I paid $200 to see all the O'Reilly Fluent Keynotes. These are my notes:
One of the speakers just lost his wife right before the conference. He has 7 kids. They setup a GoFundMe page for him.
There was a really gorgeous wall that went across the whole stage that was a projection screen.
The auditorium was only about 1/3 full, although it was very large. In general, the entire event felt extremely large, but fairly empty.
All the sessions are being recorded and will be available via Safari. If you went to the conference, you get access to Safari for free for 90 days.
Maggie Pint, @maggiepint, from Microsoft, a maintainer of moment.js.
She's a date and time specialist.
Moment gets about a million downloads a month. It's in practically everything.
She was invited to work on Moment. She went to their issue tracker and looked for
label:Up-For-Grabs in order to get started.
She found something fundamentally broken and suggested a fix. She didn't know how to fix it herself. She submitted 4 other PRs while waiting. They invited her to join the core contributor team.
She said she moved on from a not-so-great job and a not-so great marriage.
She went to Microsoft. She studied "Cracking the Coding Interview" a lot before the interview.
She had to move from Minnesota. She can now only see her son over the summer :(
She became the first woman to present in person to TC39 in the committee's 20 year history.
Apparently, the worse outage Azure ever faced was because a date time issue surrounding leap year (I think). Hence, they gave her a job as an SRE in order to focus on this problem.
She said that open source and the community lifted her up even though she wasn't some MIT genius.
tc39 is on GitHub: https://github.com/tc39
She ended up marrying Matt, the guy who invited her to help contribute to Moment.js.
What's cooking in AWS kitchens? Recipes for a better web.
Cherie Wong, General Manager of Amazon CloudFront
Authentication, authorization, security, UX.
Recipe 1: Authorization @ Edge:
KMS: key management server.
Amazon certificate manager.
Web application firewall.
Cognito is for authenticating users. It sends back a JSON Web Token (JWT). It creates a Node.js function using Lambda @ Edge. Decrypt the JWT. If the user is authorized, forward the request to the backend. Hence you can authorize and cache at the edge.
Recipe 2: Security @ Edge:
You can fetch content from S3 and then add security headers in before the request goes back to the user--all from the edge.
Recipe 3: Dynamic Image Manipulation @ Edge:
You can send a request with the image size in the query string. It can resize the image on the edge and cache it. You can also add digital watermarking.
Fresh from the oven recipe:
Content delivery + machine learning.
They were recognizing celebrities in a video feed using machine learning.
Here are more demos.
The future of the browser
Lin Clark from Mozilla, @linclark and @codecartoons.
She creates code cartoons. She's working in the Emerging Technologies Group. WASM and Rust are two things the group focuses on.
Browsers need to get faster.
Web developers are always pushing the web's boundaries.
VR headsets need to be updated at 90 FPS to avoid motion sickness. In a VR headset, you only have 11 ms to fill in 16.5 million pixels.
The future of the browser is parallel.
She covered parsing, style calculations, layout, painting in layers, and compositing those layers.
The browser chrome is another thing that has to be taken care of. In Chrome, the chrome is rendered by the same rendering engine as the page itself.
In 2008, Chrome started to run things using a multi-process architecture. It's part of the reason Chrome was faster.
The limitations of Moore's law started showing up in the early 2000s. The solution was parallelism via a multi-core architecture. However, it's hard to parallelize across cores. The easiest solution is to split up coarse-grained tasks. This leads to coarse-grained parallelism.
Hence, the fact that Chrome rendered the chrome and each tab separately is a good example of coarse-grained parallelism.
Chrome was starting from scratch. [Not entirely true. They were starting with Webkit.] It was harder for Firefox to catch up.
At Mozilla, they saw that they really wanted fine-grained parallelism. This is hard, but necessary. They spent a lot of time and faced a lot of risk to do this.
She covered project Quantum. Stylo lets CSS be calculated in parallel.
Next she mentioned the renderer and compositor.
We need to somehow do more parallelism in JS. There's only so much the engine can do to speed things up. How can we enable the apps to be more parallel? She mentioned web workers and shared array buffers. However, they were turned off because of the Spectre bug.
If you compile Rust to WASM and run it in a browser, you can take better advantage of parallelism.
We need coarse-grained parallelism (Chrome led the way here), fine-grained paralleism (Firefox led the way with Rust), and app code parallelism (which is being adopted by the standards).
It's spelled 'Accessibility', not 'Disability'
Scott Davis, @scottdavis99, principle engineer at ThoughtWorks
He mentioned serverless web apps, PWAs, conversational UIs, etc.
He's a prolific author.
