Top 10: best reports DotNext 2017 Moscow

    Hi, Habr! In April, we officially made public the best videos from DotNext 2017 Moscow. The result was a playlist of 25 reports . Just remind here about this magical playlist.


    I am now watching the most interesting videos and invite to join! To make it easier to join the review of the conference entries, under the cut you are waiting for short notes on the ten reports that received the highest marks from visitors to the past DotNext. If out of 25 pieces you feel able to see only a few reports, feel free to choose from this list.


    Formally, the lower the list, the higher the rating. But there is an important clarification: all the reports from the top ten have a very, very high rating, and their exact position strongly depends on the nuances of counting. For example, if you use soft quorum, then Andrey Okinshin's keynote about performance testing will overtake Sasha Goldstein's report on debugging and profiling on Linux. In other words, see everything :-)


    Under the cut there will be a table of contents for easy navigation through the contents of the post.




    Table of contents




    Final keyout: Unchain my heart


    Dino Esposito, JetBrains



    When giving a task to a person, it is necessary to check that he not only remembers your words, but also understands what to do next. What did you learn from our conversation? What are the first steps? Simple, effective questions.


    This Dino story is not a standard report, but a closing keyout. Just as the goal of the opening keyout is to set the direction of the conference, the final keyout sets the future life of the participant. What did you make of the conference? How will this affect your life?


    In this report, Dino moves us 30 years ahead with a time machine and adds another level of depth to these standard questions. Returning from the future, how will we relate to the present?



    Dino tells a big - for forty minutes - and a very reasonable forecast for the coming years. Both the blockchain, and bigdata, and even the digital soul fall into it. Will robots conquer us? Spoiler: in the end everyone will die! (Yes, there is a real game going on).


    But here I would like to argue. I like very much the recent discussion on Reddit: “How do you capture the world if you find yourself in 1990 with all the current memories, but in the body of the child you once were?” Vladimir Guriev , a short one of the answers, recently translated which previously gave us a modern marketing textbook ), but it is better to read the original . We, as engineers and people who have dedicated themselves to improving the world by creating certain technical wonders, easily believe in a man of the future who can make a nuclear starship with sticks and ropes (the same as today, but a little better). But if you return to reality, then ordinary stupid people (such as me, for example), do much more boring and nasty things.


    I advise you to look at keynoout Dino and independently decide on this. Perhaps write your story in the comments on Habré? What are we worse than Reddit?



    ASP.NET Core: Attack Prevention Mechanisms 2.0


    Mikhail Scherbakov



    The new part of the report of Michael about the following types of defense:


    • Open Redirect protection;
    • Data Protection;
    • XSS protection;
    • CSP setup;
    • Anti-Request Forgery;
    • CORS setup;
    • Use of cookies.

    The report was a result of the participation of Michael in the indefinite Microsoft Bug Bounty Program. The first bug he found was in protection against Open Redirect, which is shown at the beginning of the report in just a minute.


    To understand the topic in other parts of the report, we are told about changes to the Data Protection API, after which we immerse ourselves in work with security and holes in it for forty minutes. Understands how the built-in XSS and CSRF protection mechanisms work, what cryptography features are available out of the box, how session management is organized, and so on.


    I myself am interested in this topic and often watch security reports on YouTube. The worst thing that awaits you as a spectator: two hours of nudyatiny, 90% consisting of the banalities of the form "if you are stupid, then everything is very bad", at the end of which you find yourself sleeping with a nose in the keyboard. Misha's report compares favorably with the fact that there is no time to sleep on it: clearly delineated thoughts, real examples of code to illustrate them, if any concepts are introduced - slides with wordings and links to advanced materials.


    Such reports should be viewed immediately, as I learned to write my first controller, just to not rewrite a lot of code in vain.


    By the way, in February we published a transcript of the report of Michael on Habré. If you do not have time to watch, you can always read .



    Patterns for high-performance C #: from algorithm to low-level techniques


    Federico Lois, Corvalius



    The brutal story of how to treat C # so cruelly that it becomes different from itself - but it starts to work very quickly and well.


    For the sake of justice, about every second thread on a performance on Habré or every first discussion over a can of beer applies for it.


