a (pre-)posterous miniblog

For this year's Bring Your Child To Work Day, Brett Nelson
(http://home.teleport.com/~brettn/babuinobot) returned with his army
of programmable Aruino-like robots for students to send zooming around
the room.

We added something else to the mix this time around: a course in
Scratch (http://scratch.mit.edu), the interactive cartoon builder. A
few of the parents mentioned that their kids kept right on programming
afterwards at home, making interactive stories and animated birthday
cards for their friends.

Rock on!

(download)

Click here to download:

Return_of_the_robots.zip (1.1 MB)

(download)

Click here to download:

robot.m4v (1.45 MB)

This post contains beer-fogged notes from the second and final day of one of the most awesome-est technical conferences ever.

One Ruby App to Rule them All

Ian Hunter, Zaarly

• Rails + Sinatra + Padrino + Grape + ZeroMQ + DripDrop
• Grape is like Sinatra for APIs
• Auto-prepends version
• Just return a hash; Grape will format it in XML/JSON/whatevs
• Add auth by using Rack session cookie, OmniAuth, Grape helpers module
• EventMachine + DripDrop

Stratocaster: Redis Event Timeline

Rick Olson (technoweenie)

What is an event feed?

• Example: GitHub recent activities of watched users/repos
• cf. “Feeding Frenzy” paper from Yahoo! on how they store feeds
• Users are both consumers (e.g., watched repos) and producers (repos you commit to)

Pull model

• Easy to write the event

  `Event belongs_to :repository`

• Hard to read the feed

  `Event.joins(:memberships).where(memberships.user_id => user_id)`

• Build the feed on demand
• Doesn’t scale

Push model

• Update each follower’s feed after each event
• Falls over for huge amounts of followers (e.g., jresig, rails, aplusk)
• To address this, Digg did some denormalization and blew tens of GB up to 3 TB
• GitHub used an ActiveRecord extension to do bulk SQL inserts
• Memcache everything; upgraded memcached server to hundreds of GB and haven’t seen a memcache eviction in months
• Slightly denormalize the inputs to the template (e.g., go ahead and precompute counts) and move from erb to mustache (easier syntax checking, precompiled templatess)

Stratocaster

• Library for connecting a feed source to caching objects
• Has an adapter for Redis
• 18M rows took up 1.2GB (80M on disk), about the same as MySQL
• Need an ActiveModel-compatible model
• GitHub uses MySQL, but ToyStore would also work
• allofthestars — “It’s hidden in a Ruby project I created with no tests to hide it from Rubyists”
• Generate a bunch of Redis keys for an event and its list of followers
• With Redis, they can trim lists to the most recent 300 events
• Limit the scope of the Stratocaster project (e.g., leave out fancy stuff like machine learning)
• Has (re)written this idea with several backends and formats, each time taming the complexity a little more
• cf. Coda Hale’s use of Riak for something similar at Yammer

Splitting Your App

John Crepezzi, Patch

Services, APIs

• When we need to split an app, the pieces we split off can themselves be APIs
• Often need to split an app in order to scale it
• First step: multiple Rails machines in one app
• Next step: multiple apps
• Patch went from 30 towns to 850 towns in 3 months

The Stages

• Stage of innocence: using respond_to
• Stage of denial: add controllers that only serve API requests
• Stage of relief: creating a new Rails app
• How to avoid duplicate logic, write less code, not all build the same thing?

Flexible API

• Include FlexibleApi into an AR-derived class
• Gives you a to_hash that can be given a request_level parameter to specify which fields come back with the request, how they’re nested, etc.
• Adds find_hash and find_all_hash methods, which construct intelligent SQL queries

Flexible API Server

• Small Sinatra atop FlexibleApi-using models
• Gives you GET /things, /things/:id, /thing/:id/relation, ?limit, ?offset, ?count_only, POST, DELETE, etc.
• Auto-generated docs

Construct

• construct.rb (+ construct.js, construct.objc)
• Treat REST APIs like ActiveRecord just like local calls
• They were able to split functionality out without changing any AR-using code

Wrapup

• Existing app is a submodule inside the API
• Q: Versioning?
• A: Something like Grape’s approach would work well; multiple concurrent versions could be tricky
• Q: Error handling/validations?
• A: These happen in the model (AR); get a 422 back with an errors hash

Demystifying Auto Scale: An API Mashup

Jesse Proudman, Blue Box Group

Scaling

• 5 Mbps 800 Mbps
• 80,000 dynamic RPS across hundreds of servers
• He likes the Heroku model
• As you app grows, that deployment might not grow with it
• “I/O is always the bottleneck”
• Managing I/O is hard (what, no “let’s go shopping” joke?)
• If you wait too long to add DB capacity, adding more will be difficult (can’t get data out fast enough to spin up a slave/replica)
• Use Auto Scale to give you focus

Auto scaling

• App servers and workers are good fits for auto-scaling
• Decision-making engine (what, no Bing joke?) to determine when it’s time to add or remove capacity
• Since New Relic is the de facto monitoring tool…
• Combine RPM with the fog gem (API to start/stop servers) to make an auto-scale Swiss army knife
• Good metric: CPU burn –> % “free time” per second in each instance (calculate from throughput & response time); speaker likes to keep this around 20ms
• cf. Gist #873067
• Check it once in a while with cron

Javascript TDD for Rubyists

Chris Powers

Why?

• JavaScript is (getting) important, and it’s not going away
• Can’t abstract it away — “We tried something called RJS, and that went well”
• JavaScript is everywhere (client, server, db)
• JavaScript is hard/misunderstood

On Testing

• On full-stack web testing: “Seems like a lot of work just for some lousy regression tests”
• Of course, TDD isn’t (just) about tests; it’s about driving good design (“object oriented-er”)
• JQuery code can be tough to test, because you need to be able to name a thing to test it; how to deal with scopes nested in scopes nested in scopes?