Hit tone was more than a little "preachy".
20% of the world has some form of disability. It's the largest minority in the world.
Accessibility improves everyone's experience, not just those with a disabillity. For example, consider pinch to zoom or putting your phone on vibrate so you can get notifications even if you can't hear your phone.
He's from Denver, Colorado.
He kept talking about the width doors and how important that is. He said grocery stores are paragones are accessibility. He said that his grocery store removed an entire wall instead of having an actual door. [I suspect that doesn't work for bathrooms.]
Someone sued Winn-Dixie because their website was not accessible enough. They lost. Now, they must update their website blind users. There are lots of lawsuits levied against web sites under the ADA these days.
We use a keyboard and mouse to create websites, but that's not how most web users view a website. The majority of web traffic is mobile. The iPhone came out 10 years ago.
We don't spend enough time making our websites mobile accessible.
What about purely-conversational UIs? Think of Alexa, "Hey Alexa: Wikipedia Carrie Fisher".
We've been talking for a decade about responsive design. It's good but not good enough.
If you design for mobile, it doesn't detract from the desktop.
Important: If you are mobile ready, you've gone a long way toward making it accessible as well.
Apple won the Helen Keller award for their accessibility. There are so many features baked into their devices.
Google has also deeply invested in accessibility.
Web Components consider accessibility to be a primary concern.
Microsoft has really turned things around. They've also invested heavily into accessibility. He mentioned Cortana and conversational UI.
Cory Doctorow, EFF, @doctorow
This was a really stimulating talk.
Among other things, he's a SciFi writer.
He brought up scientific management and management consulting. They arrogantly thought they could tell the workers how to do their job better than they already knew how to do. It was good for a few, but bad for most. But it gave bosses a sense of control.
He criticized control freaks that get in the way of letting people innovate to meet their own needs.
Vendors try to control how their products are used.
He criticized Apple's App Store. Users are locked in, and Apple gets a 30% cut of the profits.
He was very much against products that prevent you from configuring them as you like.
He criticized Kindle and proprietary audiobooks.
He criticized VW for the TDI scandal.
He criticized policies that prevent security researchers from disclosing vulnerabilities.
Apparently, 747s run Solaris.
He talked about the importance of configuration.
He criticized the DMCA. Section 1201 is the anti-circumvention clause. It affects everything that is a copyrighted work.
He criticized DRM. It only takes a minimally viable amount of DRM in order to back up the security controls with law per the DMCA.
Firms have gotten the right to enforce commercial preferences via legal protections.
John Deere has even put DRM into their contractors. You can't replace parts without their approving it. We don't let farmers fix their own "damn tractors".
There's a diabetes insulin pump that only supports their own brand of insulin. Because of the DMCA, circumventing this is punishable with a felony.
He talked about how the founder of Reddit was sued for using a shell script to download scientific papers. This resulted in a $35k lawsuit. He eventually hanged himself.
We don't let users configure their tools to make their lives better.
We should be able to use Facebook without handing our data over. We need a way to know what they're doing with it.
These days, large corps have all the power. It's undemocratic. We're taking away people's right to code.
He emphasized the right to configure.
He talked about DRM in the world wide web's consortium. He criticized it. He's particularly sad that it's happened to the web.
The EFF is suing to overturn Section 1201. It should be legal to jailbreak anything.
He said that SciFi writers are bad at predicting the future.
The stakes are so high, we need to be doing something.
We should be hopeful. If your ship goes down, tread water.
He's an adjust professor at the MIT Media lab, and he volunteers at the EFF.
Q&A with Cory Doctoro
He talked about the EU and GDPR. He talked about websites that allow users to upload works. There's new law that says that there needs to be a filter to protect against copyrighted material being uploaded. The law says that companies should be able to upload their own material in order to prevent other people from uploading it. He said that it'll be prone to abuse with other people claiming other's work.
There are even provisions that will prevent you from linking to someone else's work without some sort of permission. It's a mess.
The FCC repealed Net Neutrality. Congress could overturn it.
We have to be eternally vigilant. We broke up ATT, but it's been merging back together slowly.
He talked about suing the government. The Constitution protects the right to publish source code and defects.
Previously, civilians couldn't use strong crypto. It was classified as a munition. The EFF fought against this, and they won. "Code is a form of expressive speach". The NSA was fighting against them.
There are "use exceptions" to the DMCA. They're granted every 3 years. However, they don't grant exceptions to tools. You can get the exception for yourself, but you can't get an exception for a tool that everyone can use.
He criticized how locked down the iPhone is, especially considering how much knowledge it has of our entire lives.
