.
Total: ReactiveCocoa on Swift is an interesting topic, but not yet for production. But ReactiveCocoa on ObjC will definitely have to try. After the upcoming releases. Swift time has not come yet.
Presentation:www.slideshare.net/elegion/2-functional-programming-in-swift-ashfurrow
3. Then the representative of VKontakte Andrey Novoselsky stepped on the stage with a presentation of advertising promotion of applications on the VK platform.
I was not very interested in his performance. I listened carefully, but now I can’t remember something outstanding. Andrei talked about the conflict with Apple, about the upcoming release of the marketing platform and its cool features.
I remembered the question from the audience: “Why don’t you give us a token for the back?” Then I perked up. But the answer disappointed both me and the author of the question: “We have different ways of communication between servers, let's discuss this after the speech.” Someone grunted displeasedly from the audience: "Games on the sidelines."
Total: I found out that 60% of VK users use the service through mobile applications.
Presentation: www.slideshare.net/elegion/mbltdev
4. Ilya Slavutin, a representative of Intel, began to talk about their new mobile cross-platform framework INDE. At the very beginning of the speech, the phrase sounded: “INDE seamlessly integrates into our favorite IDEs: Android studio, Eclipse and Microsoft Visual Studio.” All. Conclusions are made.
I did not show an example (as stated in the title of the report). The speaker was more like a marketer than a technical specialist. Yes, he talked about how the framework is structured, about C ++ binding over the native frameworks of each of the mobile platforms (iOS, Windows Phone, Android), even talked about some features (for example, working with video, hardware sensors, etc. .), but the code samples for iOS were on ObjC.
I tweeted:
What I got the answer to:
Anyway, the code is different. I would not use this framework yet. The presentation did not talk about those APIs that would not be in the native iOS.
Bottom line: I learned about Intel's attempt to create a cross-platform C ++ development tool for all platforms. But in the ObjC examples.
Presentation: www.slideshare.net/elegion/mbltdev-intel-inde
5. Next on the Digital October stage, in our suit and spotlights, appeared our Dmitry Tarasov (Tinkoff Bank).
The audience met him standing up, and the entire female audience looked at our mobile architect with loving eyes. Dima was well done. I am confident, energetic, spoke about the experience of TCS.
Total: All the buzz. By the way, before asking a question to Dmitry, a comrade from the audience praised our mobile bank. Nicely. We exchanged glances with the manager and blurred out in a smile.
Presentation: www.slideshare.net/elegion/mbltdev-40959775
6. Next came Yuri Buyanov, the developer of Odnoklassniki. The host of the event could not resist and pinned the hero: “Now we will find out how the application is made, which our grandparents use.”
I was pleasantly surprised by the performance. Yura cheerfully and confidently, with pauses, as it should, spoke not only about what MVVM is, but also pointed out errors, gave examples with code. Clearly and clearly. Started with a reminder of what standard MVC is. Turned on the first slide, and there is a photo of a squirrel. Yuri argued the squirrel that he was just too lazy to do a slide for MVC.
Then he told MVVM that ModelView should not know anything about View, and he told how this covenant is usually broken. This can be avoided using the “router” pattern. The router object contains all the information about transitions between screens, navigation.
The correct behavior of the MVVM pattern, according to Yuri, is best achieved with the help of the same ReactiveCocoa. That is, when using the signal mechanism (when objects subscribe to changes in the properties of other objects). Everywhere this ReactiveCocoa ...
At the end of the speech the host commented: “It's nice to know that Odnoklassniki knows how to program.”
Total: Jura shared the MVVM implementation errors that I observe in my projects. There was a desire to fix it. There was also a desire to try RAC.
Presentation: www.slideshare.net/elegion/mbltdev-mvvm
7. A man in a suit (the second in a day) stepped on stage. He talked about security. It was Andrey Belenko (viaForensics). Immediately, I mentally took a piece of paper and began to draw up a checklist as he spoke.
Andrey gave examples of using NSUserDefaults as a storage for passwords (this is what the Moscow Parking application does). And he shared a bunch of cool bugs. For example, storing private data in bare CoreData. Showed how easy it is to get user data in this case. Everything is fine on the checklist. Private data is encrypted, by an algorithm not invented by us (standard), the encryption key changes dynamically, if the passwords are stored in the keychain, and the server addresses for testing are not included in the release build, they are cut out at the compilation stage.
Andrew suggested obfuscating the code, speaking about the features of the ObjC language. Indeed, all selectors are visible. But this is dangerous in a case when, having connected with the debugger to the application, it is possible to call a method that will return something secret to us. In Tinkoff Wallet, I do not have such methods. (The example had a method that returned a static database encryption key).