On BDD

• Code you write should be driven by business requirements
• Specs can be a form of executable documentation
• The regression test suite is a nice side effect

Jasmine

• Why Jasmine over all the other TDD framewrks?
• Ripped off RSpec’s syntax, BDD emphasis, output, directory structure
• Generative fixtures (can save markup files to your /tmp directory)

• Generate jasmine.yml, where you specify source files to be tested + auxiliary stylesheets

  gem install jasmine
    rails g jasmine

• Run in your browser (fast)

  rake jasmine, then visit localhost:8888

• Run at the command line (slow)

  rake jasmine:ci runs the specs on the command line using Selenium

Testing your JavaScript

• RSpec-like

  describe("Cook", function() {
      // ...
    });
  
    it("should be tasty"), function() {
      var pie = new Pie();
      expect(pie.tasty).toBeTruthy();
    });

• Just truthy matching built in, so blank strings and zeroes are false

• Can do negative expectations; e.g., expect(…).not.toBeTruthy();

• Can add own matchers:

  beforeEach(function() {
      this.addMatchers({
        toBeFoo: function() {
          return this.actual.thing == "Thing";
        }
      })
    });

• For before/after: screate the object outside the test scope, then clean it up in an afterEach handler

• Can stub methods with:

  spyOn(obj, 'method').andReturn(retVal);
  
    expect(obj.method).toHaveBeenCalled();

• Can spy on a method, but still allow the call to happen with andCallThrough();, like the rr gem supports

• Supports asserting that an exception was thrown, like RSpec
• cf. javascriptmasters.com
• Q: Have you seen Evergreen, another way to test JavaScript from Rails?
• A: Check it out.

Agile Homebrewing

BJ Clark, GoldStar

Warming up the crowd

• Aaron: “I hope the title means what it says”
• Passed around pint glasses with two kinds of hops, two roasts of one barley
• “If you have problems with alcoholism, you probably shouldn’t get into home brewing”
• “I am not a trained Zymurgist; I don’t even know how to say ‘Zymurgist’”
• All beer has water, hops, barley, and yeast; cf. the German Reinheitsgebot (purity law) — constraints breed creativity
• IBU = International Bitterness Units for the amount of hops (has to have at least 1 IBU for it to be beer)

The process

• Has worked for much longer than mankind knew how
• Sprouted barley
• Mill to coffee-ground-ish consistency –> grist
• Mix with hot water (liquor)
• Mashing
• Sweet wort (like sugar water) –> the impatient can start here
• Boil with hops –> hopped wort
• Cool
• Add yeast and ferment

Stay clean

• Cleanliness is next to godliness (avoid bad yeast, botulism)
• “Botulism is colorless, odorless, tasteless, and will really mess up your week”
• Stuff that’s going to boil merely needs to be clean
• Stuff you’re going to put boiled contents into needs to be sterile
• Brewers have neat soaps
• Measuring is important!!!1!

Building Real-time systems with Ruby and MongoDB

Grant Goodale

• (Not as in hard real-time control systems, but real-time as in web)
• Async is common for larger web sites, but relevant for everyone

wordsquared.com

• massively multiplayer gaming built on Node.js (8 acres of Scrabble)
• Node.js, Pusher for messaging, MongoDB for storage
• Initially hosted, until that became painful
• Callback stacks were initially 3, 4, 5 levels deep
• 1,000 simultaneous users at peak on Heroku, then 1 Joyent instance w/256MM RAM
• 2 kinds of request
  • message-passing (notification, cached leaderboard requests)
  • work (tile area, word plays)
• “A certain word board game” is actually non-trivial to implement
• Eventually migrated to Ruby for ecosystem, familiarity

The reactor pattern

• A top perfomer in high-workload, high-CPU taks
• Spawning workers can lead to thrash
• Spawning threads is tricky when you factor in the UI
• Background jobs are beyond the scope

Things to consider

• What kinds of requests does your app handle?
• What is you contract with your client?
• Anything that blocks the main event loop blocks the entire server
• Don’t block fast requests with slow requests
• “You want your app to basically be Bangalore in rush hour”

Sample app with EventMachine and Mongo

• App code gets mixed into EM::Connection on every new connection
• EM::Deferrable wraps the common slow resource callback pattern

The Uncanny Valley of Software Development

Jim Remsik & Robert Pitts

Robotics

• The more lifelike a robot is up to a certain point, the more at ease we are—until it gets nearly identical, and familiarity becomes horror (also, zombies, prosthetic hands)
• Consider WALL-e (who’s not very lifelike but has a lot of personality) vs. creepy robots
• We have expectations of what people should look like
• Try Googling “bathroom surprise”

What this has to do with Ruby

• Consider Rails as a collection of gems, Yehuda’s Russian-dolls style structure of Rack apps running inside Rack apps
• Ruby written in JavaScript or PHP style, or over-metaprogramming
• Not wrong per se, but leaving a bad taste in your mouth
• “OO Rocks!” –> “Functional rocks!” –> “Development as a developer” (growth) “rocks!”
• Opportunities for automation (e.g. shell scripts, Rails generators)
• Pattern recognition and abstraction
• It’s up to us to keep pushing our languages forward and making them more powerful tools, but in such a way that fits in harmony with the language

“The conference for classy Rubyists”

Ruby on Ales is a two-day beer-fueled info-fest taking place in Bend, Oregon. As is my custom, I am posting my half-baked notes and reactions as they occur.

This, ladies and gentlemen, is Day One.

Securing Your Rails Application

Jim Weirich, EdgeCase

Matt Yoho, EdgeCase

An edu-ma-cation

• “How many people think your Rails applications are secure?” (crickets chirping)
• Case study: Diaspora, which was privacy-oriented but had security holes
• Case study: breaking key fob password by looking at power level fluctuations
• Homework: Rails security guide, OWASP Rails security document
• You can’t trust the browser, app server, or database
• Start with the familiar: SQL injection –> use prepared queries
• Cue the obligatory Bobby Tables reference

Mass assignment

• Attacker uses a DOM inspector to change a form element name, so instead of setting his e-mail address, he’s setting an admin flag
• Solution: declare which fields can be mass assigned via attr_accessible (recommended over attr_protected)

Timing attacks

• Session key comparison function bails out more slowly for partial matches; good statistical analysis can reveal the key
• Detect whether a user is logged into Twitter or Facebook
• Leads to information leakage

XSS

• If an app allows freeform text with HTML tags, attacker can add script tags and fetch http://evilhost.example.com/ + document.cookie. He now has your sessions
• Tens of thousands of MySpace passwords stolen in 2006 using this technique
• Blacklisting doesn’t work: <script>, <table background="javascript:...">, etc.
• Solution is to whitelist HTML tags via the sanitize function, or use Textile/Markdown

URL spoofing

• Widget.find(params[:widget_id]) allows anyone to guess the right URL
• current_user.widgets.find(params[:widget_id]) correctly limits access to the current user

XSRF

• User visits malicious website, which constructs malicious URL to victim website (to which user is logged in).
• Need multiple countermeasures: limit GET to nondestructive actions, use Rails authenticity tokens