    We after all quite often write reviews of something on Habr and for a long time already understood the essence of the concept "hardcore" for the Russian developer. Hardcore and performance are twins. We talk about performance - we mean hardcore, we talk about hardcore - we mean performance.


    Federico developed his own scale:



    This is a talk about performance, everything as you like. And very cynical and intelligible. It’s not very easy to argue with the speaker, given that he is one of the developers of RavenDB, and she’s all about speed. There will be unpleasant things about the fact that you cannot use try-catch and LINQ, there will be about inling, about Pareto's law (turned into a checklist) - anything, just to deceive the system and achieve significant acceleration.


    All this reminds me of this video:



    Operator : Wait a second, let me take off the height. Well nafig! Here on this roof you jump.
    Tracer : Ready?
    Operator : Yes.
    Tracer : silently scatters, jumps, silently punches the roof of the building and the ax goes into the depths


    The need to use such cheating to speed up the code now seems to me to be such a “leap of faith”. But if one day you have to jump, it is better to watch this report than not to watch (and if you’re too lazy to watch, then read our translation ).



    NUKE: Build automation for C # developers


    Matthias Koch, JetBrains



    NUKE is one of the projects Mathias is working on. This is such an assembly automation system, where everything can be described on C # DSL.


    C # here, despite the fact that it allows you to describe the assembly in the familiar infrastructure, in the IDE, with a decent auto-completion, and not suffer with clicking on the buttons in Jenkins or, for example, cram the conditions as strings in MSBuild. Almost one-fifth of the report is devoted to a discussion of the applicability of jenkins and mbsilds.


    Very cool that this video appeared in the public domain. The fact is that I have a long personal history of dislike for Jenkins, and each new person needs to re-explain the same balalaika about the causes and conclusions. Now it’s enough to give a link to this video.


    As for the main part of the report, this is a bunch of practical material on what Nuke is and how to live with it. Now they have more than seven hundred commits and more than a dozen contributors on a githaba , so probably this can already be used. A report from the creator of the technology can best help in mastering.



    Artificial Intelligence and Neural Networks for .NET Developers


    Dmitry Soshnikov, Microsoft



    A very cool report that lays the foundations for programming neural networks in C # for those who have not yet been able to do this, but really want to.


    I had a situation where you need to quickly pick up image recognition. I took up the popular courses on neural networks and found that they didn’t respond to my request, but rather were engaged in general education. As a result, friends wrote the signer :-) And this report by Dmitriy is a balsam for the soul, because it answers all the actual requests of the average person, after which it’s clear what to read and what to understand.


    Initially, there is a small introduction on what Microsoft is doing and what neural network technologies they have. Dmitry clearly said that he had reduced the number of Microsoft marketing slides to a minimum, although it is here that I don’t understand this marketing “heyte” - we will use these technologies anyway, we’ll look for them. As if there is some choice.


    Further briefly indicates how Satanists live data in their Jupyter Notebook and that you can not install it, and get in the cloud. Tellingly, Jupyter Notebook from Dmitriy started right at the time of live coding - in my opinion, the best demonstration of why C # is needed, and it’s impossible to think up.


    A significant part of the report is a story about whether it is difficult to write all this yourself. Examples are shown based on the recognition of numbers in the pictures.



    At first, k-nearest neighbors are written with handles on the cycles , which is accurate (94%), but wildly slow - not a single k-NN demo has worked to the end of the report. Then the same k-NN is encoded on Accord.NET, and it works a little faster, but not really, because the algorithm is the same. But the feature of Accord.NET is that it is already a decent looking code, and you can quickly replace the classifier with some other one. Dmitry substituted the support vector machine , and everything accelerated sharply (the set of 5 thousand pictures began to run over in a few seconds, the accuracy almost did not fall - 92%).


    But you can still do steeper and drag neural networks. In the Accord.NET demo, SVM was replaced with a neural network, almost without changing the code. But this is not necessary, because there are other, more cool and fast frameworks. Dmitry said a few words about TensorFlow and the rest of the report spoke about the Microsoft Cognitive Toolkit (formerly known as CNTK). After reviewing many demos, we saw that the result is ultra-accurate networks (98%) with complex, but, nevertheless, quite understandable code.