Total: everything is fine with us. The recommendation is to use, if possible, TLS instead of SSL (back-end certificate).
Presentation: www.slideshare.net/elegion/7-mbltru
8. Ruslan Gumenny (e-Legion) spoke about the features of codesign.
The topic seemed relevant for complex CI, but for us it seemed to me to be of little importance. Ruslan talked about how to sign the code and verify the signature manually. It was useful to know that there is a plugin for QuickLook that displays information about ipa-schnicks. It will be necessary to download.
Total: you will need to download a convenient plugin to view ipa signature information.
Presentation: www.slideshare.net/elegion/8-codesign-for-i-os-final
9. Then came Alexei Korovyansky (Mb-Lock) with a report on automatic testing for Android. I listened a little to the report. In it, Alex talked about testing tools for Android.
Total: tests are very difficult to write, but you can and probably need to.
10. I returned to the audience at the beginning of a speech by Ruslan Shevchuk from Aviasales.ru. Ruslan talked about Core Data. About what it is and how to use it.
In principle, the speech was similar to the Russian voice acting of the WWDC presentation. The interesting part about iCloud was that Core Data allows you to implicitly authorize a user and, in fact, store data in the cloud. Not sure if this is suitable for our projects.
Total: Ruslan reminded everyone how to use Core Data and mentioned that you can also store this data in the cloud.
Presentation: www.slideshare.net/elegion/10-aviasales-final
11. Suddenly, a man in slippers, who was sitting on the floor next to me, got up and went on stage. It was Alexander Cherny (Indie-developer).
And he talked about trilateration using iBeacon. He defiantly scattered 3 beacons around the hall and walked around, determined his location using an iOS application. Of course, simultaneously listing all the characteristics of the devices, difficulties, details of the calculations. His performance was very interesting thanks to his own charisma, and I listened to the end.
Total: Alexander told everything about iBeacon, about use, with examples where it might come in handy.
Presentation: chernyy.ru/yapse/upload/trilateration-with-ibeacons.pdf
12. After a couple of Google representatives appeared - Dmitry Nefedkin and Natalya Efimtseva. They talked about their Google Cloud platform.
For example, they said that Google servers around the world are directly connected by wires, which significantly speeds up the exchange of data between servers, and server maintenance is completely invisible, that is, there is no downtime for users. By creating a backing for mobile clients, you can generate classes that will be responsible for communicating with the backing. When asked why they are better than Asure, they answered that "the Devil is in the details."
Total: cool service, but there is a danger of being tied to a platform, with which it will then be difficult to leave if something happens.
Presentation: www.slideshare.net/elegion/mbltdev-backend-google-cloud-google
13. Next was the Realm, which Brian Münholm talked about.
As I understand it, this is a cross-platform Core Data, written in C ++, which works very cool and has a very simple API (similar to Core Data, but with the initialization of the stack hidden inside).
Judging by the benchmarks, everything is very cool there. Need to try.
Total: it is necessary to try and evaluate in practice. The presentation is promising.
Presentation: www.slideshare.net/elegion/mbltdev-41144735
14. Ilya Ryzhenkov spoke about the new language from JetBrains.
In short, JetBrains plan to release a new language - Kotlin. It looks like all the "languages of the future." Very similar to Scala and Swift. Now in Android studio you can code to Scala, which is not bad.
Ilya also spoke about Google’s partnering intentions to use this language. So, I think, everything will work out at JetBrains, and in a couple of years you can safely switch to Kotlin.
Total: Swift for Android. Ta dam.
Presentation: www.slideshare.net/elegion/mbltdev-40960224
15. In an attempt to overcome his wild desire to dance, Andy Carvel, representative of Soundcloud, appeared on the stage.
He was constantly twitching from an overabundance of emotions. He talked about how Soundcloud redesigned the iOS client and used, again, ReactiveCocoa for this. At the same time, the application suffered from crashes. But with the help of an array of many Mac mini and a bunch of tests for six months brought the number of crashes to 10 per week. Well, a good result.
Total: damn, well, you definitely need to try ReactiveCocoa.
Presentation: www.slideshare.net/elegion/mbltdev-ios-soundcloud
I did not listen to the next two reports.
Here are the reports I missed:
16. Developing first-class SDKs for Android. Tai Smith, Twitter.
Presentation: www.slideshare.net/elegion/mbltdev-sdk-android-twitter
17. How not to become a hostage of one platform. Alexey Panfilov. Parallels
Presentation: www.slideshare.net/elegion/mbltdev-parallels
Thank you for reading . Many thanks to e-Legion for the photos and links to the presentations, and for the event, of course.
Till.