Session spoofing

• Attacker uses Firesheep to sniff session keys from the air
• Solution is to force HTTPS
• Upcoming Strict-Transport-Security header instructs browsers to switch to HTTPS
• Rack::SSL does both

Summary

• Security audits catch these things
• Be aware

GUI Programming with MacRuby

Erik Michaels-Ober, Code for America

• Apple are paying developers full-time to work on MacRuby
• Features frozen at 0.10; 1.0 coming soon
• Will be included with Lion (albeit as a private framework, meaning that you have to add 50MB to your download size)
• Just like Ruby 1.9, except….
  • "foo" is-a String is-a NSMutableString is-a NSString is-a NSObject
  • "foo".methods(true, true) gives you both String instance methods and NSMutableString ObjC methods
• Script Mac apps more easily than AppleScript, write GUI apps more easily than ObjC
• (whispered) “Apple’s not very good at making programming languages”
• Target your apps at the Mac app store; smaller market than iPhone/iPad, but higher selling price
• Pixelmator uses MacRuby
• cf. Aimonetti’s “MacRuby: The Definitive Guide,” currently available free
• Q: What about native gems?
• A: Work around for now

Why is configuration management software written in Ruby?

Richard Crowley, DevStructure

Puppet

• Puppet was written by Luke, who was tired of using CFEngine and juggling text diffs
• Ruby won over Perl (creaky) and Python (autoload behavior)
• Puppet’s autolaoder globs over source files and looks for types, which are defined using an internal DSL (better than const_missing?)
• But this takes away context; shouldn’t have to ask:
  • Can I define classes in this scope?
  • What’s the full name of this constant?
  • Can I return from here?
• Puppet resources use their own syntax
• Extensive color-coded logging

Chef

• Similar goals to Puppet; different philosophy
• Uses Ruby’s own module/class/method model, rather than defining its own
• Disadvantage is that it doesn’t offer Puppet’s autoloading behavior (because of the way Ruby loads constants)

Codifying sysadmin tasks

• What people used to use Perl for when shell wasn’t good enough
• Ruby is a better Perl (blocks are better than backslash sub refs, objects are part of the language)
• Both Perl and Ruby need to worry about CPAN/RubyGems upgrades outpacing OS package managers
• To help, offer regression testing, semanting versioning, slow/steady release cycle
• Rake’s dependency management is close enough to make to be familiar to sysadmins
• Capistrano = “for loop + ssh + rake”

Marionette Collective

• Middleware for sysadmins
• Lots of small tools (“It’s a UNIX system. I know this.”); e.g, mc-find-hosts, mc-ping
• STOMP publish/subcribe protocol
• Good for tasks that start their life as scripts (so trivial they don’t need tests), then grow
• MC adds idempotence, (N > 1 just like N = 1, like HTTP PUT)

Ruby as a better shell scripting language

• Sometimes you need more data structures than POSIX scalars, Bash’s 1D and associative arrays
• Not just File class, but also Process, Etc
• Composable, but make sure you declare inter-file dependencies (e.g., you have to require a lot of stuff if you just want devise/orm/active_record)
• From the perspective of foo.c, don’t trust that youre dependencies are met
• “Magic is the enemy of operable. It’s OK if your code looks like code;” e.g., has require statements

(Anti-)Patterns

• External DSLs offer good brevity, but require developer restraint
• Internal DSLs obscure Ruby code
• Dependency programming offers powerful failure handling
• Idempotence helps avoid the fear of running a tool twice
• We should steal Python’s “explicit is better than implicit”

Design Hacks for the Pragmatic Minded

Kyle Neath, GitHub

• Even developers need to design; e.g., docs, admin pages, side projects
• Designers vs. developers is a false separation; it’s more like a spectrum
• We hear “designers who can’t code are worthless,” but what about “developers who can’t design are worthless?”
• Steal everything, but just during the learning phase
• Good design is just a collection of hacks

Typography

• Stop trying to be fancy; classic fonts go a long way—start off with something simple and go from there
• Play with font weights and styles
• cf. Twitter’s mix of different Helvetica weights within one tweet
• Increase line height
• Baseline grids are helpful, but don’t obsess

Color

• On the web, color sets expectations (hyperlinks)
• Don’t use color just for the sake of color
• Start the design in greyscale, add color later
• Mix a little of the background color into otherwise grey borders / text
• Gradients: use blend mode + (overlay or color burn)
• When you add black or white color, add saturation too

Icons

• Don’t be afraid to use stock icons / images. “Salads are hilarious and spice up boring pages. Single women love sitting alone with their salads.”
• Icon sets are cheap; e.g. Pictos has 648 icons for $240. See also Helveticons

Spacing & Alignment

• When in doubt, padding = margin = font size
• On the web, “grid” usually connotes just horizontal alignment
• Shout-out to 960.gs
• Align things (well, yeah)

Visual Hierarchy

• Group related elements together
• Think about what owns each box (e.g., a particular user, the whole site)
• Write an outline of your UI elements
• Take the squish test: shrink your design down and try to make sense of it

Presentations

• Big fonts; make it stretch from one side to another
• 80 characters wide are too many (“Did you know that Ruby code doesn’t have to be accurate in slides?”) => brevity over correctness
• 40 characters wide, ~4 lines, fonts as big as will fit
• Step through code one line at a time, with ellipses in the middle bits
• Does it look sleek? Increase the contrast. Add a 75% white overlay and see if you can still read it. Try again with a 75% black overlay. These will help simulate a projector

Become a better designer

• Have side projects; e.g., redesign your blog
• Practice > books
• Q: Everyone should read Knuth on use of color and information theory
• A: OK.