    Having seen this report, now I can’t just fall asleep just like that. All these things are written in clear code, and they seem to have a clear mathematical basis that a student can understand, but as a result they work wonders. Distinguishing a photo of a cat from a photo of a dog is a miracle, you will never think of an algorithm for this, and the neural net somehow does it right before your eyes.


    What if my brain is just an apparatus that approximates a function? And the whole life is just one more multiplication of matrices with a small non-linear part, which can be written with a relatively small piece of code ... How to live with it now?


    ( the link is available to decipher the report)



    Akka Streams for mere mortals


    Vagif Abilov, Miles



    This is a concept report about life in the world of streams. There are examples of this kind:



    They show a gradually becoming more complex quite specific code, details are discussed. Still, the main thing is a general idea of ​​the issue.


    For people who are not immersed in the topic, it may seem that to understand Akka Streams you need to understand Akka perfectly and understand reactively. Vagif argues that this is not entirely true, which removes the load from the soul and lowers the threshold for entering the topic.


    For me personally, the whole topic of streams seemed (and it seems so far, it’s impossible to believe reports without trying) rather creepy, just because it is directly connected with the topic of functional transformations and data management outside the usual thread-lock model. Yes, managing threads and building structures from old-school frameworks for them is a vile thing, but understandable and hackneyed over the years.


    Vagif explains for the transition to actors, reveals the theme that actors are not assembled (more precisely, they are assembled in the sense in which human society is assembled), and from this proceeds to Reactive Streams as a means to raise the level of abstraction and expression even more.


    On the Reactive Streams stack, there is a set of interfaces (Publisher, Subscriber, Subscription, Processor), but no one expects us to manually resolve these interfaces. There are library developers who will do it for us - for example, this is done in Akka Streams.


    For me, it was a discovery that dynamic push / pull in Reactive Streams is out of the box, and it doesn’t hurt at all - or rather, it’s not so painful when you try to code backpressure yourself.


    Moreover, the author does not strike at some kind of fanaticism and does not forget about alternatives (RX, TPL DataFlow, Orleans Streams), talks about the pros and cons. The lack of fanaticism is a huge bonus in comparison with the typical story of a reactive lover who has become attached to one particular library.


    In general, I understood the idea this way: when we use microservices and other multicomponent architectures, there is no forest behind the trees, and streaming is such a way to rise to a higher level and get an idea of ​​the overall process. To go on such rails, you need to take Akka Streams, and everything will be in chocolate.


    Want to motivate yourself to go on streaming? Must watch.



    The Metrix has you ...


    Anatoly Kulakov, Paladyne Systems



    Many developers do not like to think about the terrible things that users do with their applications. Often, when the colleagues asked the question “how to view the metrics,” they would say a fierce game about “bog logs”, “look in MySQL” and so on, and it was not easy to persuade them to think about the question.


    This report by Anatoly is just such a moment of enlightenment. It begins with an explanation of the differences between monitoring and logging, with a detailed statement of motivation. Further, our supposed amateur lover is immersed in concrete examples of what needs to be done.


    We'll have to do the Time Series (about which the theoretical minimum is told - why we are needed, what are the advantages, what the essence of optimizations is) using the example of the well-known InfluxDB database (about which the specifics, possibilities and disadvantages are analyzed). And so on and so forth. A lot of good content, including live demos with experiments on a local Grafana and an archiver application, the performance data of which is collected through BenchmarkDotNet.


    If the reading-writing time is not important for you, if you don’t run into throughput, if you don’t know what downsampling is, if you don’t need specialized statistics and aggregation functions, if you want to delete all data on one line with your hands, if you don’t rest data and know for sure that you will never have high loads - you can continue to save metrics data in RDBMS, log logs and live happily. All others need to use modern tools and watch this report (or read the transcript).



    Life, liberty and the pursuit of APIness: the secret to happy code


    Dylan Beattie, Spotlight



    Dylan Beattie is a person with so many work achievements and interesting projects that it is easier to read the full list on our website . In the context of the report, it is interesting that Dylan is a system architect who right now is working on building complex modern distributed applications, and, accordingly, on developing the right API for them. Well and, of course, absolutely everyone who visited DotNext parties knows him.