They asked him about the Google AI defense contract. Google can hire a little bit better because of the "Don't be evil" philosophy. Tech workers would rather work for a non-evil company. The talent market is crazy tight.
Without you, your company is just a bunch of MBAs with an idea with no ability to execute it.
Your ability to quit your job and found a competitor is critical to the success of our industry. He talked about the founding of Intel.
"Take it or leave it" is not the best way to approach whether to use social networks.
Mozilla has a Facebook sandboxing tool.
Ad blocking is the largest consumer revolt in the world.
Ad networks are less interested in tracking users because of the blockers.
Popup blockers were an important example. People started using them. It forced the ads to change.
He said something about the do not track bit.
People want to be free. We need fair and open infrastructure. He need to shift the equilibrium for users of the web.
Day 2 Keynotes
They showed a video from the 80's (?) showing a very early modem system from "Prestel".
They called "security, performance, and a11y" the three pillars of the web.
Kyle Simpson spent some time expounding on the importance of a11y.
Fluent and Velocity are co-located.
This is the 7th edition of Fluent.
You Are Where: Geospatial web dev off the beaten
Aure Moser, Mozilla Science, @auremoser
Cartographer, non-profit science, CartaDB
She talked about making fake places on the web.
There's a tension between how machines think about maps and how humans think about places.
She mentioned "experimental map mapping."
She wrote the book "Geospatial Data and Analysis".
She covered a list of her own failures, including companies that had rejected her. It was refreshing :)
If people know your location information, they have a bit of a fingerprint.
She talked about "disputed territories". Google Maps says different things based on where you are.
Maps are quite significant and quite political.
Sometimes, geocoding errors lead you to mistakenly think things about people.
She talked about "null island" which isn't really an island at all. It's simply 0°N 0°E.
There's a list of common geo misconceptions. This tweaks maps in funny ways.
Open Street Map is the wikipedia of maps.
They're studying how location affects public health.
However, it's too easy to reduce the complexity of humanity way too far.
Representing things via paper is really a limitation.
Maps are "a gazetteer of consensual hallucinations".
Earth's oceans are only 5% mapped, but the moon is 100% mapped.
Paper towns are fake towns that map makers create in order to insure that no one is stealing their work.
There are places that exist in Google maps but not in paper maps.
She made up a place called "Entertinian". She even made up a web sites and then added it to Google Maps. She's going to fix it ;)
She mentioned the word "provocartography". There are actually dire consequences to these changes.
Some guy changed all the phone numbers for the FBI and then recorded the messages that people left when calling the numbers.
The Shed at Dulwich was a fake restaurant. It became the #1 restaurant on TripAdvisor in London.
There are biases and pitfalls in making maps.
One of her take home messages is that we should be curious about how we make maps.
"Missing Maps" is a project that allows you to contribute to map making.
"Who's On First" brings context to map making in ways an Atlas doesn't.
She talked about tracing streets starting from satellite imagery. She also covered looking for differences over time when studying satellite imagery.
Good geospatial design means creating with empathy, humanity, and a critical eye for human error or bias.
She gave a list of famous cartographers you should follow if you're interested in this sort of thing.
Addy Osmani, @addyosmani, works on web performance on the Chrome team at Google.
I didn't really see anything new in his talk.
His goal was to cover some strategies for delivering JS efficiently while still providing a good user experience.
JS is the most expensive part of your site.
Popular sites often ship even more JS. YouTube ships 1.9MB. Facebook ships 1.8MB. Google Sheets ships 5.8MB.
Loading is a journey:
- Is it happening?
- Is it useful?
- Is it usable?
Time to Interactive is important. It allows you to respond quickly to user input.
Shipping down lots of expensive JS blocks the main thread. Nothing is able to happen.
JS can delay interactivity for visible elements. This is even a problem for Google search.
The goal is to become interactive in 5 seconds.
Design for resiliance.
JS can be a bottleneck.
Fast JS is fast to download, fast to parse, and fast to compile.
Not all bytes are create equal. 200 kb of JS !== 200 kb of JPG. It's way easier to process JPG bytes.
Mobile is a spectrum. The devices cost between $30 and $1000. The disparity is huge.
Safari 11 on an iPhone 8 is really fast.
A Moto G4 is somewhere in the middle.
Amazon loads 9s faster on an iPhone than on a Moto G4.
Stop taking fast networks, fast CPUs, and high amounts of RAM for granted. Test on real phones and real networks.
He mentioned webpagetest/easy.
Know your audience -- Brian Holt
Not every site needs to work well on 2G.
Download times are critical for low-end networks. Ship less code. Compress. Minify. Cache.
Parse times are critical for phones with slow CPUs.
JS code-splitting is important. You can split by page, by route, or by component.
Twitter got 45% faster via code splitting.
Audit JS regularly. You can use webpack-bundle-analyzer, source-map-explorer, and Import Cost for VS Code.
Use Lighthouse performance audits. They recently shipped JS bootup time.
Remove unused JS from the critical path. See bit.ly/code-coverage.
Netflix did a trick where they removed client-side React for the first page, and then pre-fetched it for subsequent pages. This improved time-to-interactive by 50%. They were using SSR. Moving from vanilla JS to React was actually pretty bad for their video player. It took them a while before they could compensate for the expense of that.
You need a perf budget.
He mentioned RUM.
He mentioned the long tasks API. It can catch things that last longer than 50ms. See bit.ly/long-tasks.
He mentioned First Input Delay. See bit.ly/first-input-delay.
Improving perf is a journey. Lots of small changes can lead to big gains.
This Dot, @ladyleet.
She's done so much stuff. I can't even write it all down.
Her premise is that open source can help with diversity in tech.
Previously, the path to tech was college and a degree in CompSci.
If you didn't follow that path, it was really hard to get in.
The Internet changed this. Open source changed this.
GitHub changed stuff.
Collaboration is important.
Twitter became a great platform.
Bootcamps provided alternate paths.
There was a perfect storm of opportunity.
There were suddently non-traditional paths into tech.
Social platforms for open conversations were important.
With GitHub, the code you had written became your resume and made evident your experience.
There was still a problem. At tech conferences, the pics shared showed that all the people in tech looked the same--"tech bros".
She mentioned #ilooklikeanengineer.
We're in a renaissance of reinvention.
Open source platforms are now the outlet for creating a more inclusive and diverse tech community.
As an under-represented minority (URM), be the change you wish in the world.
She called Addy a "benevolent perflord".
Twitter was important for him.
Addy was not a typical tech bro. He came from the Middle East.
She had a dream of getting married and having kids. At 20, she fell victim to daily domestic violence. She was financially dependent on her abuser. She became a receptionist. Twitter changed her life.
She met Guy Kawasaki on Twitter. Meeting him changed her. She learned about tech evangelism.
Her first tech startup was built solely on Twitter.
She became a JS developer.
She didn't fit the tech bro stereotype as an Asian woman.
She created a GitHub profile and started sharing code. She learned to contribute to open source.
She spoke up in tech conversations on Twitter. She met great mentors and allies.
She became a role model for under-represented groups.
She talked about people who didn't "grow up with privilege".
She mentioned that she and some other people were Google Developer Experts.
She mentioned @freeCodeCamp.
"We are all inspirations to each other. We're all each others' allies."
She talked about various transgender people in tech.
Be an ally and create inclusive environments.
She talked about the importance of Code of Conducts in projects and conferences.
Being a hero starts by taking action.
She talked about the importance of championing URMs. You can make a huge impact on others if you are your best self.
We're in a renaisannce of reinvention.
Brave, the Basic Attention Token, and the Coming Privacy-by-Default Era
Brendan Eich: Creator of JS. Co-founder of Mozilla. Founder and CEO of Brave software.
He has had a keynote at every Fluent conference except last year.
The internet has changed a bit since he created JS in ten long days in May, 1995.
Mozilla was a "life pod". No one saw any signs of life escaping from Netscape.
He likes the browser interface for Slack better than their app.
Browsers became less important because of mobile.
He thinks cryptocurrencies are here to stay. They enabled direct exchanges of money without banks in the way taking their cut.
The early days of the web were not well-planned and orderly.
Third party images + cookies + JS = targeted ads and invasive trackers.
This wasn't planned, although they were aware of it even back in '96. Users lost their privacy and their safety, and it resulted in over advertising.
He also mentioned "malvertising".
Then there's a lack of privacy by defaut, it's users who pay.
Some sites never finish loading as they search for the best paying ads.
Media sites have as many as 70 trackers.
Some ads even lead to malware and ransomware.
This problem is too complex to deal with via extensions, and there are no ad blockers for Chrome on Android.
Digital advertising is also broken. There are too many intermediaries.
In the EU, it's now illegal to track people without consent.
In nature, there's this fungus that takes over an ant's body. It's a parasite. However, sometimes things like this can become symbiotic.
Malware can be injected into innocent looking ads. You can't tell.
He talked about fake ad sites, fake ad agencies, and cheap ad slots. They exploit loaders and inject malware.
Methbot infiltrated the ad marketplace. It was making 5 million dollars a day. It was the biggest example of ad fraud ever. They were getting paid by advertisers. They were hosted in Rackspace's cloud facilities. It was all done through cloud infrastructure. They relied on proxy services and free VPNs. They got domestic IPs by impersonating legitimate companies.
Over 600 million devices use some form of ad blocking.
UC Browser has pretty good ad blocking.
Safari is trying to use privacy as a differentiator.
Brave + Basic Attention Tokens = solution to this problem.
You can't get rid of ads completely because that would kill the publishers.
We need some substitute for currency.
We need private-by-default browsing.
We need to reform digital advertising.
Brave even pays users a share of the revenue.
The big companies captured the browser market. Browsers need a source of revenue to fund their development, so it's hard to get away from the big companies.
Users have been sheered like sheep--if you've ever seen this happen, it's not pretty.
Brave's value proposition is: fast, private, secure, simple, saves money, saves time.
You should block third-party JS by default.
Firefox has tracking protection.
There's also something called Privacy Badger.
TMZ is a typical tracking site. It has way too many third-party trackers.
The idea of paying users is not new. There was a company that tried this. It crashed in the first bust.
With cryptocurrency, you have privacy by default.
BAT will be rolled out in phases. First, it'll be in Brave. Then, it'll be present in other apps via an SDK.
Phase 1 is based on Google donations. You can give back to sites, YouTube creators, etc.
BAT payments have some core features: anonymity, micropayments, privacy, efficiency.
It uses a little bit of blockchain, but not too much. It's a hybrid system.
Phase 2 involves user-private BAT ads. There will be a slowly evolving catalog of ads. The browser will pick the best ads. The ads will be showin in a separate tab.
This will be based on user-owned, cross-device attribution. Brave can do it privately. It can do it on device. It's consent based. It's based on cryptographic techniques such as zkp and blind signatures. He mentioned zero-knowledge proof systems and blind signatures.
Brave is gaining momentum.
Consciousness is rising around these concerns thanks to the GDPR and increased use of ad blocking.
Brave currently has 2.8 million users. It's making payments to 16,000 publishers, mostly youtubers. Youtubers are not happy with their current situation.
You can pick the rate at which you are shown ads.
Q&A with Brendan Eich
"Do you feel like Dr. Frankenstein and JS is your monster?" He said that he would take the blame for JS. We didn't know. We were only thinking of first parties. We didn't think of embedded third-parties.
He was a kernel hacker as SGI.
Browsers are valuable and compelling.
Facebook is sort of a browser. It's Mark Zuckerberg's browser, and it's not that great.
We should push machine learning onto the device and keep the privacy there.
She asked if he wanted to fix anything in JS. They're working on big ints. He said it feels good.
Back in the day, insiders asked for implicit conversion for
==. It was a mistake that people talked him into.
JS can go another 23 years. It doesn't need to get bigger. WebASM can take the heat off and be the low-level language.
They're talking about adding syntax for private class members. The conversation is happening slowly. He wants to let that bake for a long time. These days, we can try things out using Babel for a long time.
She asked if he likes Google AMP. He said that he likes AMP's semantic HTML. He doesn't like that the URL isn't on the publisher's site. He doesn't like the debranding; it creates a conflict of interest.
Following GDPR is going to influence the whole world, just like the California car standards did.
He said that Google and Facebook were both first-party (e.g. we use their sites directly) and third-party (e.g. other sites integrate with them).
She asked him about peer-to-peer browsers. He's thinking about the future. He's given money to various such projects, including Web Torrent, iConfess, and Tor. All of these are or could be in Brave. He talked about the Beaker browser. He's not picking a winner. He wants developers to try multiple things. Let the developers prototype and take the risks. He wants to give them the building blocks and see what they build.
The biggest ad blockers take fees to let ads through. There's an opportunity for a conflict of interest. Brave doesn't do this and never will.
Brave is open source and auditable. He wants it to be standardized.
The system is under stress because GDPR and ad blocking will lead to change.
Firefox peaked at 27%, but it led to changes in the standards.
She asked him about DRM. He said the W3C is in favor of it. However, there are intractable conflicts of interest. DRM suggests that the user is the threat. The web generally has the opposite point of view. This conflict of interest can't be fixed. Toxic laws enforce the fallible tech. He's against DRM. In Brave, it's turned off by default. However, you can turn it on for Netflix. It'll show you a big warning that links to the EFF. Google, FB, and Netflix pushed through the standard. He doesn't like the way DMCA enforces bad situations.
The user should have rights. We can't just ask the triopoly for these rights. We need to use ad blockers to force the issue.
He was using a Mac.