Exceptional Ruby

Avdi Grimm

Exceptions as contracts

• cf. Meyer’s Design By Contract
• Contracts may be implicit or explicit

• Errors happen when a method is unable to fulfill its contract

• Weirich likes fail over raise unless reraising

• Can monkeypatch raise for fun and profit (e.g., terminate, jump to console alla “hammertime” gem, or explicitly forbid double-raise)
• Internally, raise calls #exception to init the exception, sets backtrace and $! “global” (actually thread-local), and transfers control
• This means you can define your own exception() method, like to_s
• rescue with no raise will only rescue StandardError (excludes a number of types)
• Ruby uses === (“threequals”) to match exception types
• Best not to return explicitly from ensure clause
• retry is good, but watch out for infinite loops
• If you raise from a rescue, the original exception is lost; if you must do this, wrap the original exception in your own exception class
• You can reraise the same error type and a different message

What to do once you’ve caught something

• Return nil or benign value (e.g., {“stock quote” => “”}), log, report (e-mail, service) — but be careful! Avoid the failure cascade (cf. Nygard’s Circuit Breaker, which is either open, closed, or half-closed)

Philosophy

• Exceptions are…, well, exceptional
• Invalid user input isn’t exceptional
  • Is this really unexpected?
  • Am I prepared to end the program/request?
• cf. PragProg “Will this code still run if I remove all the exception handlers?”
• Instead, use catch/throw like Sinatra/Rack
• Array and Hash define #fetch — pass it a missing key, run a block. The caller decides!
• Treat “begin” as a code smell
• Critical methods need known exception semantics (e.g., crash loggers)
• Be specific when you swallow an exception (e.g., rethrow unless the message matches something specific)
• Define library-specific exception base classes for easy catching
• http://spkr8.com/t/6913

Exception testing harness

• Recording software to record where each piece of tested code calls an external method
• Playback software to assert that a method that throws anywhere at any call point either finishes completely or has no effect

You Got Ruby In My PHP! (You Got PHP In My Ruby!)

Rein Henrichs

PHPfrog

• Varnish cache, nginx load balancer, app servers read from DB master w/slave, app servers fail over to shared environment
• Got rooted, even on servers he didn’t know existed
• Sheer fright (Freddy Krueger, Progressive Insurance spokeswoman)
• “DON’T PANIC” –> “STOP PANICKING”

What to do

• Assume everything is compromised, and shut it down
• Keep the data, and analyze it / show it to your lawyer
• Disclose; it sucks, but the bad thing (you don’t control) has already happened. Control what you can control: your behavior
• Reset all passwords ($300 / hr can brute-force gazillions of SHA-512 hashes)
• Recover: don’t turn on the systems that were just hacked; start from scratch

Get your users back online first

• Be honest and open about the nature of the exploit, how your users were impacted, and your fix
• “It’s our fault that we got hacked”
• “I hope, honestly, I scared the shit out of you”
• Q: What does this mean for your security policy?
• A: It means we have one now

The Ruby Environment

Bradley Grzesiak, Bendyworks

• Speaker’s background in rocket science
• “This is a robot, and technically it’s not falling… technically, that’s not true” vomit comet (the 1.8g gets you)
• Ruby is great, but it ain’t rocket science (“This is testable, Navier-Stokes isn’t”)
• In engineering, “version control” == copying filesn
• He quit his dream job (said his father’s advice to “sleep on it” was hokum) for a startup
• Does Matz’s “optimize for programmer happiness” apply to the work environment?
• “The things that go on outside a computer are really important”

Outside

• “Location, location, location” (not very DRY, an audience member pointed out)
• They located themselves in downtown Madison, within walking distance of food / coffee / alcohol / music / design firms
• Work –> Drink –> Hack doesn’t work if you have to drive

Inside

• Easiest part of the environment to effect
• Embrace people’s extracurriculars (Rubik’s cube, Elmo, whatever)
• Even if it’s not officially sanctioned, get a liquor cabinet
• “Some days warrant a shot of bourbon. On a related note, get a futon.”
• Bullpen arrangement; no headphones except for Skype (protip: set up your Skype camera from the side)

People / Habits

• Hardest thing to affect
• Choose activities that bring people together (wikis, standups, aweome@... e-mail address, http://awesome... site, book clubs, contests
• P(air)ATFT
• Hiring process requires extended pairing (as a paid subcontractor)
• Discipline over distraction (“we’re professionals, but we don’t have to act like it”)
• Invest in memories

Quick and Dirty Apps with Sinatra, DataMapper, RestClient & Heroku

John Britton

• itsinyourfuckinggmail.com
• callcongress 888-491-2262
• Hosted on Heroku, returns XML with tags, redirects to POST to /people
• Builder for templates
• Twilio for the connectivity
• DataMapper w/Entrant class
• cf. cloudhead/http-console, htty

Java in Ruby: Suntory Time

Tom Enebo

Video

• Checked exceptions: who needs them? (applause)
• Generics: not necessary (type erasure)
• AOT compilation of classes that depend on each other? Use the --java flag
• Method / field accessibility? JRuby ignores the flag. This is a feature. “It’s a really weird culture that likes to have handcuffs put on them.”

Ruboto: JRuby on Android

Charles Nutter

Video

• ruboto-irb is an Android app (available in the marketplace) — not just IRB, but also a script editor and storage
• ruboto-core is a packager of JRuby apps for Android. It bundles a stub launcher, a bit like rawr
• Contrast with the official Android Scripting Environment, which cannot access all the platform’s APIs
• Slow startup. “Absolutely not our fault, finally.” (laughter) Apache Harmony’s reflection APIs are slow to boot; “someone” is working on it
• ruboto.rb is a DSL for creating GUI elements, but it’s not that much more work just to use the official APIs
• Q: How to be economical with memory on the device?
• A: Don’t create too many objects. Most of the bottlenecks in JRuby apps running anywhere are related to the sheer number of objects and GC timing
• Q: What’s the toll on the battery?
• The screen!
• Q: Testing?
• A: Most of the APIs (e.g., accelerometer) have stubbed versions that are callable in the emulator or standalone

Extending JRuby

Jeremy Hinegardner

Video

The problem

• Official extension API (Standard Ruby libraries already use it!)
• Showed how the “hitimes” cext –> JRuby ext port works
• Provides one wrapper for 3 different OS names for essentially the same ASM
• @JRubyMethod annotation (possibly w/“module=true” parameter)
• JRuby C extensions (now, the warning just says it doesn’t support mkmf “very well”)
• Regular Java-written extensions still better for overhead / stability / debugging / AppEngine purposes

Real Software Engineering

Glenn Vanderburg

Video

• Software engineering “doesn’t work” as taught in universities, practiced in industry
  • Control cost/schedule
  • Produce high quality
  • Produce at all
• People had to unlearn a lot of software engineering preconceptions when they joined the software workforce.

In the real world, the term “engineering” is restricted to things that work. Why the terminology mismatch? Misunderstanding of two terms: “software” and “engineering.” SE is a caricature of engineering, built by people who didn’t understand either.

First mention of the term was at a NATO conference in 1968. Original proceedings said testing should be “interlaced” with the design. Also said we should start with mocks / models, then nudge them toward reality from iteration to iteration. A year later, “everything went wrong.” Royce’s warning against the “doomed” waterfall somehow got read as an endorsement.