    Whether we are aware or not, every time we create new programs we create a user experience. People will interact with our code — as end users or maybe as members of the development team. Or maybe they are mobile application developers using your API, or is it someone who needs to go to the night to fix the problems that have arisen. From the outside, this may seem like completely different cases, but in fact they have something in common. Dylan calls this the word " discoverability ."


    This is where this very philosophical and at the same time purely practical report came from. First, Dylan gives a detailed introduction to the psychology of learning and the various learning models. What do you think, which of the learning curves is better?



    Next comes the story of how discoverability manifests itself for the end users of the system, and then - most importantly - how it all relates to the code, data, API, and other things that make up the life of a programmer. Step by step, at all levels of the application.


    Do not believe that autocompletion, hypermedia or fluent API make life better? What about beautiful dashboards, clear metrics or, for example, logging levels that are named not by threat level, but by meaning? Maybe you understand all this, but you do not know how to tell your colleagues about this so that they finally start using all this? Then you urgently need to watch this report (by the way, in the spring we already published a translation on Habré ).



    Keynout: Let's talk about performance testing


    Andrey Akinshin, JetBrains



    Andrei had a very difficult task: to tell about the performance, but at the same time - in the format of the opening keyout. As you probably know, keyout has several goals, the main one of which is to convey the spirit and essence of what will happen at the conference. From this it follows that such a report should understand more or less everything. On the other hand, performance is the second name of hardcore, that is, the topic is complex and specific.


    No wonder Andrei constantly receives his highest ratings, he got out. It is clear that most companies now do not test performance in any way, or they are already testing it on living people in sales. There is no coherent theory of solving this kind of problems, so it’s not necessary to tell a gear-crushing materiel. Need some basic understanding of the topic.


    The report is devoted to 13 notes on performance. I will not tell all thirteen, for why produce spoilers. For example, the first article is devoted to sources of performance data. Or, for example, if you have a list of performance anomalies, then removing the small problems that Andrei talks about will simplify the analysis of performance problems (problems that you haven’t yet written but will write soon). One of these options, which is devoted to "note 6" - clustering on the example of operating systems.



    Performance testing is interesting, but difficult. Moreover, performance testing can and should be done. IMHO, the report is unique in that a bunch of things are revealed here that people would like to do, but either don’t do, or lie, what they do. Therefore, see the report by Andrey, collect performance-purity and performance-culture, and then your products will be super-fast, responsive, smooth and silky.



    Debugging and Profiling .NET Core Apps on Linux


    Sasha Goldshtein, Sela Group



    Sasha is an outstanding performance engineer, and there is nothing surprising that he got to the very top of the rating. Another reason for the victory: it has become very fashionable to add “.NET Core” to the title of the report just for the sake of a hyip. There are not so many stories about something where .NET Core plays a meaningful role, and this report is one of them. Or here's another idea: this is a purely practical report on the use of free tools that immediately go along with the operating system and runtime, and all this is quite convenient and works with a low overhead - it would be a shame not to understand it.


    Imagine having managed to run your favorite ASP.NET application on Linux or even something with a console interface. What's next? A happy ending? Oh no. In fact, you will have to face memory leaks, strange crashes, performance problems, and many other troubles - and what to do when all this happens in production? On Windows, we have a bunch of interesting tools, but they won't work on Linux, and there are no simple alternatives yet. In this report, Sasha explains how debugging and profiling of .NET Core applications on Linux now looks like. How to conduct investigations using perf, how to LTTNGuse as a substitute for events ETW, how to collect and understand traces LTTNGand much more. Sasha will talk about core dumps.and how to get information interesting for the .NET-developer with the help of lldband SOS.


    In short, everyone who decides to watch the video will go on an uneasy detective journey through the wilds of unfinished utilities and the special command line magic. With a happy ending (but this is not certain).


    If the reports from the list interest you, we would like to draw your attention: we have already announced the next DotNext , and there you may be equally interested. At the same time, tickets are getting more expensive over time, so you should not postpone buying a ticket for a new DotNext before reviewing all the reports from the previous one!

    Also popular now: