Hmm, figure that I really gotta start typing out my notes from the conference before I forget all the good details. So, here’s the blow by blow:
Monday, April 16th
Securing and Optimizing Web 2.0 Application Delivery
This was basically just big case study for using Citrix’s NetScaler content delivery controllers. The main point was the efficiency gained from rolling load balancing, SSL acceleration, and compression operations into a single appliance with provisions for scalability and reliability.
The company being examined was Foldera, a shared document library, which just came out of beta recently.
Building Web 2.0: Next-Generation Platforms
Concept: content scarcity. Data is being sourced from many independent (possibly small) providers. Examples: Joost and Bit Torrent.
Concept: parametric application development systems. Systems where end users have significant opportunities for customization via online interfaces or proprietary languages. Examples: Salesforce Apex and CogHead.
Challenges for parametric application development systems:
- Large Hardware Investment
- Dynamic Resource Allocation. Automatically provision infrastructure as application demand increases.
- Resource Equalization. Balancing I/O speed versus capacity, etc.
- New Application Model: 100% Automation. Restart, reimage, replace with minimal intervention.
- End of Gold Plated Server Room. Less big iron specialized servers, more commodity boxes.
Concept: data center abstraction. data centers are currently tuned to a specific purpose- going forward they will be more generic storage and message queuing systems.
Quote: “The most successful companies rely on others to run their data centers.”
Vulnerabilities 2.0 in Web 2.0: Next Generation Web Apps from a Hacker’s Perspective
This was the most well attended talk I sat in on. At first, I thought it was just gonna be big plug for the speaker’s company (iSec Partners), but after giving his background he zipped right into some good content, including an evolution attacks from parameter manipulation to cross-site scripting (XSS) to cross-site request forgery (CSRF).
Some attacks from the past are resurfacing again with Ajax. XSS checking needs to be done at more levels (dynamically generated arguments, in JSON data, etc.) He picked on Google Maps for a while because their Ajax style passes javascript functions back as data that are directly eval’d in the browser.
CSRF is a pretty ugly new attack style. It plays on open sessions. Say you log on to your online banking site and it uses a cookie to keep track your session. Say you leave the bank’s site without logging off. You happen across a malicious site with an Iframe that points to the bill pay form on your site. After the page loads in the Iframe, the form is autosubmitted by javascript with no user interaction or feedback. Yuck!
Random Site Mentioned: Redfin– a interesting real estate mapping mashup.
The Arrival of Web 2.0: The State of the Union on Browser Technology
Quote: “Web browsers have evolved from a life support system for plug-ins and helpers to a legitimate application development platform.”
Concepts:
- Multiple Application Robustness- ideally multiple Ajax applications running concurrently in a single browser instance (ie, in tabs) should not interfere with each other. Similarly, multiple javascript frameworks should work concurrently in one document without causing problems.
- Better Data and Code Integrity- coming in newer versions of Javascript.
- Mozilla Firefox- recently made major improvements in Javascript memory handling, vastly increasing Ajax application stability.
- Ajax Adoption Growing Rapidly- primary motivation is that the standard desktop release cycle is too slow.
- SOAP- never got good traction because it was hard to use. Mashups are stepping up as a replacement in some cases because they are significantly easier to implement.
Keynotes
The keynote presentations were held in large hall were all the conference attendees (and some additional press folks) assembled en mass (I think somebody said there 3500 people there.) Production values were pretty good; decent sound system and tons of huge projection screens. Not a bad seat in the house.
Conference Welcome
Hello, and welcome to the conference… blah blah blah.
A Conversation with Jeff Bezos
Full text and audio available here.
Jeff Bezos is the Founder and CEO of Amazon. He talked about Amazon Web Services, which consist of:
- Simple Queue Service (aka SQS) – I think I heard the name previously but didn’t really know what it was good for. After hearing more about S3 and EC2, its more obvious that the queue is used move data between your applications and within the Amazon Web Services.
- Simple Storage Solution (aka S3) – Storage in the cloud. I’d heard of this previously and have been thinking about using it for backups myself.
- Elastic Compute Cloud (EC2) – Computing capacity on demand. Using their vast network, they provide dynamically scalable virtual servers. You provide your own os images and configure performance characteristics and they add and remove servers automatically.
- Mechanical Turk – a framework for outsourcing and monetizing human tasks. Jeff mentioned that is was recently used to have thousands of people examine satellite pictures of the Pacific Ocean near Baja California to find boat lost a sea.
Built to Last or Built to Sell: Is There a Difference?
The basic idea was trying figure out whether there’s a difference between building out a start up with the intent to keep running or for the specific intent to sell out. After circling around with some not so relevant lines of questioning, I think they ended up with the obvious conclusion that there isn’t really a difference.
High Order Bit: Introducing Apollo
Apollo, is Adobe’s new (cross platform: Windows/OSX now, Linux later, after 1.0 is out) framework building desktop applications using web based technologies (HTML, CSS, Flash, Ajax, etc.) They didn’t really go into any technology specifics, but showed a few token demos (a presentation tool, an a standalone Ebay interface with offline capability, and some others).
I wasn’t really wowed by what I saw; nothing that shouldn’t’ve be done in straight up in a browser. Agree with Jay’s comment from the last developer meeting that it might be more interesting if the Apollo runtime gets applications out of the browser sandbox (like being able read/write local files.)
New for Adobe is the fact that both the Apollo runtime and the SDK are free. I’m guessing that the technology will be XML based as they say you won’t need another IDE to build Apollo applications.
In my conference goodie bag, there was an Apollo Developer Preview CD. I haven’t had a chance to play around with it yet.
Launch Pad
Launch pad talks are short, five minute presentations complete with a buzzer when time is up. Folks used them to plug new products, services, books, and technologies. Here were the 3 from this keynote:
- inpowr
A kinda new-agey approach to personal well being. A little too touchy feely for me. - Webex Connect
Webex’s answer to Salesforce Appexchange. Build and sell custom applications that piggyback on top of the Webex client. - Spock
A new search engine with a focus on people. Hard to describe, but very cool. Here’s screencast.
At the end, the audience can vote other favorite talk using SMS. They were supposed to be able to show the voting results in realtime, but ran into some technical difficulties. I think I heard the next day that Webex Connect took the trophy.
Web 2.0 Expo
After sitting around talks all day, have admit I wasn’t really into the mob scene at the expo. It was a crazy scramble for all the conference folks trying to vacuum up all the freebies. I got my Web 2.0 Expo shirt and some desk trinkets and that was about it. Some interesting observations:
- The Microsoft Booth was pretty low rent. No custom furniture or even graphics. Hand outs were photocopies. Equally strange was the booth for tellme (a recent Microsoft acquisition, more on them next update). It looked like a little park with an English phone booth, but no staffers.
- Google booth was cool. Google spelled out in 8 foot high letters. Not much going on there though.
- Nokia had the most hands on booth. They had a ton new phones out that could mess around with. I was pretty impressed with the n800. Its basically an iPhone, but has a lot more hack potential with its Linux based operating system.
- I checked out a few other new technology booths, like Vidoop and Kapow that were pretty interesting. These guys will be described further in my write-ups for talks on the following days.
Phew, that was just day 1!
Leave a Reply