So, software engineering has been biased towards the “defined process control model,” in which the scope of every step is known, and the result of the process is predictable / repeatable. cf. Parnas’s “A Rational Design Process.” BDUF approaches were geared toward fixing errors early, when the cost is cheaper; trouble is, that didn’t work.

Software engineers have model / math envy. cf. Z notation, Parnas’s mathemtatical expressions notation, UML—most of these are (fortunately) dead. Trouble is, these don’t look any easier to read/write than code.

Critics of software engineering say you can’t just “put something in one end and turn the crank” (Eckel). But that’s not what engineers do!

“Emprical process control model,” where frequent inspection / adaption react to unpredictability, is a much better fit for software development.

Classically, software engineers say things like “Cost shouldn’t be an object when the goal is to do everything right.” But cost is always an issue! Any idiot can build bridge over a ravine; just fill it entirely with rocks. Engineering is the art of optimizing a design within constraints, one of which is cost.

Glenn says that engineering advances come from practitioners. (Not sure I’m on board with that one, if he means “only.”)

cf. Maillard’s bridge designs, which were built after experimentation with prototypes, not extensive mathematical models. Mathematical models were introduced to engineering as cost-savings tools, not as proof that a design works!

Old, bad analogy: engineers –> blueprints –> laborers –> final artifact :: engineers –> diagrams –> code monkeys –> final source. Correct naalogy should be engineers –> source code –> compilers –> final artifact. The third step (construction) is structural engineering’s most expensive part, and software’s cheapest part. So the right, rational bias for software should be for an empirical process.

What does an empirical process for software look like? Feedback / iteration time / risk are related. Evaluate / iterate requirements with the customer every few months (high risk); evaluate individual code statements in seconds (small scope).

The JRuby Testing Story

Ola Bini

Video

Intersection of testing and language geekery: using JRuby to test Java.

Why do we test? Check our thinking. Find defects. Prevent regressions. Drive design. Provide usage examples. Facilitate change (refactoring). JRuby’s early interperters, compilers, and representations were heavily refactored; the comprehensive suite made this possible.

Test doubles

Dummies are passed but not used. Fakes are working implementations w/shortcuts (). Stubs give canned answers. Spies record calls. Mocks verify that the methods are called correctly.

Lots of Ruby mock libraries. Most work the same on JRuby, and (with some caveats) can test Java code. Java testing and mocking libraries can test some Ruby code and can plug into environments / IDEs, but miss a lot of Ruby-specific behavior. Best option for testing Java code is to use Rake + Ruby tools + Ruby doubles.

Mocking limitations: setting expectations in Ruby that Java code is supposed to fulfill. RSpec mocks can mock methods on Java interfaces, but not on Java classes. This is because JRuby uses Ruby proxies for Java objects (which the Java universe has no knowledge of). JtestR (with Mocha) works around this by rewriting JVM bytecode on specific object instances.

Mocks Suck (and what to do about it)

Brian Swan

Video

“Mocks suck.” Y2K was the year the world was introduced to mock objects. cf. “Endo-Testing” paper in 2000. Don’t confuse with MockObjects™ testing style, which seeks to avoid using getters (uses things like the Visitor pattern instead). RSpec muddies the waters by treating mocks, stubs, and doubles as meaning the same thing.

Presenter feels that behavior verification and “mockist” style TDD suck. Do you really care that your object called the find_by_title method of the Book class? Are you really checking anything at all? This style couples tests / implementations too tightly, inhibits refactoring, and might not actually be testing enough.

Presenter doesn’t like fluent-style APIs. Says they add noise, and are hard to revisit later. (I find the opposite, but anyway….) Also doesn’t like the “assert first, then run code under test” ordering. (This I agree with.) (slide: S-S-A; ass backward—get it?) cf. Marick’s during / behold! notation.

But the outside-in BDD-style design aesthetic has advantanges. No-getter style is all well and good if you’re coding from scratch, but is little help if you’re using a framework. MVC uses getters.

“Don’t mock types you can’t change;” e.g., 3rd-party code. But then you end up writing an extra wrapper layer, and mocking that. “Don’t mock (immutable) value( object)s.” “Allow queries / expect commands;” meaning: stub queries / mock commands. “Specify precisely what should happen and no more.”

Alternatives? Use the real object (fixtures?). Favor stubs or spies over mocks. Use libraries that don’t impose reverse order (mockito, Not A Mock, rr, or even by interrogating RSpec mocks after the fact).

Testing – Why Don’t We Do It Like This?

Jim Weirich

Video

How many people are doing unit / acceptance / TDD? Most of the room. “We are living in a microcosm of testing,… and we think that everybody’s doing it.” Outside this venue, testing is still the exception and not the norm. How many of us are happy with our tests? Not so many. What don’t we like? Mocks. Overspecified. Brittle. Slow. Overlapped.

Jeff Nielsen says developers lose patience if unit tests > 10s or check-in tests > 10m. Any longer than 10m, and the dev leaves for the day before they finish (and fail).

Mocks are for external services or protocols; nothing else. Test smells: mocks returning mocks; false positives / negatives (because you have to change both the mock and the code under test).

Factories can create one in-memory object, but all of its associations live in the database—still slow. (He didn’t try an in-memory SQLite3 database, though.) FactoryGirl.attributes_for (in-memory hashes of attributes) work, and are faster than mocks! Just creating objects in memory, though, was the fastest by far. Instead of testing for !save, test for !valid.

Custom assertions make tests legible. (Yup, that’s why we use RSpec.) In tests, clarity is more important than DRYness.

Don’t test private methods. Move the behavior into a separate class, and test that.

Use describe for objects / methods, context for modifiers / setups. Don’t worry; context was not deprecated when they added describe to the language.

Refactor your tests! Use RSpec’s let construct, which makes a lazy initializer and only runs the code once (he didn’t say whether it’s once per context or once per test).

Could you write the code using only the specs as a guide?

Rails 3 With a Double-Shot of JRuby

Nick Sieger

Video

“Ruby is the glue that doesn’t set.”—Dave Thomas. This hit home with Nick, who likes to do collage work.

JRuby is its own enterprise integration toolkit. You don’t need enterprise beans and all that stuff.

JRuby 1.5.3 is out. JRuby 1.6 will have 1.9.2, cexts, dynopt, java, performance.

Rails 3 is fully JRuby-compatible (“designed to work” with JRuby). JRuby team has been running its own CI server with the Rails test suite. By Rails 3.1, they might not even need the “-m http://jruby.org” flag to “rails new”.

A new version of activerecord-jdbc-adapter is coming; it will support the three big Rails databases (MySQL, SQLite3, Postgres), plus a bunch of others (Oracle, SQL Server, DB2, Derby, etc.).

Why JRuby with Rails? Faster than Ruby. After enough requests, HotSpot exceeds 1.9.2 speed on some benchmarks.

Picture: “Here’s a guy getting a stare-down from a llama.”

Some faster libraries, too. jruby-memcache-client is much faster than the regular Ruby memcache-client. Some gem name clashes; e.g., JSON. The team is looking for a way to pick up the right gem for your platform seamlessly.

There are some unique libraries / combos as well:

• flying_saucer (X)HTML-to-PDF converter
• ehcache fast + configurable caching library
• Neo4j + Lucene
• Lucene + ActiveModel = document database

Other tools:

• Easy deployment w/all dependencies in one .war (Warbler). Code obfuscation through compiling
• JRuby::Rack plugs Rack into servlets. Preliminary JMS support.
• Trinidad = Tomcat server packaged into a Ruby gem
• Torquebox = JBoss equivalent
• Glassfish =, well, Glassfish equivalent

So You Think You Need a Rewrite?

Chad Fowler and Rich Kilmer

Video

On rewrites…. “People still think that’s a good idea” cf. Chad’s “The Big Rewrite” How to know when it’s time? Bob Martin says green fields “lead to horrible messes.” That field looks green from a distance, but what do campers tend to leave behind in green fields?

Don’t use velocity as a reason to sell a rewrite; velocity is an artificial metric for planning, not a real thing.

On a rewrite, the existing system is the spec!

Rich says a rewrite is always an invention, not an implementation (in terms of Zed Shaw’s C2I2 theory). (I dunno about that, I feel I’ve seen rewrites that were just plain implementations.)

It’s important to manage expectations: there may be downtime, the customer may have to run the old system alongside the new for a little while, etc.

“The old days of having a single technology stack are gone.”

Risk: start a rewrite, get pulled back into maintenance of the old system, see the new system get written by consultants who don’t know the domain.

Risk: management determining technology. “I installed Rails on my computer and made a weblog, so we’re going to replace our existing infrastructure with Rails.” “The vendor took me out, we partied, and now we’re going to use his tech.” “The vendor took me to a Scotch tasting….”

Horror story: Certified Scrum Master letting an entire meeting of “I didn’t have time to do anything this week, either” slide: “Okay, great call. Talk to you guys next week!”

Good system boundaries and interfaces can help.

Chad and Rich say you’re going to have to clean up and maintain the old system. (Maintain, maybe, but why clean up?) cf. the Mikado method of cleanup.

Take the emotion out of the process; change one thing at a time (using technologies like Edge Server Includes); measure.

You have to have a reason to do a rewrite (i.e., not just new tech).

Chad and Rich say “code is cheap; knowledge is value.” (I think knowledge should be expressed as code.)

cf. Brooks’s “Build one to throw away.”

Rich: never call it a rewrite. Just call it a refactoring or someting. (“I’m just going to refactor this app by, um, throwing all of it away and starting over.”) Keeps the business people from freaking out about it. And don’t tell them afterward!

Business Ninja 101 – or how to make money in technology (…without

violating geek ethics) ##

Randall Thomas

Video

We like JRuby. Why would somebody pay you to do something you like? We get paid to solve problems for somebody else.

Frederick Winslow Taylor (scientific management guy) “screwed your life for the next 80 years.” Directed vs. undirected labor. “Knowing exactly what you want men to do and then see in that they do it in the best and cheapest way.” Unqualified people don’t tell your dentist how to do his job; why do they do this to software people?

Randall proposes taking the same metaprogramming techniques and patterns we use and applying them to our interactions with people. Software people find it hard to explain what they do to nontechnical people.

Discussion of economic models of human behavior (including caveats about human rationality in the real world): utility function, prospect function, risk aversion, loss aversion….

Loss aversion: if you say the project can’t be done in time for the ship, your manager may say, “We’ll just bring in more people / offshore this / use these guys in Russia.” Like doubling down on a bad hand in poker. Or saying, “We committed to Thursday; I don’t care if you have to stay up all night and write twice as many bugs into the code.”

Equality bias: people will turn down free money for everyone in the group of they think someone else in the group will get more money.

Other biases: attribution bias, diagnosis bias, decoy effect. If you want them to use Ruby, juxtapose the Ruby alongside something much uglier.

“First, do nothing stupid.”

Randall’s Maxim of the EndUser:

1. People will often pay you for stupid shit.
2. People often don’t know that this shit is stupid.

Anosognosia: unawareness of one’s own disability. cf. Dunning/Kruger effect. “I don’t know about you, but I’ve worked for that guy.” You can’t be trained out of the Dunning/Kruger effect.

When dealing with nontechnical people, focus on economics. Use a common (not Lisp) language.

Must. Try. Harder.

Keavy McMinn

Video

“Your life resembles a car crash.” Ironman triathlon. “I took that challenge on like it was the fight of my life. Which, of course, it was.” How athletes prepare for and work towards their goals, and how we might apply that toward our own goals.

Decide what you want. Relationships may suffer, even with those who support your goals.

Who can support you? Friends. Family. People who have already done the thing you want to do.

Multiple levels of goals. For example…. Base goal: finish Ironman in one piece. Higher-level goal: finish within x time frame.

Do the work. Specific practice: some practice sessions focus on speed, some on endurance, some on strength, etc.

How to deal with the risks of (say) cycling? Go back to the “who can support you?” question. She found a cycling coach to ride along on the descents, shouting “Do not brake!”

Asses what you can control. Practice that control. Accept what you cannot control, and don’t waste time and energy fighting it.

Story: a leading biker breaks a chain. This is not under her control. She has to wait for the race mechanic. She takes care of the things she can control: she gets into the shade, eats, drinks, talks to the locals. Reassesses her goals when she’s back on the bike 45 minutes later. Old goal: win. New goal: finish strong. Going into the run, hears that her competitors are wilting. New goal: finish in the top 5. Wins race.

Recover. In sport, the recovery period is when you actually get stronger. In business, recovery / vacation is looked down upon. In sport, it’s vital.

Reflect. Figure out how to eradicate negative experiences, repeat positive ones. Get to know yourself—what you’re capable of, physically and mentally.

What do you get back from all this? Cake.

“I’ll start with an obstacle, because I’m from Glasgow and that’s just what we’re like.”

Good conversation with audience member about negotiating training time w/friends & family who might otherwise feel neglected.

Your Customers Aren’t Stupid and Your Coworkers Are Not Incompetent

Joe O'Brien

Video

Sales shouldn’t be about convincing someone to do something they don’t want to do, but about finding a solution that works for them.

Andy Hunt refers to the brain as a dual-core computer with a shared bus.

Stereotypes: they’re not just for racists. They’re a set of beliefs you’ve abstracted from people. cf. RubyConf Orlando, which shared the conference center with a tanning convention. We keep telling ourselves we’re surrounded by less intelligent people. But it’s not necessarily that we’re smarter—it’s that our processors are running at a fast clock speed.

Joe asks: as geeks, what do we think about Southerners / right-wingers / Christians? (My reaction: many geeks are Southerners, fiscal conservatives, and Christians. Several minutes later, he used the word “religious” meaning “strict about Agile.” Interesting choice, given the comments on religious stereotypes earlier.)

Velocity goes to zero for iteration 3. Why is that? The Hawthorne effect peters out. (I just checked the JRuby charts in Pivotal Tracker. We literally did go to zero velocity in the third week we started tracking.)

Dreyfus model: everyone goes through the same stages as they learn things. A novice wants zero context and all rules. They desperately need a win—something to feel better. Little concern for learning. High concern for when things go wrong. They need recipes. Think call centers w/decision trees.

The GoF book was written for people further up the Dreyfus Model. But begineers read it and apply it as a set of recipes.

Discussion a while back on the GoF book:

• @pragdave: Some people treat the GoF book like the Bible!
• @glv: Yeah, and they even use the red velvet bookmark thing.
• @pragdave: I like to call that the fuse.

The majority of experts make terrible teachers for novices. Send the new guy into the wizard’s office, and he’ll come out crying.

Rules ruin experts, even if the experts were the ones who wrote them. cf. Dreyfus model experiment w/aviators.

When you’re learning a new skill/language, it’s important to allow yourself to be ignorant.

JRuby – Making the World Safe for Democracy

David Bock and Arild Shirazi

Video

After the USSR’s collapse, new nations suddenly had borders to control and economies to worry about. They had infrastructure for building military stuff. It was in everyone’s interest to help these republics control their borders. Of particular interest were dual-use materials, which have both peacetime and wartime uses (e.g., golf clubs and nuclear reactors; beer brewing and biological warfare).

expectmore.gov is helping countries (esp. Baltics) dispose of nuclear material. How can these countries collaborate if they don’t trust one another? cf. the Stone Soup parable. We can’t get these people to sign a treaty, but we can all collaborate on some software together.

Import/export control/licensing system: cross-platform, i18n, little infrastructure required. 1997: Java! “We are going to give you software and computers; you tell us what the software needs to do.” 1998: Swing app. Helped Poland join NATO. 1999: it had evolved into useful software (Tracker: http://trackernet.org). JBoss server, session beans. Technology-wise, the software was complete / mature in 2006.

Original users wanted modernization effort: rich web app. Needed to lean on legacy Java code. Original team had moved on. Enter JRuby. Wanted to use Rails.

ActiveRecord facade for the Java business-logic code. Live editing of i18n text labels (Shift-Option-click, or something like that). Java’s property files + message API made that easy. e.g., imagine translating "#{n} files" as “no files,” “one file,” “a pair of files,” or “123 files,” depending on the number.

Random Notes

flying_saucer can create PDFs from HTML. CSS and image URLs need to be absolute, near as I can tell. Might be a good candidate for producing PDFs from Showoff (assuming we can solve the Markdown problem).

RSpec mocks support Not a Mock / rr / Mockito-style after-the-fact assertions, which leads to simpler tests.

The conversation about the role of mathematical models is one that should continue. I want to say, “Yeah, empiricism!” And I want to consign the Pricy-Tool-Driven-Development methodologies to the dustbin where they belong. But I don’t want to do so in a way that rules out Dijkstra-style algorithm proofs or transformation (from safe code to C, or recursive to imperative) proofs.

Is it possible / easy / a good idea to port Reg Braithwaite’s andand library to a Mirah macro?

The i18n / l10n stuff used by the Tracker 7 folks was brilliant. Is that something that was already there in the Java APIs? How can I haz it?

Jim Weirich’s challenge: could you write the software from just the specs?

Okay, so this wasn't a Whyday project by design, meaning that it didn't have celebrity worship written into it from the start. But it definitely had to do with teaching programming to newcomers, one of the many activities encouraged on the Whyday site.

So what was it?

At my day job, we throw a pretty decent Take Your Kids to Work Day when we remember to. Not content with making Little Bartholomew or whoever sit through endless TPS report summaries, we teach 'em how to play Ultimate Frisbee, what's inside a computer, and whatever else we can scrounge up co-workers to show off.

When the call went out for ideas, I remembered this motivating robotics presentation given by Jim Larson and Brett Nelson at Open Source Bridge. Perfect!

Brett and I sat down and swapped ideas, and we figured we could teach three classes of sixteen kids how to program robots. The robots were an armful of Babuinobots that Brett designed and built.  The software was Blocos, a puzzle-piece-like programming language that generates Cricket Logo behind the scenes for execution on the robot.

When the spark of enthusiasm met the powder keg of instant gratification, we ended up with a kaboom of ideas.  The kids were rapidly outpacing the simple tasks we had set before them, and were choreographing their own robot dances, designing obstacle avoidance routines, and most of all, having a blast.

(download)

Click here to download:

Happy_belated_early_Whyday.zip (408 KB)

(download)

Click here to download:

4-evade.3gp (80 KB)

Andre Weimerskirch

Feature activation: generate income after original sale. May be pay per use, trialware, or pay once. Customers want more “horsepower” in their devices. They will look for codes on Google.

Cryptographically speaking, there are two ways of implementing feature activation keys: symmetric and asymmetric ciphers. Symmetric uses one shared secret. Asymmetric uses public/private keys.

Key is often a function of equipment ID (type / serial number), customer ID, timestamp, etc.

Manual activation codes typically use alphanumeric codes, which are roughly 5 bits per letter. So a 32-character code is about 192 bits of information. Consumers will tolerate about 10 characters, which is only about 50 bits of information.

Symmetric

HMAC = Hash-based Message Authentication Code. Like a digital signature, but symmetric. Every party needs to share a key (distributed over a secure channel), which is inconvenient. But the protocol is more efficient.

Attacks: try all possible keys, JTAG, backdoors. So: temporarily (~ 10 min) lock the device after several failed attempts, lock JTAG, avoid backdoors.

If an attacker gets a key, he can generate new activation codes. To make sure that only one device can be compromised at once, don’t use global keys. Use one key per device.

Asymmetric

Need some communication channel between server and device. Only have to distribute public keys. Certificates enable a network of trust for keys. Only as trustworthy as the issuing authority. Manufacturer gets a certificate from an authority, then provides an activation infrastructure.

Codes can’t be entered manually. Calculations are expensive. Don’t need to read-protect key; just write-protect it.

Returns and Transfers

Device generates a return code. Server verifies return code and generates new activation code. How to do returns / transfers without accessing the central server? Dangerous. Always keep the server in the loop.

Secure Flashing

Verifies digital signature on the firmware image. Requires a public-key infrastructure, so you can verify that the firmware came from the source it says it was, and is unaltered. With this, the customer can “prove” a software bug isn’t his fault (because he can demonstrate he hasn’t changed the firmware). You can also use a different key pair for newer models, so that customers can’t accidentally install an incompatible software version.

General Advice

Use symmetric keys for their simplicity and efficiency. Feature activation requires platform integrity. TCPI can detect a compromise after the fact.

Base your strategy on likelihood and impact of compromises.

Michael Barr

A few bug-killing rules can go a long way (e.g., “if (0 == x)”). Standards are mainly for quality; but they can also help with style, portability, readability, and security. Make your embedded firmware better (43% of pacemaker recalls were firmware-related)!

Many shops have standards, but have team members who fail to follow them (at this point, one audience member pointed at his neighbor). This can be a sign that the standards are arbitrary, fussy stuff about braces when they should be about bug killing.

Maintenance bugs come from broken assumptions. Adopt a “zero bugs… period” principle in your architecture, process, and code. Treat all software as “work for hire” and “someone else’s property” (I think he means collective code ownership; terms like “property” are icky in software discussions).

Choose rules that you can enforce, preferably automatically (specific modules might need exceptions). Presenter’s a big fan of MISRA.

C specifications have different kinds of undefined behavior:

• “implementation-defined” means do something, do it consistently, and document it
• “unspecified” means compilers don’t even have to be self-consistent
• “undefined” means compilers can outright ignore code, on the assumption that it’s buggy

A few sample rules:

• Use C99
• if/else/for/while/etc. must have braces (safer for macros, maintenance)
• Each brace gets its own line (not a bug-killing rule)
• Use static, const, and volatile liberally
  • const can be applied to individual struct fields!
  • If a variable can be seen from more than 2 places, use volatile
  • C++-style comments are okay, even in C (fun fact: the implementers meant for the original C to have these, but had to take them out for space reasons)
  • Use #if 0 or #ifndef NDEBUG to disable code

Gwyn Fisher

Around 50% of respondents are doing some kind of iterative development, either overtly agile or at least informally iterative. Agile projects have penetrated even large organizations like banks, defense contractors (“missiles have an operational lifecycle of 30 seconds; a memory leak isn’t important”), etc.

“Snobbery is alive and well in the development process;” e.g., “If your timebox is more than four weeks, you’re sniff not doing agile.”

In agile, “pay yourself first” stops working if you can’t get to the end of an iteration with working software. So be extremely wary of carrying bugs from iteration to iteration. Presenter likes to use a physical board with note cards—red for bugs. “Bug debt kills projects”

Agile is about “people, not processes,” right? So it’s no surprise that agile tools are mainly about people and teams (except Continuous Integration).

The fancy code tools are all for “nonsense” (i.e., scripting) languages or big languages (C++, Java). Straight C, not so much.

Source code analysis can help catch:

• Logic errors
• Security vulnerabilities
• Match to architecture
• Concurrency problems
• Software metrics

Static analysis is an “unsound” analysis; i.e., not provably complete. The sound analysis tools are academic and take all night to run; not a good use of your time.

After doing source analysis, you’ll immediately fix all the “facepalm” dumb stuff. Then the tool will give pointers on where to look for the hard concurrency stuff.

“If we suspend our disbelief just for a moment” and assume people actually use Visual Studio (or that Vim gets a GUI), then he can show us a screenshot of Visual Studio doing IntelliSense-style bug annotations.

How do C programmers refactor? “With prayers.” Or by typing and getting it wrong a lot.

“Refuctoring” = taking a well-designed piece of code and, through a series of small, reversible changes, making it completely unmaintainable.

Code reviews are boring or humilating, depending on which chair you’re sitting in. Some organizations do it backwards: they review the high-paid architects, but not the intern down the hall. Instead, treat it like a social network (“Everyone with an ironic beard” uses Twitter), in that you use it how you want to, asynchronously, all the time. “Don’t require the architect; appreciate their presence.”) Code review will cost you time, but it will save you more time.

Presenter gave an example of a hypothetical 10-person team doing 1-hour reviews saving 40 hours per iteration. But… “you cannot run a communication-based process with just tools.”

Introduction to Qt

Gregg Lebovitz

Startd with the usual “what is Qt?” intro, plus a note that Qt comes in an LGPL flavor now (not just GPL or commercial). Qt isn’t just for GUIs; it’s got libraries for databases, networking, i18n, and so on. It is capable of per-thread message loops and cross-thread message posting. QtEmbedded is like Qt, but uses framebuf instead of X11.

Here’s the presenter’s quick “hello world” example:

QtApplication app(argc, argv);
QLabel* label = new QLabel("Hello world!");
label->show();
app.exec();

The basic unit of the GUI is the QtWidget. Each widget has a parent, which will automatically show/hide/delete its own children automatically when needed. A widget with no parent becomes a top-level window. QtObject-derived objects (including widgets) must be heap-allocated.

Layout managers (e.g., VBox and HBox) live in their own hierarchy separate from the controls. Adding a widget to a layout automatically re-parents it to the widget owned by that layout.

Qt uses a “makefile-maker” called qmake (like autoconf or CMake) that turns “.pro” (project) files into makefiles.

Class demo on BeagleBoard; not enough supplies. >:–(

eZ430 Chronos Workshop

Adrian Valenzuela

This session covered the Chronos hackable watch. Did I say “watch?” I meant “development platform.” (FCC rules forbid calling it a watch.) Time didn’t really permit a full tutorial, but we did get a chance to take the things apart and learn about the development environment.

The gizmo has RF transmit and receive capabilities, which led the instructors to joke about “this radiation-safe room we’re in,” as a nod to the dead WiFi / cell zone this classroom seemed to have.

No point in repeating all the Chronos background material here; it’s all available on the wiki.